CVE,CVSS Score,EPSS,Description,Published,Source
CVE-1999-0103,0.0,0.87549,"Echo and chargen, or other combinations of UDP services, can be used in tandem to flood the server, a.k.a. UDP bomb or UDP packet storm.",1996-02-08 05:00:00.000,Metasploit
CVE-1999-0170,0.0,0.00727,"Remote attackers can mount an NFS file system in Ultrix or OSF, even if it is denied on the access list.",1997-01-01 05:00:00.000,Metasploit
CVE-1999-0191,0.0,0.96782,IIS newdsn.exe CGI script allows remote users to overwrite files.,1997-09-01 04:00:00.000,EPSS
CVE-1999-0209,0.0,0.55777,The SunView (SunTools) selection_svc facility allows remote users to read files.,1990-08-14 04:00:00.000,Metasploit
CVE-1999-0256,0.0,0.96207,Buffer overflow in War FTP allows remote execution of commands.,1998-02-01 05:00:00.000,EPSS
CVE-1999-0526,0.0,0.80735,"An X server's access control is disabled (e.g. through an ""xhost +"" command) and allows anyone to connect to the server.",1997-07-01 04:00:00.000,Metasploit
CVE-1999-0531,0.0,0.03276,"Rejected reason: DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: None.  Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE).  Notes: the former description is: ""An SMTP service supports EXPN, VRFY, HELP, ESMTP, and/or EHLO.",1999-01-01 05:00:00.000,Metasploit
CVE-1999-0532,0.0,0.97542,A DNS server allows zone transfers.,1997-07-01 04:00:00.000,EPSS/Metasploit
CVE-1999-0554,0.0,0.015,"NFS exports system-critical data to the world, e.g. / or a password file.",1999-01-01 05:00:00.000,Metasploit
CVE-1999-0612,0.0,0.96044,A version of finger is running that exposes valid user information to any entity on the network.,1997-03-01 05:00:00.000,EPSS
CVE-1999-0667,0.0,0.0069,The ARP protocol allows any host to spoof ARP replies and poison the ARP cache to conduct IP address spoofing or a denial of service.,1997-09-19 04:00:00.000,Metasploit
CVE-1999-0874,0.0,0.90742,"Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions.",1999-06-16 04:00:00.000,Metasploit
CVE-1999-1011,0.0,0.68331,"The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands.",1999-07-19 04:00:00.000,Metasploit
CVE-1999-1053,0.0,0.94363,"guestbook.pl cleanses user-inserted SSI commands by removing text between ""<!--"" and ""-->"" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides ""-->"".",1999-09-13 04:00:00.000,Metasploit
CVE-1999-1105,0.0,0.96655,"Windows 95, when Remote Administration and File Sharing for NetWare Networks is enabled, creates a share (C$) when an administrator logs in remotely, which allows remote attackers to read arbitrary files by mapping the network drive.",1999-12-31 05:00:00.000,EPSS
CVE-1999-1510,0.0,0.94463,"Buffer overflows in Bisonware FTP server prior to 4.1 allow remote attackers to cause a denial of service, and possibly execute arbitrary commands, via long (1) USER, (2) LIST, or (3) CWD commands.",1999-05-17 04:00:00.000,Metasploit
CVE-2000-0098,0.0,0.96377,Microsoft Index Server allows remote attackers to determine the real path for a web directory via a request to an Internet Data Query file that does not exist.,2000-01-26 05:00:00.000,EPSS
CVE-2000-0114,0.0,0.15958,Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /_vti_bin/ virtual directory.,2000-02-02 05:00:00.000,Nuclei
CVE-2000-0126,0.0,0.95606,Sample Internet Data Query (IDQ) scripts in IIS 3 and 4 allow remote attackers to read files via a .. (dot dot) attack.,2000-01-26 05:00:00.000,EPSS
CVE-2000-0246,0.0,0.95864,"IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the ""Virtualized UNC Share"" vulnerability.",2000-03-30 05:00:00.000,EPSS
CVE-2000-0248,0.0,0.0133,The web GUI for the Linux Virtual Server (LVS) software in the Red Hat Linux Piranha package has a backdoor password that allows remote attackers to execute arbitrary commands.,2000-04-24 04:00:00.000,Metasploit
CVE-2000-0284,0.0,0.92336,Buffer overflow in University of Washington imapd version 4.7 allows users with a valid account to execute commands via LIST or other commands.,2000-04-16 04:00:00.000,Metasploit
CVE-2000-0302,0.0,0.96678,Microsoft Index Server allows remote attackers to view the source code of ASP files by appending a %20 to the filename in the CiWebHitsFile argument to the null.htw URL.,2000-03-31 05:00:00.000,EPSS
CVE-2000-0322,0.0,0.23672,The passwd.php3 CGI script in the Red Hat Piranha Virtual Server Package allows local users to execute arbitrary commands via shell metacharacters.,2000-04-24 04:00:00.000,Metasploit
CVE-2000-0380,0.0,0.95969,The IOS HTTP service in Cisco routers and switches running IOS 11.1 through 12.1 allows remote attackers to cause a denial of service by requesting a URL that contains a %% string.,2000-04-26 04:00:00.000,EPSS/Metasploit
CVE-2000-0573,0.0,0.96953,"The lreply function in wu-ftpd 2.6.0 and earlier does not properly cleanse an untrusted format string, which allows remote attackers to execute arbitrary commands via the SITE EXEC command.",2000-07-07 04:00:00.000,EPSS/Metasploit
CVE-2000-0649,0.0,0.0036,IIS 4.0 allows remote attackers to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined.,2000-07-13 04:00:00.000,Metasploit
CVE-2000-0665,0.0,0.24928,GAMSoft TelSrv telnet server 1.5 and earlier allows remote attackers to cause a denial of service via a long username.,2000-07-17 04:00:00.000,Metasploit
CVE-2000-0709,0.0,0.96423,The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to cause a denial of service in some components by requesting a URL whose name includes a standard DOS device name.,2000-10-20 04:00:00.000,EPSS
CVE-2000-0710,0.0,0.96506,The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to determine the physical path of the server components by requesting an invalid URL whose name includes a standard DOS device name.,2000-10-20 04:00:00.000,EPSS
CVE-2000-0778,0.0,0.96737,"IIS 5.0 allows remote attackers to obtain source code for .ASP files and other scripts via an HTTP GET request with a ""Translate: f"" header, aka the ""Specialized Header"" vulnerability.",2000-10-20 04:00:00.000,EPSS
CVE-2000-0886,0.0,0.95962,"IIS 5.0 allows remote attackers to execute arbitrary commands via a malformed request for an executable file whose name is appended with operating system commands, aka the ""Web Server File Request Parsing"" vulnerability.",2000-12-19 05:00:00.000,EPSS
CVE-2000-0917,0.0,0.95709,Format string vulnerability in use_syslog() function in LPRng 3.6.24 allows remote attackers to execute arbitrary commands.,2000-12-19 05:00:00.000,EPSS/Metasploit
CVE-2000-0942,0.0,0.95023,"The CiWebHitsFile component in Microsoft Indexing Services for Windows 2000 allows remote attackers to conduct a cross site scripting (CSS) attack via a CiRestriction parameter in a .htw request, aka the ""Indexing Services Cross Site Scripting"" vulnerability.",2000-12-19 05:00:00.000,EPSS
CVE-2000-0945,0.0,0.96497,"The web configuration interface for Catalyst 3500 XL switches allows remote attackers to execute arbitrary commands without authentication when the enable password is not set, via a URL containing the /exec/ directory.",2000-12-19 05:00:00.000,EPSS/Metasploit
CVE-2000-1089,0.0,0.96966,"Buffer overflow in Microsoft Phone Book Service allows local users to execute arbitrary commands, aka the ""Phone Book Service Buffer Overflow"" vulnerability.",2001-01-09 05:00:00.000,EPSS/Metasploit
CVE-2000-1209,0.0,0.95732,"The ""sa"" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida.",2002-08-12 04:00:00.000,EPSS
CVE-2001-0152,0.0,0.00078,"The password protection option for the Compressed Folders feature in Plus! for Windows 98 and Windows Me writes password information to a file, which allows local users to recover the passwords and read the compressed folders.",2001-05-03 04:00:00.000,Metasploit
CVE-2001-0167,0.0,0.09507,Buffer overflow in AT&T WinVNC (Virtual Network Computing) client 3.3.3r7 and earlier allows remote attackers to execute arbitrary commands via a long rfbConnFailed packet with a long reason string.,2001-05-03 04:00:00.000,Metasploit
CVE-2001-0168,0.0,0.21185,Buffer overflow in AT&T WinVNC (Virtual Network Computing) server 3.3.3r7 and earlier allows remote attackers to execute arbitrary commands via a long HTTP GET request when the DebugLevel registry key is greater than 0.,2001-05-03 04:00:00.000,Metasploit
CVE-2001-0241,0.0,0.95418,Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain root privileges via a long print request that is passed to the extension through IIS 5.0.,2001-06-27 04:00:00.000,EPSS/Metasploit
CVE-2001-0311,0.0,0.00101,Vulnerability in OmniBackII A.03.50 in HP 11.x and earlier allows attackers to gain unauthorized access to an OmniBack client.,2001-06-02 04:00:00.000,Metasploit
CVE-2001-0333,0.0,0.04956,"Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and ""\"" characters twice.",2001-06-27 04:00:00.000,Metasploit
CVE-2001-0414,0.0,0.96763,Buffer overflow in ntpd ntp daemon 4.0.99k and earlier (aka xntpd and xntp3) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long readvar argument.,2001-06-18 04:00:00.000,EPSS/Metasploit
CVE-2001-0499,0.0,0.07145,"Buffer overflow in Transparent Network Substrate (TNS) Listener in Oracle 8i 8.1.7 and earlier allows remote attackers to gain privileges via a long argument to the commands (1) STATUS, (2) PING, (3) SERVICES, (4) TRC_FILE, (5) SAVE_CONFIG, or (6) RELOAD.",2001-07-21 04:00:00.000,Metasploit
CVE-2001-0500,0.0,0.96728,"Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red.",2001-07-21 04:00:00.000,EPSS/Metasploit
CVE-2001-0537,0.0,0.87683,"HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL.",2001-07-21 04:00:00.000,Metasploit/Nuclei
CVE-2001-0550,0.0,0.96051,"wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a ""~{"" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob).",2001-11-30 05:00:00.000,EPSS
CVE-2001-0727,0.0,0.96334,"Internet Explorer 6.0 allows remote attackers to execute arbitrary code by modifying the Content-Disposition and Content-Type header fields in a way that causes Internet Explorer to believe that the file is safe to open without prompting the user, aka the ""File Execution Vulnerability.""",2001-12-14 05:00:00.000,EPSS
CVE-2001-0731,0.0,0.96516,"Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the ""M=D"" query string.",2001-10-01 04:00:00.000,EPSS
CVE-2001-0797,0.0,0.97214,Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin.,2001-12-12 05:00:00.000,EPSS
CVE-2001-0800,0.0,0.96516,lpsched in IRIX 6.5.13f and earlier allows remote attackers to execute arbitrary commands via shell metacharacters.,2001-12-06 05:00:00.000,EPSS/Metasploit
CVE-2001-0803,0.0,0.25932,Buffer overflow in the client connection routine of libDtSvc.so.1 in CDE Subprocess Control Service (dtspcd) allows remote attackers to execute arbitrary commands.,2001-12-06 05:00:00.000,Metasploit
CVE-2001-0876,0.0,0.9684,"Buffer overflow in Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows remote attackers to execute arbitrary code via a NOTIFY directive with a long Location URL.",2001-12-20 05:00:00.000,EPSS
CVE-2001-0877,0.0,0.97232,"Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows remote attackers to cause a denial of service via (1) a spoofed SSDP advertisement that causes the client to connect to a service on another machine that generates a large amount of traffic (e.g., chargen), or (2) via a spoofed SSDP announcement to broadcast or multicast addresses, which could cause all UPnP clients to send traffic to a single target system.",2001-12-20 05:00:00.000,EPSS
CVE-2001-0986,0.0,0.95775,"SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webinfo, or (4) fileinfo.",2001-09-14 04:00:00.000,EPSS
CVE-2001-1013,0.0,0.03631,"Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.",2001-09-12 04:00:00.000,Metasploit
CVE-2001-1320,0.0,0.43713,"Network Associates PGP Keyserver 7.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via exceptional BER encodings (possibly buffer overflows), as demonstrated by the PROTOS LDAPv3 test suite.",2001-07-16 04:00:00.000,Metasploit
CVE-2001-1473,0.0,0.00258,"The SSH-1 protocol allows remote servers to conduct man-in-the-middle attacks and replay a client challenge response to a target server by creating a Session ID that matches the Session ID of the target, but which uses a public key pair that is weaker than the target's public key, which allows the attacker to compute the corresponding private key and use the target's Session ID with the compromised key pair to masquerade as the target.",2001-01-18 05:00:00.000,Nuclei
CVE-2001-1583,0.0,0.22066,lpd daemon (in.lpd) in Solaris 8 and earlier allows remote attackers to execute arbitrary commands via a job request with a crafted control file that is not properly handled when lpd invokes a mail program. NOTE: this might be the same vulnerability as CVE-2000-1220.,2001-12-31 05:00:00.000,Metasploit
CVE-2002-0055,0.0,0.96316,"SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request.",2002-03-08 05:00:00.000,EPSS
CVE-2002-0073,0.0,0.96621,"The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows attackers who have established an FTP session to cause a denial of service via a specially crafted status request containing glob characters.",2002-04-22 04:00:00.000,EPSS
CVE-2002-0079,0.0,0.96475,Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 and 5.0 Active Server Pages allows attackers to cause a denial of service or execute arbitrary code.,2002-04-22 04:00:00.000,EPSS
CVE-2002-0367,0.0,0.00086,"smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit.",2002-06-25 04:00:00.000,CISA
CVE-2002-0392,0.0,0.75283,"Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.",2002-07-03 04:00:00.000,Metasploit
CVE-2002-0421,0.0,0.97134,"IIS 4.0 allows local users to bypass the ""User cannot change password"" policy for Windows NT by directly calling .htr password changing programs in the /iisadmpwd directory, including (1) aexp2.htr, (2) aexp2b.htr, (3) aexp3.htr , or (4) aexp4.htr.",2002-08-12 04:00:00.000,EPSS
CVE-2002-0642,0.0,0.97424,"The registry key containing the SQL Server service account information in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, has insecure permissions, which allows local users to gain privileges, aka ""Incorrect Permission on SQL Server Service Account Registry Key.""",2002-07-23 04:00:00.000,EPSS
CVE-2002-0649,0.0,0.96364,"Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE) allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04 byte that causes the SQL Monitor thread to generate a long registry key name, or (2) a 0x08 byte with a long string causes heap corruption, as exploited by the Slammer/Sapphire worm.",2002-08-12 04:00:00.000,EPSS/Metasploit
CVE-2002-0661,0.0,0.95962,"Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.",2002-08-12 04:00:00.000,EPSS
CVE-2002-0840,0.0,0.97141,"Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is ""Off"" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.",2002-10-11 04:00:00.000,EPSS
CVE-2002-0965,0.0,0.95009,"Buffer overflow in TNS Listener for Oracle 9i Database Server on Windows systems, and Oracle 8 on VM, allows local users to execute arbitrary code via a long SERVICE_NAME parameter, which is not properly handled when writing an error message to a log file.",2002-10-04 04:00:00.000,EPSS/Metasploit
CVE-2002-0976,0.0,0.95055,"Internet Explorer 4.0 and later allows remote attackers to read arbitrary files via a web page that accesses a legacy XML Datasource applet (com.ms.xml.dso.XMLDSO.class) and modifies the base URL to point to the local system, which is trusted by the applet.",2002-09-24 04:00:00.000,EPSS
CVE-2002-1059,0.0,0.10709,"Buffer overflow in Van Dyke SecureCRT SSH client before 3.4.6, and 4.x before 4.0 beta 3, allows an SSH server to execute arbitrary code via a long SSH1 protocol version string.",2002-10-04 04:00:00.000,Metasploit
CVE-2002-1120,0.0,0.20431,Buffer overflow in Savant Web Server 3.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.,2002-09-24 04:00:00.000,Metasploit
CVE-2002-1123,0.0,0.96182,"Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows remote attackers to execute arbitrary code via a long request to TCP port 1433, aka the ""Hello"" overflow.",2002-09-24 04:00:00.000,EPSS/Metasploit
CVE-2002-1131,0.0,0.04774,"Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier allows remote attackers to execute script as other web users via (1) addressbook.php, (2) options.php, (3) search.php, or (4) help.php.",2002-10-04 04:00:00.000,Nuclei
CVE-2002-1142,0.0,0.88314,"Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.",2002-11-29 05:00:00.000,Metasploit
CVE-2002-1214,0.0,0.96773,Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 2000 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a certain PPTP packet with malformed control data.,2002-10-28 05:00:00.000,EPSS/Metasploit
CVE-2002-1318,0.0,0.14543,Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an encrypted password that causes the overflow during decryption in which a DOS codepage string is converted to a little-endian UCS2 unicode string.,2002-12-11 05:00:00.000,Metasploit
CVE-2002-1359,0.0,0.97181,"Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code via buffer overflow attacks, as demonstrated by the SSHredder SSH protocol test suite.",2002-12-23 05:00:00.000,EPSS/Metasploit
CVE-2002-1473,0.0,0.00079,Multiple buffer overflows in lp subsystem for HP-UX 10.20 through 11.11 (11i) allow local users to cause a denial of service and possibly execute arbitrary code.,2003-04-22 04:00:00.000,Metasploit
CVE-2002-1643,0.0,0.94547,"Multiple buffer overflows in RealNetworks Helix Universal Server 9.0 (9.0.2.768) allow remote attackers to execute arbitrary code via (1) a long Transport field in a SETUP RTSP request, (2) a DESCRIBE RTSP request with a long URL argument, or (3) two simultaneous HTTP GET requests with long arguments.",2002-12-19 05:00:00.000,Metasploit
CVE-2002-1751,0.0,0.95349,"csLiveSupport.cgi in CGIScript.net csLiveSupport allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function.",2002-12-31 05:00:00.000,EPSS
CVE-2002-1864,0.0,0.45813,"Directory traversal vulnerability in Simple Web Server (SWS) 0.0.4 through 0.1.0 allows remote attackers to read arbitrary files via a "".."" (dot dot) in an HTTP request.",2002-12-31 05:00:00.000,Metasploit
CVE-2002-2226,0.0,0.50006,Buffer overflow in tftpd of TFTP32 2.21 and earlier allows remote attackers to execute arbitrary code via a long filename argument.,2002-12-31 05:00:00.000,Metasploit
CVE-2002-2443,0.0,0.95516,"schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103.",2013-05-29 14:29:06.287,EPSS
CVE-2003-0027,0.0,0.52349,Directory traversal vulnerability in Sun Kodak Color Management System (KCMS) library service daemon (kcms_server) allows remote attackers to read arbitrary files via the KCS_OPEN_PROFILE procedure.,2003-02-07 05:00:00.000,Metasploit
CVE-2003-0028,0.0,0.96788,"Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.",2003-03-25 05:00:00.000,EPSS
CVE-2003-0050,0.0,0.65929,parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute arbitrary code via shell metacharacters.,2003-03-07 05:00:00.000,Metasploit
CVE-2003-0085,0.0,0.96331,"Buffer overflow in the SMB/CIFS packet fragment re-assembly code for SMB daemon (smbd) in Samba before 2.2.8, and Samba-TNG before 0.3.1, allows remote attackers to execute arbitrary code.",2003-03-31 05:00:00.000,EPSS
CVE-2003-0109,0.0,0.97418,"Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0.",2003-03-31 05:00:00.000,EPSS/Metasploit
CVE-2003-0190,0.0,0.06451,"OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.",2003-05-12 04:00:00.000,Metasploit
CVE-2003-0201,0.0,0.9704,"Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code.",2003-05-05 04:00:00.000,EPSS
CVE-2003-0213,0.0,0.34115,"ctrlpacket.c in PoPToP PPTP server before 1.1.4-b3 allows remote attackers to cause a denial of service via a length field of 0 or 1, which causes a negative value to be fed into a read operation, leading to a buffer overflow.",2003-05-12 04:00:00.000,Metasploit
CVE-2003-0220,0.0,0.52614,Buffer overflow in the administrator authentication process for Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to execute arbitrary code via a handshake packet.,2003-05-12 04:00:00.000,Metasploit
CVE-2003-0227,0.0,0.95933,"The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request.",2003-06-09 04:00:00.000,EPSS
CVE-2003-0228,0.0,0.95343,Directory traversal vulnerability in Microsoft Windows Media Player 7.1 and Windows Media Player for Windows XP allows remote attackers to execute arbitrary code via a skins file with a URL containing hex-encoded backslash characters (%5C) that causes an executable to be placed in an arbitrary location.,2003-05-27 04:00:00.000,EPSS
CVE-2003-0245,0.0,0.96634,"Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.",2003-06-09 04:00:00.000,EPSS
CVE-2003-0264,0.0,0.2422,"Multiple buffer overflows in SLMail 5.1.0.4420 allows remote attackers to execute arbitrary code via (1) a long EHLO argument to slmail.exe, (2) a long XTRN argument to slmail.exe, (3) a long string to POPPASSWD, or (4) a long password to the POP3 server.",2003-05-27 04:00:00.000,Metasploit
CVE-2003-0270,0.0,0.02846,"The administration capability for Apple AirPort 802.11 wireless access point devices uses weak encryption (XOR with a fixed key) for protecting authentication credentials, which could allow remote attackers to obtain administrative access via sniffing when the capability is available via Ethernet or non-WEP connections.",2003-06-16 04:00:00.000,Metasploit
CVE-2003-0344,0.0,0.96971,"Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page.",2003-06-16 04:00:00.000,EPSS/Metasploit
CVE-2003-0349,0.0,0.96157,"Buffer overflow in the streaming media component for logging multicast requests in the ISAPI for the logging capability of Microsoft Windows Media Services (nsiislog.dll), as installed in IIS 5.0, allows remote attackers to execute arbitrary code via a large POST request to nsiislog.dll.",2003-07-24 04:00:00.000,EPSS/Metasploit
CVE-2003-0352,0.0,0.97075,"Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms.",2003-08-18 04:00:00.000,EPSS/Metasploit
CVE-2003-0471,0.0,0.3689,Buffer overflow in WebAdmin.exe for WebAdmin allows remote attackers to execute arbitrary code via an HTTP request to WebAdmin.dll with a long USER argument.,2003-08-07 04:00:00.000,Metasploit
CVE-2003-0533,0.0,0.97158,"Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm.",2004-06-01 04:00:00.000,EPSS/Metasploit
CVE-2003-0543,0.0,0.95927,Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values.,2003-11-17 05:00:00.000,EPSS
CVE-2003-0558,0.0,0.01278,Buffer overflow in LeapFTP 2.7.3.600 allows remote FTP servers to execute arbitrary code via a long IP address response to a PASV request.,2003-08-18 04:00:00.000,Metasploit
CVE-2003-0605,0.0,0.96682,"The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote attackers to cause a denial of service (crash), and local attackers to use the DoS to hijack the epmapper pipe to gain privileges, via certain messages to the __RemoteGetClassObject interface that cause a NULL pointer to be passed to the PerformScmStage function.",2003-08-27 04:00:00.000,EPSS
CVE-2003-0662,0.0,0.96604,Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in Microsoft Windows 2000 SP4 and earlier allows remote attackers to execute arbitrary code via an HTML document with a long argument to the RunQuery2 method.,2003-11-17 05:00:00.000,EPSS
CVE-2003-0694,0.0,0.05703,"The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.",2003-10-06 04:00:00.000,Metasploit
CVE-2003-0714,0.0,0.09161,"The Internet Mail Service in Exchange Server 5.5 and Exchange 2000 allows remote attackers to cause a denial of service (memory exhaustion) by directly connecting to the SMTP service and sending a certain extended verb request, possibly triggering a buffer overflow in Exchange 2000.",2003-11-17 05:00:00.000,Metasploit
CVE-2003-0717,0.0,0.97105,"The Messenger Service for Windows NT through Server 2003 does not properly verify the length of the message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.",2003-11-17 05:00:00.000,EPSS
CVE-2003-0719,0.0,0.95755,"Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets.",2004-06-01 04:00:00.000,EPSS/Metasploit
CVE-2003-0722,0.0,0.97031,"The default installation of sadmind on Solaris uses weak authentication (AUTH_SYS), which allows local and remote attackers to spoof Solstice AdminSuite clients and gain root privileges via a certain sequence of RPC packets.",2003-09-22 04:00:00.000,EPSS/Metasploit
CVE-2003-0768,0.0,0.95104,Microsoft ASP.Net 1.1 allows remote attackers to bypass the Cross-Site Scripting (XSS) and Script Injection protection feature via a null character in the beginning of a tag name.,2003-09-22 04:00:00.000,EPSS
CVE-2003-0772,0.0,0.96013,Multiple buffer overflows in WS_FTP 3 and 4 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via long (1) APPE (append) or (2) STAT (status) arguments.,2003-09-22 04:00:00.000,EPSS
CVE-2003-0812,0.0,0.96901,"Stack-based buffer overflow in a logging function for Windows Workstation Service (WKSSVC.DLL) allows remote attackers to execute arbitrary code via RPC calls that cause long entries to be written to a debug log file (""NetSetup.LOG""), as demonstrated using the NetAddAlternateComputerName API.",2003-12-15 05:00:00.000,EPSS/Metasploit
CVE-2003-0818,0.0,0.97363,"Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings.",2004-03-03 05:00:00.000,EPSS/Metasploit
CVE-2003-0822,0.0,0.97104,Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request.,2003-12-15 05:00:00.000,EPSS/Metasploit
CVE-2003-0825,0.0,0.96665,"The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code.",2004-03-03 05:00:00.000,EPSS
CVE-2003-0838,0.0,0.95041,"Internet Explorer allows remote attackers to bypass zone restrictions to inject and execute arbitrary programs by creating a popup window and inserting ActiveX object code with a ""data"" tag pointing to the malicious code, which Internet Explorer treats as HTML or Javascript, but later executes as an HTA application, a different vulnerability than CVE-2003-0532, and as exploited using the QHosts Trojan horse (aka Trojan.Qhosts, QHosts-1, VBS.QHOSTS, or aolfix.exe).",2003-11-17 05:00:00.000,EPSS
CVE-2003-0990,0.0,0.70166,"The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 allows remote attackers to execute commands via shell metacharacters in the ""To:"" field.",2004-01-20 05:00:00.000,Metasploit
CVE-2003-1025,0.0,0.97356,"Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a ""%01"" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the ""Improper URL Canonicalization Vulnerability.""",2004-01-20 05:00:00.000,EPSS
CVE-2003-1141,0.0,0.83039,Buffer overflow in NIPrint 4.10 allows remote attackers to execute arbitrary code via a long string to TCP port 515.,2003-11-04 05:00:00.000,Metasploit
CVE-2003-1192,0.0,0.96349,Stack-based buffer overflow in IA WebMail Server 3.1.0 allows remote attackers to execute arbitrary code via a long GET request.,2003-11-03 05:00:00.000,EPSS/Metasploit
CVE-2003-1200,0.0,0.96607,Stack-based buffer overflow in FORM2RAW.exe in Alt-N MDaemon 6.5.2 through 6.8.5 allows remote attackers to execute arbitrary code via a long From parameter to Form2Raw.cgi.,2003-12-29 05:00:00.000,EPSS/Metasploit
CVE-2003-1336,0.0,0.82838,Buffer overflow in mIRC before 6.11 allows remote attackers to execute arbitrary code via a long irc:// URL.,2003-12-31 05:00:00.000,Metasploit
CVE-2004-0119,7.5,0.96423,"The Negotiate Security Software Provider (SSP) interface in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service (crash from null dereference) or execute arbitrary code via a crafted SPNEGO NegTokenInit request during authentication protocol selection.",2004-06-01 04:00:00.000,EPSS
CVE-2004-0120,0.0,0.96671,"The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages.",2004-06-01 04:00:00.000,EPSS
CVE-2004-0199,0.0,0.96056,"Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability (dvdupgrd.htm).",2004-06-14 04:00:00.000,EPSS
CVE-2004-0200,0.0,0.95702,"Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.",2004-09-28 04:00:00.000,EPSS
CVE-2004-0203,0.0,0.96201,Cross-site scripting (XSS) vulnerability in Outlook Web Access for Exchange Server 5.5 Service Pack 4 allows remote attackers to insert arbitrary script and spoof content in HTML email or web caches via an HTML redirect query.,2004-11-23 05:00:00.000,EPSS
CVE-2004-0204,0.0,0.96546,"Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via "".."" sequences in the dynamicimag argument to crystalimagehandler.aspx.",2004-08-06 04:00:00.000,EPSS
CVE-2004-0206,0.0,0.22192,"Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an ""unchecked buffer,"" possibly a buffer overflow.",2004-11-03 05:00:00.000,Metasploit
CVE-2004-0210,0.0,0.00395,"The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow.",2004-08-06 04:00:00.000,CISA
CVE-2004-0214,0.0,0.96278,"Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba.",2004-11-03 05:00:00.000,EPSS
CVE-2004-0297,0.0,0.9435,Buffer overflow in the Lightweight Directory Access Protocol (LDAP) daemon (iLDAP.exe 3.9.15.10) in Ipswitch IMail Server 8.03 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via an LDAP message with a large tag length.,2004-11-23 05:00:00.000,Metasploit
CVE-2004-0313,0.0,0.32082,"Buffer overflow in PSOProxy 0.91 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long HTTP request, as demonstrated using a long (1) GET argument or (2) method name.",2004-11-23 05:00:00.000,Metasploit
