4985 matches found
VulnCheck KEV: CVE-2017-15718
The YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 can leak the password for credential store provider used by the NodeManager to YARN Applications...
VulnCheck KEV: CVE-2019-0193
The optional Apache Solr module DataImportHandler contains a code injection vulnerability...
VulnCheck KEV: CVE-2020-7047
The WordPress plugin, WP Database Reset through 3.1, contains a flaw that gave any authenticated user, with minimal permissions, the ability with a simple wp-admin/admin.php?db-reset-tables=users request to escalate their privileges to administrator while dropping all other users from the table...
VulnCheck KEV: CVE-2020-0610
A remote code execution vulnerability exists in Windows Remote Desktop Gateway RD Gateway when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway RD Gateway Remote Code Execution Vulnerability'. This...
VulnCheck KEV: CVE-2020-0601
Microsoft Windows CryptoAPI Crypt32.dll contains a spoofing vulnerability in the way it validates Elliptic Curve Cryptography ECC certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was...
VulnCheck KEV: CVE-2020-0611
A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'...
VulnCheck KEV: CVE-2020-0609
A remote code execution vulnerability exists in Windows Remote Desktop Gateway RD Gateway when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway RD Gateway Remote Code Execution Vulnerability'. This...
VulnCheck KEV: CVE-2016-1555
Multiple NETGEAR Wireless Access Point devices allows unauthenticated web pages to pass form input directly to the command-line interface. Exploitation allows for arbitrary code execution...
VulnCheck KEV: CVE-2020-6166
A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.15, allows authenticated users with basic access to export settings and change maintenance-mode themes...
VulnCheck KEV: CVE-2017-6077
NETGEAR DGN2200 wireless routers contain a vulnerability that allows for remote code execution...
VulnCheck KEV: CVE-2018-9285
MainAnalysisContent.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68U, RT-AC86U, RT-AC88U, RT-AC1900, RT-AC2900, and RT-AC3100 devices before 3.0.0.4.38410007; RT-N18U devices before 3.0.0.4.382.39935; RT-AC87U and RT-AC3200 devices before 3.0.0.4.382.50010; and RT-AC5300 devices before...
VulnCheck KEV: CVE-2017-6334
dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands...
VulnCheck KEV: CVE-2017-6884
Zyxel EMG2926 routers contain a command injection vulnerability located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute malicious commands on the router, such as the pingip parameter to the...
VulnCheck KEV: CVE-2013-3568
Cross-site request forgery CSRF vulnerability in Cisco Linksys WRT110 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors...
VulnCheck KEV: CVE-2016-5679
cgi-bin/cgimain in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transferlicense command...
VulnCheck KEV: CVE-2019-17026
Mozilla Firefox and Thunderbird contain a type confusion vulnerability due to incorrect alias information in the IonMonkey JIT compiler when setting array elements...
VulnCheck KEV: CVE-2019-6340
In Drupal Core, some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases...
VulnCheck KEV: CVE-2019-10149
Improper validation of recipient address in delivermessage function in /src/deliver.c may lead to remote command execution...
VulnCheck KEV: CVE-2019-0903
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface GDI handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system...
VulnCheck KEV: CVE-2014-0498
Stack-based buffer overflow in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows...
VulnCheck KEV: CVE-2017-17733
Maccms 8.x allows remote command execution via the wd parameter in an index.php?m=vod-search request...
VulnCheck KEV: CVE-2019-16662
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution...
VulnCheck KEV: CVE-2019-11043
In some versions of PHP in certain configurations of FPM setup, it is possible to cause FPM module to write past allocated buffers allowing the possibility of remote code execution...
VulnCheck KEV: CVE-2019-19915
The "301 Redirects - Easy Redirect Manager" plugin before 2.45 for WordPress allows users with subscriber or greater access to modify, delete, or inject redirect rules, and exploit XSS, with the /admin-ajax.php?action=epsredirectsave and /admin-ajax.php?action=epsredirectdelete actions...
VulnCheck KEV: CVE-2017-16608
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within exec.jsp. The issue results from the lack of proper validation of a...
VulnCheck KEV: CVE-2019-15107
An issue was discovered in Webmin. The parameter old in passwordchange.cgi contains a command injection vulnerability...
VulnCheck KEV: CVE-2019-14927
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote configuration download vulnerability allows an attacker to download the smartRTU's configuration file which contains data such as usernames,...
VulnCheck KEV: CVE-2016-0752
Directory traversal vulnerability in Action View in Ruby on Rails allows remote attackers to read arbitrary files...
