4985 matches found
VulnCheck KEV: CVE-2018-17173
LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsrserver/device/getThumbnail...
VulnCheck KEV: CVE-2018-6961
VMware SD-WAN Edge by VeloCloud contains a command injection vulnerability in the local web UI component. Successful exploitation of this issue could result in remote code execution...
VulnCheck KEV: CVE-2018-7841
A SQL Injection vulnerability exists in U.motion Builder software which could cause unwanted code execution when an improper set of characters is entered...
VulnCheck KEV: CVE-2017-5174
An Authentication Bypass issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An authentication bypass vulnerability has been identified. The existing file system architecture could allow attackers to bypass the access control that may allow remote code execution...
VulnCheck KEV: CVE-2019-3929
Multiple Crestron products are vulnerable to command injection via the filetransfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root...
VulnCheck KEV: CVE-2014-6287
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server HFS or HttpFileServer allows remote attackers to execute arbitrary programs...
VulnCheck KEV: CVE-2015-2051
D-Link DIR-645 Wired/Wireless Router allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface...
VulnCheck KEV: CVE-2017-8046
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 Ingalls SR9, versions prior to 3.0.1 Kay SR1 and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code...
VulnCheck KEV: CVE-2019-14950
The wp-live-chat-support plugin before 8.0.27 for WordPress has XSS via the GDPR page...
VulnCheck KEV: CVE-2019-0863
Microsoft Windows Error Reporting WER contains a privilege escalation vulnerability due to the way it handles files, allowing for code execution in kernel mode...
VulnCheck KEV: CVE-2019-3568
A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number...
VulnCheck KEV: CVE-2019-0604
Microsoft SharePoint fails to check the source markup of an application package. An attacker who successfully exploits the vulnerability could run remote code in the context of the SharePoint application pool and the SharePoint server farm account...
VulnCheck KEV: CVE-2019-11869
The Yuzo Related Posts plugin 5.12.94 for WordPress has XSS because it mistakenly expects that isadmin verifies that the request comes from an admin user it actually only verifies that the request is for an admin page. An unauthenticated attacker can inject a payload into the plugin...
VulnCheck KEV: CVE-2019-11510
Ivanti Pulse Connect Secure contains an arbitrary file read vulnerability that allows an unauthenticated remote attacker with network access via HTTPS to send a specially crafted URI...
VulnCheck KEV: CVE-2019-2729
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Web Services. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...
VulnCheck KEV: CVE-2019-2725
Injection vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Web Services...
VulnCheck KEV: CVE-2019-3396
Atlassian Confluence Server and Data Center contain a server-side template injection vulnerability that may allow an attacker to achieve path traversal and remote code execution...
VulnCheck KEV: CVE-2017-6736
The Simple Network Management Protocol SNMP subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code...
VulnCheck KEV: CVE-2018-0296
Cisco Adaptive Security Appliance ASA contains an improper input validation vulnerability with HTTP URLs. Exploitation could allow an attacker to cause a denial-of-service DoS condition or information disclosure...
VulnCheck KEV: CVE-2017-12617
When running Apache Tomcat, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server...
VulnCheck KEV: CVE-2017-13315
In writeToParcel and createFromParcel of DcParamObject.java, there is a permission bypass due to a write size mismatch. This could lead to an elevation of privileges where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is...
VulnCheck KEV: CVE-2017-13156
An elevation of privilege vulnerability in the Android system art. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-64211847...
VulnCheck KEV: CVE-2019-11886
The WaspThemes Visual CSS Style Editor aka yellow-pencil-visual-theme-customizer plugin before 7.2.1 for WordPress allows ypoptionupdate CSRF, as demonstrated by use of ypremoteget to obtain admin access...
VulnCheck KEV: CVE-2019-0803
Microsoft Win32k contains an unspecified vulnerability due to it failing to properly handle objects in memory causing privilege escalation. Successful exploitation allows an attacker to run code in kernel mode...
VulnCheck KEV: CVE-2015-1427
The Groovy scripting engine in Elasticsearch allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands...
VulnCheck KEV: CVE-2018-19127
A code injection vulnerability in /type.php in PHPCMS 2008 allows attackers to write arbitrary content to a website cache file with a controllable filename, leading to arbitrary code execution. The PHP code is sent via the template parameter, and is written to a data/cachetemplate/.tpl.php file...