CVE-2004-0326,0.0,0.79486,Buffer overflow in the web proxy for GateKeeper Pro 4.7 allows remote attackers to execute arbitrary code via a long GET request.,2004-11-23 05:00:00.000,Metasploit
CVE-2004-0330,0.0,0.93624,Buffer overflow in Serv-U ftp before 5.0.0.4 allows remote authenticated users to execute arbitrary code via a long time zone argument to the MDTM command.,2004-11-23 05:00:00.000,Metasploit
CVE-2004-0331,0.0,0.95235,Heap-based buffer overflow in Dell OpenManage Web Server 3.4.0 allows remote attackers to cause a denial of service (crash) via a HTTP POST with a long application variable.,2004-11-23 05:00:00.000,EPSS/Metasploit
CVE-2004-0362,0.0,0.9616,"Multiple stack-based buffer overflows in the ICQ parsing routines of the ISS Protocol Analysis Module (PAM) component, as used in various RealSecure, Proventia, and BlackICE products, allow remote attackers to execute arbitrary code via a SRV_MULTI response containing a SRV_USER_ONLINE response packet and a SRV_META_USER response packet with long (1) nickname, (2) firstname, (3) lastname, or (4) email address fields, as exploited by the Witty worm.",2004-04-15 04:00:00.000,EPSS/Metasploit
CVE-2004-0363,0.0,0.94081,"Stack-based buffer overflow in the SymSpamHelper ActiveX component (symspam.dll) in Norton AntiSpam 2004, as used in Norton Internet Security 2004, allows remote attackers to execute arbitrary code via a long parameter to the LaunchCustomRuleWizard method.",2004-04-15 04:00:00.000,Metasploit
CVE-2004-0380,0.0,0.96759,"The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers such as (1) ms-its, (2) ms-itss, (3) its, or (4) mk:@MSITStore, aka the ""MHTML URL Processing Vulnerability.""",2004-05-04 04:00:00.000,EPSS
CVE-2004-0396,0.0,0.96945,"Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up to 1.12.7, when using the pserver mechanism allows remote attackers to execute arbitrary code via Entry lines.",2004-06-14 04:00:00.000,EPSS
CVE-2004-0397,0.0,0.96278,Stack-based buffer overflow during the apr_time_t data conversion in Subversion 1.0.2 and earlier allows remote attackers to execute arbitrary code via a (1) DAV2 REPORT query or (2) get-dated-rev svn-protocol command.,2004-07-07 04:00:00.000,EPSS/Metasploit
CVE-2004-0420,0.0,0.96765,"The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP.",2004-07-07 04:00:00.000,EPSS
CVE-2004-0430,0.0,0.10566,Stack-based buffer overflow in AppleFileServer for Mac OS X 10.3.3 and earlier allows remote attackers to execute arbitrary code via a LoginExt packet for a Cleartext Password User Authentication Method (UAM) request with a PathName argument that includes an AFPName type string that is longer than the associated length field.,2004-07-07 04:00:00.000,Metasploit
CVE-2004-0493,0.0,0.96228,"The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.",2004-08-06 04:00:00.000,EPSS
CVE-2004-0519,0.0,0.02285,"Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php.",2004-08-18 04:00:00.000,Nuclei
CVE-2004-0541,0.0,0.96322,"Buffer overflow in the ntlm_check_auth (NTLM authentication) function for Squid Web Proxy Cache 2.5.x and 3.x, when compiled with NTLM handlers enabled, allows remote attackers to execute arbitrary code via a long password (""pass"" variable).",2004-08-06 04:00:00.000,EPSS/Metasploit
CVE-2004-0549,0.0,0.96426,"The WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code such as Javascript, as demonstrated using (1) delayed HTTP redirect operations, and an HTTP response with a Location: header containing a ""URL:"" prepended to a ""ms-its"" protocol URI, or (2) modifying the location attribute of the window, as exploited by the Download.ject (aka Scob aka Toofer) using the ADODB.Stream object.",2004-08-06 04:00:00.000,EPSS
CVE-2004-0574,0.0,0.95503,"The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an ""unchecked buffer,"" leading to off-by-one and heap-based buffer overflows.",2004-11-03 05:00:00.000,EPSS
CVE-2004-0597,0.0,0.96415,"Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking.",2004-11-23 05:00:00.000,EPSS
CVE-2004-0600,0.0,0.96401,Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba 3.0.2 to 3.0.4 allows remote attackers to execute arbitrary code via an invalid base-64 character during HTTP basic authentication.,2004-07-27 04:00:00.000,EPSS
CVE-2004-0636,0.0,0.91897,"Buffer overflow in the goaway function in the aim:goaway URI handler for AOL Instant Messenger (AIM) 5.5, including 5.5.3595, allows remote attackers to execute arbitrary code via a long Away message.",2004-11-23 05:00:00.000,Metasploit
CVE-2004-0637,0.0,0.96515,"Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local users to execute commands with additional privileges via the ctxsys.driload package, which is publicly accessible.",2004-09-02 04:00:00.000,EPSS
CVE-2004-0695,0.0,0.87713,Stack-based buffer overflow in the FTP service for 4D WebSTAR 5.3.2 and earlier allows remote attackers to execute arbitrary code via a long FTP command.,2004-07-27 04:00:00.000,Metasploit
CVE-2004-0735,0.0,0.42987,"Buffer overflow in Medal of Honor (1) Allied Assault 1.11v9 and earlier, (2) Breakthrough 2.40b and earlier, and (3) Spearhead 2.15 and earlier, when playing on a Local Area Network (LAN), allows remote attackers to execute arbitrary code via vectors such as (1) the getinfo query, (2) the connect packet, and other unknown vectors.",2004-07-27 04:00:00.000,Metasploit
CVE-2004-0763,0.0,0.95963,"Mozilla Firefox 0.9.1 and 0.9.2 allows remote web sites to spoof certificates of trusted web sites via redirects and Javascript that uses the ""onunload"" method.",2004-08-18 04:00:00.000,EPSS
CVE-2004-0790,0.0,0.96499,"Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the ""blind connection-reset attack.""  NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability.  While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.",2005-04-12 04:00:00.000,EPSS
CVE-2004-0795,0.0,0.01949,"DB2 8.1 remote command server (DB2RCMD.EXE) executes the db2rcmdc.exe program as the db2admin administrator, which allows local users to gain privileges via the DB2REMOTECMD named pipe.",2004-10-20 04:00:00.000,Metasploit
CVE-2004-0798,0.0,0.93127,Buffer overflow in the _maincfgret.cgi script for Ipswitch WhatsUp Gold before 8.03 Hotfix 1 allows remote attackers to execute arbitrary code via a long instancename parameter.,2004-10-20 04:00:00.000,Metasploit
CVE-2004-0841,0.0,0.96478,"Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka ""HijackClick 3"" and the ""Script in Image Tag File Download Vulnerability.""",2004-12-23 05:00:00.000,EPSS
CVE-2004-0842,0.0,0.96846,"Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from ""memory corruption"") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the ""<STYLE>@;/*"" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the ""CSS Heap Memory Corruption Vulnerability.""",2004-12-23 05:00:00.000,EPSS
CVE-2004-0844,0.0,0.95424,"Internet Explorer 6 on Double Byte Character Set (DBCS) systems allows remote attackers to alter displayed address bars and spoof web pages via a URL containing special characters, facilitating phishing attacks, aka the ""Address Bar Spoofing on Double Byte Character Set Systems Vulnerability.""",2004-11-03 05:00:00.000,EPSS
CVE-2004-0882,0.0,0.95907,"Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x through 3.0.7 may allow remote attackers to execute arbitrary code via a TRANSACT2_QFILEPATHINFO request with a small ""maximum data bytes"" value.",2005-01-27 05:00:00.000,EPSS
CVE-2004-0918,0.0,0.95915,The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error.,2005-01-27 05:00:00.000,EPSS
CVE-2004-0932,0.0,0.95622,"McAfee Anti-Virus Engine DATS drivers before 4398 released on Oct 13th 2004 and DATS Driver before 4397 October 6th 2004 allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.",2005-01-27 05:00:00.000,EPSS
CVE-2004-0933,0.0,0.95677,"Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus r6.0 through r7.1, eTrust Antivirus for the Gateway r7.0 and r7.1, eTrust Secure Content Manager, eTrust Intrusion Detection, EZ-Armor 2.0 through 2.4, and EZ-Antivirus 6.1 through 6.3 allow remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.",2005-01-27 05:00:00.000,EPSS
CVE-2004-0934,0.0,0.96435,"Kaspersky 3.x to 4.x allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.",2005-01-27 05:00:00.000,EPSS
CVE-2004-0935,0.0,0.96529,"Eset Anti-Virus before 1.020 (16th September 2004) allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.",2005-01-27 05:00:00.000,EPSS
CVE-2004-0936,0.0,0.96529,"RAV antivirus allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.",2005-01-27 05:00:00.000,EPSS
CVE-2004-0937,0.0,0.96529,"Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, 98, and Me before 3.88.0, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.",2005-02-09 05:00:00.000,EPSS
CVE-2004-0942,0.0,0.96561,Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.,2005-02-09 05:00:00.000,EPSS
CVE-2004-0964,0.0,0.16889,"Buffer overflow in Zinf 2.2.1 on Windows, and other older versions for Linux, allows remote attackers or local users to execute arbitrary code via certain values in a .pls file.",2005-02-09 05:00:00.000,Metasploit
CVE-2004-1037,0.0,0.91351,The search function in TWiki 20030201 allows remote attackers to execute arbitrary commands via shell metacharacters in a search string.,2005-03-01 05:00:00.000,Metasploit
CVE-2004-1049,0.0,0.96724,"Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the ""Cursor and Icon Format Handling Vulnerability.""",2004-12-31 05:00:00.000,EPSS
CVE-2004-1080,0.0,0.96957,"The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the ""Association Context Vulnerability.""",2005-01-10 05:00:00.000,EPSS/Metasploit
CVE-2004-1134,0.0,0.96528,Buffer overflow in the Microsoft W3Who ISAPI (w3who.dll) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long query string.,2005-01-10 05:00:00.000,EPSS/Metasploit
CVE-2004-1135,0.0,0.08209,"Multiple buffer overflows in WS_FTP Server 5.03 2004.10.14 allow remote attackers to cause a denial of service (service crash) via long (1) SITE, (2) XMKD, (3) MKD, and (4) RNFR commands.",2005-01-10 05:00:00.000,Metasploit
CVE-2004-1166,0.0,0.9675,"CRLF injection vulnerability in Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline (""%0a"") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command.",2004-12-31 05:00:00.000,EPSS
CVE-2004-1172,0.0,0.95026,"Stack-based buffer overflow in the Agent Browser in Veritas Backup Exec 8.x before 8.60.3878 Hotfix 68, and 9.x before 9.1.4691 Hotfix 40, allows remote attackers to execute arbitrary code via a registration request with a long hostname.",2005-01-10 05:00:00.000,EPSS/Metasploit
CVE-2004-1211,0.0,0.96393,"Multiple buffer overflows in the IMAP service in Mercury/32 4.01a allow remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via long arguments to the (1) EXAMINE, (2) SUBSCRIBE, (3) STATUS, (4) APPEND, (5) CHECK, (6) CLOSE, (7) EXPUNGE, (8) FETCH, (9) RENAME, (10) DELETE, (11) LIST, (12) SEARCH, (13) CREATE, or (14) UNSUBSCRIBE commands.",2005-01-10 05:00:00.000,EPSS/Metasploit
CVE-2004-1315,0.0,0.96267,"viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the highlight value so that special characters are inserted into the result, which is then processed by PHP exec, as exploited by the Santy.A worm.",2004-11-12 05:00:00.000,EPSS/Metasploit
CVE-2004-1317,0.0,0.83621,"Stack-based buffer overflow in doexec.c in Netcat for Windows 1.1, when running with the -e option, allows remote attackers to execute arbitrary code via a long DNS command.",2004-12-27 05:00:00.000,Metasploit
CVE-2004-1373,0.0,0.9716,"Format string vulnerability in SHOUTcast 1.9.4 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via format string specifiers in a content URL, as demonstrated in the filename portion of a .mp3 file.",2004-12-23 05:00:00.000,EPSS/Metasploit
CVE-2004-1376,0.0,0.95617,"Directory traversal vulnerability in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote malicious FTP servers to overwrite arbitrary files via .. (dot dot) sequences in filenames returned from a LIST command.",2004-12-30 05:00:00.000,EPSS
CVE-2004-1388,0.0,0.66143,"Format string vulnerability in the gpsd_report function for BerliOS GPD daemon (gpsd, formerly pygps) 1.9.0 through 2.7 allows remote attackers to execute arbitrary code via certain GPS requests containing format string specifiers that are not properly handled in syslog calls.",2004-12-31 05:00:00.000,Metasploit
CVE-2004-1389,0.0,0.04494,"Unknown vulnerability in the Veritas NetBackup Administrative Assistant interface for NetBackup BusinesServer 3.4, 3.4.1, and 4.5, DataCenter 3.4, 3.4.1, and 4.5, Enterprise Server 5.1, and NetBackup Server 5.0 and 5.1, allows attackers to execute arbitrary commands via the bpjava-susvc process, possibly related to the call-back feature.",2004-12-31 05:00:00.000,Metasploit
CVE-2004-1464,0.0,0.01664,"Cisco IOS 12.2(15) and earlier allows remote attackers to cause a denial of service (refused VTY (virtual terminal) connections), via a crafted TCP connection to the Telnet or reverse Telnet port.",2004-12-31 05:00:00.000,CISA
CVE-2004-1520,0.0,0.95869,Stack-based buffer overflow in IPSwitch IMail 8.13 allows remote authenticated users to execute arbitrary code via a long IMAP DELETE command.,2004-12-31 05:00:00.000,EPSS
CVE-2004-1550,0.0,0.01788,"Motorola Wireless Router WR850G running firmware 4.03 allows remote attackers to bypass authentication, log on as an administrator, and obtain sensitive information by repeatedly making an HTTP request for ver.asp until an administrator logs on.",2004-12-31 05:00:00.000,Metasploit
CVE-2004-1558,0.0,0.71053,Multiple stack-based buffer overflows in YPOPs! (aka YahooPOPS) 0.4 through 0.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) POP3 USER command or (2) SMTP request.,2004-12-31 05:00:00.000,Metasploit
CVE-2004-1561,0.0,0.96497,Buffer overflow in Icecast 2.0.1 and earlier allows remote attackers to execute arbitrary code via an HTTP request with a large number of headers.,2004-12-31 05:00:00.000,EPSS/Metasploit
CVE-2004-1595,0.0,0.51126,Buffer overflow in ShixxNote 6.net build 117 allows remote attackers to execute arbitrary code via a long font field.,2004-10-13 04:00:00.000,Metasploit
CVE-2004-1626,0.0,0.17485,"Buffer overflow in Ability Server 2.34, and possibly other versions, allows remote attackers to execute arbitrary code via a long STOR command.",2004-10-22 04:00:00.000,Metasploit
CVE-2004-1638,0.0,0.51126,Buffer overflow in MailCarrier 2.51 allows remote attackers to execute arbitrary code via a long (1) EHLO and possibly (2) HELO command.,2004-10-16 04:00:00.000,Metasploit
CVE-2004-1774,0.0,0.97288,Buffer overflow in the SDO_CODE_SIZE procedure of the MD2 package (MDSYS.MD2.SDO_CODE_SIZE) in Oracle 10g before 10.1.0.2 Patch 2 allows local users to execute arbitrary code via a long LAYER parameter.,2004-08-31 04:00:00.000,EPSS
CVE-2004-1965,0.0,0.0113,"Multiple cross-site scripting (XSS) vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) redirect parameter to member.php, (2) to parameter to myhome.php (3) TID parameter to post.php, or (4) redirect parameter to index.php.",2004-04-25 04:00:00.000,Nuclei
CVE-2004-2074,0.0,0.0259,Format string vulnerability in Dream FTP 1.02 allows local users to cause a denial of service (crash) via format string specifiers in the (1) PASS or (2) RETR commands.,2004-12-31 05:00:00.000,Metasploit
CVE-2004-2086,0.0,0.29998,Stack-based buffer overflow in results.stm for Sambar Server before the 6.0 production release allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP POST request with a long query parameter.,2004-02-06 05:00:00.000,Metasploit
CVE-2004-2111,0.0,0.9713,Stack-based buffer overflow in the site chmod command in Serv-U FTP Server before 4.2 allows remote attackers to execute arbitrary code via a long filename.,2004-12-31 05:00:00.000,EPSS/Metasploit
CVE-2004-2115,0.0,0.95876,"Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.",2004-12-31 05:00:00.000,EPSS
CVE-2004-2221,0.0,0.53743,Buffer overflow in SoftCart.exe in Mercantec SoftCart 4.00b allows remote attackers to execute arbitrary code via a long parameter in an HTTP GET request.,2004-12-31 05:00:00.000,Metasploit
CVE-2004-2271,0.0,0.79783,Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.,2004-12-31 05:00:00.000,Metasploit
CVE-2004-2416,0.0,0.95758,Buffer overflow in the logging component of CCProxy allows remote attackers to execute arbitrary code via a long HTTP GET request.,2004-12-31 05:00:00.000,EPSS/Metasploit
CVE-2004-2466,0.0,0.17764,"chat.ghp in Easy Chat Server 1.2 allows remote attackers to cause a denial of service (server crash) via a long username parameter, possibly due to a buffer overflow.  NOTE: it was later reported that 2.2 is also affected.",2004-12-31 05:00:00.000,Metasploit
CVE-2004-2687,0.0,0.94275,"distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed by the server without authorization checks.",2004-12-31 05:00:00.000,Metasploit
CVE-2004-2691,0.0,0.96309,Unspecified vulnerability in 3Com SuperStack 3 4400 switches with firmware version before 3.31 allows remote attackers to cause a denial of service (device reset) via a crafted request to the web management interface.  NOTE: the provenance of this information is unknown; details are obtained from third party reports.,2004-12-31 05:00:00.000,EPSS/Metasploit
CVE-2005-0043,0.0,0.18629,Buffer overflow in Apple iTunes 4.7 allows remote attackers to execute arbitrary code via a long URL in (1) .m3u or (2) .pls playlist files.,2005-05-02 04:00:00.000,Metasploit
CVE-2005-0045,0.0,0.96038,"The Server Message Block (SMB) implementation for Windows NT 4.0, 2000, XP, and Server 2003 does not properly validate certain SMB packets, which allows remote attackers to execute arbitrary code via Transaction responses containing (1) Trans or (2) Trans2 commands, aka the ""Server Message Block Vulnerability,"" and as demonstrated using Trans2 FIND_FIRST2 responses with large file name length fields.",2005-05-02 04:00:00.000,EPSS
CVE-2005-0059,0.0,0.96767,Buffer overflow in the Message Queuing component of Microsoft Windows 2000 and Windows XP SP1 allows remote attackers to execute arbitrary code via a crafted message.,2005-05-02 04:00:00.000,EPSS/Metasploit
CVE-2005-0095,0.0,0.9698,The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via malformed WCCP messages with source addresses that are spoofed to reference Squid's home router and invalid WCCP_I_SEE_YOU cache numbers.,2005-01-15 05:00:00.000,EPSS
CVE-2005-0116,0.0,0.97215,"AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir parameter to aswtats.pl.",2005-01-18 05:00:00.000,EPSS/Metasploit
CVE-2005-0174,0.0,0.97004,"Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache or conduct certain attacks via headers that do not follow the HTTP specification, including (1) multiple Content-Length headers, (2) carriage return (CR) characters that are not part of a CRLF pair, and (3) header names containing whitespace characters.",2005-02-07 05:00:00.000,EPSS
CVE-2005-0233,0.0,0.95715,"The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.",2005-02-08 05:00:00.000,EPSS
CVE-2005-0241,0.0,0.96545,"The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling ""oversized"" HTTP reply headers, which might allow remote attackers to poison the cache or bypass access controls based on header size.",2005-05-02 04:00:00.000,EPSS
CVE-2005-0260,0.0,0.43671,"Stack-based buffer overflow in the Discovery Service for BrightStor ARCserve Backup 11.1 and earlier allows remote attackers to execute arbitrary code via a long packet to UDP port 41524, which is not properly handled in a recvfrom call.",2005-05-02 04:00:00.000,Metasploit
CVE-2005-0277,0.0,0.21402,"Buffer overflow in the FTP service in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via (1) a long username in the USER command or (2) an FTP command that contains a long argument, such as cd, send, or ls.",2005-05-02 04:00:00.000,Metasploit
CVE-2005-0308,0.0,0.83621,Buffer overflow in the wsprintf function in W32Dasm 8.93 and earlier allows remote attackers to execute arbitrary code via a large import or export function name.,2005-01-24 05:00:00.000,Metasploit
CVE-2005-0353,0.0,0.90148,Buffer overflow in the Sentinel LM (Lservnt) service in the Sentinel License Manager 7.2.0.2 allows remote attackers to execute arbitrary code by sending a large amount of data to UDP port 5093.,2005-05-02 04:00:00.000,Metasploit
CVE-2005-0420,0.0,0.97173,"Microsoft Outlook Web Access (OWA), when used with Exchange, allows remote attackers to redirect users to arbitrary URLs for login via a link to the owalogon.asp application.",2005-04-27 04:00:00.000,EPSS
CVE-2005-0446,0.0,0.95776,"Squid 2.5.STABLE8 and earlier allows remote attackers to cause a denial of service (crash) via certain DNS responses regarding (1) Fully Qualified Domain Names (FQDN) in fqdncache.c or (2) IP addresses in ipcache.c, which trigger an assertion failure.",2005-05-02 04:00:00.000,EPSS
CVE-2005-0455,0.0,0.46795,"Stack-based buffer overflow in the CSmil1Parser::testAttributeFailed function in smlparse.cpp for RealNetworks RealPlayer 10.5 (6.0.12.1056 and earlier), 10, 8, and RealOne Player V2 and V1 allows remote attackers to execute arbitrary code via a .SMIL file with a large system-screen-size value.",2005-05-02 04:00:00.000,Metasploit
CVE-2005-0478,0.0,0.26049,Multiple buffer overflows in TrackerCam 5.12 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) an HTTP request with a long User-Agent header or (2) a long argument to an arbitrary PHP script.,2005-03-30 05:00:00.000,Metasploit
CVE-2005-0511,0.0,0.89064,"misc.php for vBulletin 3.0.6 and earlier, when ""Add Template Name in HTML Comments"" is enabled, allows remote attackers to execute arbitrary PHP code via nested variables in the template parameter.",2005-02-21 05:00:00.000,Metasploit
CVE-2005-0554,0.0,0.95737,"Buffer overflow in the URL processor of Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL with a long hostname, aka ""URL Parsing Memory Corruption Vulnerability.""",2005-05-02 04:00:00.000,EPSS
CVE-2005-0563,0.0,0.96617,"Cross-site scripting (XSS) vulnerability in Microsoft Outlook Web Access (OWA) component in Exchange Server 5.5 allows remote attackers to inject arbitrary web script or HTML via an email message with an encoded javascript: URL (""jav&#X41sc&#0010;ript:"") in an IMG tag.",2005-06-14 04:00:00.000,EPSS
CVE-2005-0595,0.0,0.95807,Buffer overflow in ext.dll in BadBlue 2.55 allows remote attackers to execute arbitrary code via a long mfcisapicommand parameter.,2005-05-02 04:00:00.000,EPSS/Metasploit
CVE-2005-0684,0.0,0.92302,"Multiple buffer overflows in the web tool for MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via (1) an HTTP GET request with a long file parameter after a percent (""%"") sign or (2) a long Lock-Token string to the WebDAV functionality, which is not properly handled by the getLockTokenHeader function in WDVHandler_CommonUtils.c.",2005-04-25 04:00:00.000,Metasploit
CVE-2005-0701,0.0,0.95356,"Directory traversal vulnerability in Oracle Database Server 8i and 9i allows remote attackers to read or rename arbitrary files via ""\\.\\..""  (modified dot dot backslash) sequences to UTL_FILE functions such as (1) UTL_FILE.FOPEN or (2) UTL_FILE.frename.",2005-03-07 05:00:00.000,EPSS
CVE-2005-0709,0.0,0.9675,"MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls, as demonstrated by using strcat, on_exit, and exit.",2005-05-02 04:00:00.000,EPSS
CVE-2005-0710,0.0,0.96937,"MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to bypass library path restrictions and execute arbitrary libraries by using INSERT INTO to modify the mysql.func table, which is processed by the udf_init function.",2005-05-02 04:00:00.000,EPSS
CVE-2005-0768,0.0,0.19575,"Buffer overflow in the administration web server for GoodTech Telnet Server 4.0 and 5.0, and possibly all versions before 5.0.7, allows remote attackers to execute arbitrary code via a long string to port 2380.",2005-05-02 04:00:00.000,Metasploit
CVE-2005-0771,0.0,0.96828,VERITAS Backup Exec Server (beserver.exe) 9.0 through 10.0 for Windows allows remote unauthenticated attackers to modify the registry by calling methods to the RPC interface on TCP port 6106.,2005-06-23 04:00:00.000,EPSS/Metasploit
CVE-2005-0773,0.0,0.96643,"Stack-based buffer overflow in VERITAS Backup Exec Remote Agent 9.0 through 10.0 for Windows, and 9.0.4019 through 9.1.307 for Netware allows remote attackers to execute arbitrary code via a CONNECT_CLIENT_AUTH request with authentication method type 3 (Windows credentials) and a long password argument.",2005-06-18 04:00:00.000,EPSS/Metasploit
CVE-2005-1009,0.0,0.97318,"Multiple buffer overflows in BakBone NetVault 6.x and 7.x allow (1) remote attackers to execute arbitrary code via a modified computer name and length that leads to a heap-based buffer overflow, or (2) local users to execute arbitrary code via a long Name entry in the configure.cfg file.",2005-05-02 04:00:00.000,EPSS/Metasploit
CVE-2005-1018,0.0,0.96519,Buffer overflow in the UniversalAgent for Computer Associates (CA) BrightStor ARCserve Backup allows remote authenticated users to cause a denial of service or execute arbitrary code via an agent request to TCP port 6050 with a large argument before the option field.,2005-05-02 04:00:00.000,EPSS/Metasploit
CVE-2005-1099,0.0,0.74524,"Multiple buffer overflows in the HandleChild function in server.c in Greylisting daemon (GLD) 1.3 and 1.4, when GLD is listening on a network interface, allow remote attackers to execute arbitrary code.",2005-04-12 04:00:00.000,Metasploit
CVE-2005-1213,0.0,0.97357,"Stack-based buffer overflow in the news reader for Microsoft Outlook Express (MSOE.DLL) 5.5 SP2, 6, and 6 SP1 allows remote malicious NNTP servers to execute arbitrary code via a LIST response with a long second field.",2005-06-14 04:00:00.000,EPSS/Metasploit
CVE-2005-1272,0.0,0.97191,Stack-based buffer overflow in the Backup Agent for Microsoft SQL Server in BrightStor ARCserve Backup Agent for SQL Server 11.0 allows remote attackers to execute arbitrary code via a long string sent to port (1) 6070 or (2) 6050.,2005-08-05 04:00:00.000,EPSS/Metasploit
CVE-2005-1323,0.0,0.94899,Buffer overflow in NetFtpd for NetTerm 5.1.1 and earlier allows remote attackers to execute arbitrary code via a long USER command.,2005-05-02 04:00:00.000,Metasploit
CVE-2005-1348,0.0,0.89913,Buffer overflow in HTTPMail in MailEnable Enterprise 1.04 and earlier and Professional 1.54 and earlier allows remote attackers to execute arbitrary code via a long HTTP Authorization header.,2005-05-02 04:00:00.000,Metasploit
CVE-2005-1381,0.0,0.9584,Multiple cross-site scripting (XSS) vulnerabilities in Oracle Webcache 9i allow remote attackers to inject arbitrary web script or HTML via the (1) cache_dump_file or (2) PartialPageErrorPage parameter.,2005-05-03 04:00:00.000,EPSS
CVE-2005-1382,0.0,0.96026,The webcacheadmin module in Oracle Webcache 9i allows remote attackers to corrupt arbitrary files via a full pathname in the cache_dump_file parameter.,2005-05-03 04:00:00.000,EPSS
CVE-2005-1383,0.0,0.95242,"The OHS component 1.0.2 through 10.x, when UseWebcacheIP is disabled, in Oracle Application Server allows remote attackers to bypass HTTP Server mod_access restrictions via a request to the webcache TCP port 7778.",2005-05-03 04:00:00.000,EPSS
CVE-2005-1415,0.0,0.33068,Buffer overflow in GlobalSCAPE Secure FTP Server 3.0.2 allows remote authenticated users to execute arbitrary code via a long FTP command.,2005-05-03 04:00:00.000,Metasploit
CVE-2005-1543,0.0,0.95842,"Multiple stack-based and heap-based buffer overflows in Remote Management authentication (zenrem32.exe) on Novell ZENworks 6.5 Desktop and Server Management, ZENworks for Desktops 4.x, ZENworks for Servers 3.x, and Remote Management allows remote attackers to execute arbitrary code via (1) unspecified vectors, (2) type 1 authentication requests, and (3) type 2 authentication requests.",2005-05-25 04:00:00.000,EPSS/Metasploit
CVE-2005-1747,0.0,0.95989,"Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 6, allow remote attackers to inject arbitrary web script or HTML, and possibly gain administrative privileges, via the (1) j_username or (2) j_password parameters in the login page (LoginForm.jsp), (3) parameters to the error page in the Administration Console, (4) unknown vectors in the Server Console while the administrator has an active session to obtain the ADMINCONSOLESESSION cookie, or (5) an alternate vector in the Server Console that does not require an active session but also leaks the username and password.",2005-05-24 04:00:00.000,EPSS
CVE-2005-1790,0.0,0.97301,"Microsoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106, and earlier versions, allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a Javascript BODY onload event that calls the window function, aka ""Mismatched Document Object Model Objects Memory Corruption Vulnerability.""",2005-06-01 04:00:00.000,EPSS/Metasploit
CVE-2005-1812,0.0,0.69565,Multiple stack-based buffer overflows in FutureSoft TFTP Server Evaluation Version 1.0.0.1 allow remote attackers to execute arbitrary code via a long (1) filename or (2) transfer mode string in a Read Request (RRQ) or Write Request (WRQ) packet.,2005-06-01 04:00:00.000,Metasploit
CVE-2005-1815,0.0,0.13086,Multiple buffer overflows in Hummingbird Connectivity inetD 10.0.0.1 and 9.0.0.4 allows attackers to cause a denial of service and possibly execute arbitrary code via (1) an FTP command with a long argument to FTPD (ftpdw.exe) or (2) a large amount of data to LPD (Lpdw.exe).,2005-06-01 04:00:00.000,Metasploit
