Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
added 2018/01/15 12:0 a.m.3 views

VulnCheck KEV: CVE-2012-2335

php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4.2 and execute arbitrary code by leveraging improper interaction between the PHP sapi/cgi/cgimain.c component and a query string beginning with...

7.5CVSS7.6AI score0.32542EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2018/01/15 12:0 a.m.3 views

VulnCheck KEV: CVE-2012-2336

sapi/cgi/cgimain.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script aka php-cgi, does not properly handle query strings that lack an = equals sign character, which allows remote attackers to cause a denial of service resource consumption by placing...

5CVSS7.3AI score0.50723EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2018/01/12 12:0 a.m.3 views

VulnCheck KEV: CVE-2018-8872

In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, system calls read directly from memory addresses within the control program area without any verification. Manipulating this data could allow attacker data to be copied anywhere within memory...

9.3CVSS7.2AI score0.02306EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2018/01/09 12:0 a.m.3 views

VulnCheck KEV: CVE-2018-0802

Microsoft Office contains a memory corruption vulnerability due to the way objects are handled in memory. Successful exploitation allows for remote code execution in the context of the current user. This vulnerability is known to be chained with CVE-2018-0798...

9.3CVSS7.8AI score0.95121EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
added 2017/12/28 12:0 a.m.2 views

VulnCheck KEV: CVE-2017-14321

Multiple cross-site scripting XSS vulnerabilities in the administrative interface in Mirasvit Helpdesk MX before 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the 1 customer name or 2 subject in a ticket...

5.4CVSS6.1AI score0.00603EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2017/12/21 12:0 a.m.3 views

VulnCheck KEV: CVE-2017-17215

Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code...

8.8CVSS8.1AI score0.7861EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2017/12/05 12:0 a.m.3 views

VulnCheck KEV: CVE-2017-7494

Samba contains a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share and then cause the server to load and execute it...

10CVSS7.7AI score0.99448EPSS
Exploits24References1
VulnCheck KEV
VulnCheck KEV
added 2017/12/02 12:0 a.m.3 views

VulnCheck KEV: CVE-2017-12149

The JBoss Application Server, shipped with Red Hat Enterprise Application Platform 5.2, allows an attacker to execute arbitrary code via crafted serialized data...

9.8CVSS7.8AI score0.90713EPSS
Exploits14References1
VulnCheck KEV
VulnCheck KEV
added 2017/12/01 12:0 a.m.9 views

VulnCheck KEV: CVE-2017-8570

A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory...

9.3CVSS7.8AI score0.89889EPSS
Exploits14References1
VulnCheck KEV
VulnCheck KEV
added 2017/11/27 12:0 a.m.5 views

VulnCheck KEV: CVE-2017-11882

Microsoft Office contains a memory corruption vulnerability that allows remote code execution in the context of the current user...

9.3CVSS7.8AI score0.99945EPSS
Exploits33References1
VulnCheck KEV
VulnCheck KEV
added 2017/11/24 12:0 a.m.2 views

VulnCheck KEV: CVE-2016-10401

ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it easier for remote attackers to obtain root access if a non-root account password is known or a non-root default account exists within an ISP's deployment of these devices...

9CVSS7.5AI score0.12439EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2017/11/16 12:0 a.m.5 views

VulnCheck KEV: CVE-2017-8487

Windows OLE in Windows XP and Windows Server 2003 allows an attacker to execute code when a victim opens a specially crafted file or program aka "Windows olecnv32.dll Remote Code Execution Vulnerability."...

9.3CVSS7.3AI score0.62532EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2017/11/08 12:0 a.m.4 views

VulnCheck KEV: CVE-2017-16651

Roundcube Webmail contains a file disclosure vulnerability caused by insufficient input validation in conjunction with file-based attachment plugins, which are used by default...

7.8CVSS7AI score0.42831EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2017/11/01 12:0 a.m.2 views

VulnCheck KEV: CVE-2013-0808

Hangul Word Processor contains a buffer overflow vulnerability that can be exploited by an embedded EPS object contained in a malicious HWP document...

6.1AI score
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2017/11/01 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-12847

NETGEAR DGN1000 before 1.1.00.48 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can execute arbitrary operating system commands as root by sending crafted HTTP requests to the setup.cgi endpoint. This vulnerability has been exploited in the wild...

9.8CVSS7.6AI score0.28986EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2017/10/31 12:0 a.m.3 views

VulnCheck KEV: CVE-2017-18580

The shortcodes-ultimate plugin before 5.0.1 for WordPress has remote code execution via a filter in a meta, post, or user shortcode...

9.8CVSS7.8AI score0.12092EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2017/10/23 12:0 a.m.8 views

VulnCheck KEV: CVE-2017-15919

The ultimate-form-builder-lite plugin before 1.3.7 for WordPress has SQL Injection, with resultant PHP Object Injection, via wp-admin/admin-ajax.php...

