Total
2906 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-2267 | 1 Fudforum | 1 Fudforum | 2020-01-29 | 9.0 HIGH | 7.2 HIGH |
| PHP Code Injection vulnerability in FUDforum Bulletin Board Software 3.0.4 could allow remote attackers to execute arbitrary code on the system. | |||||
| CVE-2020-6836 | 1 Hot-formula-parser Project | 1 Hot-formula-parser | 2020-01-21 | 7.5 HIGH | 9.8 CRITICAL |
| grammar-parser.jison in the hot-formula-parser package before 3.0.1 for Node.js is vulnerable to arbitrary code injection. The package fails to sanitize values passed to the parse function and concatenates them in an eval call. If a value of the formula is taken from user-controlled input, it may allow attackers to run arbitrary commands on the server. | |||||
| CVE-2018-18249 | 1 Icinga | 1 Icinga Web 2 | 2020-01-16 | 7.5 HIGH | 9.8 CRITICAL |
| Icinga Web 2 before 2.6.2 allows injection of PHP ini-file directives via vectors involving environment variables as the channel to send information to the attacker, such as a name=${PATH}_${APACHE_RUN_DIR}_${APACHE_RUN_USER} parameter to /icingaweb2/navigation/add or /icingaweb2/dashboard/new-dashlet. | |||||
| CVE-2019-20343 | 1 Mojohaus | 1 Exec Maven | 2020-01-15 | 7.5 HIGH | 9.8 CRITICAL |
| The MojoHaus Exec Maven plugin 1.1.1 for Maven allows code execution via a crafted XML document because a configuration element (within a plugin element) can specify an arbitrary program in an executable element (and can also specify arbitrary command-line arguments in an arguments element). | |||||
| CVE-2017-7324 | 1 Modx | 1 Modx Revolution | 2020-01-10 | 7.5 HIGH | 9.8 CRITICAL |
| setup/templates/findcore.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the core_path parameter. | |||||
| CVE-2017-7321 | 1 Modx | 1 Modx Revolution | 2020-01-10 | 7.5 HIGH | 9.8 CRITICAL |
| setup/controllers/welcome.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the config_key parameter to the setup/index.php?action=welcome URI. | |||||
| CVE-2019-7486 | 1 Sonicwall | 2 Sma 100, Sma 100 Firmware | 2019-12-31 | 6.5 MEDIUM | 8.8 HIGH |
| Code injection in SonicWall SMA100 allows an authenticated user to execute arbitrary code in viewcacert CGI script. This vulnerability impacted SMA100 version 9.0.0.4 and earlier. | |||||
| CVE-2005-0709 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2019-12-17 | 4.6 MEDIUM | N/A |
| MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls, as demonstrated by using strcat, on_exit, and exit. | |||||
| CVE-2019-3665 | 1 Mcafee | 1 Webadvisor | 2019-12-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| Code Injection vulnerability in the web interface in McAfee Web Advisor (WA) prior to 4.1.1.48 allows remote unauthenticated attacker to allow the browser to render a website which Web Advisor would normally have blocked via a carefully crafted web site. | |||||
| CVE-2014-7235 | 2 Freepbx, Sangoma | 2 Freepbx, Freepbx | 2019-12-10 | 10.0 HIGH | N/A |
| htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5 allows remote attackers to execute arbitrary code via the ari_auth cookie, related to the PHP unserialize function, as exploited in the wild in September 2014. | |||||
| CVE-2012-4869 | 1 Sangoma | 1 Freepbx | 2019-12-10 | 7.5 HIGH | N/A |
| The callme_startcall function in recordings/misc/callme_page.php in FreePBX 2.9, 2.10, and earlier allows remote attackers to execute arbitrary commands via the callmenum parameter in a c action. | |||||
| CVE-2013-1666 | 1 Foswiki | 1 Foswiki | 2019-11-08 | 6.8 MEDIUM | 9.8 CRITICAL |
| Foswiki before 1.1.8 contains a code injection vulnerability in the MAKETEXT macro. | |||||
| CVE-2019-17613 | 1 Qibosoft | 1 Qibosoft | 2019-10-18 | 7.5 HIGH | 9.8 CRITICAL |
| qibosoft 7 allows remote code execution because do/jf.php makes eval calls. The attacker can use the Point Introduction Management feature to supply PHP code to be evaluated. Alternatively, the attacker can access admin/index.php?lfj=jfadmin&action=addjf via CSRF, as demonstrated by a payload in the content parameter. | |||||
| CVE-2019-3652 | 2 Mcafee, Microsoft | 2 Endpoint Security, Windows | 2019-10-15 | 4.6 MEDIUM | 5.3 MEDIUM |
| Code Injection vulnerability in EPSetup.exe in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to get their malicious code installed by the ENS installer via code injection into EPSetup.exe by an attacker with access to the installer. | |||||
| CVE-2018-21023 | 1 Centreon | 1 Centreon Web | 2019-10-15 | 6.5 MEDIUM | 8.8 HIGH |
| getStats.php in Centreon Web before 2.8.28 allows authenticated attackers to execute arbitrary code via the ns_id parameter. | |||||
| CVE-2019-13558 | 1 Advantech | 1 Webaccess | 2019-10-09 | 9.0 HIGH | 9.8 CRITICAL |
| In WebAccess versions 8.4.1 and prior, an exploit executed over the network may cause improper control of generation of code, which may allow remote code execution, data exfiltration, or cause a system crash. | |||||
| CVE-2019-10431 | 1 Jenkins | 1 Script Security | 2019-10-09 | 6.5 MEDIUM | 9.9 CRITICAL |
| A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.64 and earlier related to the handling of default parameter expressions in constructors allowed attackers to execute arbitrary code in sandboxed scripts. | |||||
| CVE-2018-6488 | 1 Microfocus | 1 Ucmdb Configuration Manager | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Arbitrary Code Execution vulnerability in Micro Focus Universal CMDB, version 4.10, 4.11, 4.12. This vulnerability could be remotely exploited to allow Arbitrary Code Execution. | |||||
| CVE-2018-6498 | 1 Microfocus | 5 Data Center Automation, Hybrid Cloud Management, Network Operations Management and 2 more | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01 until 2018.05, Service Management Automation Suite 2017.11, 2018.02, 2018.05 and Network Operations Management (NOM) Suite CDF 2017.11, 2018.02, 2018.05 will allow Remote Code Execution. | |||||
| CVE-2018-6499 | 1 Microfocus | 9 Autopass License Server, Data Center Automation, Hybrid Cloud Management and 6 more | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01 until 2018.05, Service Management Automation Suite 2017.11, 2018.02, 2018.05, Service Virtualization (SV) with floating licenses using Any version using APLS older than 10.7, Unified Functional Testing (UFT) with floating licenses using Any version using APLS older than 10.7, Network Virtualization (NV) with floating licenses using Any version using APLS older than 10.7 and Network Operations Management (NOM) Suite CDF 2017.11, 2018.02, 2018.05 will allow Remote Code Execution. | |||||