CVE-2005-1921,0.0,0.95649,"Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.",2005-07-05 04:00:00.000,EPSS/Metasploit
CVE-2005-1983,0.0,0.97518,"Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm.",2005-08-10 04:00:00.000,EPSS/Metasploit
CVE-2005-1990,0.0,0.96439,"Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, including (1) devenum.dll, (2) diactfrm.dll, (3) wmm2filt.dll, (4) fsusd.dll, (5) dmdskmgr.dll, (6) browsewm.dll, (7) browseui.dll, (8) shell32.dll, (9) mshtml.dll, (10) inetcfg.dll, (11) infosoft.dll, (12) query.dll, (13) syncui.dll, (14) clbcatex.dll, (15) clbcatq.dll, (16) comsvcs.dll, and (17) msconf.dll, which causes memory corruption, aka ""COM Object Instantiation Memory Corruption Vulnerability,"" a different vulnerability than CVE-2005-2087.",2005-08-10 04:00:00.000,EPSS
CVE-2005-2086,0.0,0.10023,PHP remote file inclusion vulnerability in viewtopic.php in phpBB 2.0.15 and earlier allows remote attackers to execute arbitrary PHP code.,2005-07-05 04:00:00.000,Metasploit
CVE-2005-2087,0.0,0.96072,"Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, as demonstrated using the JVIEW Profiler (Javaprxy.dll).  NOTE: the researcher says that the vendor could not reproduce this problem.",2005-07-05 04:00:00.000,EPSS
CVE-2005-2088,0.0,0.96327,"The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a ""Transfer-Encoding: chunked"" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka ""HTTP Request Smuggling.""",2005-07-05 04:00:00.000,EPSS
CVE-2005-2090,0.0,0.97185,"Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a ""Transfer-Encoding: chunked"" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka ""HTTP Request Smuggling.""",2005-07-05 04:00:00.000,EPSS
CVE-2005-2120,0.0,0.03043,"Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of ""\"" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call.",2005-10-13 10:02:00.000,Metasploit
CVE-2005-2122,0.0,0.95411,"Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to execute arbitrary commands via a shortcut (.lnk) file with long font properties that lead to a buffer overflow in the Client/Server Runtime Server Subsystem (CSRSS), a different vulnerability than CVE-2005-2118.",2005-10-21 18:02:00.000,EPSS
CVE-2005-2124,0.0,0.96259,"Unspecified vulnerability in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1, related to ""An unchecked buffer"" and possibly buffer overflows, allows remote attackers to execute arbitrary code via a crafted Windows Metafile (WMF) format image, aka ""Windows Metafile Vulnerability.""",2005-11-29 21:03:00.000,EPSS
CVE-2005-2265,0.0,0.96724,"Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 allows remote attackers to cause a denial of service (access violation and crash), and possibly execute arbitrary code, by calling InstallVersion.compareTo with an object instead of a string.",2005-07-13 04:00:00.000,EPSS/Metasploit
CVE-2005-2278,0.0,0.92283,Stack-based buffer overflow in the IMAP daemon (imapd) in MailEnable Professional 1.54 allows remote authenticated users to execute arbitrary code via the status command with a long mailbox name.,2005-07-18 04:00:00.000,Metasploit
CVE-2005-2287,0.0,0.96746,"SoftiaCom wMailServer 1.0 and 2.0 allows remote attackers to cause a denial of service (application crash) via a large TCP packet with a leading space, possibly triggering a buffer overflow.",2005-07-18 04:00:00.000,EPSS/Metasploit
CVE-2005-2297,0.0,0.96172,Stack-based buffer overflow in TreeAction.do in Sybase EAServer 4.2.5 through 5.2 allows remote authenticated users to execute arbitrary code via a large javascript parameter.,2005-07-19 04:00:00.000,EPSS/Metasploit
CVE-2005-2340,0.0,0.96826,"Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a crafted (1) QuickTime Image File (QTIF), (2) PICT, or (3) JPEG format image with a long data field.",2005-12-31 05:00:00.000,EPSS
CVE-2005-2373,0.0,0.13088,"Buffer overflow in SlimFTPd 3.15 and 3.16 allows remote authenticated users to execute arbitrary code via a long directory name to (1) LIST, (2) DELE or (3) RNFR commands.",2005-07-26 04:00:00.000,Metasploit
CVE-2005-2428,0.0,0.01188,"Lotus Domino R5 and R6 WebMail, with ""Generate HTML for all fields"" enabled, stores sensitive data from names.nsf in hidden form fields, which allows remote attackers to read the HTML source to obtain sensitive information such as (1) the password hash in the HTTPPassword field, (2) the password change date in the HTTPPasswordChangeDate field, (3) the client platform in the ClntPltfrm field, (4) the client machine name in the ClntMachine field, and (5) the client Lotus Domino release in the ClntBld field, a different vulnerability than CVE-2005-2696.",2005-08-03 04:00:00.000,Nuclei
CVE-2005-2535,0.0,0.15439,"Buffer overflow in the Discovery Service in BrightStor ARCserve Backup 9.0 through 11.1 allows remote attackers to execute arbitrary commands via a large packet to TCP port 41523, a different vulnerability than CVE-2005-0260.",2005-08-10 04:00:00.000,Metasploit
CVE-2005-2551,0.0,0.93046,Buffer overflow in dhost.exe in iMonitor for Novell eDirectory 8.7.3 on Windows allows attackers to cause a denial of service (crash) and obtain access to files via unknown vectors.,2005-08-12 04:00:00.000,Metasploit
CVE-2005-2558,0.0,0.96765,"Stack-based buffer overflow in the init_syms function in MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta allows remote authenticated users who can create user-defined functions to execute arbitrary code via a long function_name field.",2005-08-16 04:00:00.000,EPSS
CVE-2005-2611,0.0,0.97329,"VERITAS Backup Exec for Windows Servers 8.6 through 10.0, Backup Exec for NetWare Servers 9.0 and 9.1, and NetBackup for NetWare Media Server Option 4.5 through 5.1 uses a static password during authentication from the NDMP agent to the server, which allows remote attackers to read and write arbitrary files with the backup server.",2005-08-17 04:00:00.000,EPSS/Metasploit
CVE-2005-2612,0.0,0.81598,Direct code injection vulnerability in WordPress 1.5.1.3 and earlier allows remote attackers to execute arbitrary PHP code via the cache_lastpostdate[server] cookie.,2005-08-17 04:00:00.000,Metasploit
CVE-2005-2668,0.0,0.95173,"Multiple buffer overflows in Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allow remote attackers to execute arbitrary code via unknown vectors.",2005-08-23 04:00:00.000,EPSS/Metasploit
CVE-2005-2706,0.0,0.95449,Firefox before 1.0.7 and Mozilla before Suite 1.7.12 allows remote attackers to execute Javascript with chrome privileges via an about: page such as about:mozilla.,2005-09-23 19:03:00.000,EPSS
CVE-2005-2710,0.0,0.96851,Format string vulnerability in Real HelixPlayer and RealPlayer 10 allows remote attackers to execute arbitrary code via the (1) image handle or (2) timeformat attribute in a RealPix (.rp) or RealText (.rt) file.,2005-09-27 20:03:00.000,EPSS
CVE-2005-2733,0.0,0.91676,"upload_img_cgi.php in Simple PHP Blog (SPHPBlog) does not properly restrict file extensions of uploaded files, which could allow remote attackers to execute arbitrary code.",2005-08-30 11:45:00.000,Metasploit
CVE-2005-2773,0.0,0.96609,"HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node parameter to connectedNodes.ovpl, (2) cdpView.ovpl, (3) freeIPaddrs.ovpl, and (4) ecscmg.ovpl.",2005-09-02 23:03:00.000,EPSS/CISA/Metasploit
CVE-2005-2830,0.0,0.96147,"Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka ""HTTPS Proxy Vulnerability.""",2005-12-14 11:03:00.000,EPSS
CVE-2005-2831,0.0,0.96517,"Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, aka a variant of the ""COM Object Instantiation Memory Corruption Vulnerability,"" a different vulnerability than CVE-2005-2127.",2005-12-14 11:03:00.000,EPSS
CVE-2005-2847,0.0,0.97031,img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to execute arbitrary commands via shell metacharacters in the f parameter.,2005-09-08 10:03:00.000,EPSS/Metasploit
CVE-2005-2852,0.0,0.61024,"Unknown vulnerability in CIFS.NLM in Novell Netware 6.5 SP2 and SP3, 5.1, and 6.0 allows remote attackers to cause a denial of service (ABEND) via an incorrect password length, as exploited by the ""worm.rbot.ccc"" worm.",2005-09-08 10:03:00.000,Metasploit
CVE-2005-2871,0.0,0.96417,"Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all ""soft"" hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec.",2005-09-09 18:03:00.000,EPSS
CVE-2005-2877,0.0,0.96821,"The history (revision control) function in TWiki 02-Sep-2004 and earlier allows remote attackers to execute arbitrary code via shell metacharacters, as demonstrated via the rev parameter to TWikiUsers.",2005-09-16 20:03:00.000,EPSS/Metasploit
CVE-2005-2917,0.0,0.95988,"Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, does not properly handle certain request sequences, which allows attackers to cause a denial of service (daemon restart).",2005-09-30 18:05:00.000,EPSS
CVE-2005-2968,0.0,0.96155,"Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary commands via shell metacharacters in a URL that is provided to the browser on the command line, which is sent unfiltered to bash.",2005-09-20 22:03:00.000,EPSS
CVE-2005-3116,0.0,0.95464,Stack-based buffer overflow in a shared library as used by the Volume Manager daemon (vmd) in VERITAS NetBackup Enterprise Server 5.0 MP1 to MP5 and 5.1 up to MP3A allows remote attackers to execute arbitrary code via a crafted packet.,2005-11-18 06:03:00.000,EPSS
CVE-2005-3155,0.0,0.77903,Buffer overflow in the W3C logging for MailEnable Enterprise 1.1 and Professional 1.6 allows remote attackers to execute arbitrary code.,2005-10-05 23:02:00.000,Metasploit
CVE-2005-3190,0.0,0.61685,"Buffer overflow in Computer Associates (CA) iGateway 3.0 and 4.0 before 4.0.050623, when running in debug mode, allows remote attackers to execute arbitrary code via HTTP GET requests.",2005-10-13 22:02:00.000,Metasploit
CVE-2005-3252,0.0,0.94818,Stack-based buffer overflow in the Back Orifice (BO) preprocessor for Snort before 2.4.3 allows remote attackers to execute arbitrary code via a crafted UDP packet.,2005-10-18 21:02:00.000,Metasploit
CVE-2005-3314,0.0,0.85319,"Stack-based buffer overflow in the IMAP daemon in Novell Netmail 3.5.2 allows remote attackers to execute arbitrary code via ""long verb arguments.""",2005-11-18 22:03:00.000,Metasploit
CVE-2005-3315,0.0,0.95935,"Multiple SQL injection vulnerabilities in Novell ZENworks Patch Management 6.x before 6.2.2.181 allow remote attackers to execute arbitrary SQL commands via the (1) Direction parameter to computers/default.asp, and the (2) SearchText, (3) StatusFilter, and (4) computerFilter parameters to reports/default.asp.",2005-10-30 20:02:00.000,EPSS
CVE-2005-3344,0.0,0.01539,"The default installation of Horde 3.0.4 contains an administrative account with a blank password, which allows remote attackers to gain access.",2005-11-16 07:42:00.000,Nuclei
CVE-2005-3357,0.0,0.97264,"mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.",2005-12-31 05:00:00.000,EPSS
CVE-2005-3498,0.0,0.00369,"IBM WebSphere Application Server 5.0.x before 5.02.15, 5.1.x before 5.1.1.8, and 6.x before fixpack V6.0.2.5, when session trace is enabled, records a full URL including the queryString in the trace logs when an application encodes a URL, which could allow attackers to obtain sensitive information.",2005-11-04 00:02:00.000,Metasploit
CVE-2005-3589,0.0,0.55865,Buffer overflow in FileZilla Server Terminal 0.9.4d may allow remote attackers to cause a denial of service (terminal crash) via a long USER ftp command.,2005-11-16 07:42:00.000,Metasploit
CVE-2005-3634,0.0,0.02843,frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter.,2005-11-16 21:22:00.000,Nuclei
CVE-2005-3683,0.0,0.70853,"Stack-based buffer overflow in freeFTPd before 1.0.9 with Logging enabled, allows remote attackers to cause a denial of service (application crash), and possibly execute arbitrary code, via a long USER command.",2005-11-19 01:03:00.000,Metasploit
CVE-2005-3757,0.0,0.44725,"The Saxon XSLT parser in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to obtain sensitive information and execute arbitrary code via dangerous Java class methods in select attribute of xsl:value-of tags in XSLT style sheets, such as (1) system-property, (2) sys:getProperty, and (3) run:exec.",2005-11-22 21:03:00.000,Metasploit
CVE-2005-3792,0.0,0.95179,"Multiple SQL injection vulnerabilities in the Search module in PHP-Nuke 7.8, and possibly other versions before 7.9 with patch 3.1, allows remote attackers to execute arbitrary SQL commands, as demonstrated via the query parameter in a stories type.",2005-11-24 11:03:00.000,EPSS
CVE-2005-4085,0.0,0.57818,Buffer overflow in BlueCoat (a) WinProxy before 6.1a and (b) the web console access functionality in ProxyAV before 2.4.2.3 allows remote attackers to execute arbitrary code via a long Host: header.,2005-12-31 05:00:00.000,Metasploit
CVE-2005-4089,0.0,0.95493,"Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files, as demonstrated using Google Desktop, aka ""CSSXSS"" and ""CSS Cross-Domain Information Disclosure Vulnerability.""",2005-12-08 11:03:00.000,EPSS
CVE-2005-4134,0.0,0.96056,"Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup.  NOTE: despite initial reports, the Mozilla vendor does not believe that this issue can be used to trigger a crash or buffer overflow in Firefox.  Also, it has been independently reported that Netscape 8.1 does not have this issue.",2005-12-09 15:03:00.000,EPSS
CVE-2005-4145,0.0,0.30369,"The MSDE version of Lyris ListManager 5.0 through 8.9b configures the sa account in the database to use a password with a small search space (""lyris"" and up to 5 digits, possibly from the process ID), which allows remote attackers to gain access via a brute force attack.",2005-12-10 11:03:00.000,Metasploit
CVE-2005-4267,0.0,0.96797,"Stack-based buffer overflow in Qualcomm WorldMail 3.0 allows remote attackers to execute arbitrary code via a long IMAP command that ends with a ""}"" character, as demonstrated using long (1) LIST, (2) LSUB, (3) SEARCH TEXT, (4) STATUS INBOX, (5) AUTHENTICATE, (6) FETCH, (7) SELECT, and (8) COPY commands.",2005-12-21 11:03:00.000,EPSS/Metasploit
CVE-2005-4360,0.0,0.96817,"The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote attackers to execute arbitrary code via multiple requests to "".dll"" followed by arguments such as ""~0"" through ""~9"", which causes ntdll.dll to produce a return value that is not correctly handled by IIS, as demonstrated using ""/_vti_bin/.dll/*/~0"".  NOTE: the consequence was originally believed to be only a denial of service (application crash and reboot).",2005-12-20 01:03:00.000,EPSS
CVE-2005-4385,0.0,0.00294,Cross-site scripting (XSS) vulnerability in search.htm in Cofax 2.0 RC3 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter.,2005-12-20 02:03:00.000,Nuclei
CVE-2005-4411,0.0,0.94458,Buffer overflow in Mercury Mail Transport System 4.01b allows remote attackers to execute arbitrary code via a long request to TCP port 105.,2005-12-20 11:03:00.000,Metasploit
CVE-2005-4459,0.0,0.95136,"Heap-based buffer overflow in the NAT networking components vmnat.exe and vmnet-natd in VMWare Workstation 5.5, GSX Server 3.2, ACE 1.0.1, and Player 1.0 allows remote authenticated attackers, including guests, to execute arbitrary code via crafted (1) EPRT and (2) PORT FTP commands.",2005-12-21 20:03:00.000,EPSS
CVE-2005-4560,0.0,0.97358,"The Windows Graphical Device Interface library (GDI32.DLL) in Microsoft Windows allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) format image with a crafted SETABORTPROC GDI Escape function call, related to the Windows Picture and Fax Viewer (SHIMGVW.DLL), a different vulnerability than CVE-2005-2123 and CVE-2005-2124, and as originally discovered in the wild on unionseek.com.",2005-12-28 19:03:00.000,EPSS/Metasploit
CVE-2005-4734,0.0,0.37066,Stack-based buffer overflow in IISWebAgentIF.dll in RSA Authentication Agent for Web (aka SecurID Web Agent) 5.2 and 5.3 for IIS allows remote attackers to execute arbitrary code via a long url parameter in the Redirect method.,2005-12-31 05:00:00.000,Metasploit
CVE-2005-4797,0.0,0.96185,"Directory traversal vulnerability in printd line printer daemon (lpd) in Solaris 7 through 10 allows remote attackers to delete arbitrary files via "".."" sequences in an ""Unlink data file"" command.",2005-12-31 05:00:00.000,EPSS/Metasploit
CVE-2005-4832,0.0,0.882,"SQL injection vulnerability in the Oracle Database Server 10g allows remote authenticated users to execute arbitrary SQL commands with elevated privileges via the SUBSCRIPTION_NAME parameter in the (1) SYS.DBMS_CDC_SUBSCRIBE and (2) SYS.DBMS_CDC_ISUBSCRIBE packages, a different vector than CVE-2005-1197.",2005-12-31 05:00:00.000,Metasploit
CVE-2006-0001,0.0,0.96856,"Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts.",2006-09-12 23:07:00.000,EPSS
CVE-2006-0003,0.0,0.9668,"Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors.",2006-04-12 00:02:00.000,EPSS/Metasploit
CVE-2006-0006,0.0,0.95722,"Heap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted bitmap (.BMP) file that specifies a size of 0 but contains additional data.",2006-02-14 22:06:00.000,EPSS
CVE-2006-0007,0.0,0.96876,"Buffer overflow in GIFIMP32.FLT, as used in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted GIF image that triggers memory corruption when it is parsed.",2006-07-11 21:05:00.000,EPSS
CVE-2006-0026,0.0,0.963,"Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP).",2006-07-11 22:05:00.000,EPSS
CVE-2006-0027,0.0,0.97307,Unspecified vulnerability in Microsoft Exchange allows remote attackers to execute arbitrary code via e-mail messages with crafted (1) vCal or (2) iCal Calendar properties.,2006-05-10 02:10:00.000,EPSS/Metasploit
CVE-2006-0028,0.0,0.96548,"Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via a BIFF parsing format file containing malformed BOOLERR records that lead to memory corruption, probably involving invalid pointers.",2006-03-14 23:02:00.000,EPSS
CVE-2006-0292,0.0,0.95484,"The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via unknown attack vectors related to garbage collection.",2006-02-02 20:06:00.000,EPSS
CVE-2006-0295,0.0,0.96965,"Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the QueryInterface method of the built-in Location and Navigator objects, which leads to memory corruption.",2006-02-02 20:06:00.000,EPSS/Metasploit
CVE-2006-0296,0.0,0.96081,"The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file.",2006-02-02 20:06:00.000,EPSS
CVE-2006-0323,0.0,0.96783,"Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a size value that is less than the actual size, or (2) other unspecified manipulations.",2006-03-23 23:06:00.000,EPSS
CVE-2006-0395,0.0,0.03402,"The Download Validation in Mail in Mac OS X 10.4 does not properly recognize attachment file types to warn a user of an unsafe type, which allows user-assisted remote attackers to execute arbitrary code via crafted file types.",2006-08-05 01:04:00.000,Metasploit
CVE-2006-0441,0.0,0.3091,"Stack-based buffer overflow in Sami FTP Server 2.0.1 allows remote attackers to execute arbitrary code via a long USER command, which triggers the overflow when the log is viewed.",2006-01-26 22:03:00.000,Metasploit
CVE-2006-0460,0.0,0.87013,Multiple buffer overflows in BomberClone before 0.11.6.2 allow remote attackers to execute arbitrary code via long error messages.,2006-02-17 01:02:00.000,Metasploit
CVE-2006-0476,0.0,0.7759,Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to execute arbitrary code via a playlist (pls) file with a long file name (File1 field).,2006-01-31 11:03:00.000,Metasploit
CVE-2006-0749,0.0,0.97291,"nsHTMLContentSink.cpp in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors involving a ""particular sequence of HTML tags"" that leads to memory corruption.",2006-04-14 10:02:00.000,EPSS
CVE-2006-0753,0.0,0.95107,Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to cause a denial of service (memory consumption) via JavaScript that uses setInterval to repeatedly call a function to set the value of window.status.,2006-02-18 02:02:00.000,EPSS
CVE-2006-0848,0.0,0.97451,"The ""Open 'safe' files after downloading"" option in Safari on Apple Mac OS X allows remote user-assisted attackers to execute arbitrary commands by tricking a user into downloading a __MACOSX folder that contains metadata (resource fork) that invokes the Terminal, which automatically interprets the script using bash, as demonstrated using a ZIP file that contains a script with a safe file extension.",2006-02-22 23:02:00.000,EPSS/Metasploit
CVE-2006-0884,0.0,0.95011,"The WYSIWYG rendering engine (""rich mail"" editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail.",2006-02-24 22:02:00.000,EPSS
CVE-2006-0900,0.0,0.96594,"nfsd in FreeBSD 6.0 kernel allows remote attackers to cause a denial of service via a crafted NFS mount request, as demonstrated by the ProtoVer NFS test suite.",2006-02-27 19:06:00.000,EPSS/Metasploit
CVE-2006-0987,0.0,0.01568,"The default configuration of ISC BIND before 9.4.1-P1, when configured as a caching name server, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses.",2006-03-03 11:02:00.000,Metasploit
CVE-2006-0988,0.0,0.00979,"The default configuration of the DNS Server service on Windows Server 2003 and Windows 2000, and the Microsoft DNS Server service on Windows NT 4.0, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses.",2006-03-03 11:02:00.000,Metasploit
CVE-2006-0992,0.0,0.35092,"Stack-based buffer overflow in Novell GroupWise Messenger before 2.0 Public Beta 2 allows remote attackers to execute arbitrary code via a long Accept-Language value without a comma or semicolon.  NOTE: due to a typo, the original ZDI advisory accidentally referenced CVE-2006-0092.  This is the correct identifier.",2006-04-14 10:02:00.000,Metasploit
CVE-2006-1016,0.0,0.88043,"Buffer overflow in the IsComponentInstalled method in Internet Explorer 6.0, when used on Windows 2000 before SP4 or Windows XP before SP1, allows remote attackers to execute arbitrary code via JavaScript that calls IsComponentInstalled with a long first argument.",2006-03-07 00:02:00.000,Metasploit
CVE-2006-1043,0.0,0.96572,Stack-based buffer overflow in Microsoft Visual Studio 6.0 and Microsoft Visual InterDev 6.0 allows user-assisted attackers to execute arbitrary code via a long DataProject field in a (1) Visual Studio Database Project File (.dbp) or (2) Visual Studio Solution (.sln).,2006-03-07 11:02:00.000,EPSS
CVE-2006-1148,0.0,0.96329,"Multiple stack-based buffer overflows in the procConnectArgs function in servmgr.cpp in PeerCast before 0.1217 allow remote attackers to execute arbitrary code via an HTTP GET request with a long (1) parameter name or (2) value in a URL, which triggers the overflow in the nextCGIarg function in servhs.cpp.",2006-03-10 11:02:00.000,EPSS
CVE-2006-1192,0.0,0.95095,"Microsoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow ""window content to persist"" after the user has navigated to another site, aka the ""Address Bar Spoofing Vulnerability.""  NOTE: this is a different vulnerability than CVE-2006-1626.",2006-04-11 23:02:00.000,EPSS
CVE-2006-1193,0.0,0.96628,"Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to ""HTML parsing.""",2006-06-13 19:06:00.000,EPSS
CVE-2006-1245,0.0,0.96713,"Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick, aka the ""Multiple Event Handler Memory Corruption Vulnerability.""",2006-03-17 01:02:00.000,EPSS
CVE-2006-1359,0.0,0.9733,"Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer.",2006-03-23 00:06:00.000,EPSS/Metasploit
CVE-2006-1547,0.0,0.0142,"ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.",2006-03-30 22:02:00.000,CISA
CVE-2006-1551,0.0,0.81648,Eval injection vulnerability in pajax_call_dispatcher.php in PAJAX 0.5.1 and earlier allows remote attackers to execute arbitrary code via the (1) $method and (2) $args parameters.,2006-04-13 22:02:00.000,Metasploit
CVE-2006-1652,0.0,0.95268,"Multiple buffer overflows in (a) UltraVNC (aka Ultr@VNC) 1.0.1 and earlier and (b) tabbed_viewer 1.29 (1) allow user-assisted remote attackers to execute arbitrary code via a malicious server that sends a long string to a client that connects on TCP port 5900, which triggers an overflow in Log::ReallyPrint; and (2) allow remote attackers to cause a denial of service (server crash) via a long HTTP GET request to TCP port 5800, which triggers an overflow in VNCLog::ReallyPrint.",2006-04-06 10:04:00.000,EPSS/Metasploit
CVE-2006-1681,0.0,0.01015,"Cross-site scripting (XSS) vulnerability in Cherokee HTTPD 0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated.",2006-04-11 00:02:00.000,Nuclei
CVE-2006-1730,0.0,0.97377,"Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via a large number in the CSS letter-spacing property that leads to a heap-based buffer overflow.",2006-04-14 10:02:00.000,EPSS
CVE-2006-1733,0.0,0.97123,"Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly protect the compilation scope of privileged built-in XBL bindings, which allows remote attackers to execute arbitrary code via the (1) valueOf.call or (2) valueOf.apply methods of an XBL binding, or (3) ""by inserting an XBL method into the DOM's document.body prototype chain.""",2006-04-14 10:02:00.000,EPSS
CVE-2006-1734,0.0,0.97328,"Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using the Object.watch method to access the ""clone parent"" internal function.",2006-04-14 10:02:00.000,EPSS
CVE-2006-1735,0.0,0.97491,"Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using an eval in an XBL method binding (XBL.method.eval) to create Javascript functions that are compiled with extra privileges.",2006-04-14 10:02:00.000,EPSS
CVE-2006-1737,0.0,0.97116,"Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary bytecode via JavaScript with a large regular expression.",2006-04-14 18:02:00.000,EPSS
CVE-2006-1738,0.0,0.96848,"Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) by changing the (1) -moz-grid and (2) -moz-grid-group display styles.",2006-04-14 18:02:00.000,EPSS
CVE-2006-1739,0.0,0.97278,"The CSS border-rendering code in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain Cascading Style Sheets (CSS) that causes an out-of-bounds array write and buffer overflow.",2006-04-14 10:02:00.000,EPSS
CVE-2006-1790,0.0,0.96635,"A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the InstallTrigger.install method, which leads to memory corruption.",2006-04-14 19:02:00.000,EPSS
CVE-2006-1992,0.0,0.96331,"mshtml.dll 6.00.2900.2873, as used in Microsoft Internet Explorer, allows remote attackers to cause a denial of service (crash) via nested OBJECT tags, which trigger invalid pointer dereferences including NULL dereferences.  NOTE: the possibility of code execution was originally theorized, but Microsoft has stated that this issue is non-exploitable.",2006-04-25 01:02:00.000,EPSS
CVE-2006-1993,0.0,0.96046,"Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain Javascript that is not properly handled by the contentWindow.focus method in an iframe, which causes a reference to a deleted controller context object.  NOTE: this was originally claimed to be a buffer overflow in (1) js320.dll and (2) xpcom_core.dll, but the vendor disputes this claim.",2006-04-25 12:50:00.000,EPSS
CVE-2006-2081,0.0,0.97353,"Oracle Database Server 10g Release 2 allows local users to execute arbitrary SQL queries via the GET_DOMAIN_INDEX_METADATA function in the DBMS_EXPORT_EXTENSION package. NOTE: this issue was originally linked to DB05 (CVE-2006-1870), but a reliable third party has claimed that it is not the same issue. Based on details of the problem, the primary issue appears to be insecure privileges that facilitate the introduction of SQL in a way that is not related to special characters, so this is not ""SQL injection"" per se.",2006-04-27 23:02:00.000,EPSS/Metasploit
CVE-2006-2086,0.0,0.93024,"Buffer overflow in JuniperSetupDLL.dll, loaded from JuniperSetup.ocx by the Juniper SSL-VPN Client when accessing a Juniper NetScreen IVE device running IVE OS before 4.2r8.1, 5.0 before 5.0r6.1, 5.1 before 5.1r8, 5.2 before 5.2r4.1, or 5.3 before 5.3r2.1, allows remote attackers to execute arbitrary code via a long argument in the ProductName parameter.",2006-04-29 10:02:00.000,Metasploit
CVE-2006-2212,0.0,0.06557,Buffer overflow in KarjaSoft Sami FTP Server 2.0.2 and earlier allows remote attackers to execute arbitrary code via a long (1) USER or (2) PASS command.,2006-05-05 12:46:00.000,Metasploit
CVE-2006-2237,0.0,0.95522,"The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter.",2006-05-08 23:02:00.000,EPSS/Metasploit
CVE-2006-2369,0.0,0.97198,"RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and Cisco CallManager, allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as ""Type 1 - None"", which is accepted even if it is not offered by the server, as originally demonstrated using a long password.",2006-05-15 16:06:00.000,EPSS
CVE-2006-2372,0.0,0.96315,"Buffer overflow in the DHCP Client service for Microsoft Windows 2000 SP4, Windows XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a crafted DHCP response.",2006-07-11 21:05:00.000,EPSS
CVE-2006-2447,0.0,0.94666,"SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username.",2006-06-06 21:06:00.000,Metasploit
CVE-2006-2492,0.0,0.94297,"Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack.",2006-05-20 00:02:00.000,CISA
CVE-2006-2502,0.0,0.8901,"Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.",2006-05-22 16:06:00.000,Metasploit
