Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
•added 2021/01/12 12:0 a.m.•6 views

VulnCheck KEV: CVE-2021-1647

Microsoft Defender contains an unspecified vulnerability that allows for remote code execution...

7.8CVSS7.5AI score0.39653EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/01/05 12:0 a.m.•4 views

VulnCheck KEV: CVE-2015-7450

Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands...

10CVSS7.2AI score0.97655EPSS
Exploits10References1
VulnCheck KEV
VulnCheck KEV
•added 2021/01/05 12:0 a.m.•6 views

VulnCheck KEV: CVE-2001-0507

IIS 5.0 uses relative paths to find system files that will run in-process, which allows local users to gain privileges via a Trojan horse file, aka the "System file listing privilege elevation" vulnerability...

7.2CVSS5.8AI score0.08846EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/01/05 12:0 a.m.•5 views

VulnCheck KEV: CVE-2017-1000486

Primetek Primefaces is vulnerable to a weak encryption flaw resulting in remote code execution...

9.8CVSS8AI score0.94104EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
•added 2021/01/01 12:0 a.m.•4 views

VulnCheck KEV: CVE-2019-11581

Atlassian Jira Server and Data Center contain a server-side template injection vulnerability which can allow for remote code execution...

9.8CVSS7.7AI score0.84621EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2021/01/01 12:0 a.m.•7 views

VulnCheck KEV: CVE-2012-3152

Oracle Fusion Middleware Reports Developer contains an unspecified vulnerability that allows remote attackers to affect confidentiality and integrity of affected systems...

9.1CVSS7.5AI score0.98695EPSS
Exploits11References1
VulnCheck KEV
VulnCheck KEV
•added 2020/12/31 12:0 a.m.•6 views

VulnCheck KEV: CVE-2021-25395

Samsung mobile devices contain a race condition vulnerability within the MFC charger driver that leads to a use-after-free allowing for a write given a radio privilege is compromised...

6.4CVSS6.7AI score0.00385EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2020/12/31 12:0 a.m.•5 views

VulnCheck KEV: CVE-2021-25394

Samsung mobile devices contain a race condition vulnerability within the MFC charger driver that leads to a use-after-free allowing for a write given a radio privilege is compromised...

6.4CVSS6.7AI score0.00422EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2020/12/28 12:0 a.m.•2 views

VulnCheck KEV: CVE-2018-3760

There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server...

7.5CVSS7.1AI score0.26717EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2020/12/23 12:0 a.m.•7 views

VulnCheck KEV: CVE-2019-8394

Zoho ManageEngine ServiceDesk Plus SDP contains an unspecified vulnerability that allows remote users to upload files via login page customization...

7.5CVSS6.8AI score0.64051EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2020/12/22 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-25371

Samsung mobile devices contain an unspecified vulnerability within DSP driver that allows attackers to load ELF libraries inside DSP...

7.2CVSS6.8AI score0.00842EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2020/12/22 12:0 a.m.•6 views

VulnCheck KEV: CVE-2021-25372

Samsung mobile devices contain an improper boundary check vulnerability within DSP driver that allows for out-of-bounds memory access...

7.2CVSS6.8AI score0.00852EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2020/12/17 12:0 a.m.•2 views

VulnCheck KEV: CVE-2020-36719

The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Arbitrary Plugin Installation, Activation and Deactivation in versions before 2.6.1. This is due to a missing capability check on the lpccaddonsactions function. This makes it possible for unauthenticated...

9.8CVSS7.3AI score0.04304EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2020/12/14 12:0 a.m.•3 views

VulnCheck KEV: CVE-2019-11447

An issue was discovered in CutePHP CuteNews 2.1.2. An attacker can infiltrate the server through the avatar upload process in the profile area via the avatarfile field to index.php?mod=main&opt=personal. There is no effective control of $imgsize in /core/modules/dashboard.php. The header content...

8.8CVSS7.3AI score0.52901EPSS
Exploits10References1
VulnCheck KEV
VulnCheck KEV
•added 2020/12/14 12:0 a.m.•3 views

VulnCheck KEV: CVE-2020-8816

Pi-hole Web v4.3.2 aka AdminLTE allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease...

9.1CVSS7.4AI score0.77847EPSS
Exploits13References1
VulnCheck KEV
VulnCheck KEV
•added 2020/12/14 12:0 a.m.•4 views

VulnCheck KEV: CVE-2010-3313

phpgwapi/js/fckeditor/editor/dialog/fckspellerpages/spellerpages/serverscripts/spellchecker.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to execute arbitrary...

7.5CVSS5.9AI score0.08663EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2020/12/14 12:0 a.m.•3 views

VulnCheck KEV: CVE-2019-19509

An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a GET request to ajaxArchiveFiles.php because the path parameter is passed to the exec function without filtering, which can lead to command execution...