9.8CVSS7.4AI score0.02482EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2017/10/20 12:0 a.m.2 views

VulnCheck KEV: CVE-2025-34043

A remote command injection vulnerability exists in Vacron Network Video Recorder NVR devices v1.4 due to improper input sanitization in the board.cgi script. The vulnerability allows unauthenticated attackers to pass arbitrary commands to the underlying operating system via crafted HTTP...

10CVSS6AI score0.09001EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2017/10/20 12:0 a.m.3 views

VulnCheck KEV: CVE-2016-20016

MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108HE, contain a web shell that is accessible via a /shell URI. A remote unauthenticated attacker can execute arbitrary operating system commands as root. This vulnerability has also been referred to as the "JAWS webserver RCE"...

9.8CVSS7.7AI score0.86289EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2017/10/19 12:0 a.m.9 views

VulnCheck KEV: CVE-2017-8225

On Wireless IP Camera P2P WIFICAM devices, access to .ini files containing credentials is not correctly checked. An attacker can bypass authentication by providing an empty loginuse parameter and an empty loginpas parameter in the URI...

9.8CVSS7.4AI score0.18005EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2017/10/12 12:0 a.m.3 views

VulnCheck KEV: CVE-2016-7836

SKYSEA Client View contains an improper authentication vulnerability that allows remote code execution via a flaw in processing authentication on the TCP connection with the management console program...

10CVSS8AI score0.1938EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2017/10/10 12:0 a.m.5 views

VulnCheck KEV: CVE-2017-11292

Adobe Flash Player contains a type confusion vulnerability which can allow for remote code execution...

8.8CVSS7.6AI score0.12104EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2017/10/02 12:0 a.m.3 views

VulnCheck KEV: CVE-2017-20208

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to PHP Object Injection in all versions up to 3.7.9.3 exclusive via deserialization of untrusted input from the isexpiredbydate function. This makes it...

9.8CVSS5.8AI score0.00644EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2017/10/02 12:0 a.m.5 views

VulnCheck KEV: CVE-2017-20206

The Appointments plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.2.1 via deserialization of untrusted input from the wpmudevappointments cookie. This allows unauthenticated attackers to inject a PHP Object. Attackers were actively exploiting...

9.8CVSS5.8AI score0.0067EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2017/10/02 12:0 a.m.4 views

VulnCheck KEV: CVE-2017-20207

The Flickr Gallery plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.5.2 via deserialization of untrusted input from the pager parameter. This allows unauthenticated attackers to inject a PHP Object. Attackers were actively exploiting this...

9.8CVSS5.8AI score0.0067EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2017/09/28 12:0 a.m.4 views

VulnCheck KEV: CVE-2017-11826

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user...

9.3CVSS7.6AI score0.81627EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2017/09/18 12:0 a.m.4 views

VulnCheck KEV: CVE-2017-20201

CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 32-bit builds contained a malicious pre-entry-point loader that diverts execution from scrtcommonmainseh into a custom loader. That loader decodes an embedded blob into shellcode, allocates executable heap memory, resolves Windows API...

9.3CVSS6AI score0.00494EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2017/09/13 12:0 a.m.5 views

VulnCheck KEV: CVE-2016-10176

The NETGEAR WNR2000v5 router allows an administrator to perform sensitive actions by invoking the apply.cgi URL on the web server of the device. This special URL is handled by the embedded web server uhttpd and processed accordingly. The web server also contains another URL, applynoauth.cgi,...

9.8CVSS7.3AI score0.77426EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2017/09/12 12:0 a.m.4 views

VulnCheck KEV: CVE-2017-8759

Microsoft .NET Framework contains a remote code execution vulnerability when processing untrusted input that could allow an attacker to take control of an affected system...

9.3CVSS7.8AI score0.88698EPSS
Exploits14References1
VulnCheck KEV
VulnCheck KEV
added 2017/08/30 12:0 a.m.4 views

VulnCheck KEV: CVE-2017-0037

Microsoft Edge and Internet Explorer have a type confusion vulnerability in mshtml.dll, which allows remote code execution...

8.1CVSS7.2AI score0.80386EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
added 2017/08/30 12:0 a.m.4 views

VulnCheck KEV: CVE-2017-0059

Microsoft Internet Explorer allow remote attackers to obtain sensitive information from process memory via a crafted web site...

4.3CVSS6.7AI score0.61968EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
added 2017/08/15 12:0 a.m.3 views

VulnCheck KEV: CVE-2017-20203

NetSarang Xmanager Enterprise 5.0 Build 1232, Xmanager 5.0 Build 1045, Xshell 5.0 Build 1322, Xftp 5.0 Build 1218, and Xlpd 5.0 Build 1220 contain a malicious nssock2.dll that implements a multi-stage, DNS-based backdoor. The dormant library contacts a C2 DNS server via a specially crafted TXT...

9.3CVSS5.8AI score0.00622EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2017/08/07 12:0 a.m.3 views

VulnCheck KEV: CVE-2017-12637

SAP NetWeaver Application Server AS Java contains a directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS that allows a remote attacker to read arbitrary files via a .. dot dot in the query string...