VulnCheck KEV: CVE-2019-7139
An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensitive data leakage. This issue is fixed in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2...
VulnCheck KEV: CVE-2019-0666
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0665, CVE-2019-0667, CVE-2019-0772...
VulnCheck KEV: CVE-2019-0633
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 SMBv2 server handles certain requests, aka 'Windows SMB Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0630...
VulnCheck KEV: CVE-2019-0630
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 SMBv2 server handles certain requests, aka 'Windows SMB Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0633...
VulnCheck KEV: CVE-2019-0667
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0665, CVE-2019-0666, CVE-2019-0772...
VulnCheck KEV: CVE-2019-0784
A remote code execution vulnerability exists in the way that the ActiveX Data objects ADO handles objects in memory, aka 'Windows ActiveX Remote Code Execution Vulnerability'...
VulnCheck KEV: CVE-2019-9978
WordPress Social Warfare plugin contains a cross-site scripting XSS vulnerability that allows for remote code execution. This vulnerability affects Social Warfare and Social Warfare Pro...
VulnCheck KEV: CVE-2017-8750
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of...
VulnCheck KEV: CVE-2019-0859
Microsoft Win32k fails to properly handle objects in memory causing privilege escalation. Successful exploitation allows an attacker to run code in kernel mode...
VulnCheck KEV: CVE-2019-0808
Microsoft Win32k contains a privilege escalation vulnerability due to the component failing to properly handle objects in memory. Successful exploitation allows an attacker to run code in kernel mode...
VulnCheck KEV: CVE-2019-0703
An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, which could lead to information disclosure from the server...
VulnCheck KEV: CVE-2019-25152
The Abandoned Cart Lite for WooCommerce and Abandoned Cart Pro for WooCommerce plugins for WordPress are vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 5.1.3 and 7.12.0 respectively, due to insufficient input sanitization and output escaping...
VulnCheck KEV: CVE-2016-0051
The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "WebDAV Elevation of Privilege...
VulnCheck KEV: CVE-2019-1663
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The...
VulnCheck KEV: CVE-2019-7816
ColdFusion versions Update 2 and earlier, Update 9 and earlier, and Update 17 and earlier have a file upload restriction bypass vulnerability. Successful exploitation could lead to arbitrary code execution...
VulnCheck KEV: CVE-2018-20250
WinRAR Absolute Path Traversal vulnerability leads to Remote Code Execution...
VulnCheck KEV: CVE-2019-5786
Google Chrome Blink contains a heap use-after-free vulnerability that allows an attacker to potentially perform out of bounds memory access via a crafted HTML page...
VulnCheck KEV: CVE-2019-0797
Microsoft Win32k contains a privilege escalation vulnerability when the Win32k component fails to properly handle objects in memory. Successful exploitation allows an attacker to execute code in kernel mode...
VulnCheck KEV: CVE-2013-3739
Directory traversal vulnerability in editor.php in Network Weathermap 0.97c and earlier allows remote attackers to read arbitrary files via a .. dot dot in the mapname parameter in a showconfig action...
VulnCheck KEV: CVE-2012-0791
Multiple cross-site scripting XSS vulnerabilities in Horde IMP before 5.0.18 and Horde Groupware Webmail Edition before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via the 1 composeCache, 2 rtemode, or 3 filename parameters to the compose page; 4 formname...
VulnCheck KEV: CVE-2018-10225
thinkphp 3.1.3 has SQL Injection via the index.php s parameter...
VulnCheck KEV: CVE-2018-11510
The ASUSTOR ADM 3.1.0.RFQ3 NAS portal suffers from an unauthenticated remote code execution vulnerability in the portal/apis/aggrecatejs.cgi file by embedding OS commands in the 'script' parameter...
VulnCheck KEV: CVE-2022-45045
Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow authenticated users to execute arbitrary commands as root, as exploited in the wild starting in approximately 2019. A remote and authenticated...
VulnCheck KEV: CVE-2018-8406
An elevation of privilege vulnerability exists when the DirectX Graphics Kernel DXGKRNL driver improperly handles objects in memory...