Adobe ColdFusion Directory Traversal (APSB22-44: CVE-2022-38423)

A directory traversal vulnerability exists in Adobe ColdFusion. Successful exploitation of this vulnerability could allow a remote attacker to disclose or access arbitrary files on the vulnerable server...

Adobe ColdFusion Improper Restriction of XML External Entity (APSB22-44: CVE-2022-42341)

An Improper Restriction of XML External Entity vulnerability exists in Adobe ColdFusion. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...

CachetHQ Cachet Remote Code Execution (CVE-2021-39172)

A remote code execution vulnerability exists in CachetHQ Cachet. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

TerraMaster Operating System Command Injection (CVE-2018-13358)

A command injection vulnerability exists in Terra Master. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

D-Link DIR816L Command Injection (CVE-2022-28915; CVE-2022-28958; CVE-2022-37123; CVE-2022-37125; CVE-2022-37129)

A command injection vulnerability exists in D-Link DIR816L. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

Datalust Seq Authentication Bypass (CVE-2018-8096)

An authentication bypass vulnerability exists in Datalust Seq. Successful exploitation of this vulnerability would allow remote attackers to gain unauthorized access into the affected system...

iCMS Article SQL Injection (CVE-2018-12888)

An SQL injection vulnerability exists in iCMS. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...

Microsoft Graphics Device Interface Information Disclosure (CVE-2019-1252)

An information disclosure vulnerability exists in the Graphics Device Interface GDI component of Microsoft Windows. The vulnerability is due to improper handling of objects in memory. A remote attacker could exploit the vulnerability by enticing a user to open a specially crafted web page or...

Microsoft Windows Mixed Reality Developer Tools Information Disclosure (CVE-2022-37974)

An information disclosure vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability would allow a remote attacker to obtain sensitive information...

Microsoft Windows DWM Core Library Elevation of Privilege (CVE-2022-37970)

An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Microsoft SharePoint Server Remote Code Execution (CVE-2022-38053)

A remote code execution vulnerability exists in Microsoft SharePoint. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Microsoft Windows Client Server Run-time Subsystem Elevation of Privilege (CVE-2022-37987)

An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Microsoft Win32k Elevation of Privilege (CVE-2022-38050)

An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Microsoft Windows Graphics Component Elevation of Privilege (CVE-2022-38051)

An elevation of privilege vulnerability exists in Microsoft Graphics Component. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Microsoft Windows Client Server Run-time Subsystem Elevation of Privilege (CVE-2022-37989)

An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Craft CMS Command Injection (CVE-2020-9757)

A Command Injection vulnerability exists in Craft CMS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

Vmware Spring Framework Remote Code Execution (CVE-2020-5398)

A remote code execution vulnerability exists in VMware Spring Framework. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Microsoft Exchange Server Remote Code Execution (CVE-2022-41082; CVE-2022-41040)

A remote code execution vulnerability exists in Microsoft Exchange. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

SalesAgility SuiteCRM Remote Code Execution (CVE-2022-23940)

A remote code execution vulnerability exists in SalesAgility SuiteCRM. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Cybelsoft ThinVNC Directory Traversal (CVE-2019-17662)

A Directory Traversal vulnerability exists in Cybelsoft ThinVNC. Successful exploitation of this vulnerability could allow a remote attacker to disclose or access arbitrary files on the vulnerable server...

Cisco NFVIS Improper Access Control (CVE-2021-34746)

An improper access control vulnerability exists in Cisco NFVIS. Successful exploitation of this vulnerability could allow a remote attacker to read sensitive files on the affected system...

Google Chrome WebRTC Heap Buffer Overflow (CVE-2022-2294)

A heap buffer overflow vulnerability exists in Google Chrome WebRTC. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Easy Hosting Control Panel Cross-Site Request Forgery (CVE-2018-6458)

A cross-site request forgery vulnerability exists in Easy Hosting Control Panel. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...

Microsoft Windows Internet Key Exchange Remote Code Execution (CVE-2022-34721)

A remote code execution vulnerability exists in Microsoft Windows Internet Key Exchange protocol. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Fortinet FortiOS Improper Access Control (CVE-2018-13374)

An improper access control vulnerability exists in Fortinet FortiOS. Successful exploitation of this vulnerability could allow a remote attacker to read sensitive files on the affected system...

Microsoft Windows Server Remote Code Execution (CVE-2019-0618)

A remote code execution vulnerability exists in Microsoft Windows Server. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

D-Link Multiple Products Command Injection (CVE-2018-6530)

A command injection vulnerability exists in multiple D-Link products. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

Microsoft Visual Studio Code Remote Code Execution (CVE-2021-27084)

A remote code execution vulnerability exists in the Maven for Java Extension for Microsoft Visual Studio Code. The vulnerability is due to a design weakness. A remote attacker can exploit this vulnerability by enticing a user to open a maliciously crafted Java Maven project folder...