VulnCheck KEV: CVE-2017-16602
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...
VulnCheck KEV: CVE-2019-17270
Yachtcontrol through 2019-10-06: It's possible to perform direct Operating System commands as an unauthenticated user via the "/pages/systemcall.php?command=COMMAND" page and parameter, where COMMAND will be executed and returning the results to the client. Affects Yachtcontrol webservers...
VulnCheck KEV: CVE-2017-14127
Command Injection in the Ping Module in the Web Interface on Technicolor TD5336 OIFwv7 devices allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the pingAddr parameter to mntping.cgi...
VulnCheck KEV: CVE-2019-16072
An OS command injection vulnerability in the discoverandmanage CGI script in NETSAS Enigma NMS 65.0.0 and prior allows an attacker to execute arbitrary code because of improper neutralization of shell metacharacters in the ipaddress variable within an snmpbrowser action...
VulnCheck KEV: CVE-2006-4000
Directory traversal vulnerability in cgi-bin/previewemail.cgi in Barracuda Spam Firewall BSF 3.3.01.001 through 3.3.03.053 allows remote authenticated users to read arbitrary files via a .. dot dot in the file parameter...
VulnCheck KEV: CVE-2019-14931
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote OS Command Injection vulnerability allows an attacker to execute arbitrary commands on the RTU due to the passing of unsafe user supplied data to...
VulnCheck KEV: CVE-2013-5912
VhttpdMgr in Thomson Reuters Velocity Analytics Vhayu Analytic Server 6.94 build 2995 allows remote attackers to execute arbitrary code via a URL in the fileName parameter during an importFile action...
VulnCheck KEV: CVE-2019-18396
An issue was discovered in certain Oi third-party firmware that may be installed on Technicolor TD5130v2 devices. A Command Injection in the Ping module in the Web Interface in OIFwV20 allows remote attackers to execute arbitrary OS commands in the pingAddr parameter to mntping.cgi. NOTE: This...
VulnCheck KEV: CVE-2017-6316
A vulnerability has been identified in the management interface of Citrix NetScaler SD-WAN Enterprise and Standard Edition and Citrix CloudBridge Virtual WAN Edition that could result in an unauthenticated, remote attacker being able to execute arbitrary code as a root user. This vulnerability...
VulnCheck KEV: CVE-2019-1458
A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k EoP...
VulnCheck KEV: CVE-2019-19985
The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed unauthenticated file download with user information disclosure...
VulnCheck KEV: CVE-2019-1429
Microsoft Internet Explorer contains a memory corruption vulnerability which can allow for remote code execution in the context of the current user...
VulnCheck KEV: CVE-2019-13720
Google Chrome WebAudio contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page...
VulnCheck KEV: CVE-2019-18187
Trend Micro OfficeScan contains a directory traversal vulnerability by extracting files from a zip file to a specific folder on the OfficeScan server, leading to remote code execution...
VulnCheck KEV: CVE-2019-16759
The PHP module within vBulletin contains an unspecified vulnerability that allows for remote code execution via the widgetConfigcode parameter in an ajax/render/widgetphp routestring request...
VulnCheck KEV: CVE-2014-0810
Unspecified vulnerability in JustSystems Sanshiro 2007 before update 3, 2008 before update 5, 2009 before update 6, and 2010 before update 6, and Sanshiro Viewer before 2.0.2.0, allows remote attackers to execute arbitrary code via a crafted document...
VulnCheck KEV: CVE-2019-1579
Remote Code Execution in PAN-OS with GlobalProtect Portal or GlobalProtect Gateway Interface enabled...
VulnCheck KEV: CVE-2019-11539
Ivanti Pulse Connect Secure and Policy Secure allows an authenticated attacker from the admin web interface to inject and execute commands...
VulnCheck KEV: CVE-2018-13379
Fortinet FortiOS SSL VPN web portal contains a path traversal vulnerability that may allow an unauthenticated attacker to download FortiOS system files through specially crafted HTTP resource requests...
VulnCheck KEV: CVE-2018-13382
An Improper Authorization vulnerability in Fortinet FortiOS and FortiProxy under SSL VPN web portal allows an unauthenticated attacker to modify the password...
VulnCheck KEV: CVE-2018-13383
A heap buffer overflow in Fortinet FortiOS and FortiProxy may cause the SSL VPN web service termination for logged in users...
VulnCheck KEV: CVE-2019-17049
NETGEAR SRX5308 4.3.5-3 devices allow SQL Injection, as exploited in the wild in September 2019 to add a new user account...