CVE-2006-2630,0.0,0.97106,Stack-based buffer overflow in Symantec Antivirus 10.1 and Client Security 3.1 allows remote attackers to execute arbitrary code via unknown attack vectors.,2006-05-27 21:02:00.000,EPSS/Metasploit
CVE-2006-2685,0.0,0.95265,"PHP remote file inclusion vulnerability in Basic Analysis and Security Engine (BASE) 1.2.4 and earlier, with register_globals enabled, allows remote attackers to execute arbitrary PHP code via a URL in the BASE_path parameter to (1) base_qry_common.php, (2) base_stat_common.php, and (3) includes/base_include.inc.php.",2006-05-31 10:06:00.000,EPSS/Metasploit
CVE-2006-2766,0.0,0.95721,"Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service (application crash) via a long mhtml URI in the URL value in a URL file.",2006-06-02 10:18:00.000,EPSS
CVE-2006-2779,0.0,0.9722,"Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested <option> tags in a select tag, (2) a DOMNodeRemoved mutation event, (3) ""Content-implemented tree views,"" (4) BoxObjects, (5) the XBL implementation, (6) an iframe that attempts to remove itself, which leads to memory corruption.",2006-06-02 19:02:00.000,EPSS
CVE-2006-2842,0.0,0.28102,"PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter.  NOTE: this issue has been disputed by third parties, who state that Squirrelmail provides prominent warnings to the administrator when register_globals is enabled.  Since the varieties of administrator negligence are uncountable, perhaps this type of issue should not be included in CVE.  However, the original developer has posted a security advisory, so there might be relevant real-world environments under which this vulnerability is applicable",2006-06-06 20:06:00.000,Nuclei
CVE-2006-2926,0.0,0.92029,Stack-based buffer overflow in the WWW Proxy Server of Qbik WinGate 6.1.1.1077 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long URL HTTP request.,2006-06-09 10:02:00.000,Metasploit
CVE-2006-2961,0.0,0.82542,Stack-based buffer overflow in CesarFTP 0.99g and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long MKD command.  NOTE: the provenance of this information is unknown; the details are obtained from third party information.,2006-06-12 20:06:00.000,Metasploit
CVE-2006-3113,0.0,0.96864,"Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via simultaneous XPCOM events, which causes a timer object to be deleted in a way that triggers memory corruption.",2006-07-27 20:04:00.000,EPSS
CVE-2006-3252,0.0,0.95515,Buffer overflow in the Online Registration Facility for Algorithmic Research PrivateWire VPN software up to 3.7 allows remote attackers to execute arbitrary code via a long GET request.,2006-06-27 18:05:00.000,EPSS/Metasploit
CVE-2006-3281,0.0,0.96628,"Microsoft Internet Explorer 6.0 does not properly handle Drag and Drop events, which allows remote user-assisted attackers to execute arbitrary code via a link to an SMB file share with a filename that contains encoded ..\ (%2e%2e%5c) sequences and whose extension contains the CLSID Key identifier for HTML Applications (HTA), aka ""Folder GUID Code Execution Vulnerability.""  NOTE: directory traversal sequences were used in the original exploit, although their role is not clear.",2006-06-28 22:05:00.000,EPSS
CVE-2006-3357,0.0,0.96986,"Heap-based buffer overflow in HTML Help ActiveX control (hhctrl.ocx) in Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code by repeatedly setting the Image field of an Internet.HHCtrl.1 object to certain values, possibly related to improper escaping and long strings.",2006-07-06 20:05:00.000,EPSS
CVE-2006-3392,0.0,0.95325,"Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using ""..%01"" sequences, which bypass the removal of ""../"" sequences before bytes such as ""%01"" are removed from the filename.  NOTE: This is a different issue than CVE-2006-3274.",2006-07-06 20:05:00.000,EPSS/Metasploit
CVE-2006-3439,0.0,0.96546,"Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314.",2006-08-09 01:04:00.000,EPSS/Metasploit
CVE-2006-3637,0.0,0.96202,"Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle various HTML layout component combinations, which allows user-assisted remote attackers to execute arbitrary code via a crafted HTML file that leads to memory corruption, aka ""HTML Rendering Memory Corruption Vulnerability.""",2006-08-08 23:04:00.000,EPSS
CVE-2006-3677,0.0,0.97379,"Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code by changing certain properties of the window navigator object (window.navigator) that are accessed when Java starts up, which causes a crash that leads to code execution.",2006-07-27 19:04:00.000,EPSS/Metasploit
CVE-2006-3726,0.0,0.83711,"Buffer overflow in FileCOPA FTP Server before 1.01 released on 18th July 2006, allows remote authenticated attackers to execute arbitrary code via a long argument to the LIST command.",2006-07-21 14:03:00.000,Metasploit
CVE-2006-3730,0.0,0.97294,"Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads to an invalid memory copy.",2006-07-21 14:03:00.000,EPSS/Metasploit
CVE-2006-3738,0.0,0.96412,"Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers.",2006-09-28 18:07:00.000,EPSS
CVE-2006-3747,0.0,0.97428,"Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.",2006-07-28 18:02:00.000,EPSS/Metasploit
CVE-2006-3803,0.0,0.96871,"Race condition in the JavaScript garbage collection in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code by causing the garbage collector to delete a temporary variable while it is still being used during the creation of a new Function object.",2006-07-27 19:04:00.000,EPSS
CVE-2006-3806,0.0,0.97438,"Multiple integer overflows in the Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving (1) long strings in the toSource method of the Object, Array, and String objects; and (2) unspecified ""string function arguments.""",2006-07-27 19:04:00.000,EPSS
CVE-2006-3869,0.0,0.95413,"Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060824, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL on a website that uses HTTP 1.1 compression.",2006-08-23 01:04:00.000,EPSS
CVE-2006-3897,0.0,0.96624,Stack overflow in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (application crash) by creating an NMSA.ASFSourceMediaDescription.1 ActiveX object with a long dispValue property.,2006-07-27 11:04:00.000,EPSS
CVE-2006-3918,0.0,0.97122,"http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.",2006-07-28 00:04:00.000,EPSS
CVE-2006-3942,0.0,0.96904,"The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (system crash) via an SMB_COM_TRANSACTION SMB message that contains a string without null character termination, which leads to a NULL dereference in the ExecuteTransaction function, possibly related to an ""SMB PIPE,"" aka the ""Mailslot DOS"" vulnerability.  NOTE: the name ""Mailslot DOS"" was derived from incomplete initial research; the vulnerability is not associated with a mailslot.",2006-07-31 23:04:00.000,EPSS
CVE-2006-3952,0.0,0.56054,Stack-based buffer overflow in EFS Software Easy File Sharing FTP Server 2.0 allows remote attackers to execute arbitrary code via a long argument to the PASS command.  NOTE: the provenance of this information is unknown; the details are obtained from third party information.,2006-08-01 21:04:00.000,Metasploit
CVE-2006-3961,0.0,0.86495,"Buffer overflow in McSubMgr ActiveX control (mcsubmgr.dll) in McAfee Security Center 6.0.23 for Internet Security Suite 2006, Wireless Home Network Security, Personal Firewall Plus, VirusScan, Privacy Service, SpamKiller, AntiSpyware, and QuickClean allows remote user-assisted attackers to execute arbitrary commands via long string parameters, which are later used in vsprintf.",2006-08-01 21:04:00.000,Metasploit
CVE-2006-4253,0.0,0.96605,"Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to another page, which leads to a concurrency failure that causes structures to be freed incorrectly, as demonstrated by (1) ffoxdie and (2) ffoxdie3.  NOTE: it has been reported that Netscape 8.1 and K-Meleon 1.0.1 are also affected by ffoxdie.  Mozilla confirmed to CVE that ffoxdie and ffoxdie3 trigger the same underlying vulnerability.  NOTE: it was later reported that Firefox 2.0 RC2 and 1.5.0.7 are also affected.",2006-08-21 20:04:00.000,EPSS
CVE-2006-4305,0.0,0.96651,Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote attackers to execute arbitrary code via a long database name when connecting via a WebDBM client.,2006-08-30 01:04:00.000,EPSS/Metasploit
CVE-2006-4313,0.0,0.11373,"Multiple unspecified vulnerabilities in Cisco VPN 3000 series concentrators before 4.1, 4.1.x up to 4.1(7)L, and 4.7.x up to 4.7(2)F allow attackers to execute the (1) CWD, (2) MKD, (3) CDUP, (4) RNFR, (5) SIZE, and (6) RMD FTP commands to modify files or create and delete directories via unknown vectors.",2006-08-23 22:04:00.000,Metasploit
CVE-2006-4318,0.0,0.67455,Buffer overflow in WFTPD Server 3.23 allows remote attackers to execute arbitrary code via long SIZE commands.,2006-08-24 01:04:00.000,Metasploit
CVE-2006-4379,0.0,0.96227,"Stack-based buffer overflow in the SMTP Daemon in Ipswitch Collaboration 2006 Suite Premium and Standard Editions, IMail, IMail Plus, and IMail Secure allows remote attackers to execute arbitrary code via a long string located after an '@' character and before a ':' character.",2006-09-08 21:04:00.000,EPSS
CVE-2006-4446,0.0,0.96482,Heap-based buffer overflow in DirectAnimation.PathControl COM object (daxctle.ocx) in Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Spline function call whose first argument specifies a large number of points.,2006-08-30 01:04:00.000,EPSS
CVE-2006-4495,0.0,0.96005,"Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects including (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, and (4) creator.dll.",2006-08-31 22:04:00.000,EPSS
CVE-2006-4566,0.0,0.96657,"Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) via a malformed JavaScript regular expression that ends with a backslash in an unterminated character set (""[\\""), which leads to a buffer over-read.",2006-09-15 18:07:00.000,EPSS
CVE-2006-4602,0.0,0.96408,"Unrestricted file upload vulnerability in jhot.php in TikiWiki 1.9.4 Sirius and earlier allows remote attackers to execute arbitrary PHP code via a filepath parameter that contains a filename with a .php extension, which is uploaded to the img/wiki/ directory.",2006-09-07 00:04:00.000,EPSS/Metasploit
CVE-2006-4688,0.0,0.96751,"Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via crafted messages, aka ""Client Service for NetWare Memory Corruption Vulnerability.""",2006-11-14 22:07:00.000,EPSS
CVE-2006-4691,0.0,0.96352,Stack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname.,2006-11-14 21:07:00.000,EPSS/Metasploit
CVE-2006-4696,0.0,0.97048,"Unspecified vulnerability in the Server service in Microsoft Windows 2000 SP4, Server 2003 SP1 and earlier, and XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted packet, aka ""SMB Rename Vulnerability.""",2006-10-10 22:07:00.000,EPSS
CVE-2006-4704,0.0,0.95985,"Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka ""WMI Object Broker Vulnerability.""",2006-11-01 15:07:00.000,EPSS/Metasploit
CVE-2006-4777,0.0,0.97262,"Heap-based buffer overflow in the DirectAnimation Path Control (DirectAnimation.PathControl) COM object (daxctle.ocx) for Internet Explorer 6.0 SP1, on Chinese and possibly other Windows distributions, allows remote attackers to execute arbitrary code via unknown manipulations in arguments to the KeyFrame method, possibly related to an integer overflow, as demonstrated by daxctle2, and a different vulnerability than CVE-2006-4446.",2006-09-14 00:07:00.000,EPSS/Metasploit
CVE-2006-4842,0.0,0.00519,"The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files.",2006-10-12 00:07:00.000,Metasploit
CVE-2006-4847,0.0,0.96943,"Multiple buffer overflows in Ipswitch WS_FTP Server 5.05 before Hotfix 1 allow remote authenticated users to execute arbitrary code via long (1) XCRC, (2) XSHA1, or (3) XMD5 commands.",2006-09-19 01:07:00.000,EPSS/Metasploit
CVE-2006-4868,0.0,0.17982,"Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag.",2006-09-19 19:07:00.000,Metasploit
CVE-2006-4948,0.0,0.79302,Stack-based buffer overflow in tftpd.exe in ProSysInfo TFTP Server TFTPDWIN 0.4.2 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via a long file name. NOTE: the provenance of this information is unknown; the details are obtained from third party information.,2006-09-23 01:07:00.000,Metasploit
CVE-2006-5000,0.0,0.96578,"Multiple buffer overflows in WS_FTP Server 5.05 before Hotfix 1, and possibly other versions down to 5.0, have unknown impact and remote authenticated attack vectors via the (1) XCRC, (2) XMD5, and (3) XSHA1 commands.  NOTE: in the early publication of this identifier on 20060926, the description was used for the wrong issue.",2006-09-26 20:07:00.000,EPSS
CVE-2006-5112,0.0,0.82347,Buffer overflow in InterVations NaviCOPA Web Server 2.01 allows remote attackers to execute arbitrary code via a long HTTP GET request.,2006-10-03 04:03:00.000,Metasploit
CVE-2006-5143,0.0,0.96994,"Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5 SP1 and earlier, r11.1, and 9.01; BrightStor ARCserve Backup for Windows r11; BrightStor Enterprise Backup 10.5; Server Protection Suite r2; and Business Protection Suite r2 allow remote attackers to execute arbitrary code via crafted data on TCP port 6071 to the Backup Agent RPC Server (DBASVR.exe) using the RPC routines with opcode (1) 0x01, (2) 0x02, or (3) 0x18; invalid stub data on TCP port 6503 to the RPC routines with opcode (4) 0x2b or (5) 0x2d in ASCORE.dll in the Message Engine RPC Server (msgeng.exe); (6) a long hostname on TCP port 41523 to ASBRDCST.DLL in the Discovery Service (casdscsvc.exe); or unspecified vectors related to the (7) Job Engine Service.",2006-10-10 04:06:00.000,EPSS/Metasploit
CVE-2006-5156,0.0,0.97349,Buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ProtectionPilot before 1.1.1.126 allows remote attackers to execute arbitrary code via a request to /spipe/pkg/ with a long source header.,2006-10-05 04:04:00.000,EPSS/Metasploit
CVE-2006-5198,0.0,0.96253,"The WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka Sky Software ""FileView"" ActiveX control) for WinZip 10.0 before build 7245 allows remote attackers to execute arbitrary code via unspecified ""unsafe methods.""",2006-11-14 21:07:00.000,EPSS/Metasploit
CVE-2006-5216,0.0,0.94699,Stack-based buffer overflow in Sergey Lyubka Simple HTTPD (shttpd) 1.34 allows remote attackers to execute arbitrary code via a long URI.,2006-10-10 04:06:00.000,Metasploit
CVE-2006-5229,0.0,0.01048,"OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies in which responses take longer for valid usernames than invalid ones, as demonstrated by sshtime.  NOTE: as of 20061014, it appears that this issue is dependent on the use of manually-set passwords that causes delays when processing /etc/shadow due to an increased number of rounds.",2006-10-10 23:07:00.000,Metasploit
CVE-2006-5276,0.0,0.71016,"Stack-based buffer overflow in the DCE/RPC preprocessor in Snort before 2.6.1.3, and 2.7 before beta 2; and Sourcefire Intrusion Sensor; allows remote attackers to execute arbitrary code via crafted SMB traffic.",2007-02-20 01:28:00.000,Metasploit
CVE-2006-5296,0.0,0.96789,"PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted PowerPoint (.PPT) file, as demonstrated by Nanika.ppt, and a different vulnerability than CVE-2006-3435, CVE-2006-3876, CVE-2006-3877, and CVE-2006-4694. NOTE: the impact of this issue was originally claimed to be arbitrary code execution, but later analysis demonstrated that this was erroneous.",2006-10-16 19:07:00.000,EPSS
CVE-2006-5444,0.0,0.9688,"Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow.",2006-10-23 17:07:00.000,EPSS
CVE-2006-5478,0.0,0.95581,"Multiple stack-based buffer overflows in Novell eDirectory 8.8.x before 8.8.1 FTF1, and 8.x up to 8.7.3.8, and Novell NetMail before 3.52e FTF2, allow remote attackers to execute arbitrary code via (1) a long HTTP Host header, which triggers an overflow in the BuildRedirectURL function; or vectors related to a username containing a . (dot) character in the (2) SMTP, (3) POP, (4) IMAP, (5) HTTP, or (6) Networked Messaging Application Protocol (NMAP) Netmail services.",2006-10-24 20:07:00.000,EPSS/Metasploit
CVE-2006-5559,0.0,0.968,"The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments.",2006-10-27 16:07:00.000,EPSS
CVE-2006-5614,0.0,0.97026,"Microsoft Windows NAT Helper Components (ipnathlp.dll) on Windows XP SP2, when Internet Connection Sharing is enabled, allows remote attackers to cause a denial of service (svchost.exe crash) via a malformed DNS query, which results in a null pointer dereference.",2006-10-31 01:07:00.000,EPSS/Metasploit
CVE-2006-5650,0.0,0.9681,"The ICQPhone.SipxPhoneManager ActiveX control in America Online ICQ 5.1 allows remote attackers to download and execute arbitrary code via the DownloadAgent function, as demonstrated using an ICQ avatar.",2006-11-07 19:07:00.000,EPSS/Metasploit
CVE-2006-5702,0.0,0.04009,"Tikiwiki 1.9.5 allows remote attackers to obtain sensitive information (MySQL username and password) via an empty sort_mode parameter in (1) tiki-listpages.php, (2) tiki-lastchanges.php, (3) messu-archive.php, (4) messu-mailbox.php, (5) messu-sent.php, (6) tiki-directory_add_site.php, (7) tiki-directory_ranking.php, (8) tiki-directory_search.php, (9) tiki-forums.php, (10) tiki-view_forum.php, (11) tiki-friends.php, (12) tiki-list_blogs.php, (13) tiki-list_faqs.php, (14) tiki-list_trackers.php, (15) tiki-list_users.php, (16) tiki-my_tiki.php, (17) tiki-notepad_list.php, (18) tiki-orphan_pages.php, (19) tiki-shoutbox.php, (20) tiki-usermenu.php, and (21) tiki-webmail_contacts.php, which reveal the information in certain database error messages.",2006-11-04 01:07:00.000,Metasploit
CVE-2006-5745,0.0,0.97159,"Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685.  NOTE: some of these details are obtained from third party information.",2006-11-06 18:07:00.000,EPSS/Metasploit
CVE-2006-5780,0.0,0.84591,"Stack-based buffer overflow in nfsd.exe in XLink Omni-NFS Server 5.2 allows remote attackers to execute arbitrary code via a crafted TCP packet to port 2049 (nfsd), as demonstrated by vd_xlink.pm.",2006-11-07 18:07:00.000,Metasploit
CVE-2006-5815,0.0,0.53901,"Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 and earlier allows remote attackers, probably authenticated, to cause a denial of service and execute arbitrary code, as demonstrated by vd_proftpd.pm, a ""ProFTPD remote exploit.""",2006-11-08 23:07:00.000,Metasploit
CVE-2006-5855,0.0,0.96371,"Multiple buffer overflows in IBM Tivoli Storage Manager (TSM) before 5.2.9 and 5.3.x before 5.3.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in (1) the language field at logon that begins with a 0x18 byte, (2) two unspecified parameters to the SmExecuteWdsfSession function, and (3) the contact field in an open registration message.",2006-12-06 19:28:00.000,EPSS
CVE-2006-6010,0.0,0.0352,"SAP allows remote attackers to obtain potentially sensitive information such as operating system and SAP version via an RFC_SYSTEM_INFO RfcCallReceive request, a different vulnerability than CVE-2003-0747.",2006-11-21 23:07:00.000,Metasploit
CVE-2006-6063,0.0,0.93171,"Stack-based buffer overflow in Un4seen XMPlay 3.3.0.5 and earlier allows remote attackers to execute arbitrary code via a M3U file containing a long (1) FileName, and cause a crash via a long (2) DisplayName.",2006-11-22 02:07:00.000,Metasploit
CVE-2006-6076,0.0,0.29775,Buffer overflow in the Tape Engine (tapeeng.exe) in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier allows remote attackers to execute arbitrary code via certain RPC requests to TCP port 6502.,2006-11-24 17:07:00.000,Metasploit
CVE-2006-6133,0.0,0.9548,"Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 (formerly Business Objects Crystal Reports XI Professional) allows user-assisted remote attackers to execute arbitrary code via a crafted RPT file.",2006-11-28 01:07:00.000,EPSS
CVE-2006-6134,0.0,0.96464,"Heap-based buffer overflow in the WMCheckURLScheme function in WMVCORE.DLL in Microsoft Windows Media Player (WMP) 10.00.00.4036 on Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long HREF attribute, using an unrecognized protocol, in a REF element in an ASX PlayList file.",2006-11-28 01:07:00.000,EPSS
CVE-2006-6183,0.0,0.8125,"Multiple stack-based buffer overflows in 3Com 3CTftpSvc 2.0.1, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a long mode field (aka transporting mode) in a (1) GET or (2) PUT command.",2006-12-01 00:28:00.000,Metasploit
CVE-2006-6184,0.0,0.72061,"Multiple stack-based buffer overflows in Allied Telesyn TFTP Server (AT-TFTP) 1.9, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a long filename in a (1) GET or (2) PUT command.",2006-12-01 00:28:00.000,Metasploit
CVE-2006-6199,0.0,0.83451,"Stack-based buffer overflow in BlazeVideo BlazeDVD Standard and Professional 5.0, and possibly earlier, allows remote attackers to execute arbitrary code via a long filename in a PLF playlist.",2006-12-01 01:28:00.000,Metasploit
CVE-2006-6251,0.0,0.85994,"Stack-based buffer overflow in VUPlayer 2.44 and earlier allows remote attackers to execute arbitrary code via a long string in an M3U file, aka an ""M3U UNC Name"" attack.",2006-12-04 11:28:00.000,Metasploit
CVE-2006-6296,0.0,0.96755,"The RpcGetPrinterData function in the Print Spooler (spoolsv.exe) service in Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via an RPC request that specifies a large 'offered' value (output buffer size), a variant of CVE-2005-3644.",2006-12-05 11:28:00.000,EPSS
CVE-2006-6423,0.0,0.86034,"Stack-based buffer overflow in the IMAP service for MailEnable Professional and Enterprise Edition 2.0 through 2.35, Professional Edition 1.6 through 1.84, and Enterprise Edition 1.1 through 1.41 allows remote attackers to execute arbitrary code via a pre-authentication command followed by a crafted parameter and a long string, as addressed by the ME-10025 hotfix.",2006-12-12 02:28:00.000,Metasploit
CVE-2006-6424,0.0,0.84972,"Multiple buffer overflows in Novell NetMail before 3.52e FTF2 allow remote attackers to execute arbitrary code (1) by appending literals to certain IMAP verbs when specifying command continuation requests to IMAPD, resulting in a heap overflow; and (2) via crafted arguments to the STOR command to the Network Messaging Application Protocol (NMAP) daemon, resulting in a stack overflow.",2006-12-27 01:28:00.000,Metasploit
CVE-2006-6425,0.0,0.16325,Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via unspecified vectors involving the APPEND command.,2006-12-27 01:28:00.000,Metasploit
CVE-2006-6456,0.0,0.96065,"Unspecified vulnerability in Microsoft Word 2000, 2002, and 2003 and Word Viewer 2003 allows remote attackers to execute code via unspecified vectors related to malformed data structures that trigger memory corruption, a different vulnerability than CVE-2006-5994.",2006-12-11 17:28:00.000,EPSS
CVE-2006-6561,0.0,0.96277,"Unspecified vulnerability in Microsoft Word 2000, 2002, and Word Viewer 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted DOC file that triggers memory corruption, as demonstrated via the 12122006-djtest.doc file, a different issue than CVE-2006-5994 and CVE-2006-6456.",2006-12-14 18:28:00.000,EPSS
CVE-2006-6565,0.0,0.08835,"FileZilla Server before 0.9.22 allows remote attackers to cause a denial of service (crash) via a wildcard argument to the (1) LIST or (2) NLST commands, which results in a NULL pointer dereference, a different set of vectors than CVE-2006-6564.  NOTE: CVE analysis suggests that the problem might be due to a malformed PORT command.",2006-12-15 11:28:00.000,Metasploit
CVE-2006-6576,0.0,0.68873,Heap-based buffer overflow in Golden FTP Server (goldenftpd) 1.92 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long PASS command. NOTE: it was later reported that 4.70 is also affected.  NOTE: the USER vector is already covered by CVE-2005-0634.,2006-12-15 19:28:00.000,Metasploit
CVE-2006-6665,0.0,0.92073,Buffer overflow in Astonsoft DeepBurner Pro and Free 1.8.0 and earlier allows user-assisted remote attackers to execute arbitrary code via a long file name tag in a dbr file.,2006-12-20 23:28:00.000,Metasploit
CVE-2006-6707,0.0,0.81128,Stack-based buffer overflow in the NeoTraceExplorer.NeoTraceLoader ActiveX control (NeoTraceExplorer.dll) in NeoTrace Express 3.25 and NeoTrace Pro (aka McAfee Visual Trace) 3.25 allows remote attackers to execute arbitrary code via a long argument string to the TraceTarget method.  NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.,2006-12-23 01:28:00.000,Metasploit
CVE-2006-6761,0.0,0.15694,Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via a long argument to the SUBSCRIBE command.,2006-12-27 02:28:00.000,Metasploit
CVE-2006-7196,0.0,0.95904,"Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors.  NOTE: this may be related to CVE-2006-0254.1.",2007-05-10 00:19:00.000,EPSS
CVE-2007-0008,0.0,0.96908,"Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via a crafted SSLv2 server message containing a public key that is too short to encrypt the ""Master Secret"", which results in a heap-based overflow.",2007-02-26 20:28:00.000,EPSS
CVE-2007-0009,0.0,0.96518,"Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid ""Client Master Key"" length values.",2007-02-26 20:28:00.000,EPSS
CVE-2007-0015,0.0,0.96735,Buffer overflow in Apple QuickTime 7.1.3 allows remote attackers to execute arbitrary code via a long rtsp:// URI.,2007-01-01 23:28:00.000,EPSS/Metasploit
CVE-2007-0017,0.0,0.95095,"Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/access.c in the CDDA (libcdda_plugin) plugin, and the (2) cdio_log_handler and (3) vcd_log_handler functions in modules/access/vcdx/access.c in the VCDX (libvcdx_plugin) plugin, in VideoLAN VLC 0.7.0 through 0.8.6 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an invalid URI, as demonstrated by a udp://-- URI in an M3U file.",2007-01-03 02:28:00.000,EPSS
CVE-2007-0018,0.0,0.95209,"Stack-based buffer overflow in the NCTAudioFile2.AudioFile ActiveX control (NCTAudioFile2.dll), as used by multiple products, allows remote attackers to execute arbitrary code via a long argument to the SetFormatLikeSample function. NOTE: the products include (1) NCTsoft NCTAudioStudio, NCTAudioEditor, and NCTDialogicVoice; (2) Magic Audio Recorder, Music Editor, and Audio Converter; (3) Aurora Media Workshop; DB Audio Mixer And Editor; (4) J. Hepple Products including Fx Audio Editor and others; (5) EXPStudio Audio Editor; (6) iMesh; (7) Quikscribe; (8) RMBSoft AudioConvert and SoundEdit Pro 2.1; (9) CDBurnerXP; (10) Code-it Software Wave MP3 Editor and aBasic Editor; (11) Movavi VideoMessage, DVD to iPod, and others; (12) SoftDiv Software Dexster, iVideoMAX, and others; (13) Sienzo Digital Music Mentor (DMM); (14) MP3 Normalizer; (15) Roemer Software FREE and Easy Hi-Q Recorder, and Easy Hi-Q Converter; (16) Audio Edit Magic; (17) Joshua Video and Audio Converter; (18) Virtual CD; (19) Cheetah CD and DVD Burner; (20) Mystik Media AudioEdit Deluxe, Blaze Media, and others; (21) Power Audio Editor; (22) DanDans Digital Media Full Audio Converter, Music Editing Master, and others; (23) Xrlly Software Text to Speech Makerand Arial Sound Recorder / Audio Converter; (24) Absolute Sound Recorder, Video to Audio Converter, and MP3 Splitter; (25) Easy Ringtone Maker; (26) RecordNRip; (27) McFunSoft iPod Audio Studio, Audio Recorder for Free, and others; (28) MP3 WAV Converter; (29) BearShare 6.0.2.26789; and (30) Oracle Siebel SimBuilder and CRM 7.x.",2007-01-24 21:28:00.000,EPSS/Metasploit
CVE-2007-0024,0.0,0.96574,"Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the ""VML Buffer Overrun Vulnerability.""",2007-01-09 23:28:00.000,EPSS
CVE-2007-0071,0.0,0.96566,"Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file with a negative Scene Count value, which passes a signed comparison, is used as an offset of a NULL pointer, and triggers a buffer overflow.",2008-04-09 21:05:00.000,EPSS
CVE-2007-0099,0.0,0.95059,"Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via many nested tags in an XML document in an IFRAME, when synchronous document rendering is frequently disrupted with asynchronous events, as demonstrated using a JavaScript timer, which can trigger NULL pointer dereferences or memory corruption, aka ""MSXML Memory Corruption Vulnerability.""",2007-01-08 20:28:00.000,EPSS
CVE-2007-0168,0.0,0.95585,"The Tape Engine service in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection Suite r2 allows remote attackers to execute arbitrary code via certain data in opnum 0xBF in an RPC request, which is directly executed.",2007-01-11 22:28:00.000,EPSS
CVE-2007-0169,0.0,0.93699,"Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection Suite r2 allow remote attackers to execute arbitrary code via RPC requests with crafted data for opnums (1) 0x2F and (2) 0x75 in the (a) Message Engine RPC service, or opnum (3) 0xCF in the Tape Engine service.",2007-01-11 22:28:00.000,Metasploit
CVE-2007-0197,0.0,0.96552,"Finder 10.4.6 on Apple Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a long volume name in a DMG disk image, which results in memory corruption.",2007-01-11 11:28:00.000,EPSS
CVE-2007-0213,0.0,0.96821,"Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message.",2007-05-08 23:19:00.000,EPSS
CVE-2007-0217,0.0,0.96353,"The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, which causes heap corruption.",2007-02-13 22:28:00.000,EPSS
