Total
1580 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-41533 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2022-10-14 | N/A | 7.2 HIGH |
| Online Diagnostic Lab Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /php_action/editProductImage.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-41534 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2022-10-14 | N/A | 7.2 HIGH |
| Online Diagnostic Lab Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /php_action/createOrder.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2019-8992 | 1 Tibco | 5 Activematrix Bpm, Activematrix Policy Director, Activematrix Service Bus and 2 more | 2022-10-14 | 6.5 MEDIUM | 8.8 HIGH |
| The administrative server component of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid, TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric, TIBCO Silver Fabric Enabler for ActiveMatrix BPM, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid contains a vulnerability wherein a user without privileges to upload distributed application archives ("Upload DAA" permission) can theoretically upload arbitrary code, and in some circumstances then execute that code on ActiveMatrix Service Grid nodes. Affected releases are TIBCO Software Inc.'s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, TIBCO ActiveMatrix Policy Director: versions up to and including 1.1.0, TIBCO ActiveMatrix Service Bus: versions up to and including 3.3.0, TIBCO ActiveMatrix Service Grid: versions up to and including 3.3.1, TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric: versions up to and including 3.3.0, TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid: versions up to and including 1.3.1. | |||||
| CVE-2019-7257 | 1 Nortekcontrol | 4 Linear Emerge Elite, Linear Emerge Elite Firmware, Linear Emerge Essential and 1 more | 2022-10-13 | 7.5 HIGH | 10.0 CRITICAL |
| Linear eMerge E3-Series devices allow Unrestricted File Upload. | |||||
| CVE-2019-7268 | 1 Nortekcontrol | 4 Linear Emerge 5000p, Linear Emerge 5000p Firmware, Linear Emerge 50p and 1 more | 2022-10-13 | 10.0 HIGH | 10.0 CRITICAL |
| Linear eMerge 50P/5000P devices allow Unauthenticated File Upload. | |||||
| CVE-2019-7274 | 1 Optergy | 2 Enterprise, Proton | 2022-10-13 | 10.0 HIGH | 9.8 CRITICAL |
| Optergy Proton/Enterprise devices allow Authenticated File Upload with Code Execution as root. | |||||
| CVE-2022-40777 | 1 Interspire | 1 Email Marketer | 2022-10-13 | N/A | 8.8 HIGH |
| Interspire Email Marketer through 6.5.0 allows arbitrary file upload via a surveys_submit.php "create survey and submit survey" operation, which can cause a .php file to be accessible under a /admin/temp/surveys/ URI. NOTE: this issue exists because of an incomplete fix for CVE-2018-19550. | |||||
| CVE-2022-41406 | 1 Church Management System Project | 1 Church Management System | 2022-10-13 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in the /admin/admin_pic.php component of Church Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-40921 | 1 Dedecms | 1 Dedecms | 2022-10-13 | N/A | 7.2 HIGH |
| DedeCMS V5.7.99 was discovered to contain an arbitrary file upload vulnerability via the component /dede/file_manage_control.php. | |||||
| CVE-2022-3458 | 1 Human Resource Management System Project | 1 Human Resource Management System | 2022-10-12 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in SourceCodester Human Resource Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /employeeview.php of the component Image File Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-210559. | |||||
| CVE-2022-41387 | 1 Democritus | 1 D8s-pdfs | 2022-10-12 | N/A | 9.8 CRITICAL |
| The d8s-pdfs package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0. | |||||
| CVE-2022-42044 | 1 Democritus | 1 D8s-asns | 2022-10-12 | N/A | 9.8 CRITICAL |
| The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-html package. The affected version is 0.1.0. | |||||
| CVE-2022-42040 | 1 Democritus | 1 D8s-algorithms | 2022-10-12 | N/A | 9.8 CRITICAL |
| The d8s-algorithms package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0. | |||||
| CVE-2022-42041 | 1 Democritus | 1 D8s-file-system | 2022-10-12 | N/A | 9.8 CRITICAL |
| The d8s-file-system package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hashes package. The affected version is 0.1.0. | |||||
| CVE-2022-42038 | 1 Democritus | 1 D8s-ip-addresses | 2022-10-12 | N/A | 9.8 CRITICAL |
| The d8s-ip-addresses package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0. | |||||
| CVE-2022-42042 | 1 Democritus | 1 D8s-networking | 2022-10-12 | N/A | 9.8 CRITICAL |
| The d8s-networking package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hashes package. The affected version is 0.1.0. | |||||
| CVE-2022-42043 | 1 Democritus | 1 D8s-xml | 2022-10-12 | N/A | 9.8 CRITICAL |
| The d8s-xml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-html package. The affected version is 0.1.0. | |||||
| CVE-2022-42039 | 1 Democritus | 1 D8s-lists | 2022-10-12 | N/A | 9.8 CRITICAL |
| The d8s-lists package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0. | |||||
| CVE-2022-42036 | 1 Democritus | 1 D8s-urls | 2022-10-12 | N/A | 9.8 CRITICAL |
| The d8s-urls package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0. | |||||
| CVE-2022-42037 | 1 Democritus | 1 D8s-asns | 2022-10-12 | N/A | 9.8 CRITICAL |
| The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0. | |||||