4985 matches found
VulnCheck KEV: CVE-2018-8405
An elevation of privilege vulnerability exists when the DirectX Graphics Kernel DXGKRNL driver improperly handles objects in memory...
VulnCheck KEV: CVE-2019-25296
The WP Cost Estimation plugin for WordPress is vulnerable to arbitrary file uploads and deletion due to missing file type validation in the lfbuploadform and lfbremoveFile AJAX actions in versions up to, and including, 9.642. This makes it possible for unauthenticated attackers to upload...
VulnCheck KEV: CVE-2019-0676
An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited this vulnerability could test for the presence of files on disk...
VulnCheck KEV: CVE-2019-6223
Apple iOS and macOS Group FaceTime contains an unspecified vulnerability where the call initiator can cause the recipient's Apple device to answer unknowingly or without user interaction...
VulnCheck KEV: CVE-2017-18362
ConnectWise ManagedITSync integration for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database...
VulnCheck KEV: CVE-2019-7286
Apple iOS, macOS, watchOS, and tvOS contain a memory corruption vulnerability that could allow for privilege escalation...
VulnCheck KEV: CVE-2019-7287
Apple iOS contains a memory corruption vulnerability which could allow an attacker to perform remote code execution...
VulnCheck KEV: CVE-2019-11695
A custom cursor defined by scripting on a site can position itself over the addressbar to spoof the actual cursor when it should not be allowed outside of the primary web content area. This could be used by a malicious site to trick users into clicking on permission prompts, doorhanger...
VulnCheck KEV: CVE-2019-9806
A vulnerability exists during authorization prompting for FTP transaction where successive modal prompts are displayed and cannot be immediately dismissed. This allows for a denial of service DOS attack. This vulnerability affects Firefox 66...
VulnCheck KEV: CVE-2017-0938
Denial of Service attack in airMAX 8.3.2 , airMAX 6.0.7 and EdgeMAX 1.9.7 allow attackers to use the Discovery Protocol in amplification attacks...
VulnCheck KEV: CVE-2019-9082
ThinkPHP contains an unspecified vulnerability that allows for remote code execution via public//?s=index/\think\app/invokefunction&function=calluserfuncarray&vars0=system&vars1= followed by the command...
VulnCheck KEV: CVE-2018-2894
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: WLS - Web Services. Supported versions that are affected are 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...
VulnCheck KEV: CVE-2017-12615
When running Apache Tomcat on Windows with HTTP PUTs enabled, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server...
VulnCheck KEV: CVE-2018-1273
Spring Data Commons contains a property binder vulnerability which can allow an attacker to perform remote code execution...
VulnCheck KEV: CVE-2015-4464
Kguard Digital Video Recorder 104, 108, v2 does not have any authorization or authentication between an ActiveX client and the application server...
VulnCheck KEV: CVE-2017-0213
Microsoft Windows COM Aggregate Marshaler allows for privilege escalation when an attacker runs a specially crafted application...
VulnCheck KEV: CVE-2017-11774
Microsoft Office Outlook contains a security feature bypass vulnerability due to improperly handling objects in memory. Successful exploitation allows an attacker to execute commands...
VulnCheck KEV: CVE-2018-7522
In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, when a system call is made, registers are stored to a fixed memory location. Modifying the data in this location could allow attackers to gain supervisor-level access and control system states...
VulnCheck KEV: CVE-2018-8653
Microsoft Internet Explorer contains a memory corruption vulnerability due to how the Scripting Engine handles objects in memory, leading to remote code execution...
VulnCheck KEV: CVE-2018-11776
Apache Struts contains a vulnerability that allows for remote code execution under two circumstances. One, where the alwaysSelectFullNamespace option is true and the value isn't set for a result defined in underlying configurations and in same time, its upper package configuration have no or...
VulnCheck KEV: CVE-2017-12824
Special crafted InPage document leads to arbitrary code execution in InPage reader...
VulnCheck KEV: CVE-2018-0798
Microsoft Office contains a memory corruption vulnerability due to the way objects are handled in memory. Successful exploitation allows for remote code execution in the context of the current user. This vulnerability is known to be chained with CVE-2018-0802...
VulnCheck KEV: CVE-2018-15982
Adobe Flash Player com.adobe.tvsdk.mediacore.metadata Use After Free Vulnerability...
VulnCheck KEV: CVE-2018-20838
ampforwpsavestepsdata in the AMP for WP plugin before 0.9.97.21 for WordPress allows stored XSS...
VulnCheck KEV: CVE-2017-11869
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current...
VulnCheck KEV: CVE-2018-19207
The Van Ons WP GDPR Compliance aka wp-gdpr-compliance plugin before 1.4.3 for WordPress allows remote attackers to execute arbitrary code because $wpdb-prepare input is mishandled, as exploited in the wild in November 2018...