CVE-2007-0229,0.0,0.96651,"Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8 and FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly gain privileges via a crafted DMG image that causes ""allocation of a negative size buffer"" leading to a heap-based buffer overflow, a related issue to CVE-2006-5679.  NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem.",2007-01-13 02:28:00.000,EPSS
CVE-2007-0247,0.0,0.96664,"squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers to cause a denial of service (core dump) via crafted FTP directory listing responses, possibly related to the (1) ftpListingFinish and (2) ftpHtmlifyListEntry functions.",2007-01-16 18:28:00.000,EPSS
CVE-2007-0325,0.0,0.81397,"Multiple buffer overflows in the Trend Micro OfficeScan Web-Deployment SetupINICtrl ActiveX control in OfficeScanSetupINI.dll, as used in OfficeScan 7.0 before Build 1344, OfficeScan 7.3 before Build 1241, and Client / Server / Messaging Security 3.0 before Build 1197, allow remote attackers to execute arbitrary code via a crafted HTML document.",2007-02-20 17:28:00.000,Metasploit
CVE-2007-0348,0.0,0.86639,"Stack-based buffer overflow in the IASystemInfo.dll ActiveX control in (1) InterActual Player 2.60.12.0717, (2) Roxio CinePlayer 3.2, (3) WinDVD 7.0.27.172, and possibly other products, allows remote attackers to execute arbitrary code via a long ApplicationType property.",2007-03-21 19:19:00.000,Metasploit
CVE-2007-0449,0.0,0.9697,"Multiple buffer overflows in LGSERVER.EXE in CA BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.1 SP1, Mobile Backup r4.0, Desktop and Business Protection Suite r2, and Desktop Management Suite (DMS) r11.0 and r11.1 allow remote attackers to execute arbitrary code via crafted packets to TCP port (1) 1900 or (2) 2200.",2007-01-23 21:28:00.000,EPSS/Metasploit
CVE-2007-0450,0.0,0.97345,"Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) ""/"" (slash), (2) ""\"" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.",2007-03-16 22:19:00.000,EPSS
CVE-2007-0464,0.0,0.9531,"The _CFNetConnectionWillEnqueueRequests function in CFNetwork 129.19 on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (application crash) via a crafted HTTP 301 response, which results in a NULL pointer dereference.",2007-01-30 17:28:00.000,EPSS
CVE-2007-0494,0.0,0.97098,"ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (exit) via a type * (ANY) DNS query response that contains multiple RRsets, which triggers an assertion error, aka the ""DNSSEC Validation"" vulnerability.",2007-01-25 20:28:00.000,EPSS
CVE-2007-0515,0.0,0.96367,"Unspecified vulnerability in Microsoft Word allows user-assisted remote attackers to execute arbitrary code on Word 2000, and cause a denial of service on Word 2003, via unknown attack vectors that trigger memory corruption, as exploited by Trojan.Mdropper.W and later by Trojan.Mdropper.X, a different issue than CVE-2006-6456, CVE-2006-5994, and CVE-2006-6561.",2007-01-26 00:28:00.000,EPSS
CVE-2007-0774,0.0,0.62106,"Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.",2007-03-04 22:19:00.000,Metasploit
CVE-2007-0775,0.0,0.97098,"Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allow remote attackers to cause a denial of service (crash) and potentially execute arbitrary code via certain vectors.",2007-02-26 19:28:00.000,EPSS
CVE-2007-0777,0.0,0.9666,"The JavaScript engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption.",2007-02-26 19:28:00.000,EPSS
CVE-2007-0882,0.0,0.8437,"Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client ""-f"" sequences as valid requests for the login program to skip authentication, which allows remote attackers to log into certain accounts, as demonstrated by the bin account.",2007-02-12 20:28:00.000,Metasploit
CVE-2007-0885,0.0,0.0093,Cross-site scripting (XSS) vulnerability in jira/secure/BrowseProject.jspa in Rainbow with the Zen (Rainbow.Zen) extension allows remote attackers to inject arbitrary web script or HTML via the id parameter.,2007-02-12 20:28:00.000,Nuclei
CVE-2007-0957,0.0,0.96736,"Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Distribution Center (KDC), in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via crafted arguments, possibly involving certain format string specifiers.",2007-04-06 01:19:00.000,EPSS
CVE-2007-0977,0.0,0.00687,"IBM Lotus Domino R5 and R6 WebMail, with ""Generate HTML for all fields"" enabled, stores HTTPPassword hashes from names.nsf in a manner accessible through Readviewentries and OpenDocument requests to the defaultview view, a different vector than CVE-2005-2428.",2007-02-16 01:28:00.000,Metasploit
CVE-2007-0981,0.0,0.96888,"Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code.",2007-02-16 01:28:00.000,EPSS
CVE-2007-1036,0.0,0.9659,"The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests.",2007-02-21 11:28:00.000,EPSS
CVE-2007-1070,0.0,0.95448,"Multiple stack-based buffer overflows in Trend Micro ServerProtect for Windows and EMC 5.58, and for Network Appliance Filer 5.61 and 5.62, allow remote attackers to execute arbitrary code via crafted RPC requests to TmRpcSrv.dll that trigger overflows when calling the (1) CMON_NetTestConnection, (2) CMON_ActiveUpdate, and (3) CMON_ActiveRollback functions in (a) StCommon.dll, and (4) ENG_SetRealTimeScanConfigInfo and (5) ENG_SendEMail functions in (b) eng50.dll.",2007-02-21 11:28:00.000,EPSS/Metasploit
CVE-2007-1092,0.0,0.96733,"Mozilla Firefox 1.5.0.9 and 2.0.0.1, and SeaMonkey before 1.0.8 allow remote attackers to execute arbitrary code via JavaScript onUnload handlers that modify the structure of a document, wich triggers memory corruption due to the lack of a finalize hook on DOM window objects.",2007-02-26 17:28:00.000,EPSS
CVE-2007-1277,0.0,0.96331,"WordPress 2.1.1, as downloaded from some official distribution sites during February and March 2007, contains an externally introduced backdoor that allows remote attackers to execute arbitrary commands via (1) an eval injection vulnerability in the ix parameter to wp-includes/feed.php, and (2) an untrusted passthru call in the iz parameter to wp-includes/theme.php.",2007-03-05 20:19:00.000,EPSS
CVE-2007-1286,0.0,0.1528,"Integer overflow in PHP 4.4.4 and earlier allows remote context-dependent attackers to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter.",2007-03-06 20:19:00.000,Metasploit
CVE-2007-1306,0.0,0.95119,"Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote attackers to cause a denial of service (crash) by sending a Session Initiation Protocol (SIP) packet without a URI and SIP-version header, which results in a NULL pointer dereference.",2007-03-07 00:19:00.000,EPSS
CVE-2007-1308,0.0,0.95593,"ecma/kjs_html.cpp in KDE JavaScript (KJS), as used in Konqueror in KDE 3.5.5, allows remote attackers to cause a denial of service (crash) by accessing the content of an iframe with an ftp:// URI in the src attribute, probably due to a NULL pointer dereference.",2007-03-07 00:19:00.000,EPSS
CVE-2007-1373,0.0,0.84022,Stack-based buffer overflow in Mercury/32 (aka Mercury Mail Transport System) 4.01b and earlier allows remote attackers to execute arbitrary code via a long LOGIN command.  NOTE: this might be the same issue as CVE-2006-5961.,2007-03-10 00:19:00.000,Metasploit
CVE-2007-1435,0.0,0.58033,"Buffer overflow in D-Link TFTP Server 1.0 allows remote attackers to cause a denial of service (crash) via a long (1) GET or (2) PUT request, which triggers memory corruption.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.",2007-03-13 19:19:00.000,Metasploit
CVE-2007-1499,0.0,0.9594,"Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the ""Navigation Canceled"" page and injects the script into the ""Refresh the page"" link, aka Navigation Cancel Page Spoofing Vulnerability.""",2007-03-17 10:19:00.000,EPSS
CVE-2007-1559,0.0,0.94425,Multiple stack-based buffer overflows in SonicDVDDashVRNav.dll in Roxio CinePlayer 3.2 allow remote attackers to execute arbitrary code via (1) unspecified long property values to SonicMediaPlayer.dll or (2) long arguments to unspecified methods in SonicMediaPlayer.dll.,2007-04-11 22:19:00.000,Metasploit
CVE-2007-1674,0.0,0.9441,Stack-based buffer overflow in the Alert Service (aolnsrvr.exe) in LANDesk Management Suite 8.7 allows remote attackers to execute arbitrary code via a crafted packet to port 65535/UDP.,2007-04-18 03:19:00.000,Metasploit
CVE-2007-1682,0.0,0.51863,"Multiple stack-based buffer overflows in the FileManager ActiveX control in SAFmgPws.dll in SoftArtisans XFile before 2.4.0 allow remote attackers to execute arbitrary code via unspecified calls to the (1) BuildPath, (2) GetDriveName, (3) DriveExists, or (4) DeleteFile method.",2008-08-27 20:41:00.000,Metasploit
CVE-2007-1689,0.0,0.95592,Buffer overflow in the ISAlertDataCOM ActiveX control in ISLALERT.DLL for Norton Personal Firewall 2004 and Internet Security 2004 allows remote attackers to execute arbitrary code via long arguments to the (1) Get and (2) Set functions.,2007-05-16 20:30:00.000,EPSS/Metasploit
CVE-2007-1748,0.0,0.96931,"Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via a long zone name containing character constants represented by escape sequences.",2007-04-13 18:19:00.000,EPSS
CVE-2007-1751,0.0,0.96559,"Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to access an uninitialized or deleted object, related to prototype variables and table cells, aka ""Uninitialized Memory Corruption Vulnerability.""",2007-06-12 19:30:00.000,EPSS
CVE-2007-1765,0.0,0.04943,"Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7.  NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier.",2007-03-30 00:19:00.000,Metasploit
CVE-2007-1785,0.0,0.96161,"The RPC service in mediasvr.exe in CA BrightStor ARCserve Backup 11.5 SP2 build 4237 allows remote attackers to execute arbitrary code via crafted xdr_handle_t data in RPC packets, which is used in calculating an address for a function call, as demonstrated using the 191 (0xbf) RPC request.",2007-03-31 01:19:00.000,EPSS
CVE-2007-1819,0.0,0.71835,"Stack-based buffer overflow in the SPIDERLib.Loader ActiveX control (Spider90.ocx) 9.1.0.4353 in TestDirector (TD) for Mercury Quality Center 9.0 before Patch 12.1, and 8.2 SP1 before Patch 32, allows remote attackers to execute arbitrary code via a long ProgColor property.",2007-04-02 23:19:00.000,Metasploit
CVE-2007-1868,0.0,0.86014,"The management service in IBM Tivoli Provisioning Manager for OS Deployment before 5.1 Fix Pack 2 does not properly handle multipart/form-data in HTTP POST requests, which allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via crafted POST requests to port 8080/tcp or 443/tcp.",2007-04-04 16:19:00.000,Metasploit
CVE-2007-2139,0.0,0.94072,"Multiple stack-based buffer overflows in the SUN RPC service in CA (formerly Computer Associates) BrightStor ARCserve Media Server, as used in BrightStor ARCserve Backup 9.01 through 11.5 SP2, BrightStor Enterprise Backup 10.5, Server Protection Suite 2, and Business Protection Suite 2, allow remote attackers to execute arbitrary code via malformed RPC strings, a different vulnerability than CVE-2006-5171, CVE-2006-5172, and CVE-2007-1785.",2007-04-25 20:19:00.000,Metasploit
CVE-2007-2175,0.0,0.95212,"Apple QuickTime Java extensions (QTJava.dll), as used in Safari and other browsers, and when Java is enabled, allows remote attackers to execute arbitrary code via parameters to the toQTPointer method in quicktime.util.QTHandleRef, which can be used to modify arbitrary memory when creating QTPointerRef objects, as demonstrated during the ""PWN 2 0WN"" contest at CanSecWest 2007.",2007-04-24 16:19:00.000,EPSS/Metasploit
CVE-2007-2193,0.0,0.94425,"Stack-based buffer overflow in the ID_X.apl plugin in ACDSee 9.0 Build 108, Pro 8.1 Build 99, and Photo Editor 4.0 Build 195 allows user-assisted remote attackers to execute arbitrary code via a crafted XPM file with a long section string.  NOTE: some of these details are obtained from third party information.",2007-04-24 17:19:00.000,Metasploit
CVE-2007-2217,0.0,0.96261,"Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF) file.",2007-10-09 22:17:00.000,EPSS
CVE-2007-2222,0.0,0.96365,"Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the ModeName parameter to the FindEngine function in ACTIVEVOICEPROJECTLib.DirectSS.",2007-06-12 19:30:00.000,EPSS
CVE-2007-2238,0.0,0.95726,"Multiple stack-based buffer overflows in the Whale Client Components ActiveX control (WhlMgr.dll), as used in Microsoft Intelligent Application Gateway (IAG) before 3.7 SP2, allow remote attackers to execute arbitrary code via long arguments to the (1) CheckForUpdates or (2) UpdateComponents methods.",2009-04-16 15:12:57.280,EPSS/Metasploit
CVE-2007-2263,0.0,0.95543,"Heap-based buffer overflow in RealNetworks RealPlayer 10.0, 10.1, and possibly 10.5, RealOne Player, and RealPlayer Enterprise allows remote attackers to execute arbitrary code via an SWF (Flash) file with malformed record headers.",2007-10-31 17:46:00.000,EPSS
CVE-2007-2264,0.0,0.95593,"Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and possibly 10.5; RealOne Player 1 and 2; and RealPlayer Enterprise allows remote attackers to execute arbitrary code via a RAM (.ra or .ram) file with a large size value in the RA header.",2007-10-31 17:46:00.000,EPSS
CVE-2007-2280,0.0,0.96539,"Stack-based buffer overflow in OmniInet.exe (aka the backup client service daemon) in the Application Recovery Manager component in HP OpenView Storage Data Protector 5.50 and 6.0 allows remote attackers to execute arbitrary code via an MSG_PROTOCOL command with long arguments, a different vulnerability than CVE-2009-3844.",2009-12-18 19:30:00.203,EPSS/Metasploit
CVE-2007-2293,0.0,0.95453,"Multiple stack-based buffer overflows in the process_sdp function in chan_sip.c of the SIP channel T.38 SDP parser in Asterisk before 1.4.3 allow remote attackers to execute arbitrary code via a long (1) T38FaxRateManagement or (2) T38FaxUdpEC SDP parameter in an SIP message, as demonstrated using SIP INVITE.",2007-04-26 20:19:00.000,EPSS
CVE-2007-2386,0.0,0.41763,Buffer overflow in mDNSResponder in Apple Mac OS X 10.4 up to 10.4.9 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted UPnP Internet Gateway Device (IGD) packet.,2007-05-24 22:30:00.000,Metasploit
CVE-2007-2442,0.0,0.96602,"The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup.",2007-06-26 22:30:00.000,EPSS
CVE-2007-2443,0.0,0.96506,Integer signedness error in the gssrpc__svcauth_unix function in svc_auth_unix.c in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a negative length value.,2007-06-26 22:30:00.000,EPSS
CVE-2007-2446,0.0,0.96294,"Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving (1) DFSEnum (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notify_option_type_data), (3) LsarAddPrivilegesToAccount (lsa_io_privilege_set), (4) NetSetFileSecurity (sec_io_acl), or (5) LsarLookupSids/LsarLookupSids2 (lsa_io_trans_names).",2007-05-14 21:19:00.000,EPSS
CVE-2007-2447,0.0,0.7507,"The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the ""username map script"" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.",2007-05-14 21:19:00.000,Metasploit
CVE-2007-2449,0.0,0.96782,"Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a ""snp/snoop.jsp;"" sequence.",2007-06-14 23:30:00.000,EPSS
CVE-2007-2522,0.0,0.95498,"Stack-based buffer overflow in the inoweb Console Server in CA Anti-Virus for the Enterprise r8, Threat Manager r8, Anti-Spyware for the Enterprise r8, and Protection Suites r3 allows remote attackers to execute arbitrary code via a long (1) username or (2) password.",2007-05-11 04:20:00.000,EPSS
CVE-2007-2581,0.0,0.96701,"Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in ""every main page,"" as demonstrated by default.aspx.",2007-05-09 21:19:00.000,EPSS
CVE-2007-2617,0.0,0.00067,"srsexec in Sun Remote Services (SRS) Net Connect Software Proxy Core package in Sun Solaris 10 does not enforce file permissions when opening files, which allows local users to read the first line of arbitrary files via the -d and -v options.",2007-05-11 16:19:00.000,Metasploit
CVE-2007-2711,0.0,0.93713,Stack-based buffer overflow in TinyIdentD 2.2 and earlier allows remote attackers to execute arbitrary code via a long string to TCP port 113.,2007-05-16 10:19:00.000,Metasploit
CVE-2007-2864,0.0,0.94521,Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a large invalid value of the coffFiles field in a .CAB file.,2007-06-06 21:30:00.000,Metasploit
CVE-2007-2867,0.0,0.96861,"Multiple vulnerabilities in the layout engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) via vectors related to dangling pointers, heap corruption, signed/unsigned, and other issues.",2007-06-01 00:30:00.000,EPSS
CVE-2007-2888,0.0,0.95081,"Stack-based buffer overflow in UltraISO 8.6.2.2011 and earlier allows user-assisted remote attackers to execute arbitrary code via a long FILE string (filename) in a .cue file, a related issue to CVE-2007-2761.  NOTE: some details are obtained from third party information.",2007-05-30 01:30:00.000,EPSS/Metasploit
CVE-2007-2918,0.0,0.9011,"Multiple stack-based buffer overflows in ActiveX controls (1) VibeC in (a) vibecontrol.dll, (2) CallManager and (3) ViewerClient in (b) StarClient.dll, (4) ComLink in (c) uicomlink.dll, and (5) WebCamXMP in (d) wcamxmp.dll in Logitech VideoCall allow remote attackers to cause a denial of service (browser crash) and execute arbitrary code via unspecified vectors.",2007-06-01 01:30:00.000,Metasploit
CVE-2007-2919,0.0,0.86899,"Multiple stack-based buffer overflows in the FViewerLoading ActiveX control (FlipViewerX.dll) in E-Book Systems FlipViewer before 4.1 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via long (1) UID, (2) Opf, (3) PAGENO, (4) LaunchMode, (5) SubID, (6) BookID, (7) LibraryID, (8) SubURL, and (9) LoadOpf properties.",2007-06-06 22:30:00.000,Metasploit
CVE-2007-2931,0.0,0.95178,"Heap-based buffer overflow in Microsoft MSN Messenger 6.2, 7.0, and 7.5, and Live Messenger 8.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving video conversation handling in Web Cam and video chat sessions.",2007-08-31 22:17:00.000,EPSS
CVE-2007-2987,0.0,0.87992,"Multiple buffer overflows in certain ActiveX controls in sasatl.dll in Zenturi ProgramChecker allow remote attackers to execute arbitrary code via unspecified vectors, possibly involving the (1) DebugMsgLog or (2) DoFileProperties methods.",2007-06-01 10:30:00.000,Metasploit
CVE-2007-3010,0.0,0.97307,masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action.,2007-09-18 21:17:00.000,EPSS/CISA/Metasploit/Nuclei
CVE-2007-3033,0.0,0.9616,"Cross-site scripting (XSS) vulnerability in Windows Vista Feed Headlines Gadget (aka Sidebar RSS Feeds Gadget) in Windows Vista allows user-assisted remote attackers to execute arbitrary code via an RSS feed with crafted HTML attributes, which are not properly removed and are rendered in the local zone.",2007-08-14 22:17:00.000,EPSS
CVE-2007-3034,0.0,0.95933,"Integer overflow in the AttemptWrite function in Graphics Rendering Engine (GDI) on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile (image) with a large record length value, which triggers a heap-based buffer overflow.",2007-08-14 21:17:00.000,EPSS
CVE-2007-3039,0.0,0.97241,"Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call to port 2103.  NOTE: this is remotely exploitable on Windows 2000 Server.",2007-12-12 00:46:00.000,EPSS/Metasploit
CVE-2007-3068,0.0,0.92413,Stack-based buffer overflow in DVD X Player 4.1 Professional allows remote attackers to execute arbitrary code via a PLF playlist containing a long filename.,2007-06-06 01:30:00.000,Metasploit
CVE-2007-3091,0.0,0.96013,"Race condition in Microsoft Internet Explorer 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code or perform other actions upon a page transition, with the permissions of the old page and the content of the new page, as demonstrated by setInterval functions that set location.href within a try/catch expression, aka the ""bait & switch vulnerability"" or ""Race Condition Cross-Domain Information Disclosure Vulnerability.""",2007-06-06 21:30:00.000,EPSS
CVE-2007-3147,0.0,0.94028,Buffer overflow in the Yahoo! Webcam Upload ActiveX control in ywcupl.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the send method.  NOTE: some of these details are obtained from third party information.,2007-06-11 18:30:00.000,Metasploit
CVE-2007-3280,0.0,0.01691,"The Database Link library (dblink) in PostgreSQL 8.1 implements functions via CREATE statements that map to arbitrary libraries based on the C programming language, which allows remote authenticated superusers to map and execute a function from any library, as demonstrated by using the system function in libc.so.6 to gain shell access.",2007-06-19 21:30:00.000,Metasploit
CVE-2007-3314,0.0,0.94468,"Stack-based buffer overflow in peviewer.spl in Altap Servant Salamander 2.5 with Portable Executable Viewer 2.02 (English Trial), and 2.0 with Portable Executable Viewer 1.00 (English Trial), allows remote attackers to execute arbitrary code via a long PDB debug filename in a PE file.",2007-06-21 18:30:00.000,Metasploit
CVE-2007-3389,0.0,0.02224,"Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via a crafted chunked encoding in an HTTP response, possibly related to a zero-length payload.",2007-06-26 00:30:00.000,Metasploit
CVE-2007-3410,0.0,0.953,"Stack-based buffer overflow in the SmilTimeValue::parseWallClockValue function in smlprstime.cpp in RealNetworks RealPlayer 10, 10.1, and possibly 10.5, RealOne Player, RealPlayer Enterprise, and Helix Player 10.5-GOLD and 10.0.5 through 10.0.8, allows remote attackers to execute arbitrary code via an SMIL (SMIL2) file with a long wallclock value.",2007-06-26 22:30:00.000,EPSS
CVE-2007-3435,0.0,0.94661,Stack-based buffer overflow in the BeginPrint method in a certain ActiveX control in RKD Software (barcodetools.com) BarCodeAx.dll 4.9 allows remote attackers to execute arbitrary code via a long argument.,2007-06-27 00:30:00.000,Metasploit
CVE-2007-3456,0.0,0.96678,"Integer overflow in Adobe Flash Player 9.0.45.0 and earlier might allow remote attackers to execute arbitrary code via a large length value for a (1) Long string or (2) XML variable type in a crafted (a) FLV or (b) SWF file, related to an ""input validation error,"" including a signed comparison of values that are assumed to be non-negative.",2007-07-11 16:30:00.000,EPSS
CVE-2007-3566,0.0,0.86178,Stack-based buffer overflow in the database service (ibserver.exe) in Borland InterBase 2007 before SP2 allows remote attackers to execute arbitrary code via a long size value in a create request to port 3050/tcp.,2007-07-26 18:30:00.000,Metasploit
CVE-2007-3605,0.0,0.95085,Stack-based buffer overflow in the kweditcontrol.kwedit.1 ActiveX control in FrontEnd\SapGui\kwedit.dll in the EnjoySAP SAP GUI allows remote attackers to execute arbitrary code via a long argument to the PrepareToPostHTML function.,2007-07-06 19:30:00.000,EPSS/Metasploit
CVE-2007-3614,0.0,0.59015,"Multiple stack-based buffer overflows in waHTTP.exe (aka the SAP DB Web Server) in SAP DB, possibly 7.3 through 7.5, allow remote attackers to execute arbitrary code via (1) a certain cookie value; (2) a certain additional parameter, related to sapdbwa_GetQueryString; and other unspecified vectors related to ""numerous other fields.""",2007-07-06 19:30:00.000,Metasploit
CVE-2007-3763,0.0,0.95417,"The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted (1) LAGRQ or (2) LAGRP frame that contains information elements of IAX frames, which results in a NULL pointer dereference when Asterisk does not properly set an associated variable.",2007-07-18 17:30:00.000,EPSS
CVE-2007-3764,0.0,0.97028,"The Skinny channel driver (chan_skinny) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a certain data length value in a crafted packet, which results in an ""overly large memcpy.""",2007-07-18 17:30:00.000,EPSS
CVE-2007-3844,0.0,0.9514,"Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting (XSS) attacks with chrome privileges via an addon that inserts a (1) javascript: or (2) data: link into an about:blank document loaded by chrome via (a) the window.open function or (b) a content.location assignment, aka ""Cross Context Scripting."" NOTE: this issue is caused by a CVE-2007-3089 regression.",2007-08-08 01:17:00.000,EPSS
CVE-2007-3845,0.0,0.95732,"Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute arbitrary commands via certain vectors associated with launching ""a file handling program based on the file extension at the end of the URI,"" a variant of CVE-2007-4041.  NOTE: the vendor states that ""it is still possible to launch a filetype handler based on extension rather than the registered protocol handler.""",2007-08-08 01:17:00.000,EPSS
CVE-2007-3872,0.0,0.92409,"Multiple stack-based buffer overflows in the Shared Trace Service (OVTrace) service for HP OpenView Operations A.07.50 for Windows, and possibly earlier versions, allow remote attackers to execute arbitrary code via certain crafted requests.",2007-08-09 20:17:00.000,Metasploit
CVE-2007-3896,0.0,0.95804,"The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid ""%"" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers.",2007-10-11 00:17:00.000,EPSS
CVE-2007-3897,0.0,0.95874,"Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption.",2007-10-09 22:17:00.000,EPSS
CVE-2007-3898,0.0,0.96465,"The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors.",2007-11-14 01:46:00.000,EPSS
CVE-2007-3901,0.0,0.96268,Stack-based buffer overflow in the DirectShow Synchronized Accessible Media Interchange (SAMI) parser in quartz.dll for Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted SAMI file.,2007-12-12 00:46:00.000,EPSS/Metasploit
CVE-2007-3925,0.0,0.97418,Multiple buffer overflows in the IMAP service (imapd32.exe) in Ipswitch IMail Server 2006 before 2006.21 allow remote authenticated users to execute arbitrary code via the (1) Search or (2) Search Charset command.,2007-07-21 00:30:00.000,EPSS/Metasploit
CVE-2007-3999,0.0,0.96715,"Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library (librpcsecgss) in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and some third-party applications that use krb5, allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long string in an RPC message.",2007-09-05 10:17:00.000,EPSS
CVE-2007-4006,0.0,0.77003,"Buffer overflow in Mike Dubman Windows RSH daemon (rshd) 1.7 has unknown impact and remote attack vectors, aka ZD-00000034.  NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.",2007-07-26 00:30:00.000,Metasploit
CVE-2007-4218,0.0,0.9682,"Multiple buffer overflows in the ServerProtect service (SpntSvc.exe) in Trend Micro ServerProtect for Windows before 5.58 Security Patch 4 allow remote attackers to execute arbitrary code via certain RPC requests to certain TCP ports that are processed by the (1) RPCFN_ENG_NewManualScan, (2) RPCFN_ENG_TimedNewManualScan, and (3) RPCFN_SetComputerName functions in (a) StRpcSrv.dll; the (4) RPCFN_CMON_SetSvcImpersonateUser and (5) RPCFN_OldCMON_SetSvcImpersonateUser functions in (b) Stcommon.dll; the (6) RPCFN_ENG_TakeActionOnAFile and (7) RPCFN_ENG_AddTaskExportLogItem functions in (c) Eng50.dll; the (8) NTF_SetPagerNotifyConfig function in (d) Notification.dll; or the (9) RPCFN_CopyAUSrc function in the (e) ServerProtect Agent service.",2007-08-22 23:17:00.000,EPSS
CVE-2007-4280,0.0,0.95219,"The Skinny channel driver (chan_skinny) in Asterisk Open Source before 1.4.10, AsteriskNOW before beta7, Appliance Developer Kit before 0.7.0, and Appliance s800i before 1.0.3 allows remote authenticated users to cause a denial of service (application crash) via a CAPABILITIES_RES_MESSAGE packet with a capabilities count larger than the capabilities_res_message array population.",2007-08-09 21:17:00.000,EPSS
CVE-2007-4370,0.0,0.93861,Multiple buffer overflows in the (1) client and (2) server in Racer 0.5.3 beta 5 allow remote attackers to execute arbitrary code via a long string to UDP port 26000.,2007-08-15 23:17:00.000,Metasploit
CVE-2007-4387,0.0,0.26233,"Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire 1701HG and 2071 Gateway routers, with 3.17.5 and 5.29.51 software, allows remote attackers to perform certain configuration changes as administrators.",2007-08-17 22:17:00.000,Metasploit
CVE-2007-4440,0.0,0.81552,"Stack-based buffer overflow in the MercuryS SMTP server in Mercury Mail Transport System, possibly 4.51 and earlier, allows remote attackers to execute arbitrary code via a long AUTH CRAM-MD5 string. NOTE: this might overlap CVE-2006-5961.",2007-08-21 00:17:00.000,Metasploit
CVE-2007-4466,0.0,0.88654,Multiple stack-based buffer overflows in Electronic Arts (EA) SnoopyCtrl ActiveX control (NPSnpy.dll) allow remote attackers to execute arbitrary code via unspecified methods and parameters.,2007-10-09 22:17:00.000,Metasploit
CVE-2007-4474,0.0,0.97112,"Multiple stack-based buffer overflows in the IBM Lotus Domino Web Access ActiveX control, as provided by inotes6.dll, inotes6w.dll, dwa7.dll, and dwa7w.dll, in Domino 6.x and 7.x allow remote attackers to execute arbitrary code, as demonstrated by an overflow from a long General_ServerName property value when calling the InstallBrowserHelperDll function in the Upload Module in the dwa7.dwa7.1 control in dwa7w.dll 7.0.34.1.",2007-12-27 22:46:00.000,EPSS/Metasploit
