4985 matches found
VulnCheck KEV: CVE-2021-1647
Microsoft Defender contains an unspecified vulnerability that allows for remote code execution...
VulnCheck KEV: CVE-2015-7450
Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands...
VulnCheck KEV: CVE-2001-0507
IIS 5.0 uses relative paths to find system files that will run in-process, which allows local users to gain privileges via a Trojan horse file, aka the "System file listing privilege elevation" vulnerability...
VulnCheck KEV: CVE-2017-1000486
Primetek Primefaces is vulnerable to a weak encryption flaw resulting in remote code execution...
VulnCheck KEV: CVE-2019-11581
Atlassian Jira Server and Data Center contain a server-side template injection vulnerability which can allow for remote code execution...
VulnCheck KEV: CVE-2012-3152
Oracle Fusion Middleware Reports Developer contains an unspecified vulnerability that allows remote attackers to affect confidentiality and integrity of affected systems...
VulnCheck KEV: CVE-2021-25395
Samsung mobile devices contain a race condition vulnerability within the MFC charger driver that leads to a use-after-free allowing for a write given a radio privilege is compromised...
VulnCheck KEV: CVE-2021-25394
Samsung mobile devices contain a race condition vulnerability within the MFC charger driver that leads to a use-after-free allowing for a write given a radio privilege is compromised...
VulnCheck KEV: CVE-2018-3760
There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server...
VulnCheck KEV: CVE-2019-8394
Zoho ManageEngine ServiceDesk Plus SDP contains an unspecified vulnerability that allows remote users to upload files via login page customization...
VulnCheck KEV: CVE-2021-25371
Samsung mobile devices contain an unspecified vulnerability within DSP driver that allows attackers to load ELF libraries inside DSP...
VulnCheck KEV: CVE-2021-25372
Samsung mobile devices contain an improper boundary check vulnerability within DSP driver that allows for out-of-bounds memory access...
VulnCheck KEV: CVE-2020-36719
The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Arbitrary Plugin Installation, Activation and Deactivation in versions before 2.6.1. This is due to a missing capability check on the lpccaddonsactions function. This makes it possible for unauthenticated...
VulnCheck KEV: CVE-2019-11447
An issue was discovered in CutePHP CuteNews 2.1.2. An attacker can infiltrate the server through the avatar upload process in the profile area via the avatarfile field to index.php?mod=main&opt=personal. There is no effective control of $imgsize in /core/modules/dashboard.php. The header content...
VulnCheck KEV: CVE-2020-8816
Pi-hole Web v4.3.2 aka AdminLTE allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease...
VulnCheck KEV: CVE-2010-3313
phpgwapi/js/fckeditor/editor/dialog/fckspellerpages/spellerpages/serverscripts/spellchecker.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to execute arbitrary...
VulnCheck KEV: CVE-2019-19509
An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a GET request to ajaxArchiveFiles.php because the path parameter is passed to the exec function without filtering, which can lead to command execution...
VulnCheck KEV: CVE-2018-11511
The tree list functionality in the photo gallery application in ASUSTOR ADM 3.1.0.RFQ3 has a SQL injection vulnerability that affects the 'albumid' or 'scope' parameter via a photo-gallery/api/album/treelists/ URI...
VulnCheck KEV: CVE-2020-17463
FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items...
VulnCheck KEV: CVE-2020-17496
The PHP module within vBulletin contains an unspecified vulnerability that allows for remote code execution via crafted subWidgets data in an ajax/render/widgettabbedcontainertabpanel request. This CVE ID resolves an incomplete patch for CVE-2019-16759...
VulnCheck KEV: CVE-2017-17562
Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked...
VulnCheck KEV: CVE-2020-35234
The easy-wp-smtp plugin before 1.4.4 for WordPress allows Administrator account takeover, as exploited in the wild in December 2020. If an attacker can list the wp-content/plugins/easy-wp-smtp/ directory, then they can discover a log file such as debuglog.txt that contains all...
VulnCheck KEV: CVE-2021-25370
Samsung mobile devices using Mali GPU contain an incorrect implementation handling file descriptor in dpu driver. This incorrect implementation results in memory corruption, leading to kernel panic. This vulnerability was chained with CVE-2021-25337 and CVE-2021-25369...
VulnCheck KEV: CVE-2021-25369
Samsung mobile devices using Mali GPU contains an improper access control vulnerability in seclog file. Exploitation of the vulnerability exposes sensitive kernel information to the userspace. This vulnerability was chained with CVE-2021-25337 and CVE-2021-25370...
VulnCheck KEV: CVE-2021-1732
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation...
