Total
2906 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-4397 | 1 Hp | 1 Network Node Manager I | 2018-10-05 | 4.6 MEDIUM | 7.8 HIGH |
| A local code execution security vulnerability was identified in HP Network Node Manager i (NNMi) v10.00, v10.10 and v10.20 Software. | |||||
| CVE-2008-2383 | 1 Invisible-island | 1 Xterm | 2018-10-03 | 9.3 HIGH | N/A |
| CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071. | |||||
| CVE-2018-1999022 | 2 Civicrm, Html Quickform Project | 2 Civicrm, Html Quickform | 2018-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| PEAR HTML_QuickForm version 3.2.14 contains an eval injection (CWE-95) vulnerability in HTML_QuickForm's getSubmitValue method, HTML_QuickForm's validate method, HTML_QuickForm_hierselect's _setOptions method, HTML_QuickForm_element's _findValue method, HTML_QuickForm_element's _prepareValue method. that can result in Possible information disclosure, possible impact on data integrity and execution of arbitrary code. This attack appear to be exploitable via A specially crafted query string could be utilised, e.g. http://www.example.com/admin/add_practice_type_id[1]=fubar%27])%20OR%20die(%27OOK!%27);%20//&mode=live. This vulnerability appears to have been fixed in 3.2.15. | |||||
| CVE-2018-14910 | 1 Seacms | 1 Seacms | 2018-10-02 | 6.8 MEDIUM | 8.8 HIGH |
| SeaCMS v6.61 allows Remote Code execution by placing PHP code in an allowed IP address (aka ip) to /admin/admin_ip.php (aka /adm1n/admin_ip.php). The code is executed by visiting adm1n/admin_ip.php or data/admin/ip.php. This can also be exploited through CSRF. | |||||
| CVE-2018-16771 | 1 Hoosk | 1 Hoosk | 2018-09-24 | 7.5 HIGH | 9.8 CRITICAL |
| Hoosk v1.7.0 allows PHP code execution via a SiteUrl that is provided during installation and mishandled in config.php. | |||||
| CVE-2018-14579 | 1 Golemcms Project | 1 Golemcms | 2018-09-20 | 7.5 HIGH | 9.8 CRITICAL |
| GolemCMS through 2008-12-24, if the install/ directory remains active after an installation, allows remote attackers to execute arbitrary PHP code by inserting this code into the "Database Information" "Table prefix" form field, or obtain sensitive information via a direct request for install/install.sql. | |||||
| CVE-2018-1999023 | 1 Wesnoth | 1 The Battle For Wesnoth | 2018-09-20 | 6.8 MEDIUM | 8.8 HIGH |
| The Battle for Wesnoth Project version 1.7.0 through 1.14.3 contains a Code Injection vulnerability in the Lua scripting engine that can result in code execution outside the sandbox. This attack appear to be exploitable via Loading specially-crafted saved games, networked games, replays, and player content. | |||||
| CVE-2014-2302 | 1 Webedition | 1 Webedition Cms | 2018-09-18 | 7.5 HIGH | 9.8 CRITICAL |
| The installer script in webEdition CMS before 6.2.7-s1 and 6.3.x before 6.3.8-s1 allows remote attackers to conduct PHP Object Injection attacks by intercepting a request to update.webedition.org. | |||||
| CVE-2018-14399 | 1 Phpcms Project | 1 Phpcms | 2018-09-17 | 7.5 HIGH | 9.8 CRITICAL |
| libs\classes\attachment.class.php in PHPCMS 9.6.0 allows remote attackers to upload and execute arbitrary PHP code via a .txt?.php#.jpg URI in the SRC attribute of an IMG element within info[content] JSON data to the index.php?m=member&c=index&a=register URI. | |||||
| CVE-2018-14421 | 1 Seacms | 1 Seacms | 2018-09-14 | 6.8 MEDIUM | 8.8 HIGH |
| SeaCMS v6.61 allows Remote Code execution by placing PHP code in a movie picture address (aka v_pic) to /admin/admin_video.php (aka /backend/admin_video.php). The code is executed by visiting /details/index.php. This can also be exploited through CSRF. | |||||
| CVE-2018-5779 | 1 Mitel | 2 Connect Onsite, St14.2 | 2018-09-07 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to copy a malicious script into a newly generated PHP file and then execute the generated file using specially crafted requests. Successful exploit could allow an attacker to execute arbitrary code within the context of the application. | |||||
| CVE-2018-5781 | 1 Mitel | 2 Connect Onsite, St14.2 | 2018-09-07 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vendrecording.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application. | |||||
| CVE-2018-5780 | 1 Mitel | 2 Connect Onsite, St14.2 | 2018-09-07 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vnewmeeting.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application. | |||||
| CVE-2018-8345 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2018-09-07 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed, aka "LNK Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8346. | |||||
| CVE-2018-8344 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2018-09-07 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | |||||
| CVE-2018-2427 | 1 Sap | 2 Businessobjects Business Intelligence, Crystal Reports | 2018-09-06 | 6.5 MEDIUM | 8.8 HIGH |
| SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Studio .NET, Version 2010) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application. | |||||
| CVE-2018-11587 | 1 Centreon | 2 Centreon, Centreon Web | 2018-08-30 | 7.5 HIGH | 9.8 CRITICAL |
| There is Remote Code Execution in Centreon 3.4.6 including Centreon Web 2.8.23 via the RPN value in the Virtual Metric form in centreonGraph.class.php. | |||||
| CVE-2018-3608 | 2 Microsoft, Trendmicro | 7 Windows, Antivirus \+ Security, Internet Security and 4 more | 2018-08-28 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in Trend Micro Maximum Security's (Consumer) 2018 (versions 12.0.1191 and below) User-Mode Hooking (UMH) driver could allow an attacker to create a specially crafted packet that could alter a vulnerable system in such a way that malicious code could be injected into other processes. | |||||
| CVE-2018-12995 | 1 Onefilecms | 1 Onefilecms | 2018-08-20 | 6.5 MEDIUM | 8.8 HIGH |
| onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the Upload screen. | |||||
| CVE-2018-12994 | 1 Onefilecms | 1 Onefilecms | 2018-08-20 | 6.5 MEDIUM | 8.8 HIGH |
| onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the New File screen. | |||||