CVE-2007-4475,0.0,0.95471,Stack-based buffer overflow in EAI WebViewer3D ActiveX control (webviewer3d.dll) in SAP AG SAPgui before 7.10 Patch Level 9 allows remote attackers to execute arbitrary code via a long argument to the SaveViewToSessionFile method.,2009-04-01 18:30:00.547,EPSS/Metasploit
CVE-2007-4504,0.0,0.02171,Directory traversal vulnerability in index.php in the RSfiles component (com_rsfiles) 1.0.2 and earlier for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter in a files.display action.,2007-08-23 19:17:00.000,Nuclei
CVE-2007-4515,0.0,0.84394,Buffer overflow in a certain ActiveX control in YVerInfo.dll before 2007.8.27.1 in the Yahoo! services suite for Yahoo! Messenger before 8.1.0.419 allows remote attackers to execute arbitrary code via unspecified vectors involving arguments to the (1) fvCom and (2) info methods.  NOTE: some of these details are obtained from third party information.,2007-08-31 22:17:00.000,Metasploit
CVE-2007-4556,0.0,0.21361,"Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a ""%{"" sequence and ending with a ""}"" character.",2007-08-28 01:17:00.000,Nuclei
CVE-2007-4560,0.0,0.96504,"clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the ""recipient field of sendmail.""",2007-08-28 01:17:00.000,EPSS/Metasploit
CVE-2007-4599,0.0,0.95692,"Stack-based buffer overflow in RealNetworks RealPlayer 10 and possibly 10.5, and RealOne Player 1 and 2, for Windows allows remote attackers to execute arbitrary code via a crafted playlist (PLS) file.",2007-10-31 17:46:00.000,EPSS
CVE-2007-4607,0.0,0.93954,"Buffer overflow in the EasyMailSMTPObj ActiveX control in emsmtp.dll 6.0.1 in the Quiksoft EasyMail SMTP Object, as used in Postcast Server Pro 3.0.61 and other products, allows remote attackers to execute arbitrary code via a long argument to the SubmitToExpress method, a different vulnerability than CVE-2007-1029. NOTE: this may have been fixed in version 6.0.3.15.",2007-08-31 00:17:00.000,Metasploit
CVE-2007-4620,0.0,0.22042,"Multiple stack-based buffer overflows in Computer Associates (CA) Alert Notification Service (Alert.exe) 8.1.586.0, 8.0.450.0, and 7.1.758.0, as used in multiple CA products including Anti-Virus for the Enterprise 7.1 through r11.1 and Threat Manager for the Enterprise 8.1 and r8, allow remote authenticated users to execute arbitrary code via crafted RPC requests.",2008-04-07 18:44:00.000,Metasploit
CVE-2007-4776,0.0,0.93896,"Buffer overflow in Microsoft Visual Basic 6.0 and Enterprise Edition 6.0 SP6 allows user-assisted remote attackers to execute arbitrary code via a Visual Basic project (vbp) file containing a long Reference line, related to VBP_Open and OLE. NOTE: there are limited usage scenarios under which this would be a vulnerability.",2007-09-10 21:17:00.000,Metasploit
CVE-2007-4790,0.0,0.96437,"Stack-based buffer overflow in certain ActiveX controls in (1) FPOLE.OCX 6.0.8450.0 and (2) Foxtlib.ocx, as used in the Microsoft Visual FoxPro 6.0 fpole 1.0 Type Library; and Internet Explorer 5.01, 6 SP1 and SP2, and 7; allows remote attackers to execute arbitrary code via a long first argument to the FoxDoCmd function.",2007-09-10 21:17:00.000,EPSS
CVE-2007-4880,0.0,0.96686,"Buffer overflow in the Client Acceptor Daemon (CAD), dsmcad.exe, in certain IBM Tivoli Storage Manager (TSM) clients 5.1 before 5.1.8.1, 5.2 before 5.2.5.2, 5.3 before 5.3.5.3, and 5.4 before 5.4.1.2 allows remote attackers to execute arbitrary code via crafted HTTP headers, aka IC52905.",2007-09-28 00:17:00.000,EPSS/Metasploit
CVE-2007-4915,0.0,0.70825,"The Intersil isl3893 extensions for Boa 0.93.15, as used on the FreeLan RO80211G-AP and other devices, do not prevent stack writes from entering memory locations used for string constants, which allows remote attackers to change the admin password stored in memory via a long username in an HTTP Basic Authentication request.",2007-09-17 17:17:00.000,Metasploit
CVE-2007-4991,0.0,0.96039,The SOCKS4 Proxy in Microsoft Internet Security and Acceleration (ISA) Server 2004 SP1 and SP2 allows remote attackers to obtain potentially sensitive information (the destination IP address of another user's session) via an empty packet.,2007-09-21 19:17:00.000,EPSS
CVE-2007-5003,0.0,0.9412,"Multiple stack-based buffer overflows in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allow remote attackers to execute arbitrary code via a long (1) username or (2) password to the rxrLogin command in rxRPC.dll, or a long (3) username argument to the GetUserInfo function.",2007-10-01 20:17:00.000,Metasploit
CVE-2007-5067,0.0,0.95096,Multiple buffer overflows in iMatix Xitami Web Server 2.5c2 allow remote attackers to execute arbitrary code via a long If-Modified-Since header to (1) xigui32.exe or (2) xitami.exe.,2007-09-24 23:17:00.000,EPSS/Metasploit
CVE-2007-5082,0.0,0.76541,"Multiple stack-based buffer overflows in Computer Associates (CA) BrightStor Hierarchical Storage Manager (HSM) before r11.6 allow remote attackers to execute arbitrary code via unspecified CsAgent service commands with certain opcodes, related to missing validation of a length parameter.",2007-10-01 20:17:00.000,Metasploit
CVE-2007-5107,0.0,0.92289,"Stack-based buffer overflow in the AskJeevesToolBar.SettingsPlugin.1 ActiveX control in askBar.dll in IAC Search & Media ask.com Ask Toolbar 4.0.2.53 and earlier allows remote attackers to execute arbitrary code via a long ShortFormat property value.  NOTE: some of these details are obtained from third party information.  NOTE: the researcher claims that this is the same as CVE-2007-5108, but there is insufficient detail for CVE-2007-5108 to be certain.",2007-09-26 23:17:00.000,Metasploit
CVE-2007-5208,0.0,0.22319,"hpssd in Hewlett-Packard Linux Imaging and Printing Project (hplip) 1.x and 2.x before 2.7.10 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a from address, which is not properly handled when invoking sendmail.",2007-10-13 00:17:00.000,Metasploit
CVE-2007-5217,0.0,0.73391,"Stack-based buffer overflow in the ADM4 ActiveX control in adm4.dll in Altnet Download Manager 4.0.0.6, as used in (1) Kazaa 3.2.7 and (2) Grokster, allows remote attackers to execute arbitrary code via a long argument to the Install method.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.",2007-10-05 00:17:00.000,Metasploit
CVE-2007-5244,0.0,0.62805,"Stack-based buffer overflow in Borland InterBase LI 8.0.0.53 through 8.1.0.253 on Linux, and possibly unspecified versions on Solaris, allows remote attackers to execute arbitrary code via a long attach request on TCP port 3050 to the open_marker_file function.",2007-10-06 17:17:00.000,Metasploit
CVE-2007-5328,0.0,0.96539,"The Message Engine RPC service in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows attackers to execute arbitrary code by using certain ""insecure method calls"" to modify the file system and registry, aka ""Privileged function exposure.""",2007-10-13 00:17:00.000,EPSS
CVE-2007-5339,0.0,0.96474,"Multiple vulnerabilities in Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allow remote attackers to cause a denial of service (crash) via crafted HTML that triggers memory corruption or assert errors.",2007-10-21 19:17:00.000,EPSS
CVE-2007-5398,0.0,0.96025,"Stack-based buffer overflow in the reply_netbios_packet function in nmbd/nmbd_packets.c in nmbd in Samba 3.0.0 through 3.0.26a, when operating as a WINS server, allows remote attackers to execute arbitrary code via crafted WINS Name Registration requests followed by a WINS Name Query request.",2007-11-16 18:46:00.000,EPSS
CVE-2007-5423,0.0,0.96247,"tiki-graph_formula.php in TikiWiki 1.9.8 allows remote attackers to execute arbitrary code via PHP sequences in the f array parameter, which are processed by create_function.",2007-10-12 23:17:00.000,EPSS/Metasploit
CVE-2007-5511,0.0,0.9735,"SQL injection vulnerability in Workspace Manager for Oracle Database before OWM 10.2.0.4.1, OWM 10.1.0.8.0, and OWM 9.2.0.8.0 allows attackers to execute arbitrary SQL commands via the FINDRICSET procedure in the LT package.  NOTE: this is probably covered by CVE-2007-5510, but there are insufficient details to be certain.",2007-10-17 23:17:00.000,EPSS/Metasploit
CVE-2007-5601,0.0,0.96155,"Stack-based buffer overflow in the Database Component in MPAMedia.dll in RealNetworks RealPlayer 10.5 and 11 beta, and earlier versions including 10, RealOne Player, and RealOne Player 2, allows remote attackers to execute arbitrary code via certain playlist names, as demonstrated via the import method to the IERPCtl ActiveX control in ierpplug.dll.",2007-10-20 20:17:00.000,EPSS/Metasploit
CVE-2007-5603,0.0,0.84392,"Stack-based buffer overflow in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control before 2.1.0.51, and 2.5.x before 2.5.0.56, allows remote attackers to execute arbitrary code via a long string in the second argument to the AddRouteEntry method.",2007-11-05 18:46:00.000,Metasploit
CVE-2007-5659,0.0,0.97232,Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and earlier allow remote attackers to execute arbitrary code via a PDF file with long arguments to unspecified JavaScript methods.  NOTE: this issue might be subsumed by CVE-2008-0655.,2008-02-12 19:00:00.000,EPSS/CISA/Metasploit
CVE-2007-5660,0.0,0.96049,"Unspecified vulnerability in the Update Service ActiveX control in isusweb.dll before 6.0.100.65101 in MacroVision FLEXnet Connect and InstallShield 2008 allows remote attackers to execute arbitrary code via an unspecified ""unsafe method,"" possibly involving a buffer overflow.",2007-11-02 16:46:00.000,EPSS
CVE-2007-5728,0.0,0.01496,"Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, allows remote attackers to inject arbitrary web script or HTML via certain input available in PHP_SELF in (1) redirect.php, possibly related to (2) login.php, different vectors than CVE-2007-2865.",2007-10-30 21:46:00.000,Nuclei
CVE-2007-5779,0.0,0.76025,Buffer overflow in the GomManager (GomWeb Control) ActiveX control in GomWeb3.dll 1.0.0.12 in Gretech Online Movie Player (GOM Player) 2.1.6.3499 allows remote attackers to execute arbitrary code via a long argument to the OpenUrl method.,2007-11-01 16:46:00.000,Metasploit
CVE-2007-5863,0.0,0.91799,"Software Update in Apple Mac OS X 10.5.1 allows remote attackers to execute arbitrary commands via a man-in-the-middle (MITM) attack between the client and the server, using a modified distribution definition file with the ""allow-external-scripts"" option.",2007-12-19 21:46:00.000,Metasploit
CVE-2007-6015,0.0,0.97296,"Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the ""domain logons"" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset username in a SAMLOGON logon request.",2007-12-13 21:46:00.000,EPSS
CVE-2007-6016,0.0,0.9579,"Multiple stack-based buffer overflows in the PVATLCalendar.PVCalendar.1 ActiveX control in pvcalendar.ocx in the scheduler component in the Media Server in Symantec Backup Exec for Windows Server (BEWS) 11d 11.0.6235 and 11.0.7170, and 12.0 12.0.1364, allow remote attackers to execute arbitrary code via a long (1) _DOWText0, (2) _DOWText1, (3) _DOWText2, (4) _DOWText3, (5) _DOWText4, (6) _DOWText5, (7) _DOWText6, (8) _MonthText0, (9) _MonthText1, (10) _MonthText2, (11) _MonthText3, (12) _MonthText4, (13) _MonthText5, (14) _MonthText6, (15) _MonthText7, (16) _MonthText8, (17) _MonthText9, (18) _MonthText10, or (19) _MonthText11 property value when executing the Save method. NOTE: the vendor states ""Authenticated user involvement required,"" but authentication is not needed to attack a client machine that loads this control.",2008-02-29 19:44:00.000,EPSS/Metasploit
CVE-2007-6165,0.0,0.13934,"Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote attackers to execute arbitrary code via an AppleDouble attachment containing an apparently-safe file type and script in a resource fork, which does not warn the user that a separate program is going to be executed.  NOTE: this is a regression error related to CVE-2006-0395.",2007-11-29 01:46:00.000,Metasploit
CVE-2007-6166,0.0,0.97079,"Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header.",2007-11-29 01:46:00.000,EPSS
CVE-2007-6203,0.0,0.97199,"Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a ""413 Request Entity Too Large"" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.",2007-12-03 22:46:00.000,EPSS
CVE-2007-6204,0.0,0.47796,"Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allow remote attackers to execute arbitrary code via unspecified long arguments to (1) ovlogin.exe, (2) OpenView5.exe, (3) snmpviewer.exe, and (4) webappmon.exe, as demonstrated via a long Action parameter to OpenView5.exe.",2007-12-13 21:46:00.000,Metasploit
CVE-2007-6244,0.0,0.95915,Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player 9.x up to 9.0.48.0 and 8.x up to 8.0.35.0 allow remote attackers to inject arbitrary web script or HTML via (1) a SWF file that uses the asfunction: protocol or (2) the navigateToURL function when used with the Flash Player ActiveX Control in Internet Explorer.,2007-12-20 01:46:00.000,EPSS
CVE-2007-6377,0.0,0.92157,Stack-based buffer overflow in the PassThru functionality in ext.dll in BadBlue 2.72b and earlier allows remote attackers to execute arbitrary code via a long query string.,2007-12-15 01:46:00.000,Metasploit
CVE-2007-6507,0.0,0.97047,"SpntSvc.exe daemon in Trend Micro ServerProtect 5.58 for Windows, before Security Patch 4, exposes unspecified dangerous sub-functions from StRpcSrv.dll in the DCE/RPC interface, which allows remote attackers to obtain ""full file system access"" and execute arbitrary code.",2007-12-20 23:46:00.000,EPSS/Metasploit
CVE-2007-6509,0.0,0.74775,Unspecified vulnerability in Appian Enterprise Business Process Management (BPM) Suite 5.6 SP1 allows remote attackers to cause a denial of service via a crafted packet to port 5400/tcp.,2007-12-21 19:46:00.000,Metasploit
CVE-2007-6530,0.0,0.90755,"Buffer overflow in the XUpload.ocx ActiveX control in Persits Software XUpload 2.1.0.1, and probably other versions before 3.0, as used by HP Mercury LoadRunner and Groove Virtual Office, allows remote attackers to execute arbitrary code via a long argument to the AddFolder function.",2007-12-27 22:46:00.000,Metasploit
CVE-2007-6750,0.0,0.01696,"The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.",2011-12-27 18:55:00.970,Metasploit
CVE-2008-0015,0.0,0.96452,"Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka ""Microsoft Video ActiveX Control Vulnerability.""",2009-07-07 23:30:00.187,EPSS/Metasploit
CVE-2008-0065,0.0,0.75024,"Multiple stack-based buffer overflows in in_mp3.dll in Winamp 5.21, 5.5, and 5.51 allow remote attackers to execute arbitrary code via a long (1) artist or (2) name tag in Ultravox streaming metadata, related to construction of stream titles.",2008-01-22 20:00:00.000,Metasploit
CVE-2008-0067,0.0,0.83529,"Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) long string parameters to the OpenView5.exe CGI program; (2) a long string parameter to the OpenView5.exe CGI program, related to ov.dll; or a long string parameter to the (3) getcvdata.exe, (4) ovlaunch.exe, or (5) Toolbar.exe CGI program.",2009-01-08 19:30:00.407,Metasploit
CVE-2008-0068,0.0,0.9627,"Directory traversal vulnerability in OpenView5.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to read arbitrary files via directory traversal sequences in the Action parameter.",2008-04-16 18:05:00.000,EPSS
CVE-2008-0086,0.0,0.9596,"Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression.",2008-07-08 23:41:00.000,EPSS
CVE-2008-0088,0.0,0.95258,"Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003, and Active Directory Application Mode (ADAM) on XP and Server 2003, allows remote attackers to cause a denial of service (hang and restart) via a crafted LDAP request.",2008-02-12 21:00:00.000,EPSS
CVE-2008-0095,0.0,0.96669,"The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Business Edition before C.1.0-beta8, AsteriskNOW before beta7, Appliance Developer Kit before Asterisk 1.4 revision 95946, and Appliance s800i 1.0.x before 1.0.3.4 allows remote attackers to cause a denial of service (daemon crash) via a BYE message with an Also (Also transfer) header, which triggers a NULL pointer dereference.",2008-01-08 02:46:00.000,EPSS
CVE-2008-0106,0.0,0.9596,"Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement.",2008-07-08 23:41:00.000,EPSS
CVE-2008-0108,0.0,0.95085,"Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted field lengths, aka ""Microsoft Works File Converter Field Length Vulnerability.""",2008-02-12 23:00:00.000,EPSS
CVE-2008-0226,0.0,0.97415,"Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) ""input_buffer& operator>>"" in yassl_imp.cpp.",2008-01-10 23:46:00.000,EPSS
CVE-2008-0236,0.0,0.95402,An ActiveX control for Microsoft Visual FoxPro (vfp6r.dll 6.0.8862.0) allows remote attackers to execute arbitrary commands by invoking the DoCmd method.,2008-01-11 02:46:00.000,EPSS
CVE-2008-0237,0.0,0.95603,The Microsoft Rich Textbox ActiveX Control (RICHTX32.OCX) 6.1.97.82 allows remote attackers to execute arbitrary commands by invoking the insecure SaveFile method.,2008-01-11 02:46:00.000,EPSS
CVE-2008-0244,0.0,0.96799,"SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to execute arbitrary commands via ""&&"" and other shell metacharacters in exec_sdbinfo and other unspecified commands, which are executed when MaxDB invokes cons.exe.",2008-01-12 02:46:00.000,EPSS/Metasploit
CVE-2008-0311,0.0,0.75077,Stack-based buffer overflow in the PGMWebHandler::parse_request function in the StarTeam Multicast Service component (STMulticastService) 6.4 in Borland CaliberRM 2006 allows remote attackers to execute arbitrary code via a large HTTP request.,2008-04-06 23:44:00.000,Metasploit
CVE-2008-0320,0.0,0.92414,Heap-based buffer overflow in the OLE importer in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an OLE file with a crafted DocumentSummaryInformation stream.,2008-04-17 19:05:00.000,Metasploit
CVE-2008-0492,0.0,0.9024,Stack-based buffer overflow in the Persits.XUpload.2 ActiveX control in XUpload.ocx 3.0.0.4 and earlier in Persits XUpload 3.0 allows remote attackers to execute arbitrary code via a long argument to the AddFile method.  NOTE: some of these details are obtained from third party information.,2008-01-30 22:00:00.000,Metasploit
CVE-2008-0506,0.0,0.96213,"include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php.",2008-01-31 20:00:00.000,EPSS/Metasploit
CVE-2008-0550,0.0,0.08201,"Off-by-one error in Steamcast 0.9.75 and earlier allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a certain HTTP request that leads to a buffer overflow, as demonstrated by a long User-Agent header.",2008-02-01 20:00:00.000,Metasploit
CVE-2008-0610,0.0,0.308,"Stack-based buffer overflow in the ClientConnection::NegotiateProtocolVersion function in vncviewer/ClientConnection.cpp in vncviewer for UltraVNC 1.0.2 and 1.0.4 before 01252008, when in LISTENING mode or when using the DSM plugin, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a modified size value.",2008-02-06 12:00:00.000,Metasploit
CVE-2008-0621,0.0,0.80831,"Buffer overflow in SAPLPD 6.28 and earlier included in SAP GUI 7.10 and SAPSprint before 1018 allows remote attackers to execute arbitrary code via long arguments to the (1) 0x01, (2) 0x02, (3) 0x03, (4) 0x04, and (5) 0x05 LPD commands.",2008-02-06 12:00:00.000,Metasploit
CVE-2008-0655,0.0,0.95304,Multiple unspecified vulnerabilities in Adobe Reader and Acrobat before 8.1.2 have unknown impact and attack vectors.,2008-02-07 21:00:00.000,EPSS/CISA
CVE-2008-0871,0.0,0.88773,Multiple stack-based buffer overflows in Now SMS/MMS Gateway 2007.06.27 and earlier allow remote attackers to execute arbitrary code via a (1) long password in an Authorization header to the HTTP service or a (2) large packet to the SMPP service.,2008-02-21 19:44:00.000,Metasploit
CVE-2008-0926,0.0,0.34618,"The SOAP interface to the eMBox module in Novell eDirectory 8.7.3.9 and earlier, and 8.8.x before 8.8.2, relies on client-side authentication, which allows remote attackers to bypass authentication via requests for /SOAP URIs, and cause a denial of service (daemon shutdown) or read arbitrary files. NOTE: it was later reported that 8.7.3.10 (aka 8.7.3 SP10) is also affected.",2008-03-28 18:44:00.000,Metasploit
CVE-2008-0927,0.0,0.96755,dhost.exe in Novell eDirectory 8.7.3 before sp10 and 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with (1) multiple Connection headers or (2) a Connection header with multiple comma-separated values.  NOTE: this might be similar to CVE-2008-1777.,2008-04-14 16:05:00.000,EPSS
CVE-2008-0935,0.0,0.40953,Stack-based buffer overflow in the Novell iPrint Control ActiveX control in ienipp.ocx in Novell iPrint Client before 4.34 allows remote attackers to execute arbitrary code via a long argument to the ExecuteRequest method.,2008-02-25 18:44:00.000,Metasploit
CVE-2008-0955,0.0,0.61511,Stack-based buffer overflow in the Creative Software AutoUpdate Engine ActiveX control in CTSUEng.ocx allows remote attackers to execute arbitrary code via a long CacheFolder property value.,2008-05-29 16:32:00.000,Metasploit
CVE-2008-0960,0.0,0.97056,"SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte.",2008-06-10 18:32:00.000,EPSS
CVE-2008-1059,0.0,0.01493,PHP remote file inclusion vulnerability in modules/syntax_highlight.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the libpath parameter.,2008-02-28 19:44:00.000,Nuclei
CVE-2008-1061,0.0,0.00697,"Multiple cross-site scripting (XSS) vulnerabilities in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter to (a) warning.php, (b) notice.php, and (c) inset.php in view/sniplets/, and possibly (d) modules/execute.php; the (2) url parameter to (e) view/admin/submenu.php; and the (3) page parameter to (f) view/admin/pager.php.",2008-02-28 19:44:00.000,Nuclei
CVE-2008-1105,0.0,0.97018,Heap-based buffer overflow in the receive_smb_raw function in util/sock.c in Samba 3.0.0 through 3.0.29 allows remote attackers to execute arbitrary code via a crafted SMB response.,2008-05-29 16:32:00.000,EPSS
CVE-2008-1117,0.0,0.54817,"Directory traversal vulnerability in the Notes (aka Flash Notes or instant messages) feature in tb2ftp.dll in Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, allows remote attackers to upload files to arbitrary locations via a destination filename with a \ (backslash) character followed by ../ (dot dot slash) sequences. NOTE: this can be leveraged for code execution by writing to a Startup folder.  NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-4220.",2008-03-14 20:44:00.000,Metasploit
CVE-2008-1289,0.0,0.96981,"Multiple buffer overflows in Asterisk Open Source 1.4.x before 1.4.18.1 and 1.4.19-rc3, Open Source 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6.1, AsteriskNOW 1.0.x before 1.0.2, Appliance Developer Kit before 1.4 revision 109386, and s800i 1.1.x before 1.1.0.2 allow remote attackers to (1) write a zero to an arbitrary memory location via a large RTP payload number, related to the ast_rtp_unset_m_type function in main/rtp.c; or (2) write certain integers to an arbitrary memory location via a large number of RTP payloads, related to the process_sdp function in channels/chan_sip.c.",2008-03-24 17:44:00.000,EPSS
CVE-2008-1309,0.0,0.95843,"The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, RealPlayer 10.5 before build 6.0.12.1675, and RealPlayer 11 before 11.0.3 build 6.0.14.806 does not properly manage memory for the (1) Console or (2) Controls property, which allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via a series of assignments of long string values, which triggers an overwrite of freed heap memory.",2008-03-12 17:44:00.000,EPSS/Metasploit
CVE-2008-1311,0.0,0.60628,"The TFTP server in PacketTrap pt360 Tool Suite PRO 2.0.3901.0 and earlier allows remote attackers to cause a denial of service (daemon hang) by uploading a file named (1) '|' (pipe), (2) '""' (quotation mark), or (3) ""<>"" (less than, greater than); or (4) a file with a long name.  NOTE: the issue for vector 4 might exist because of an incomplete fix for CVE-2008-1312.",2008-03-12 17:44:00.000,Metasploit
CVE-2008-1358,0.0,0.18659,Stack-based buffer overflow in the IMAP server in Alt-N Technologies MDaemon 9.6.4 allows remote authenticated users to execute arbitrary code via a FETCH command with a long BODY.,2008-03-17 17:44:00.000,Metasploit
CVE-2008-1365,0.0,0.24341,"Stack-based buffer overflow in Trend Micro OfficeScan Corporate Edition 8.0 Patch 2 build 1189 and earlier, and 7.3 Patch 3 build 1314 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long encrypted password, which triggers the overflow in (1) cgiChkMasterPwd.exe, (2) policyserver.exe as reachable through cgiABLogon.exe, and other vectors.",2008-03-17 22:44:00.000,Metasploit
CVE-2008-1446,0.0,0.96237,"Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka ""Integer Overflow in IPP Service Vulnerability.""",2008-10-15 00:12:15.553,EPSS
CVE-2008-1472,0.0,0.9258,"Stack-based buffer overflow in the ListCtrl ActiveX Control (ListCtrl.ocx), as used in multiple CA products including BrightStor ARCserve Backup R11.5, Desktop Management Suite r11.1 through r11.2, and Unicenter products r11.1 through r11.2, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long argument to the AddColumn method.",2008-03-24 22:44:00.000,Metasploit
CVE-2008-1491,0.0,0.75535,Stack-based buffer overflow in the DPC Proxy server (DpcProxy.exe) in ASUS Remote Console (aka ARC or ASMB3) 2.0.0.19 and 2.0.0.24 allows remote attackers to execute arbitrary code via a long string to TCP port 623.,2008-03-25 19:44:00.000,Metasploit
CVE-2008-1544,0.0,0.95596,"The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 5.01, 6, and 7 does not block dangerous HTTP request headers when certain 8-bit character sequences are appended to a header name, which allows remote attackers to (1) conduct HTTP request splitting and HTTP request smuggling attacks via an incorrect Content-Length header, (2) access arbitrary virtual hosts via a modified Host header, (3) bypass referrer restrictions via an incorrect Referer header, and (4) bypass the same-origin policy and obtain sensitive information via a crafted request header.",2008-03-28 23:44:00.000,EPSS
CVE-2008-1547,0.0,0.03322,Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter.,2008-10-21 01:18:01.927,Nuclei
CVE-2008-1562,0.0,0.01685,"The LDAP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet, a different vulnerability than CVE-2006-5740.",2008-03-31 22:44:00.000,Metasploit
CVE-2008-1602,0.0,0.77753,"Stack-based buffer overflow in Orbit downloader 2.6.3 and 2.6.4 allows remote attackers to execute arbitrary code via a long download URL, which is not properly handled during Unicode conversion for a balloon notification after a download has failed.",2008-04-06 23:44:00.000,Metasploit
CVE-2008-1610,0.0,0.37684,Stack-based buffer overflow in TallSoft Quick TFTP Server Pro 2.1 allows remote attackers to cause a denial of service or execute arbitrary code via a long mode field in a read or write request.,2008-04-01 16:44:00.000,Metasploit
CVE-2008-1611,0.0,0.37684,Stack-based buffer overflow in TFTP Server SP 1.4 for Windows allows remote attackers to cause a denial of service or execute arbitrary code via a long filename in a read or write request.,2008-04-01 16:44:00.000,Metasploit
CVE-2008-1661,0.0,0.92847,Stack-based buffer overflow in DoubleTake.exe in HP StorageWorks Storage Mirroring (SWSM) before 4.5 SP2 allows remote attackers to execute arbitrary code via a crafted encoded authentication request.,2008-06-04 19:32:00.000,Metasploit
CVE-2008-1697,0.0,0.95571,"Stack-based buffer overflow in ovwparser.dll in HP OpenView Network Node Manager (OV NNM) 7.53, 7.51, and earlier allows remote attackers to execute arbitrary code via a long URI in an HTTP request processed by ovas.exe, as demonstrated by a certain topology/homeBaseView request.  NOTE: some of these details are obtained from third party information.",2008-04-08 17:05:00.000,EPSS/Metasploit
CVE-2008-1724,0.0,0.86371,Stack-based buffer overflow in the IActiveXTransfer.FileTransfer method in the SecureTransport FileTransfer ActiveX control in vcst_en.dll 1.0.0.5 in Tumbleweed SecureTransport Server before 4.6.1 Hotfix 20 allows remote attackers to execute arbitrary code via a long remoteFile parameter.,2008-04-11 19:05:00.000,Metasploit
CVE-2008-1801,0.0,0.9586,Integer underflow in the iso_recv_msg function (iso.c) in rdesktop 1.5.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Remote Desktop Protocol (RDP) request with a small length field.,2008-05-12 16:20:00.000,EPSS
CVE-2008-1898,0.0,0.96709,"A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via an invalid WksPictureInterface property value, which triggers an improper function call.",2008-04-21 17:05:00.000,EPSS/Metasploit
CVE-2008-2031,0.0,0.00798,"VicFTPS 5.0 allows remote attackers to cause a denial of service (crash) via a crafted LIST command, which triggers a NULL pointer dereference.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.",2008-04-30 16:17:00.000,Metasploit
CVE-2008-2158,0.0,0.68522,Multiple stack-based buffer overflows in the Command Line Interface process in the Server Agent in EMC AlphaStor 3.1 SP1 for Windows allow remote attackers to execute arbitrary code via crafted TCP packets to port 41025.,2008-05-29 16:32:00.000,Metasploit
CVE-2008-2161,0.0,0.63764,"Buffer overflow in TFTP Server SP 1.4 and 1.5 on Windows, and possibly other versions, allows remote attackers to execute arbitrary code via a long TFTP error packet.  NOTE: some of these details are obtained from third party information.",2008-05-12 22:20:00.000,Metasploit