VulnCheck KEV: CVE-2020-8218
A code injection vulnerability exists in Pulse Connect Secure that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface...
VulnCheck KEV: CVE-2020-13640
A SQL injection issue in the gVectors wpDiscuz plugin 5.3.5 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the order parameter of a wpdLoadMoreComments request. No 7.x versions are affected...
VulnCheck KEV: CVE-2020-4006
VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector contain a command injection vulnerability. An attacker with network access to the administrative configurator on port 8443 and a valid password for the configurator administrator account can execute...
VulnCheck KEV: CVE-2011-5010
apps/a3/cfgethping.cgi in the Ctek SkyRouter 4200 and 4300 allows remote attackers to execute arbitrary commands via shell metacharacters in the PINGADDRESS parameter for a "u" action...
VulnCheck KEV: CVE-2003-0050
parsexml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute arbitrary code via shell metacharacters...
VulnCheck KEV: CVE-2008-3922
awstatstotals.php in AWStats Totals 1.0 through 1.14 allows remote attackers to execute arbitrary code via PHP sequences in the sort parameter, which is used by the multisort function when dynamically creating an anonymous PHP function...
VulnCheck KEV: CVE-2009-2288
statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the 1 ping or 2 Traceroute parameters...
VulnCheck KEV: CVE-2012-4869
The callmestartcall function in recordings/misc/callmepage.php in FreePBX 2.9, 2.10, and earlier allows remote attackers to execute arbitrary commands via the callmenum parameter in a c action...
VulnCheck KEV: CVE-2012-0262
op5config/welcome in system-op5config before 2.0.3 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the password parameter...
VulnCheck KEV: CVE-2005-2773
HP OpenView Network Node Manager could allow a remote attacker to execute arbitrary commands on the system...
VulnCheck KEV: CVE-2015-2208
The saveObject function in moadmin.php in phpMoAdmin 1.1.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the object parameter...
VulnCheck KEV: CVE-2014-3914
Directory traversal vulnerability in the Admin Center for Tivoli Storage Manager TSM in Rocket ServerGraph 1.2 allows remote attackers to 1 create arbitrary files via a .. dot dot in the query parameter in a writeDataFile action to the fileRequestor servlet, execute arbitrary files via a...
VulnCheck KEV: CVE-2013-6023
Directory traversal vulnerability in the TVT TD-2308SS-B DVR with firmware 3.2.0.P-3520A-00 and earlier allows remote attackers to read arbitrary files via .. dot dot in the URI...
VulnCheck KEV: CVE-2006-2237
The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter...
VulnCheck KEV: CVE-2005-2848
Directory traversal vulnerability in img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to read arbitrary files via a .. dot dot in the f parameter...
VulnCheck KEV: CVE-2017-8223
On Wireless IP Camera P2P WIFICAM devices, an attacker can use the RTSP server on port 10554/tcp to watch the streaming without authentication via tcp/av01 or tcp/av00...
VulnCheck KEV: CVE-2017-8224
Wireless IP Camera P2P WIFICAM devices have a backdoor root account that can be accessed with TELNET...
VulnCheck KEV: CVE-2017-8221
Wireless IP Camera P2P WIFICAM devices rely on a cleartext UDP tunnel protocol aka the Cloud feature for communication between an Android application and a camera device, which allows remote attackers to obtain sensitive information by sniffing the network...
VulnCheck KEV: CVE-2005-0116
AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir parameter to aswtats.pl...
VulnCheck KEV: CVE-2019-12989
Citrix SD-WAN and NetScaler SD-WAN allow SQL Injection...
VulnCheck KEV: CVE-2015-4051
Beckhoff IPC Diagnostics before 1.8 does not properly restrict access to functions in /config, which allows remote attackers to cause a denial of service reboot or shutdown, create arbitrary users, or possibly have unspecified other impact via a crafted request, as demonstrated by a...
VulnCheck KEV: CVE-2018-7445
In MikroTik RouterOS, a stack-based buffer overflow occurs when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system...
VulnCheck KEV: CVE-2013-4863
The HomeAutomationGateway service in MiCasaVerde VeraLite with firmware 1.5.408 allows 1 remote attackers to execute arbitrary Lua code via a RunLua action in a request to upnp/control/hag on port 49451 or 2 remote authenticated users to execute arbitrary Lua code via a RunLua action in a...
VulnCheck KEV: CVE-2019-12991
Authenticated Command Injection in Citrix SD-WAN Appliance and NetScaler SD-WAN Appliance...
VulnCheck KEV: CVE-2005-2847
img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to execute arbitrary commands via shell metacharacters in the f parameter...