7.5CVSS7.5AI score0.94557EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2017/08/01 12:0 a.m.3 views

VulnCheck KEV: CVE-2017-20202

Web Developer for Chrome v0.4.9 contained malicious code that generated a domain via a DGA and fetched a remote script. The fetched script conditionally loaded follow-on modules that performed extensive ad substitution and malvertising, displayed fake “repair” alerts that redirected users to...

9.3CVSS5.9AI score0.00499EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2017/06/21 12:0 a.m.5 views

VulnCheck KEV: CVE-2017-6922

In Drupal core 8.x prior to 8.3.4 and Drupal core 7.x prior to 7.56; Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rather than all anonymous users. Drupal core did not...

6.5CVSS6.7AI score0.01947EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2017/06/20 12:0 a.m.2 views

VulnCheck KEV: CVE-2002-1689

Unknown vulnerability in the login program on AIX before 4.0 could allow remote users to specify 100 or more environment variables when logging on, which exceeds the length of a certain string, possibly triggering a buffer overflow...

10CVSS6.2AI score0.02099EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2017/06/20 12:0 a.m.3 views

VulnCheck KEV: CVE-2001-0550

wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a "" argument to commands such as CWD, which is not properly handled by the glob function ftpglob...

7.5CVSS6.1AI score0.74762EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2017/06/20 12:0 a.m.5 views

VulnCheck KEV: CVE-2001-0690

Format string vulnerability in exim 3.22-10 in Red Hat, 3.12 in Debian and 3.16 in Conectiva in batched SMTP mode allows a remote attacker to execute arbitrary code via format strings in SMTP mail headers...

7.5CVSS6.2AI score0.11891EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2017/06/20 12:0 a.m.2 views

VulnCheck KEV: CVE-2009-2526

Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 do not properly validate fields in SMBv2 packets, which allows remote attackers to cause a denial of service infinite loop and system hang via a crafted packet to the Server service, aka "SMBv2 Infinite Loop Vulnerability."...

7.8CVSS5.8AI score0.81891EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2017/06/20 12:0 a.m.5 views

VulnCheck KEV: CVE-2017-5613

Format string vulnerability in cgiemail and cgiecho allows remote attackers to execute arbitrary code via format string specifiers in a template file...

7.8CVSS7.5AI score0.0256EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2017/06/20 12:0 a.m.3 views

VulnCheck KEV: CVE-2004-1315

viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the highlight value so that special characters are inserted into the result, which...

7.5CVSS6.1AI score0.72096EPSS
Exploits11References1
VulnCheck KEV
VulnCheck KEV
added 2017/06/20 12:0 a.m.4 views

VulnCheck KEV: CVE-2009-0099

The Electronic Messaging System Microsoft Data Base EMSMDB32 provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service application outage via a malformed MAPI command, aka "Literal...

5CVSS5.8AI score0.26239EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2017/06/20 12:0 a.m.3 views

VulnCheck KEV: CVE-2003-0109

Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0...

7.5CVSS6.1AI score0.86396EPSS
Exploits13References1
VulnCheck KEV
VulnCheck KEV
added 2017/06/20 12:0 a.m.3 views

VulnCheck KEV: CVE-2007-1675

Buffer overflow in the CRAM-MD5 authentication mechanism in the IMAP server nimap.exe in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to cause a denial of service via a long username...

10CVSS5.9AI score0.6122EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2017/06/20 12:0 a.m.2 views

VulnCheck KEV: CVE-1999-0192

Buffer overflow in telnet daemon tgetent routing allows remote attackers to gain root access via the TERMCAP environmental variable...

10CVSS5.9AI score0.10041EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2017/06/20 12:0 a.m.4 views

VulnCheck KEV: CVE-2017-3622

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite subcomponent: Common Desktop Environment CDE. The supported version that is affected is 10. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes...

7.8CVSS7.1AI score0.05382EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2017/06/20 12:0 a.m.5 views

VulnCheck KEV: CVE-2004-0116

An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service memory consumption via an activation request with a large length field...

5CVSS5.8AI score0.36583EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2017/06/20 12:0 a.m.4 views

VulnCheck KEV: CVE-2009-3103

Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service system crash via an & ampersand character in a...

10CVSS7.7AI score0.90121EPSS
Exploits20References1
VulnCheck KEV
VulnCheck KEV
added 2017/06/20 12:0 a.m.2 views

VulnCheck KEV: CVE-2009-2532

Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC do not properly process the command value in an SMB Multi-Protocol Negotiate Request packet, which allows remote attackers to execute arbitrary code via a crafted SMBv2 packet to the Server service, aka...

10CVSS6.2AI score0.62171EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2017/06/20 12:0 a.m.7 views

VulnCheck KEV: CVE-2001-0797

Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin...

10CVSS6.2AI score0.88836EPSS
Exploits27References1
Total number of security vulnerabilities4985