CVE-2008-2240,0.0,0.97045,"Stack-based buffer overflow in the Web Server service in IBM Lotus Domino before 7.0.3 FP1, and 8.x before 8.0.1, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long Accept-Language HTTP header.",2008-05-22 13:09:00.000,EPSS/Metasploit
CVE-2008-2245,0.0,0.95859,"Heap-based buffer overflow in the InternalOpenColorProfile function in mscms.dll in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted image file.",2008-08-13 00:41:00.000,EPSS
CVE-2008-2247,0.0,0.96443,"Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified e-mail fields, a different vulnerability than CVE-2008-2248.",2008-07-08 23:41:00.000,EPSS
CVE-2008-2248,0.0,0.96686,"Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified HTML, a different vulnerability than CVE-2008-2247.",2008-07-08 23:41:00.000,EPSS
CVE-2008-2281,0.0,0.95822,"Cross-zone scripting vulnerability in the Print Table of Links feature in Internet Explorer 6.0, 7.0, and 8.0b allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via an HTML document with a link containing JavaScript sequences, which are evaluated by a resource script when a user prints this document.",2008-05-18 14:20:00.000,EPSS
CVE-2008-2286,0.0,0.32136,SQL injection vulnerability in axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows remote attackers to execute arbitrary SQL commands via unspecified string fields in a notification packet.,2008-05-18 14:20:00.000,Metasploit
CVE-2008-2398,0.0,0.00329,Cross-site scripting (XSS) vulnerability in index.php in AppServ Open Project 2.5.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the appservlang parameter.,2008-05-21 13:24:00.000,Nuclei
CVE-2008-2439,0.0,0.0183,"Directory traversal vulnerability in the UpdateAgent function in TmListen.exe in the OfficeScanNT Listener service in the client in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1372, OfficeScan 8.0 SP1 before build 1222, OfficeScan 8.0 SP1 Patch 1 before build 3087, and Worry-Free Business Security 5.0 before build 1220 allows remote attackers to read arbitrary files via directory traversal sequences in an HTTP request.  NOTE: some of these details are obtained from third party information.",2008-10-03 15:07:10.633,Metasploit
CVE-2008-2463,0.0,0.97123,"The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message, probably involving use of the SnapshotPath and CompressedPath properties and the PrintSnapshot method. NOTE: this can be leveraged for code execution by writing to a Startup folder.",2008-07-07 23:41:00.000,EPSS/Metasploit
CVE-2008-2499,0.0,0.96806,"Stack-based buffer overflow in the Community Services Multiplexer (aka MUX or StMux.exe) in IBM Lotus Sametime 7.5.1 CF1 and earlier, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code via a crafted URL.",2008-05-29 16:32:00.000,EPSS/Metasploit
CVE-2008-2551,0.0,0.95679,"The DownloaderActiveX Control (DownloaderActiveX.ocx) in Icona SpA C6 Messenger 1.0.0.1 allows remote attackers to force the download and execution of arbitrary files via a URL in the propDownloadUrl parameter with the propPostDownloadAction parameter set to ""run.""",2008-06-04 23:32:00.000,EPSS/Metasploit
CVE-2008-2639,0.0,0.82197,"Stack-based buffer overflow in the ODBC server service in Citect CitectSCADA 6 and 7, and CitectFacilities 7, allows remote attackers to execute arbitrary code via a long string in the second application packet in a TCP session on port 20222.",2008-06-16 18:41:00.000,Metasploit
CVE-2008-2650,0.0,0.06344,"Directory traversal vulnerability in cmsimple/cms.php in CMSimple 3.1, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php.  NOTE: this can be leveraged for remote file execution by including adm.php and then invoking the upload action. NOTE: on 20080601, the vendor patched 3.1 without changing the version number.",2008-06-10 18:32:00.000,Nuclei
CVE-2008-2683,0.0,0.84404,"The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black Ice Barcode SDK 5.01 allows remote attackers to force the download and storage of arbitrary files by specifying the origin URL in the first argument to the DownloadImageFileURL method, and the local filename in the second argument.  NOTE: some of these details are obtained from third party information.",2008-06-12 12:21:00.000,Metasploit
CVE-2008-2703,0.0,0.88146,"Multiple stack-based buffer overflows in Novell GroupWise Messenger (GWIM) Client before 2.0.3 HP1 for Windows allow remote attackers to execute arbitrary code via ""spoofed server responses"" that contain a long string after the NM_A_SZ_TRANSACTION_ID field name.",2008-06-13 19:41:00.000,Metasploit
CVE-2008-2789,0.0,0.01202,SQL injection vulnerability in pages/index.php in BASIC-CMS allows remote attackers to execute arbitrary SQL commands via the page_id parameter.,2008-06-20 11:48:00.000,Metasploit
CVE-2008-2905,0.0,0.28525,"PHP remote file inclusion vulnerability in includes/Cache/Lite/Output.php in the Cache_Lite package in Mambo 4.6.4 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.",2008-06-30 18:24:00.000,Metasploit
CVE-2008-2908,0.0,0.41034,"Multiple stack-based buffer overflows in a certain ActiveX control in ienipp.ocx in Novell iPrint Client for Windows before 4.36 allow remote attackers to execute arbitrary code via a long value of the (1) operation, (2) printer-url, or (3) target-frame parameter.  NOTE: some of these details are obtained from third party information.",2008-06-30 18:24:00.000,Metasploit
CVE-2008-2938,0.0,0.97094,"Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370.  NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.",2008-08-13 00:41:00.000,EPSS
CVE-2008-2992,0.0,0.97176,"Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104.",2008-11-04 18:29:47.667,EPSS/CISA
CVE-2008-3004,0.0,0.96068,"Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3; Office Excel Viewer 2003; and Office 2004 and 2008 for Mac do not properly validate index values for AxesSet records when loading Excel files, which allows remote attackers to execute arbitrary code via a crafted Excel file, aka the ""Excel Indexing Validation Vulnerability.""",2008-08-12 23:41:00.000,EPSS
CVE-2008-3008,0.0,0.95736,"Stack-based buffer overflow in the WMEncProfileManager ActiveX control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows remote attackers to execute arbitrary code via a long first argument to the GetDetailsString method, aka ""Windows Media Encoder Buffer Overrun Vulnerability.""",2008-09-11 01:11:47.057,EPSS/Metasploit
CVE-2008-3066,0.0,0.95635,"Stack-based buffer overflow in a certain ActiveX control in rjbdll.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, and RealPlayer 10.5 before build 6.0.12.1675 allows remote attackers to execute arbitrary code by importing a file into a media library and then deleting this file.",2008-07-28 17:41:00.000,EPSS
CVE-2008-3158,0.0,0.00084,"Unspecified vulnerability in NWFS.SYS in Novell Client for Windows 4.91 SP4 has unknown impact and attack vectors, possibly related to IOCTL requests that overwrite arbitrary memory.",2008-07-11 22:41:00.000,Metasploit
CVE-2008-3257,0.0,0.94038,"Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after ""POST /.jsp"" in an HTTP request.",2008-07-22 16:41:00.000,Metasploit
CVE-2008-3263,0.0,0.9659,"The IAX2 protocol implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (call-number exhaustion and CPU consumption) by quickly sending a large number of IAX2 (IAX) POKE requests.",2008-07-22 23:41:00.000,EPSS
CVE-2008-3431,0.0,0.00043,"The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to gain privileges by opening the \\.\VBoxDrv device and calling DeviceIoControl to send a crafted kernel address.",2008-08-05 19:41:00.000,CISA
CVE-2008-3466,0.0,0.96939,"Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka ""HIS Command Execution Vulnerability.""",2008-10-15 00:12:15.740,EPSS/Metasploit
CVE-2008-3473,0.0,0.95593,"Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, and execute arbitrary code or obtain sensitive information, via a crafted HTML document, aka ""Event Handling Cross-Domain Vulnerability.""",2008-10-15 00:12:15.803,EPSS
CVE-2008-3475,8.8,0.96556,"Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been (1) incorrectly initialized or (2) deleted, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka ""Uninitialized Memory Corruption Vulnerability.""",2008-10-15 00:12:15.833,EPSS
CVE-2008-3476,0.0,0.95856,"Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle errors associated with access to uninitialized memory, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka ""HTML Objects Memory Corruption Vulnerability.""",2008-10-15 00:12:15.863,EPSS
CVE-2008-3558,0.0,0.92462,Stack-based buffer overflow in the WebexUCFObject ActiveX control in atucfobj.dll in Cisco WebEx Meeting Manager before 20.2008.2606.4919 allows remote attackers to execute arbitrary code via a long argument to the NewObject method.,2008-08-08 19:41:00.000,Metasploit
CVE-2008-3656,0.0,0.13074,"Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.split_header_value function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted HTTP request that is processed by a backtracking regular expression.",2008-08-13 01:41:00.000,Metasploit
CVE-2008-3704,0.0,0.96339,"Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not ""validating property values with boundary checks,"" as exploited in the wild in August 2008, aka ""Masked Edit Control Memory Corruption Vulnerability.""",2008-08-18 19:41:00.000,EPSS/Metasploit
CVE-2008-3878,0.0,0.90038,"Stack-based buffer overflow in the Ultra.OfficeControl ActiveX control in OfficeCtrl.ocx 2.0.2008.801 in Ultra Shareware Ultra Office Control allows remote attackers to execute arbitrary code via long strUrl, strFile, and strPostData parameters to the HttpUpload method.",2008-09-02 15:41:00.000,Metasploit
CVE-2008-3922,0.0,0.96172,"awstatstotals.php in AWStats Totals 1.0 through 1.14 allows remote attackers to execute arbitrary code via PHP sequences in the sort parameter, which is used by the multisort function when dynamically creating an anonymous PHP function.",2008-09-04 18:41:00.000,EPSS/Metasploit
CVE-2008-3979,0.0,0.97078,Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 and 10.2.0.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.  NOTE: the previous information was obtained from the January 2009 CPU.  Oracle has not commented on reliable researcher claims that this issue is a SQL injection vulnerability that allows remote authenticated users to gain MDSYS privileges via the MDSYS.SDO_TOPO_DROP_FTBL trigger.,2009-01-14 01:30:00.453,EPSS/Metasploit
CVE-2008-3982,0.0,0.94448,"Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LT and WMSYS.LT, a different vulnerability than CVE-2008-3983 and CVE-2008-3984.",2008-10-14 21:11:11.020,Metasploit
CVE-2008-3983,0.0,0.95813,"Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LT and WMSYS.LT, a different vulnerability than CVE-2008-3982 and CVE-2008-3984.",2008-10-14 21:11:11.037,EPSS/Metasploit
CVE-2008-3984,0.0,0.95813,"Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LT and WMSYS.LT, a different vulnerability than CVE-2008-3982 and CVE-2008-3983.",2008-10-14 21:11:11.050,EPSS/Metasploit
CVE-2008-3995,0.0,0.15534,"Unspecified vulnerability in the Change Data Capture component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_CDC_PUBLISH.",2008-10-14 21:11:11.287,Metasploit
CVE-2008-3996,0.0,0.1018,"Unspecified vulnerability in the Change Data Capture component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.DBMS_CDC_IPUBLISH.",2008-10-14 21:11:11.300,Metasploit
CVE-2008-4008,0.0,0.96969,"Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.",2008-10-14 21:11:11.487,EPSS/Metasploit
CVE-2008-4037,0.0,0.11592,"Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka ""SMB Credential Reflection Vulnerability.""  NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834.",2008-11-12 23:30:02.807,Metasploit
CVE-2008-4065,0.0,0.96277,"Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via byte order mark (BOM) characters that are removed from JavaScript code before execution, aka ""Stripped BOM characters bug.""",2008-09-24 20:37:04.703,EPSS
CVE-2008-4066,0.0,0.95277,"Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via HTML-escaped low surrogate characters that are ignored by the HTML parser, as demonstrated by a ""jav&#56325ascript"" sequence, aka ""HTML escaped low surrogates bug.""",2008-09-24 20:37:04.737,EPSS
CVE-2008-4114,0.0,0.11136,"srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, related to ""insufficiently validating the buffer size,"" as demonstrated by a request to the \PIPE\lsarpc named pipe, aka ""SMB Validation Denial of Service Vulnerability.""",2008-09-16 23:00:01.430,Metasploit
CVE-2008-4193,0.0,0.84127,Stack-based buffer overflow in SecurityGateway.dll in Alt-N Technologies SecurityGateway 1.0.1 allows remote attackers to execute arbitrary code via a long username parameter.,2008-09-24 11:42:25.297,Metasploit
CVE-2008-4250,0.0,0.97476,"The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka ""Server Service Vulnerability.""",2008-10-23 22:00:01.357,EPSS/Metasploit
CVE-2008-4254,0.0,0.96537,"Multiple integer overflows in the Hierarchical FlexGrid ActiveX control (mshflxgd.ocx) in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allow remote attackers to execute arbitrary code via crafted (1) Rows and (2) Cols properties to the (a) ExpandAll and (b) CollapseAll methods, related to access of incorrectly initialized objects and corruption of the ""system state,"" aka ""Hierarchical FlexGrid Control Memory Corruption Vulnerability.""",2008-12-10 14:00:00.957,EPSS
CVE-2008-4255,0.0,0.96622,"Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an ""allocation error"" and memory corruption, aka ""Windows Common AVI Parsing Overflow Vulnerability.""",2008-12-10 14:00:00.970,EPSS
CVE-2008-4258,0.0,0.96051,"Microsoft Internet Explorer 5.01 SP4 and 6 SP1 does not properly validate parameters during calls to navigation methods, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka ""Parameter Validation Memory Corruption Vulnerability.""",2008-12-10 14:00:01.017,EPSS
CVE-2008-4259,0.0,0.95998,"Microsoft Internet Explorer 7 sometimes attempts to access uninitialized memory locations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, related to a WebDAV request for a file with a long name, aka ""HTML Objects Memory Corruption Vulnerability.""",2008-12-10 14:00:01.033,EPSS
CVE-2008-4265,0.0,0.95268,"Microsoft Office Excel 2000 SP3 allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed object, which triggers memory corruption during the loading of records from this spreadsheet, aka ""File Format Parsing Vulnerability.""",2008-12-10 14:00:01.097,EPSS
CVE-2008-4322,0.0,0.3027,"Stack-based buffer overflow in RealFlex Technologies Ltd. RealWin Server 2.0, as distributed by DATAC, allows remote attackers to execute arbitrary code via a crafted FC_INFOTAG/SET_CONTROL packet.",2008-09-29 19:25:59.353,Metasploit
CVE-2008-4384,0.0,0.6114,"Multiple stack-based buffer overflows in MGI Software LPViewer ActiveX control (LPControl.dll), as acquired by Roxio and iseemedia, allow remote attackers to execute arbitrary code via the (1) url, (2) toolbar, and (3) enableZoomPastMax methods.",2008-10-07 20:00:17.280,Metasploit
CVE-2008-4385,0.0,0.72952,"Husdawg, LLC Systems Requirements Lab 3, as used by Instant Expert Analysis, allows remote attackers to force the download and execution of arbitrary programs via by specifiying a malicious website argument to the Init method in (1) a certain ActiveX control (sysreqlab2.cab, sysreqlab.dll, sysreqlabsli.dll, or sysreqlab2.dll) and (2) a certain Java applet in RLApplet.class in sysreqlab2.jar or sysreqlab.jar.",2008-10-14 21:10:35.643,Metasploit
CVE-2008-4388,0.0,0.93687,"The LaunchObj ActiveX control before 5.2.2.865 in launcher.dll in Symantec AppStream Client 5.2.x before 5.2.2 SP3 MP1 does not properly validate downloaded files, which allows remote attackers to execute arbitrary code via the installAppMgr method and unspecified other methods.",2009-01-20 16:30:00.313,Metasploit
CVE-2008-4397,0.0,0.89146,Directory traversal vulnerability in the RPC interface (asdbapi.dll) in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to execute arbitrary commands via a .. (dot dot) in an RPC call with opnum 0x10A.,2008-10-14 21:10:35.677,Metasploit
CVE-2008-4449,0.0,0.83194,Stack-based buffer overflow in mIRC 6.34 allows remote attackers to execute arbitrary code via a long hostname in a PRIVMSG message.,2008-10-06 19:56:53.003,Metasploit
CVE-2008-4556,0.0,0.80922,Stack-based buffer overflow in the adm_build_path function in sadmind in Sun Solstice AdminSuite on Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted request.,2008-10-14 22:36:58.633,Metasploit
CVE-2008-4572,0.0,0.4191,"GuildFTPd 0.999.14, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long arguments to the CWD and LIST commands, which triggers heap corruption related to an improper free call, and possibly triggering a heap-based buffer overflow.",2008-10-15 20:00:03.817,Metasploit
CVE-2008-4654,0.0,0.7535,Stack-based buffer overflow in the parse_master function in the Ty demux plugin (modules/demux/ty.c) in VLC Media Player 0.9.0 through 0.9.4 allows remote attackers to execute arbitrary code via a TiVo TY media file with a header containing a crafted size value.,2008-10-22 00:11:51.147,Metasploit
CVE-2008-4668,0.0,0.01018,Directory traversal vulnerability in the Image Browser (com_imagebrowser) 0.1.5 component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder parameter to index.php.,2008-10-22 10:30:01.240,Nuclei
CVE-2008-4687,0.0,0.96409,"manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP sequences, which are processed by create_function within the multi_sort function in core/utility_api.php.",2008-10-22 18:00:01.207,EPSS/Metasploit
CVE-2008-4696,0.0,0.8561,"Cross-site scripting (XSS) vulnerability in Opera.dll in Opera before 9.61 allows remote attackers to inject arbitrary web script or HTML via the anchor identifier (aka the ""optional fragment""), which is not properly escaped before storage in the History Search database (aka md.dat).",2008-10-23 22:00:01.433,Metasploit
CVE-2008-4764,0.0,0.02135,Directory traversal vulnerability in the eXtplorer module (com_extplorer) 2.0.0 RC2 and earlier in Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action.,2008-10-28 02:03:38.003,Nuclei
CVE-2008-4779,0.0,0.4191,Stack-based buffer overflow in TUGzip 3.5.0.0 allows remote attackers to denial of service (crash) or execute arbitrary code via a long filename in a .zip file.,2008-10-29 14:22:38.383,Metasploit
CVE-2008-4828,0.0,0.95356,"Multiple stack-based buffer overflows in dsmagent.exe in the Remote Agent Service in the IBM Tivoli Storage Manager (TSM) client 5.1.0.0 through 5.1.8.2, 5.2.0.0 through 5.2.5.3, 5.3.0.0 through 5.3.6.4, and 5.4.0.0 through 5.4.1.96, and the TSM Express client 5.3.3.0 through 5.3.6.4, allow remote attackers to execute arbitrary code via (1) a request packet that is not properly parsed by an unspecified ""generic string handling function"" or (2) a crafted NodeName in a dicuGetIdentifyRequest request packet, related to the (a) Web GUI and (b) Java GUI.",2009-05-05 17:30:00.187,EPSS/Metasploit
CVE-2008-4830,0.0,0.34447,Insecure method vulnerability in the KWEdit ActiveX control in SAP GUI 6.40 Patch 29 (KWEDIT.DLL 6400.1.1.41) and 7.10 Patch 5 (KWEDIT.DLL 7100.1.1.43) allows remote attackers to (1) overwrite arbitrary files via the SaveDocumentAs method or (2) read or execute arbitrary files via the OpenDocument method.,2009-04-16 15:12:57.297,Metasploit
CVE-2008-4844,0.0,0.97305,"Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via DSO bindings involving (1) an XML Island, (2) XML DSOs, or (3) Tabular Data Control (TDC) in a crafted HTML or XML document, as demonstrated by nested SPAN or MARQUEE elements, and exploited in the wild in December 2008.",2008-12-11 15:30:00.393,EPSS/Metasploit
CVE-2008-4922,0.0,0.66897,"Buffer overflow in the DjVu ActiveX Control 3.0 for Microsoft Office (DjVu_ActiveX_MSOffice.dll) allows remote attackers to execute arbitrary code via a long (1) ImageURL property, and possibly the (2) Mode, (3) Page, or (4) Zoom properties.",2008-11-04 21:00:05.720,Metasploit
CVE-2008-5002,0.0,0.76734,Insecure method vulnerability in the ChilkatCrypt2.ChilkatCrypt2.1 ActiveX control (ChilkatCrypt2.dll 4.3.2.1) in Chilkat Crypt ActiveX Component allows remote attackers to create and overwrite arbitrary files via the WriteFile method.  NOTE: this could be leveraged for code execution by creating executable files in Startup folders or by accessing files using hcp:// URLs.  NOTE: some of these details are obtained from third party information.,2008-11-10 14:12:56.047,Metasploit
CVE-2008-5036,0.0,0.97013,"Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before 0.9.6 might allow user-assisted attackers to execute arbitrary code via an an invalid RealText (rt) subtitle file, related to the ParseRealText function in modules/demux/subtitle.c.  NOTE: this issue was SPLIT from CVE-2008-5032 on 20081110.",2008-11-10 22:18:34.490,EPSS/Metasploit
CVE-2008-5081,0.0,0.95378,"The originates_from_local_legacy_unicast_socket function (avahi-core/server.c) in avahi-daemon in Avahi before 0.6.24 allows remote attackers to cause a denial of service (crash) via a crafted mDNS packet with a source port of 0, which triggers an assertion failure.",2008-12-17 02:30:00.187,EPSS/Metasploit
CVE-2008-5159,0.0,0.55994,"Integer overflow in the remote administration protocol processing in Client Software WinCom LPD Total 3.0.2.623 and earlier allows remote attackers to cause a denial of service (crash) via a large string length argument, which triggers memory corruption.",2008-11-18 21:30:00.627,Metasploit
CVE-2008-5161,0.0,0.12268,"Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors.",2008-11-19 17:30:00.670,Metasploit
CVE-2008-5191,0.0,0.02002,Multiple SQL injection vulnerabilities in SePortal 2.4 allow remote attackers to execute arbitrary SQL commands via the (1) poll_id parameter to poll.php and the (2) sp_id parameter to staticpages.php.,2008-11-21 17:30:00.437,Metasploit
CVE-2008-5353,0.0,0.97074,"The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not properly enforce context of ZoneInfo objects during deserialization, which allows remote attackers to run untrusted applets and applications in a privileged context, as demonstrated by ""deserializing Calendar objects"".",2008-12-05 11:30:00.533,EPSS/Metasploit
CVE-2008-5405,0.0,0.82866,"Stack-based buffer overflow in the RDP protocol password decoder in Cain & Abel 4.9.23 and 4.9.24, and possibly earlier, allows remote attackers to execute arbitrary code via an RDP file containing a long string.",2008-12-10 06:44:42.173,Metasploit
CVE-2008-5416,0.0,0.96829,"Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier; SQL Server 2000 Desktop Engine (MSDE 2000) SP4; SQL Server 2005 SP2 and 9.00.1399.06; SQL Server 2000 Desktop Engine (WMSDE) on Windows Server 2003 SP1 and SP2; and Windows Internal Database (WYukon) SP2 allows remote authenticated users to cause a denial of service (access violation exception) or execute arbitrary code by calling the sp_replwritetovarbin extended stored procedure with a set of invalid parameters that trigger memory overwrite, aka ""SQL Server sp_replwritetovarbin Limited Memory Overwrite Vulnerability.""",2008-12-10 14:00:01.207,EPSS
CVE-2008-5444,0.0,0.93369,"Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2008-5448 and CVE-2008-5449.",2009-01-14 01:30:00.717,Metasploit
CVE-2008-5448,0.0,0.97483,"Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2008-5444 and CVE-2008-5449.",2009-01-14 01:30:00.733,EPSS/Metasploit
CVE-2008-5457,0.0,0.96815,"Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.",2009-01-14 02:30:00.563,EPSS/Metasploit
CVE-2008-5492,0.0,0.89526,Heap-based buffer overflow in the PDFVIEW.PdfviewCtrl.1 ActiveX control in pdfview.ocx 2.0.0.1 in VeryDOC PDF Viewer OCX Control allows remote attackers to execute arbitrary code via a long first argument to the OpenPDF method.  NOTE: some of these details are obtained from third party information.,2008-12-12 16:30:00.813,Metasploit
CVE-2008-5499,0.0,0.96724,"Unspecified vulnerability in Adobe Flash Player for Linux 10.0.12.36, and 9.0.151.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file.",2008-12-18 00:30:00.187,EPSS/Metasploit
CVE-2008-5587,0.0,0.02331,"Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the _language parameter to index.php.",2008-12-16 19:07:31.843,Nuclei
CVE-2008-5626,0.0,0.95709,"XM Easy Personal FTP Server 5.6.0 allows remote authenticated users to cause a denial of service via a crafted argument to the NLST command, as demonstrated by a -1 argument.",2008-12-17 17:30:00.500,EPSS
CVE-2008-5664,0.0,0.89826,"Stack-based buffer overflow in Realtek Media Player (aka Realtek Sound Manager, RtlRack, or rtlrack.exe) 1.15.0.0 allows remote attackers to execute arbitrary code via a crafted playlist (PLA) file.",2008-12-19 01:52:02.437,Metasploit
CVE-2008-5666,0.0,0.11344,"WinFTP FTP Server 2.3.0, when passive (aka PASV) mode is used, allows remote authenticated users to cause a denial of service via a sequence of FTP sessions that include an invalid ""NLST -1"" command.",2008-12-19 01:52:02.483,Metasploit
CVE-2008-5711,0.0,0.30561,Heap-based buffer overflow in the Facebook PhotoUploader ActiveX control 5.0.14.0 and earlier allows remote attackers to execute arbitrary code via a long FileMask property value.,2008-12-24 18:29:15.827,Metasploit
CVE-2008-6080,0.0,0.03314,Directory traversal vulnerability in download.php in the ionFiles (com_ionfiles) 4.4.2 component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.,2009-02-06 11:30:00.377,Nuclei
CVE-2008-6082,0.0,0.86614,Titan FTP Server 6.26 build 630 allows remote attackers to cause a denial of service (CPU consumption) via the SITE WHO command.,2009-02-06 11:30:00.407,Metasploit
CVE-2008-6132,0.0,0.82801,"Eval injection vulnerability in reserve.php in phpScheduleIt 1.2.10 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via the start_date parameter.",2009-02-13 18:30:04.670,Metasploit
CVE-2008-6172,0.0,0.00509,"Directory traversal vulnerability in captcha/captcha_image.php in the RWCards (com_rwcards) 3.0.11 component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the img parameter.",2009-02-19 16:30:00.407,Nuclei
CVE-2008-6222,0.0,0.01302,Directory traversal vulnerability in the Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php.,2009-02-20 21:30:01.517,Nuclei
CVE-2008-6465,0.0,0.00421,"Multiple cross-site scripting (XSS) vulnerabilities in login.php in webshell4 in Parallels H-Sphere 3.0.0 P9 and 3.1 P1 allow remote attackers to inject arbitrary web script or HTML via the (1) err, (2) errorcode, and (3) login parameters.",2009-03-13 10:30:00.577,Nuclei
CVE-2008-6505,0.0,0.96606,"Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.",2009-03-23 14:19:12.453,EPSS
CVE-2008-6508,0.0,0.66546,"Directory traversal vulnerability in the AuthCheck filter in the Admin Console in Openfire 3.6.0a and earlier allows remote attackers to bypass authentication and access the admin interface via a .. (dot dot) in a URI that matches the Exclude-Strings list, as demonstrated by a /setup/setup-/.. sequence in a URI.",2009-03-23 20:00:00.203,Metasploit
CVE-2008-6668,0.0,0.00359,Multiple directory traversal vulnerabilities in nweb2fax 0.2.7 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) id parameter to comm.php and (2) var_filename parameter to viewrq.php.,2009-04-08 10:30:00.280,Nuclei
CVE-2008-6825,0.0,0.09701,Directory traversal vulnerability in user/index.php in Fonality trixbox CE 2.6.1 and earlier allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the langChoice parameter.,2009-06-05 21:30:00.187,Metasploit
CVE-2008-6829,0.0,0.00414,"VicFTPS 5.0 allows remote attackers to cause a denial of service (crash) via a LIST command that starts with a ""/\/"" (forward slash, backward slash, forward slash).  NOTE: this might be the same issue as CVE-2008-2031.",2009-06-08 19:30:00.250,Metasploit
CVE-2008-6898,0.0,0.82837,Buffer overflow in the XHTTP Module 4.1.0.0 in the ActiveX control for SaschArt SasCam Webcam Server 2.6.5 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long argument to the Get method and other unspecified methods.,2009-08-05 22:30:00.407,Metasploit
CVE-2008-6938,0.0,0.05269,"Pi3Web 2.0.3 before PL2, when installed on Windows as a desktop application and without using the Pi3Web/Conf/Intenet.pi3, allows remote attackers to cause a denial of service (crash or hang) and obtain the full pathname of the server via a request to a file in the ISAPI directory that is not an executable DLL, which triggers the crash when the DLL load fails, as demonstrated using Isapi\users.txt.",2009-08-11 21:00:00.610,Metasploit
CVE-2008-6982,0.0,0.0038,Cross-site scripting (XSS) vulnerability in index.php in devalcms 1.4a allows remote attackers to inject arbitrary web script or HTML via the currentpath parameter.,2009-08-19 05:24:52.360,Nuclei
CVE-2008-7232,0.0,0.50522,Buffer overflow in the report function in xtacacsd 4.1.2 and earlier allows remote attackers to execute arbitrary code via a crafted CONNECT TACACS command.,2009-09-14 14:30:00.500,Metasploit
CVE-2008-7269,0.0,0.01544,Open redirect vulnerability in api.php in SiteEngine 5.x allows user-assisted remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the forward parameter in a logout action.,2010-12-01 16:06:12.770,Nuclei