Joomla! Cross-Site Scripting (CVE-2021-23124)

A stored cross-site scripting vulnerability exists in Joomla! CMS Core. The vulnerability is due to improper validation of the title parameter in the modbreadcrumbs module. A remote, authenticated attacker can exploit the vulnerability by sending a crafted request to the server...

ICONICS GENESIS64 Remote Code Execution (CVE-2022-33318)

A remote code execution vulnerability exists in ICONICS GENESIS64. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

OpenLDAP Integer Underflow (CVE-2020-36228)

A denial-of-service vulnerabilities exists in the slapd of OpenLDAP. The vulnerabily is due to improper input validation in controls in LDAP search requests. A remote attacker can exploit these vulnerabilities by sending a crafted query to the target OpenLDAP server...

Kamailio Buffer Overflow (CVE-2018-8828)

A buffer overflow vulnerability exists in Kamailio. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...

DNSmasq Out-of-Bounds Write (CVE-2020-25682)

An out-of-bounds write vulnerability has been discovered in dnsmasq, a DNS and DHCP server. The vulnerability occurs while extracting domain name of a RR record using the extractname function while sorting multiple RR records. A remote, unauthenticated attacker can run a server to send a speciall...

QNAP NAS Photo Station Arbitrary File Write (CVE-2022-27593)

An arbitrary file write vulnerability exists in QNAP NAS Photo Station. Successful exploitation of this vulnerability could result in code execution on the affected system...

VCFtools Use-after-free (CVE-2018-11130)

A use-after-free vulnerability exists in Vcftools Project VCFtools. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Subsonic Server Side Request Forgery (CVE-2017-9355)

A vulnerability exists in Subsonic. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...

InfoZip UnZip Buffer Overflow (CVE-2018-1000035)

A heap buffer overflow vulnerability exists in InfoZip UnZip. The vulnerability is due to insufficient handling of password protected zip files. A remote attacker can exploit this vulnerability by enticing a target user into extracting a maliciously crafted zip file...

Microsoft Graphics Device Interface Buffer Overflow (CVE-2019-1439)

A heap-based buffer overflow vulnerability exists in the MF3216 component of Microsoft Windows. The vulnerability is due to improper handling of objects in memory. A remote attacker could exploit the vulnerability by enticing a user to open a specially crafted file and take actions...

GraphicsMagick Use-after-free (CVE-2017-11403)

A use-after-free vulnerability exists in GraphicsMagick. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

ImageMagick ReadXBMImage Information Disclosure (CVE-2018-16323)

An information disclosure vulnerability exists in ImageMagick. The vulnerability is due to improper handling of memory buffer by ReadXBMImage. A remote attacker could exploit this vulnerability by having an affected application that implements ImageMagick process a maliciously crafted file...

Microsoft Graphics Device Interface Remote Code Execution (CVE-2018-8397)

A remote code execution vulnerability exists in the GDI components of Microsoft Windows. The vulnerability is due to improper handling of objects in memory. A remote attacker could exploit the vulnerability by enticing a user to open a specially crafted document...

GraphicsMagick Use-after-free (CVE-2017-14103)

A use-after-free vulnerability exists in GraphicsMagick. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Apple MacOS Authentication Bypass (CVE-2021-30657)

A vulnerability exists in Apple macOS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

D-Link Routers Authentication Bypass (CVE-2020-26567)

An authentication bypass vulnerability exists in D-Link DSR-250N. Successful exploitation of this vulnerability would allow remote attackers to gain unauthorized access into the affected system...

Apache OpenMeetings Denial of Service (CVE-2020-13951; CVE-2021-27576)

A denial of service vulnerability exists in Apache OpenMeetings. Successful exploitation of this vulnerability would allow remote attackers to cause denial of service on the affected system...

Roundcube Webmail func.inc Cross-site Scripting (CVE-2018-19206)

A cross-site scripting vulnerability exists in Roundcube Webmail. The vulnerability is due to improper handling of a tag within HTML attachments. A remote attacker can exploit this vulnerability by enticing a user to open an attachment...

Agentejo Cockpit NoSQL Injection (CVE-2020-35846)

A NoSQL Injection vulnerability exists in Agentejo Cockpit. Successful exploitation of this vulnerability could allow attackers to inject commands and execute arbitrary code on the affected system...

Artifex Ghostscript Remote Code Execution (CVE-2018-16509)

A remote code execution vulnerability exists in Artifex Ghostscript. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

WordPress WPGateway Plugin Privilege Escalation (CVE-2022-3180)

A privilege escalation exists in WordPress WPGateway Plugin. Successful exploitation of this vulnerability would allow a remote attacker to gain unauthorized access to the affected system...

SQL Injection Obfuscation Techniques

Known exploits could potentially bypass security products by using SQL Injection obfuscation techniques. Since the exploits are obfuscated they may not be detected by IDS and IPS systems, thus allowing attackers to successfully attack target machines...