Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by CWE-74
Total 803 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-5977 1 Cybozu 1 Garoon 2019-09-13 4.0 MEDIUM 4.3 MEDIUM
Mail header injection vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 may allow a remote authenticated attackers to alter mail header via the application 'E-Mail'.
CVE-2017-18604 1 Sitebuilder Dynamic Components Project 1 Sitebuilder Dynamic Components 2019-09-11 5.0 MEDIUM 7.5 HIGH
The sitebuilder-dynamic-components plugin through 1.0 for WordPress has PHP object injection via an AJAX request.
CVE-2017-18605 1 Gravitatedesign 1 Gravitate Qa Tracker 2019-09-10 7.5 HIGH 9.8 CRITICAL
The gravitate-qa-tracker plugin through 1.2.1 for WordPress has PHP Object Injection.
CVE-2014-10386 1 Wp-livechat 1 Wp Live Chat Support 2019-08-29 4.3 MEDIUM 6.1 MEDIUM
The wp-live-chat-support plugin before 4.1.0 for WordPress has JavaScript injections.
CVE-2014-10394 1 Saschart 1 Rich Counter 2019-08-29 4.3 MEDIUM 6.1 MEDIUM
The rich-counter plugin before 1.2.0 for WordPress has JavaScript injection via a User-Agent header.
CVE-2014-10391 1 Wpsupportplus 1 Wp Support Plus Responsive Ticket System 2019-08-29 4.3 MEDIUM 6.1 MEDIUM
The wp-support-plus-responsive-ticket-system plugin before 4.1 for WordPress has JavaScript injection.
CVE-2017-18583 1 Post Pay Counter Project 1 Post Pay Counter 2019-08-26 7.5 HIGH 9.8 CRITICAL
The post-pay-counter plugin before 2.731 for WordPress has PHP Object Injection.
CVE-2019-5404 1 Hp 1 3par Storeserv Management Console 2019-08-16 8.7 HIGH 8.8 HIGH
A remote script injection vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
CVE-2016-10801 1 Cpanel 1 Cpanel 2019-08-12 6.5 MEDIUM 8.8 HIGH
cPanel before 58.0.4 has improper session handling for shared users (SEC-139).
CVE-2018-20898 1 Cpanel 1 Cpanel 2019-08-12 4.0 MEDIUM 4.3 MEDIUM
cPanel before 71.9980.37 allows e-mail injection during cPAddons moderation (SEC-396).
CVE-2017-18387 1 Cpanel 1 Cpanel 2019-08-12 9.0 HIGH 7.2 HIGH
cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in a Reseller style upload (SEC-314).
CVE-2017-18437 1 Cpanel 1 Cpanel 2019-08-09 3.6 LOW 4.4 MEDIUM
cPanel before 64.0.21 allows a Webmail account to execute code via forwarders (SEC-240).
CVE-2019-7889 1 Magento 1 Magento 2019-08-08 4.0 MEDIUM 6.5 MEDIUM
An injection vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with marketing manipulation privileges can invoke methods that alter data of the underlying model followed by corresponding database modifications.
CVE-2016-10845 1 Cpanel 1 Cpanel 2019-08-08 6.5 MEDIUM 8.1 HIGH
cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/check_system_storable (SEC-78).
CVE-2016-10847 1 Cpanel 1 Cpanel 2019-08-08 5.5 MEDIUM 8.1 HIGH
cPanel before 11.54.0.4 allows arbitrary file-read and file-write operations via scripts/fixmailboxpath (SEC-80).
CVE-2017-18389 1 Cpanel 1 Cpanel 2019-08-08 6.5 MEDIUM 6.3 MEDIUM
cPanel before 68.0.15 allows string format injection in dovecot-xaps-plugin (SEC-318).
CVE-2017-18386 1 Cpanel 1 Cpanel 2019-08-06 9.0 HIGH 7.2 HIGH
cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in PostgresAdmin (SEC-313).
CVE-2018-20914 1 Cpanel 1 Cpanel 2019-08-02 4.9 MEDIUM 7.3 HIGH
In cPanel before 70.0.23, OpenID providers can inject arbitrary data into cPanel session files (SEC-368).
CVE-2018-20885 1 Cpanel 1 Cpanel 2019-08-01 5.0 MEDIUM 5.3 MEDIUM
cPanel before 74.0.0 allows Apache HTTP Server configuration injection because of DocumentRoot variable interpolation (SEC-416).
CVE-2019-1020006 1 Inveniosoftware 1 Invenio-app 2019-08-01 5.8 MEDIUM 6.1 MEDIUM
invenio-app before 1.1.1 allows host header injection.