9CVSS7.4AI score0.71635EPSS
Exploits13References1
VulnCheck KEV
VulnCheck KEV
•added 2020/12/14 12:0 a.m.•4 views

VulnCheck KEV: CVE-2018-11511

The tree list functionality in the photo gallery application in ASUSTOR ADM 3.1.0.RFQ3 has a SQL injection vulnerability that affects the 'albumid' or 'scope' parameter via a photo-gallery/api/album/treelists/ URI...

9.8CVSS7.3AI score0.11176EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
•added 2020/12/14 12:0 a.m.•6 views

VulnCheck KEV: CVE-2020-17463

FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items...

9.8CVSS7.6AI score0.90044EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2020/12/14 12:0 a.m.•4 views

VulnCheck KEV: CVE-2020-17496

The PHP module within vBulletin contains an unspecified vulnerability that allows for remote code execution via crafted subWidgets data in an ajax/render/widgettabbedcontainertabpanel request. This CVE ID resolves an incomplete patch for CVE-2019-16759...

9.8CVSS8AI score0.99728EPSS
Exploits28References1
VulnCheck KEV
VulnCheck KEV
•added 2020/12/14 12:0 a.m.•6 views

VulnCheck KEV: CVE-2017-17562

Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked...

8.1CVSS7.6AI score0.96327EPSS
Exploits15References1
VulnCheck KEV
VulnCheck KEV
•added 2020/12/13 12:0 a.m.•3 views

VulnCheck KEV: CVE-2020-35234

The easy-wp-smtp plugin before 1.4.4 for WordPress allows Administrator account takeover, as exploited in the wild in December 2020. If an attacker can list the wp-content/plugins/easy-wp-smtp/ directory, then they can discover a log file such as debuglog.txt that contains all...

7.5CVSS7.1AI score0.63407EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2020/12/10 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-25370

Samsung mobile devices using Mali GPU contain an incorrect implementation handling file descriptor in dpu driver. This incorrect implementation results in memory corruption, leading to kernel panic. This vulnerability was chained with CVE-2021-25337 and CVE-2021-25369...

7.1CVSS6.2AI score0.02831EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2020/12/10 12:0 a.m.•3 views

VulnCheck KEV: CVE-2021-25369

Samsung mobile devices using Mali GPU contains an improper access control vulnerability in seclog file. Exploitation of the vulnerability exposes sensitive kernel information to the userspace. This vulnerability was chained with CVE-2021-25337 and CVE-2021-25370...

7.1CVSS6.3AI score0.02831EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2020/12/10 12:0 a.m.•5 views

VulnCheck KEV: CVE-2021-1732

Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS7.3AI score0.78376EPSS
Exploits21References1
VulnCheck KEV
VulnCheck KEV
•added 2020/12/07 12:0 a.m.•4 views

VulnCheck KEV: CVE-2020-8218

A code injection vulnerability exists in Pulse Connect Secure that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface...

7.2CVSS7.4AI score0.32739EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2020/12/06 12:0 a.m.•6 views

VulnCheck KEV: CVE-2020-13640

A SQL injection issue in the gVectors wpDiscuz plugin 5.3.5 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the order parameter of a wpdLoadMoreComments request. No 7.x versions are affected...

9.8CVSS7.7AI score0.12706EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2020/12/03 12:0 a.m.•3 views

VulnCheck KEV: CVE-2020-4006

VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector contain a command injection vulnerability. An attacker with network access to the administrative configurator on port 8443 and a valid password for the configurator administrator account can execute...

9.1CVSS7.5AI score0.23771EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2020/12/01 12:0 a.m.•2 views

VulnCheck KEV: CVE-2011-5010

apps/a3/cfgethping.cgi in the Ctek SkyRouter 4200 and 4300 allows remote attackers to execute arbitrary commands via shell metacharacters in the PINGADDRESS parameter for a "u" action...

10CVSS6.1AI score0.66378EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2020/12/01 12:0 a.m.•3 views

VulnCheck KEV: CVE-2003-0050

parsexml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute arbitrary code via shell metacharacters...

7.5CVSS6.2AI score0.68858EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2020/12/01 12:0 a.m.•4 views

VulnCheck KEV: CVE-2008-3922

awstatstotals.php in AWStats Totals 1.0 through 1.14 allows remote attackers to execute arbitrary code via PHP sequences in the sort parameter, which is used by the multisort function when dynamically creating an anonymous PHP function...

9.3CVSS7.7AI score0.53202EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2020/12/01 12:0 a.m.•5 views

VulnCheck KEV: CVE-2009-2288

statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the 1 ping or 2 Traceroute parameters...

7.5CVSS6.1AI score0.83453EPSS
Exploits14References1
VulnCheck KEV
VulnCheck KEV
•added 2020/12/01 12:0 a.m.•4 views

VulnCheck KEV: CVE-2012-4869

The callmestartcall function in recordings/misc/callmepage.php in FreePBX 2.9, 2.10, and earlier allows remote attackers to execute arbitrary commands via the callmenum parameter in a c action...

7.5CVSS6.3AI score0.70252EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2020/12/01 12:0 a.m.•3 views

VulnCheck KEV: CVE-2012-0262

op5config/welcome in system-op5config before 2.0.3 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the password parameter...

