Total
2906 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-3186 | 1 Rubyonrails | 1 Rails | 2019-08-08 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in actionpack/lib/action_controller/response.rb in Ruby on Rails 2.3.x before 2.3.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the Content-Type header. | |||||
| CVE-2006-4111 | 1 Rubyonrails | 2 Rails, Ruby On Rails | 2019-08-08 | 7.5 HIGH | N/A |
| Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with "severe" or "serious" impact via a File Upload request with an HTTP header that modifies the LOAD_PATH variable, a different vulnerability than CVE-2006-4112. | |||||
| CVE-2018-20896 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 3.3 LOW | 3.9 LOW |
| cPanel before 71.9980.37 allows code injection in the WHM cPAddons interface (SEC-394). | |||||
| CVE-2018-11781 | 4 Apache, Canonical, Debian and 1 more | 7 Spamassassin, Ubuntu Linux, Debian Linux and 4 more | 2019-08-06 | 4.6 MEDIUM | 7.8 HIGH |
| Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax. | |||||
| CVE-2018-11780 | 4 Apache, Canonical, Debian and 1 more | 4 Spamassassin, Ubuntu Linux, Debian Linux and 1 more | 2019-08-06 | 7.5 HIGH | 9.8 CRITICAL |
| A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3.4.2. | |||||
| CVE-2019-11201 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2019-08-05 | 8.5 HIGH | 8.0 HIGH |
| Dolibarr ERP/CRM 9.0.1 provides a module named website that provides for creation of public websites with a WYSIWYG editor. It was identified that the editor also allowed inclusion of dynamic code, which can lead to code execution on the host machine. An attacker has to check a setting on the same page, which specifies the inclusion of dynamic content. Thus, a lower privileged user of the application can execute code under the context and permissions of the underlying web server. | |||||
| CVE-2019-13956 | 1 Codersclub | 1 Discuz\!ml | 2019-07-31 | 7.5 HIGH | 9.8 CRITICAL |
| Discuz!ML 3.2 through 3.4 allows remote attackers to execute arbitrary PHP code via a modified language cookie, as demonstrated by changing 4gH4_0df5_language=en to 4gH4_0df5_language=en'.phpinfo().'; (if the random prefix 4gH4_0df5_ were used). | |||||
| CVE-2014-3829 | 1 Merethis | 2 Centreon, Centreon Enterprise Server | 2019-07-30 | 10.0 HIGH | N/A |
| displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) session_id or (2) template_id parameter, related to the command_line variable. | |||||
| CVE-2015-0279 | 1 Redhat | 1 Richfaces | 2019-07-23 | 6.8 MEDIUM | N/A |
| JBoss RichFaces before 4.5.4 allows remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via the do parameter. | |||||
| CVE-2013-2751 | 1 Netgear | 1 Raidiator | 2019-07-18 | 10.0 HIGH | N/A |
| Eval injection vulnerability in frontview/lib/np_handler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to execute arbitrary Perl code via a crafted request, related to the "forgot password workflow." | |||||
| CVE-2014-8770 | 1 Magmi Project | 1 Magmi | 2019-07-16 | 9.0 HIGH | N/A |
| Unrestricted file upload vulnerability in magmi/web/magmi.php in the MAGMI (aka Magento Mass Importer) plugin 0.7.17a and earlier for Magento Community Edition (CE) allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a PHP file, then accessing the PHP file via a direct request to it in magmi/plugins/. | |||||
| CVE-2014-7205 | 1 Bassmaster Project | 1 Bassmaster | 2019-07-16 | 10.0 HIGH | N/A |
| Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for the hapi server framework for Node.js allows remote attackers to execute arbitrary Javascript code via unspecified vectors. | |||||
| CVE-2013-4957 | 1 Puppet | 1 Puppet Enterprise | 2019-07-10 | 6.8 MEDIUM | N/A |
| The dashboard report in Puppet Enterprise before 3.0.1 allows attackers to execute arbitrary YAML code via a crafted report-specific type. | |||||
| CVE-2019-13354 | 1 Strong Password Project | 1 Strong Password | 2019-07-10 | 7.5 HIGH | 9.8 CRITICAL |
| The strong_password gem 0.0.7 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 0.0.6. | |||||
| CVE-2019-1577 | 1 Paloaltonetworks | 1 Traps | 2019-07-08 | 6.5 MEDIUM | 6.3 MEDIUM |
| Code injection vulnerability in Palo Alto Networks Traps 5.0.5 and earlier may allow an authenticated attacker to inject arbitrary JavaScript or HTML. | |||||
| CVE-2018-17170 | 1 Teamwire | 1 Teamwire | 2019-07-05 | 6.8 MEDIUM | 8.1 HIGH |
| Grouptime Teamwire Desktop Client 1.5.1 prior to 1.9.0 on Windows allows code injection via a template, leading to remote code execution. All backend versions prior to prod-2018-11-13-15-00-42 are affected. | |||||
| CVE-2016-7954 | 1 Bundler | 1 Bundler | 2019-07-02 | 7.5 HIGH | 9.8 CRITICAL |
| Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334. | |||||
| CVE-2015-5243 | 1 Phpwhois Project | 1 Phpwhois | 2019-06-26 | 7.5 HIGH | 9.8 CRITICAL |
| phpWhois allows remote attackers to execute arbitrary code via a crafted whois record. | |||||
| CVE-2018-18258 | 1 Bagesoft | 1 Bagecms | 2019-06-26 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in BageCMS 3.1.3. The attacker can execute arbitrary PHP code on the web server and can read any file on the web server via an index.php?r=admini/template/updateTpl&filename= URI. | |||||
| CVE-2019-0091 | 1 Intel | 2 Converged Security And Management Engine, Trusted Execution Technology | 2019-06-19 | 7.2 HIGH | 7.8 HIGH |
| Code injection vulnerability in installer for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) TXE 3.1.65, 4.0.15 may allow an unprivileged user to potentially enable escalation of privilege via local access. | |||||