Total
803 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-4558 | 1 Tiki | 1 Tiki | 2020-01-30 | 6.0 MEDIUM | 7.2 HIGH |
| Tiki 8.2 and earlier allows remote administrators to execute arbitrary PHP code via crafted input to the regexres and regex parameters. | |||||
| CVE-2012-1495 | 1 Webcalendar Project | 1 Webcalendar | 2020-01-29 | 7.5 HIGH | 9.8 CRITICAL |
| install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter. | |||||
| CVE-2012-1496 | 1 Webcalendar Project | 1 Webcalendar | 2020-01-29 | 6.5 MEDIUM | 8.8 HIGH |
| Local file inclusion in WebCalendar before 1.2.5. | |||||
| CVE-2017-5630 | 1 Php | 1 Pear | 2020-01-23 | 5.0 MEDIUM | 7.5 HIGH |
| PECL in the download utility class in the Installer in PEAR Base System v1.10.1 does not validate file types and filenames after a redirect, which allows remote HTTP servers to overwrite files via crafted responses, as demonstrated by a .htaccess overwrite. | |||||
| CVE-2012-0070 | 1 Spamdyke | 1 Spamdyke | 2020-01-23 | 5.0 MEDIUM | 7.5 HIGH |
| spamdyke prior to 4.2.1: STARTTLS reveals plaintext | |||||
| CVE-2012-2931 | 1 Tinywebgallery | 1 Tinywebgallery | 2020-01-22 | 6.5 MEDIUM | 7.2 HIGH |
| PHP code injection in TinyWebGallery before 1.8.8 allows remote authenticated users with admin privileges to inject arbitrary code into the .htusers.php file. | |||||
| CVE-2013-7380 | 1 Ep Imageconvert Project | 1 Ep Imageconvert | 2020-01-14 | 7.5 HIGH | 9.8 CRITICAL |
| The Etherpad Lite ep_imageconvert Plugin has a Remote Command Injection Vulnerability | |||||
| CVE-2014-5287 | 1 Kemptechnologies | 1 Loadmaster | 2020-01-13 | 6.8 MEDIUM | 8.8 HIGH |
| A Bash script injection vulnerability exists in Kemp Load Master 7.1-16 and earlier due to a failure to sanitize input in the Web User Interface (WUI). | |||||
| CVE-2017-17521 | 1 Fontforge | 1 Fontforge | 2020-01-13 | 6.8 MEDIUM | 8.8 HIGH |
| uiutil.c in FontForge through 20170731 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17534. | |||||
| CVE-2013-7070 | 1 Fibranet | 1 Monitorix | 2020-01-09 | 10.0 HIGH | 9.8 CRITICAL |
| The handle_request function in lib/HTTPServer.pm in Monitorix before 3.3.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the URI. | |||||
| CVE-2019-6034 | 1 Appleple | 1 A-blog Cms | 2020-01-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x) allows arbitrary scripts to be executed in the context of the application due to unspecified vectors. | |||||
| CVE-2013-4318 | 1 Feature Project | 1 Feature | 2020-01-02 | 3.5 LOW | 5.4 MEDIUM |
| File injection vulnerability in Ruby gem Features 0.3.0 allows remote attackers to inject malicious html in the /tmp directory. | |||||
| CVE-2019-8792 | 2 Apple, Google | 3 Iphone Os, Shazam, Android | 2019-12-23 | 6.8 MEDIUM | 8.8 HIGH |
| An injection issue was addressed with improved validation. This issue is fixed in Shazam Android App Version 9.25.0, Shazam iOS App Version 12.11.0. Processing a maliciously crafted URL may lead to arbitrary javascript code execution. | |||||
| CVE-2011-2717 | 2 Linux, Redhat | 2 Dhcp6c, Enterprise Linux | 2019-12-18 | 10.0 HIGH | 9.8 CRITICAL |
| The DHCPv6 client (dhcp6c) as used in the dhcpv6 project through 2011-07-25 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message. | |||||
| CVE-2013-2095 | 1 Openshift-origin-controller Project | 1 Openshift-origin-controller | 2019-12-17 | 7.5 HIGH | 9.8 CRITICAL |
| rubygem-openshift-origin-controller: API can be used to create applications via cartridge_cache.rb URI.prase() to perform command injection | |||||
| CVE-2019-16771 | 1 Linecorp | 1 Armeria | 2019-12-16 | 5.0 MEDIUM | 6.5 MEDIUM |
| Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized data is used to populate the headers of an HTTP response. This vulnerability has been patched in 0.97.0. Potential impacts of this vulnerability include cross-user defacement, cache poisoning, Cross-site scripting (XSS), and page hijacking. | |||||
| CVE-2017-1000052 | 1 Plug Project | 1 Plug | 2019-12-13 | 4.6 MEDIUM | 7.8 HIGH |
| Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to null byte injection in the Plug.Static component, which may allow users to bypass filetype restrictions. | |||||
| CVE-2011-3624 | 1 Ruby-lang | 1 Ruby | 2019-12-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| Various methods in WEBrick::HTTPRequest in Ruby 1.9.2 and 1.8.7 and earlier do not validate the X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server headers in requests, which might allow remote attackers to inject arbitrary text into log files or bypass intended address parsing via a crafted header. | |||||
| CVE-2013-4486 | 2 Linux, Redhat | 2 Linux Kernel, Zanata | 2019-12-05 | 6.8 MEDIUM | 9.8 CRITICAL |
| Zanata 3.0.0 through 3.1.2 has RCE due to EL interpolation in logging | |||||
| CVE-2014-3700 | 1 Redhat | 2 Edeploy, Jboss Enterprise Web Server | 2019-11-27 | 7.5 HIGH | 9.8 CRITICAL |
| eDeploy through at least 2014-10-14 has remote code execution due to eval() of untrusted data | |||||