10CVSS6.1AI score0.72851EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2020/12/01 12:0 a.m.•5 views

VulnCheck KEV: CVE-2005-2773

HP OpenView Network Node Manager could allow a remote attacker to execute arbitrary commands on the system...

9.8CVSS7.6AI score0.7409EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
•added 2020/12/01 12:0 a.m.•4 views

VulnCheck KEV: CVE-2015-2208

The saveObject function in moadmin.php in phpMoAdmin 1.1.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the object parameter...

7.5CVSS7.6AI score0.61959EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
•added 2020/12/01 12:0 a.m.•2 views

VulnCheck KEV: CVE-2014-3914

Directory traversal vulnerability in the Admin Center for Tivoli Storage Manager TSM in Rocket ServerGraph 1.2 allows remote attackers to 1 create arbitrary files via a .. dot dot in the query parameter in a writeDataFile action to the fileRequestor servlet, execute arbitrary files via a...

10CVSS6AI score0.72606EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2020/12/01 12:0 a.m.•4 views

VulnCheck KEV: CVE-2013-6023

Directory traversal vulnerability in the TVT TD-2308SS-B DVR with firmware 3.2.0.P-3520A-00 and earlier allows remote attackers to read arbitrary files via .. dot dot in the URI...

7.8CVSS5.9AI score0.10223EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
•added 2020/12/01 12:0 a.m.•3 views

VulnCheck KEV: CVE-2006-2237

The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter...

5.1CVSS6.2AI score0.58356EPSS
Exploits10References1
VulnCheck KEV
VulnCheck KEV
•added 2020/12/01 12:0 a.m.•2 views

VulnCheck KEV: CVE-2005-2848

Directory traversal vulnerability in img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to read arbitrary files via a .. dot dot in the f parameter...

5CVSS5.9AI score0.0877EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2020/12/01 12:0 a.m.•6 views

VulnCheck KEV: CVE-2017-8223

On Wireless IP Camera P2P WIFICAM devices, an attacker can use the RTSP server on port 10554/tcp to watch the streaming without authentication via tcp/av01 or tcp/av00...

7.5CVSS7.1AI score0.04339EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2020/12/01 12:0 a.m.•4 views

VulnCheck KEV: CVE-2017-8224

Wireless IP Camera P2P WIFICAM devices have a backdoor root account that can be accessed with TELNET...

10CVSS7.3AI score0.08655EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2020/12/01 12:0 a.m.•5 views

VulnCheck KEV: CVE-2017-8221

Wireless IP Camera P2P WIFICAM devices rely on a cleartext UDP tunnel protocol aka the Cloud feature for communication between an Android application and a camera device, which allows remote attackers to obtain sensitive information by sniffing the network...

7.5CVSS7.2AI score0.0271EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2020/12/01 12:0 a.m.•4 views

VulnCheck KEV: CVE-2005-0116

AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir parameter to aswtats.pl...

7.5CVSS6.1AI score0.74941EPSS
Exploits11References1
VulnCheck KEV
VulnCheck KEV
•added 2020/12/01 12:0 a.m.•2 views

VulnCheck KEV: CVE-2019-12989

Citrix SD-WAN and NetScaler SD-WAN allow SQL Injection...

9.8CVSS7.4AI score0.94046EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2020/12/01 12:0 a.m.•2 views

VulnCheck KEV: CVE-2015-4051

Beckhoff IPC Diagnostics before 1.8 does not properly restrict access to functions in /config, which allows remote attackers to cause a denial of service reboot or shutdown, create arbitrary users, or possibly have unspecified other impact via a crafted request, as demonstrated by a...

9CVSS6AI score0.05734EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
•added 2020/12/01 12:0 a.m.•4 views

VulnCheck KEV: CVE-2018-7445

In MikroTik RouterOS, a stack-based buffer overflow occurs when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system...

10CVSS8.2AI score0.61018EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
•added 2020/12/01 12:0 a.m.•2 views

VulnCheck KEV: CVE-2013-4863

The HomeAutomationGateway service in MiCasaVerde VeraLite with firmware 1.5.408 allows 1 remote attackers to execute arbitrary Lua code via a RunLua action in a request to upnp/control/hag on port 49451 or 2 remote authenticated users to execute arbitrary Lua code via a RunLua action in a...

9CVSS7.5AI score0.12184EPSS
Exploits10References1
VulnCheck KEV
VulnCheck KEV
•added 2020/12/01 12:0 a.m.•1 views

VulnCheck KEV: CVE-2019-12991

Authenticated Command Injection in Citrix SD-WAN Appliance and NetScaler SD-WAN Appliance...

9CVSS7.3AI score0.73875EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2020/12/01 12:0 a.m.•3 views

VulnCheck KEV: CVE-2005-2847

img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to execute arbitrary commands via shell metacharacters in the f parameter...

7.5CVSS6.1AI score0.53375EPSS
Exploits8References1
Total number of security vulnerabilities4985