VulnCheck KEV: CVE-2018-18956
The ProcessMimeEntity function in util-decode-mime.c in Suricata 4.x before 4.0.6 allows remote attackers to cause a denial of service segfault and daemon crash via crafted input to the SMTP parser, as exploited in the wild in November 2018...
VulnCheck KEV: CVE-2018-15454
A vulnerability in the Session Initiation Protocol SIP inspection engine of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause an affected device to reload or trigger high CPU, resulting...
VulnCheck KEV: CVE-2018-8611
A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory...
VulnCheck KEV: CVE-2018-9866
A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System GMS virtual appliance's, allow remote user to execute arbitrary code. This vulnerability affected GMS version 8.1 and earlier...
VulnCheck KEV: CVE-2018-8589
A privilege escalation vulnerability exists when Windows improperly handles calls to Win32k.sys. An attacker who successfully exploited this vulnerability could run remote code in the security context of the local system...
VulnCheck KEV: CVE-2018-1000207
MODX Revolution version =2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing them into phpthumb class that can result in Creating file with custom a filename and content. This attack appear to be exploitable via Web request. This vulnerability...
VulnCheck KEV: CVE-2018-25117
VestaCP commit a3f0fa1 2018-05-31 up to commit ee03eff 2018-06-13 contain embedded malicious code that resulted in a supply-chain compromise. New installations created from the compromised installer since at least May 2018 were subject to installation of Linux/ChachaDDoS, a multi-stage DDoS...
VulnCheck KEV: CVE-2016-3088
The Fileserver web application in Apache ActiveMQ allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request...
VulnCheck KEV: CVE-2018-8440
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call ALPC...
VulnCheck KEV: CVE-2017-3066
Adobe ColdFusion contains a deserialization vulnerability in the Apache BlazeDS library that allows for arbitrary code execution...
VulnCheck KEV: CVE-2018-8453
Microsoft Windows Win32k contains a vulnerability that allows an attacker to escalate privileges...
VulnCheck KEV: CVE-2018-11687
An integer overflow in the distributeBTR function of a smart contract implementation for Bitcoin Red BTCR, an Ethereum ERC20 token, allows the owner to accomplish an unauthorized increase of digital assets by providing a large address array, as exploited in the wild in May 2018, aka the...
VulnCheck KEV: CVE-2018-8414
A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths...
VulnCheck KEV: CVE-2025-34051
A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the /cgi-bin/nobody/Search.cgi?action=cgiquery endpoint without authentication. An attacker can manipulate the ip, port, and queryb64str parameters to make arbitrary HTTP...
VulnCheck KEV: CVE-2018-2893
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: WLS Core Components. Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to...
VulnCheck KEV: CVE-2018-7602
A remote code execution vulnerability exists within multiple subsystems of Drupal that can allow attackers to exploit multiple attack vectors on a Drupal site...
VulnCheck KEV: CVE-2017-5521
Multiple NETGEAR devices are prone to admin password disclosure via simple crafted requests to the web management server...
VulnCheck KEV: CVE-2014-9583
common.c in infosvr in ASUS WRT firmware 3.0.0.4.3761071, 3.0.0.376.2524-g0013f52, and other versions, as used in RT-AC66U, RT-N66U, and other routers, does not properly check the MAC address for a request, which allows remote attackers to bypass authentication and execute arbitrary commands via...
VulnCheck KEV: CVE-2013-0230
Stack-based buffer overflow in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to execute arbitrary code via a long quoted method...
VulnCheck KEV: CVE-2012-5959
Stack-based buffer overflow in the uniqueservicename function in ssdp/ssdpserver.c in the SSDP parser in the portable SDK for UPnP Devices aka libupnp, formerly the Intel SDK for UPnP devices before 1.6.18 allows remote attackers to execute arbitrary code via a long UDN aka uuid field...
VulnCheck KEV: CVE-2013-0229
The ProcessSSDPRequest function in minissdp.c in the SSDP handler in MiniUPnP MiniUPnPd before 1.4 allows remote attackers to cause a denial of service service crash via a crafted request that triggers a buffer over-read...
VulnCheck KEV: CVE-2015-7261
The FTP service in QNAP iArtist Lite before 1.4.54, as distributed with QNAP Signage Station before 2.0.1, has hardcoded credentials, which makes it easier for remote attackers to obtain access via a session on TCP port 21...
VulnCheck KEV: CVE-2017-8877
ASUS RT-AC and RT-N devices with firmware through 3.0.0.4.380.7378 allow JSONP Information Disclosure such as the SSID...
VulnCheck KEV: CVE-2017-6549
Session hijack vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with firmware...