CVE-2009-0075,0.0,0.97393,"Microsoft Internet Explorer 7 does not properly handle errors during attempted access to deleted objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to CFunctionPointer and the appending of document objects, aka ""Uninitialized Memory Corruption Vulnerability.""",2009-02-10 22:30:00.250,EPSS/Metasploit
CVE-2009-0093,0.0,0.97049,"Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not restrict registration of the ""wpad"" hostname, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) feature, and conduct man-in-the-middle attacks by spoofing a proxy server, via a Dynamic Update request for this hostname, aka ""DNS Server Vulnerability in WPAD Registration Vulnerability,"" a related issue to CVE-2007-1692.",2009-03-11 14:19:15.233,EPSS
CVE-2009-0094,0.0,0.96903,"The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 does not restrict registration of the (1) ""wpad"" and (2) ""isatap"" NetBIOS names, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) features, and conduct man-in-the-middle attacks by spoofing a proxy server or ISATAP route, by registering one of these names in the WINS database, aka ""WPAD WINS Server Registration Vulnerability,"" a related issue to CVE-2007-1692.",2009-03-11 14:19:15.250,EPSS
CVE-2009-0133,0.0,0.05157,"Buffer overflow in Microsoft HTML Help Workshop 4.74 and earlier allows context-dependent attackers to execute arbitrary code via a .hhp file with a long ""Index file"" field, possibly a related issue to CVE-2006-0564.",2009-01-15 17:30:00.703,Metasploit
CVE-2009-0183,0.0,0.77953,Stack-based buffer overflow in Remote Control Server in Free Download Manager (FDM) 2.5 Build 758 and 3.0 Build 844 allows remote attackers to execute arbitrary code via a long Authorization header in an HTTP request.,2009-02-03 19:30:00.250,Metasploit
CVE-2009-0184,0.0,0.67177,"Multiple buffer overflows in the torrent parsing implementation in Free Download Manager (FDM) 2.5 Build 758 and 3.0 Build 844 allow remote attackers to execute arbitrary code via (1) a long file name within a torrent file, (2) a long tracker URL in a torrent file, or (3) a long comment in a torrent file.",2009-02-03 19:30:00.297,Metasploit
CVE-2009-0187,0.0,0.95696,"Stack-based buffer overflow in Orbit Downloader 2.8.2 and 2.8.3, and possibly other versions before 2.8.5, allows remote attackers to execute arbitrary code via a crafted HTTP URL with a long host name, which is not properly handled when constructing a ""Connecting"" log message.",2009-02-26 16:17:19.827,EPSS/Metasploit
CVE-2009-0215,0.0,0.92995,"Stack-based buffer overflow in the GetXMLValue method in the IBM Access Support ActiveX control in IbmEgath.dll, as distributed on IBM and Lenovo computers, allows remote attackers to execute arbitrary code via unspecified vectors.",2009-03-25 15:30:00.217,Metasploit
CVE-2009-0217,0.0,0.97281,"The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.",2009-07-14 23:30:00.187,EPSS
CVE-2009-0255,7.5,0.02415,"The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key.",2009-01-22 23:30:00.203,Metasploit
CVE-2009-0323,0.0,0.95159,"Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0 and 11.0 allow remote attackers to execute arbitrary code via (1) a long type parameter in an input tag, which is not properly handled by the EndOfXmlAttributeValue function; (2) an ""HTML GI"" in a start tag, which is not properly handled by the ProcessStartGI function; and unspecified vectors in (3) html2thot.c and (4) xml2thot.c, related to the msgBuffer variable.  NOTE: these are different vectors than CVE-2008-6005.",2009-01-28 20:30:03.920,EPSS/Metasploit
CVE-2009-0347,0.0,0.10607,Open redirect vulnerability in cs.html in the Autonomy (formerly Verity) Ultraseek search engine allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter.,2009-01-29 19:30:00.377,Nuclei
CVE-2009-0376,0.0,0.95734,"Heap-based buffer overflow in a DLL file in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a crafted Internet Video Recording (IVR) file with a modified field that controls an unspecified structure length and triggers heap corruption, related to use of RealPlayer through a Windows Explorer plugin.",2009-02-08 21:30:09.813,EPSS
CVE-2009-0478,0.0,0.95142,"Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in (1) HttpMsg.c and (2) HttpStatusLine.c.",2009-02-08 22:30:00.360,EPSS
CVE-2009-0545,0.0,0.97081,cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the type parameter in a NoAuthREQ x509List action.,2009-02-12 23:30:01.170,EPSS/Metasploit/Nuclei
CVE-2009-0546,0.0,0.86015,Stack-based buffer overflow in NewsGator FeedDemon 2.7 and earlier allows user-assisted remote attackers to execute arbitrary code via a long text attribute in an outline element in a .opml file.,2009-02-12 23:30:01.187,Metasploit
CVE-2009-0553,0.0,0.96233,"Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka ""Uninitialized Memory Corruption Vulnerability.""",2009-04-15 08:00:00.670,EPSS
CVE-2009-0556,0.0,0.95005,"Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka ""Memory Corruption Vulnerability.""",2009-04-03 18:30:00.610,EPSS
CVE-2009-0557,0.0,0.96545,"Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka ""Object Record Corruption Vulnerability.""",2009-06-10 18:30:00.203,EPSS/CISA
CVE-2009-0559,0.0,0.96581,"Stack-based buffer overflow in Excel in Microsoft Office 2000 SP3 and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka ""String Copy Stack-Based Overrun Vulnerability.""",2009-06-10 18:30:00.250,EPSS
CVE-2009-0560,0.0,0.95521,"Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka ""Field Sanitization Memory Corruption Vulnerability.""",2009-06-10 18:30:00.267,EPSS
CVE-2009-0563,0.0,0.73349,"Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; Microsoft Office Word Viewer 2003 SP3; Microsoft Office Word Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a Word document with a crafted tag containing an invalid length field, aka ""Word Buffer Overflow Vulnerability.""",2009-06-10 18:00:00.313,CISA
CVE-2009-0580,0.0,0.97121,"Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.",2009-06-05 16:00:00.233,EPSS/Metasploit
CVE-2009-0658,7.8,0.97208,"Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by Trojan.Pidief.E.",2009-02-20 19:30:00.390,EPSS
CVE-2009-0689,0.0,0.96997,"Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.",2009-07-01 13:00:01.360,EPSS
CVE-2009-0695,0.0,0.74149,"hagent.exe in Wyse Device Manager (WDM) 4.7.x does not require authentication for commands, which allows remote attackers to obtain management access via a crafted query, as demonstrated by a V52 query that triggers a power-off action.",2012-06-19 20:55:02.630,Metasploit
CVE-2009-0696,0.0,0.96503,"The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009.",2009-07-29 17:30:00.920,EPSS
CVE-2009-0815,0.0,0.18391,"The jumpUrl mechanism in class.tslib_fe.php in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 leaks a hash secret (juHash) in an error message, which allows remote attackers to read arbitrary files by including the hash in a request.",2009-03-05 02:30:00.563,Metasploit
CVE-2009-0836,0.0,0.06735,"Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506, including 1120 and 1301, does not require user confirmation before performing dangerous actions defined in a PDF file, which allows remote attackers to execute arbitrary programs and have unspecified other impact via a crafted file, as demonstrated by the ""Open/Execute a file"" action.",2009-03-10 20:30:06.577,Metasploit
CVE-2009-0837,0.0,0.58123,"Stack-based buffer overflow in Foxit Reader 3.0 before Build 1506, including 1120 and 1301, allows remote attackers to execute arbitrary code via a long (1) relative path or (2) absolute path in the filename argument in an action, as demonstrated by the ""Open/Execute a file"" action.",2009-03-10 20:30:06.593,Metasploit
CVE-2009-0880,0.0,0.33045,Directory traversal vulnerability in the CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to load and execute arbitrary local DLL code via a .. (dot dot) in a /CIMListener/ URI in an M-POST request.,2009-03-12 15:20:49.983,Metasploit
CVE-2009-0920,0.0,0.59139,"Stack-based buffer overflow in OvCgi/Toolbar.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long OvOSLocale cookie, a variant of CVE-2008-0067.",2009-03-25 01:30:00.500,Metasploit
CVE-2009-0927,0.0,0.97463,"Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerability than CVE-2009-0658.",2009-03-19 10:30:00.420,EPSS/CISA
CVE-2009-0932,0.0,0.04048,Directory traversal vulnerability in framework/Image/Image.php in Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name.,2009-03-17 21:30:00.313,Nuclei
CVE-2009-0950,0.0,0.96597,Stack-based buffer overflow in Apple iTunes before 8.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an itms: URL with a long URL component after a colon.,2009-06-02 18:30:00.267,EPSS/Metasploit
CVE-2009-0978,0.0,0.8181,"Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-0975.",2009-04-15 10:30:00.420,Metasploit
CVE-2009-1028,0.0,0.73195,Stack-based buffer overflow in ediSys eZip Wizard 3.0 allows remote attackers to execute arbitrary code via a crafted .zip file.,2009-03-20 00:30:00.657,Metasploit
CVE-2009-1072,0.0,0.96586,"nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option.",2009-03-25 01:30:00.610,EPSS
CVE-2009-1123,0.0,0.00042,"The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application, aka ""Windows Kernel Desktop Vulnerability.""",2009-06-10 18:30:00.327,CISA
CVE-2009-1136,0.0,0.96794,"The Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11), as distributed in Office XP SP3 and Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 Gold and SP1, and Office Small Business Accounting 2006, when used in Internet Explorer, allows remote attackers to execute arbitrary code via a crafted call to the msDataSourceObject method, as exploited in the wild in July and August 2009, aka ""Office Web Components HTML Script Vulnerability.""",2009-07-15 15:30:01.360,EPSS/Metasploit
CVE-2009-1151,0.0,0.79939,Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.,2009-03-26 14:30:00.267,CISA/Metasploit/Nuclei
CVE-2009-1169,0.0,0.95984,The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox before 3.0.8 and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XML file with a crafted XSLT transform.,2009-03-27 00:30:00.280,EPSS
CVE-2009-1185,0.0,0.00046,"udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space.",2009-04-17 14:30:00.563,Metasploit
CVE-2009-1217,0.0,0.96499,"Off-by-one error in the GpFont::SetData function in gdiplus.dll in Microsoft GDI+ on Windows XP allows remote attackers to cause a denial of service (stack corruption and application termination) via a crafted EMF file that triggers an integer overflow, as demonstrated by voltage-exploit.emf, aka the ""Microsoft GdiPlus EMF GpFont.SetData integer overflow.""",2009-04-01 18:00:00.250,EPSS
CVE-2009-1252,0.0,0.96268,"Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field.",2009-05-19 19:30:00.670,EPSS
CVE-2009-1260,0.0,0.88186,Multiple stack-based buffer overflows in UltraISO 9.3.3.2685 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted (1) CCD or (2) IMG file.,2009-04-07 23:30:00.327,Metasploit
CVE-2009-1350,0.0,0.96516,"Unspecified vulnerability in xtagent.exe in Novell NetIdentity Client before 1.2.4 allows remote attackers to execute arbitrary code by establishing an IPC$ connection to the XTIERRPCPIPE named pipe, and sending RPC messages that trigger a dereference of an arbitrary pointer.",2009-04-21 16:24:52.280,EPSS/Metasploit
CVE-2009-1386,0.0,0.06513,ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.,2009-06-04 16:30:00.313,Metasploit
CVE-2009-1394,0.0,0.92926,Stack-based buffer overflow in Motorola Timbuktu Pro 8.6.5 on Windows allows remote attackers to execute arbitrary code by sending a long malformed string over the PlughNTCommand named pipe.,2009-06-26 18:30:00.780,Metasploit
CVE-2009-1429,0.0,0.97085,"The Intel LANDesk Common Base Agent (CBA) in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 before 9.0 MR7, 10.0 and 10.1 before 10.1 MR8, and 10.2 before 10.2 MR2; Symantec Client Security (SCS) 2 before 2.0 MR7 and 3 before 3.1 MR8; and Symantec Endpoint Protection (SEP) before 11.0 MR3, allows remote attackers to execute arbitrary commands via a crafted packet whose contents are interpreted as a command to be launched in a new process by the CreateProcessA function.",2009-04-29 15:30:00.217,EPSS/Metasploit
CVE-2009-1430,0.0,0.97169,"Multiple stack-based buffer overflows in IAO.EXE in the Intel Alert Originator Service in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 before 9.0 MR7, 10.0 and 10.1 before 10.1 MR8, and 10.2 before 10.2 MR2; Symantec Client Security (SCS) 2 before 2.0 MR7 and 3 before 3.1 MR8; and Symantec Endpoint Protection (SEP) before 11.0 MR3, allow remote attackers to execute arbitrary code via (1) a crafted packet or (2) data that ostensibly arrives from the MsgSys.exe process.",2009-04-29 15:30:00.250,EPSS/Metasploit
CVE-2009-1431,0.0,0.95188,"XFR.EXE in the Intel File Transfer service in the console in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 before 9.0 MR7, 10.0 and 10.1 before 10.1 MR8, and 10.2 before 10.2 MR2; Symantec Client Security (SCS) 2 before 2.0 MR7 and 3 before 3.1 MR8; and Symantec Endpoint Protection (SEP) before 11.0 MR3, allows remote attackers to execute arbitrary code by placing the code on a (1) share or (2) WebDAV server, and then sending the UNC share pathname to this service.",2009-04-29 15:30:00.267,EPSS
CVE-2009-1492,0.0,0.96156,"The getAnnots Doc method in the JavaScript API in Adobe Reader and Acrobat 9.1, 8.1.4, 7.1.1, and earlier allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that contains an annotation, and has an OpenAction entry with JavaScript code that calls this method with crafted integer arguments.",2009-04-30 20:30:00.657,EPSS
CVE-2009-1496,0.0,0.01134,Directory traversal vulnerability in the Cmi Marketplace (com_cmimarketplace) component 0.1 for Joomla! allows remote attackers to list arbitrary directories via a .. (dot dot) in the viewit parameter to index.php.,2009-05-01 16:30:00.233,Nuclei
CVE-2009-1534,0.0,0.94577,"Buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web Components SP3, BizTalk Server 2002, and Visual Studio .NET 2003 SP1 allows remote attackers to execute arbitrary code via crafted property values, aka ""Office Web Components Buffer Overflow Vulnerability.""",2009-08-12 17:30:00.483,Metasploit
CVE-2009-1535,0.0,0.95298,"The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as demonstrated by inserting %c0%af into a ""/protected/"" initial pathname component to bypass the password protection on the protected\ folder, aka ""IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability,"" a different vulnerability than CVE-2009-1122.",2009-06-10 14:30:00.170,EPSS
CVE-2009-1536,0.0,0.96838,"ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a series of crafted HTTP requests, aka ""Remote Unauthenticated Denial of Service in ASP.NET Vulnerability.""",2009-08-12 17:30:00.547,EPSS
CVE-2009-1546,0.0,0.95994,"Integer overflow in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows allows remote attackers to execute arbitrary code on a Windows 2000 SP4 system via a crafted AVI file, or cause a denial of service on a Windows XP SP2 or SP3, Server 2003 SP2, Vista Gold, SP1, or SP2, or Server 2008 Gold or SP2 system via a crafted AVI file, aka ""AVI Integer Overflow Vulnerability.""",2009-08-12 17:30:00.610,EPSS
CVE-2009-1547,0.0,0.95567,"Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream header that triggers memory corruption, aka ""Data Stream Header Corruption Vulnerability.""",2009-10-14 10:30:00.937,EPSS
CVE-2009-1558,0.0,0.02293,Directory traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote attackers to read arbitrary files via a %2e. (encoded dot dot) or an absolute pathname in the next_file parameter.,2009-05-06 16:30:00.627,Nuclei
CVE-2009-1568,0.0,0.94956,"Stack-based buffer overflow in ienipp.ocx in Novell iPrint Client 5.30, and possibly other versions before 5.32, allows remote attackers to execute arbitrary code via a long target-frame parameter.",2009-12-08 23:30:00.233,Metasploit
CVE-2009-1569,0.0,0.95412,"Multiple stack-based buffer overflows in Novell iPrint Client 4.38, 5.30, and possibly other versions before 5.32 allow remote attackers to execute arbitrary code via vectors related to (1) Date and (2) Time.",2009-12-08 23:30:00.280,EPSS/Metasploit
CVE-2009-1612,0.0,0.93551,"Stack-based buffer overflow in the MPS.StormPlayer.1 ActiveX control in mps.dll 3.9.4.27 in Baofeng Storm allows remote attackers to execute arbitrary code via a long argument to the OnBeforeVideoDownload method, as exploited in the wild in April and May 2009. NOTE: some of these details are obtained from third party information. NOTE: it was later reported that 3.09.04.17 and earlier are also affected.",2009-05-11 20:30:00.250,Metasploit
CVE-2009-1641,0.0,0.474,Multiple stack-based buffer overflows in Mini-stream Ripper 3.0.1.1 allow remote attackers to execute arbitrary code via (1) a long rtsp URL in a .ram file and (2) a long string in the HREF attribute of a REF element in a .asx file.,2009-05-15 15:30:00.313,Metasploit
CVE-2009-1831,0.0,0.94501,"The Nullsoft Modern Skins Support module (gen_ff.dll) in Nullsoft Winamp before 5.552 allows remote attackers to execute arbitrary code via a crafted MAKI file, which triggers an incorrect sign extension, an integer overflow, and a stack-based buffer overflow.",2009-05-29 22:30:00.280,Metasploit
CVE-2009-1862,0.0,0.38928,"Unspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.1.2, and Adobe Flash Player 9.x through 9.0.159.0 and 10.x through 10.0.22.87, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via (1) a crafted Flash application in a .pdf file or (2) a crafted .swf file, related to authplay.dll, as exploited in the wild in July 2009.",2009-07-23 20:30:00.233,CISA
CVE-2009-1872,0.0,0.32712,"Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion Server 8.0.1, 8, and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to (2) wizards/common/_logintowizard.cfm, (3) wizards/common/_authenticatewizarduser.cfm, or (4) administrator/enter.cfm.",2009-08-18 22:30:00.217,Nuclei
CVE-2009-1918,0.0,0.95449,"Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle table operations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption by adding malformed elements to an empty DIV element, related to the getElementsByTagName method, aka ""HTML Objects Memory Corruption Vulnerability.""",2009-07-29 17:30:01.170,EPSS
CVE-2009-1943,0.0,0.90766,Stack-based buffer overflow in the IKE service (ireIke.exe) in SafeNet SoftRemote before 10.8.6 allows remote attackers to execute arbitrary code via a long request to UDP port 62514.,2009-06-05 21:30:00.203,Metasploit
CVE-2009-1977,0.0,0.84818,"Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the July 2009 Oracle CPU. Oracle has not commented on claims from an independent researcher that this vulnerability allows attackers to bypass authentication via unknown vectors involving the username parameter and login.php.",2009-07-14 23:30:00.517,Metasploit
CVE-2009-1978,0.0,0.82185,"Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the July 2009 Oracle CPU. Oracle has not commented on claims from an independent researcher that this vulnerability allows remote authenticated users to execute arbitrary code with SYSTEM privileges via vectors involving property_box.php.",2009-07-14 23:30:00.530,Metasploit
CVE-2009-1979,0.0,0.96013,"Unspecified vulnerability in the Network Authentication component in Oracle Database 10.1.0.5 and 10.2.0.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.  NOTE: the previous information was obtained from the October 2009 CPU.  Oracle has not commented on claims from an independent researcher that this is related to improper validation of the AUTH_SESSKEY parameter length that leads to arbitrary code execution.",2009-10-22 18:30:00.390,EPSS/Metasploit
CVE-2009-2011,0.0,0.87918,"Worldweaver DX Studio Player 3.0.29.0, 3.0.22.0, 3.0.12.0, and probably other versions before 3.0.29.1, when used as a plug-in for Firefox, does not restrict access to the shell.execute JavaScript API method, which allows remote attackers to execute arbitrary commands via a .dxstudio file that invokes this method.",2009-06-16 21:00:00.390,Metasploit
CVE-2009-2015,0.0,0.01197,Directory traversal vulnerability in includes/file_includer.php in the Ideal MooFAQ (com_moofaq) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.,2009-06-09 19:30:00.250,Nuclei
CVE-2009-2055,0.0,0.00534,"Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service (session reset) via a BGP UPDATE message with an invalid attribute, as demonstrated in the wild on 17 August 2009.",2009-08-19 17:30:01.047,CISA
CVE-2009-2100,0.0,0.02365,Directory traversal vulnerability in the JoomlaPraise Projectfork (com_projectfork) component 2.0.10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php.,2009-06-17 17:30:00.467,Nuclei
CVE-2009-2227,0.0,0.92994,Stack-based buffer overflow in B Labs Bopup Communication Server 3.2.26.5460 allows remote attackers to execute arbitrary code via a crafted request to TCP port 19810.,2009-06-26 18:30:00.877,Metasploit
CVE-2009-2261,0.0,0.90658,"PeaZIP 2.6.1, 2.5.1, and earlier on Windows allows user-assisted remote attackers to execute arbitrary commands via a .zip archive with a .txt file whose name contains | (pipe) characters and a command.",2009-06-30 10:30:21.937,Metasploit
CVE-2009-2265,0.0,0.97162,"Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory.",2009-07-05 16:30:00.377,EPSS/Metasploit
CVE-2009-2288,0.0,0.96965,statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) ping or (2) Traceroute parameters.,2009-07-01 13:00:01.827,EPSS/Metasploit
CVE-2009-2335,0.0,0.96947,"WordPress and WordPress MU before 2.8.1 exhibit different behavior for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.  NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for ""user convenience.""",2009-07-10 21:00:00.203,EPSS/Metasploit
CVE-2009-2367,9.8,0.34557,"cgi-bin/makecgi-pro in Iomega StorCenter Pro generates predictable session IDs, which allows remote attackers to hijack active sessions and gain privileges via brute force guessing attacks on the session_id parameter.",2009-07-08 15:30:01.377,Metasploit
CVE-2009-2477,0.0,0.96977,"js/src/jstracer.cpp in the Just-in-time (JIT) JavaScript compiler (aka TraceMonkey) in Mozilla Firefox 3.5 before 3.5.1 allows remote attackers to execute arbitrary code via certain use of the escape function that triggers access to uninitialized memory locations, as originally demonstrated by a document containing P and FONT elements.",2009-07-15 15:30:01.453,EPSS/Metasploit
CVE-2009-2484,0.0,0.96501,"Stack-based buffer overflow in the Win32AddConnection function in modules/access/smb.c in VideoLAN VLC media player 0.9.9, when running on Microsoft Windows, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long smb URI in a playlist file.",2009-07-16 16:30:00.500,EPSS/Metasploit
CVE-2009-2485,0.0,0.95402,Stack-based buffer overflow in HT-MP3Player 1.0 allows remote attackers to execute arbitrary code via a long string in a .ht3 file.,2009-07-16 16:30:00.517,EPSS/Metasploit
CVE-2009-2499,0.0,0.96252,"Microsoft Windows Media Format Runtime 9.0, 9.5, and 11; and Microsoft Media Foundation on Windows Vista Gold, SP1, and SP2 and Server 2008; allows remote attackers to execute arbitrary code via an MP3 file with crafted metadata that triggers memory corruption, aka ""Windows Media Playback Memory Corruption Vulnerability.""",2009-09-08 22:30:00.437,EPSS
CVE-2009-2511,0.0,0.96036,"Integer overflow in the CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows man-in-the-middle attackers to spoof arbitrary SSL servers and other entities via an X.509 certificate that has a malformed ASN.1 Object Identifier (OID) and was issued by a legitimate Certification Authority, aka ""Integer Overflow in X.509 Object Identifiers Vulnerability.""",2009-10-14 10:30:01.517,EPSS
CVE-2009-2514,0.0,0.97075,"win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not correctly parse font code during construction of a directory-entry table, which allows remote attackers to execute arbitrary code via a crafted Embedded OpenType (EOT) font, aka ""Win32k EOT Parsing Vulnerability.""",2009-11-11 19:30:00.377,EPSS/Metasploit
CVE-2009-2521,0.0,0.97093,"Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows remote authenticated users to cause a denial of service (daemon crash) via a list (ls) -R command containing a wildcard that references a subdirectory, followed by a .. (dot dot), aka ""IIS FTP Service DoS Vulnerability.""",2009-09-04 10:30:01.907,EPSS/Metasploit
CVE-2009-2566,0.0,0.50845,"Stack-based buffer overflow in TFM MMPlayer 2.0, and possibly 2.0.0.30, allows remote attackers to execute arbitrary code via a long string in a playlist (.m3u) file.",2009-07-21 22:30:00.907,Metasploit
CVE-2009-2650,0.0,0.96452,Heap-based buffer overflow in Sorcerer Software MultiMedia Jukebox 4.0 Build 020124 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .m3u or possibly (2) .pst file.,2009-07-30 19:30:00.483,EPSS/Metasploit
CVE-2009-2685,0.0,0.62324,Stack-based buffer overflow in the login form in the management web server in HP Power Manager allows remote attackers to execute arbitrary code via the Login variable.,2009-11-06 15:30:00.420,Metasploit
CVE-2009-2692,7.8,0.00047,"The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.",2009-08-14 15:16:27.500,Metasploit
CVE-2009-2727,0.0,0.95358,"Stack-based buffer overflow in the _tt_internal_realpath function in the ToolTalk library (libtt.a) in IBM AIX 5.2.0, 5.3.0, 5.3.7 through 5.3.10, and 6.1.0 through 6.1.3, when the rpc.ttdbserver daemon is enabled in /etc/inetd.conf, allows remote attackers to execute arbitrary code via a long XDR-encoded ASCII string to remote procedure 15.",2009-08-10 23:30:00.327,EPSS/Metasploit
CVE-2009-2753,0.0,0.95375,"Multiple buffer overflows in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3, allow remote attackers to execute arbitrary code via a crafted parameter size.",2010-03-05 16:30:00.537,EPSS
CVE-2009-2754,0.0,0.95221,"Integer signedness error in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3 and EMC Legato NetWorker, allows remote attackers to execute arbitrary code via a crafted parameter size that triggers a stack-based buffer overflow.",2010-03-05 16:30:00.583,EPSS
CVE-2009-2765,0.0,0.97198,"httpd.c in httpd in the management GUI in DD-WRT 24 sp1, and other versions before build 12533, allows remote attackers to execute arbitrary commands via shell metacharacters in a request to a cgi-bin/ URI.",2009-08-14 15:16:27.577,EPSS/Metasploit
CVE-2009-2855,0.0,0.96495,The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function.,2009-08-18 21:00:00.640,EPSS
CVE-2009-2983,0.0,0.9532,"Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.",2009-10-19 22:30:00.313,EPSS
CVE-2009-2990,0.0,0.97304,"Array index error in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow attackers to execute arbitrary code via unspecified vectors.",2009-10-19 22:30:00.483,EPSS/Metasploit
CVE-2009-3023,0.0,0.9691,"Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption, aka ""IIS FTP Service RCE and DoS Vulnerability.""",2009-08-31 20:30:01.077,EPSS/Metasploit
CVE-2009-3028,0.0,0.70149,"The Altiris eXpress NS SC Download ActiveX control in AeXNSPkgDLLib.dll, as used in Symantec Altiris Deployment Solution 6.9.x, Notification Server 6.0.x, and Symantec Management Platform 7.0.x exposes an unsafe method, which allows remote attackers to force the download of arbitrary files and possibly execute arbitrary code via the DownloadAndInstall method.",2011-03-07 21:00:01.110,Metasploit
CVE-2009-3031,0.0,0.96049,"Stack-based buffer overflow in the BrowseAndSaveFile method in the Altiris eXpress NS ConsoleUtilities ActiveX control 6.0.0.1846 in AeXNSConsoleUtilities.dll in Symantec Altiris Notification Server (NS) 6.0 before R12, Deployment Server 6.8 and 6.9 in Symantec Altiris Deployment Solution 6.9 SP3, and Symantec Management Platform (SMP) 7.0 before SP3 allows remote attackers to execute arbitrary code via a long string in the second argument.",2009-11-03 16:30:10.077,EPSS/Metasploit
CVE-2009-3033,0.0,0.95988,"Buffer overflow in the RunCmd method in the Altiris eXpress NS Console Utilities ActiveX control in AeXNSConsoleUtilities.dll in the web console in Symantec Altiris Deployment Solution 6.9.x, Altiris Notification Server 6.0.x, and Management Platform 7.0.x allows remote attackers to execute arbitrary code via a long string in the second argument.",2009-11-25 16:30:00.750,EPSS/Metasploit
CVE-2009-3053,0.0,0.00509,"Directory traversal vulnerability in the Agora (com_agora) component 3.0.0b for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action parameter to the avatars page, reachable through index.php.",2009-09-03 17:30:10.187,Nuclei
CVE-2009-3068,0.0,0.97278,"Unrestricted file upload vulnerability in the RoboHelpServer Servlet (robohelp/server) in Adobe RoboHelp Server 8 allows remote attackers to execute arbitrary code by uploading a Java Archive (.jsp) file during a PUBLISH action, then accessing it via a direct request to the file in the robohelp/robo/reserved/web directory under its sessionid subdirectory, as demonstrated by the vd_adobe module in VulnDisco Pack Professional 8.7 through 8.11.",2009-09-04 18:30:01.170,EPSS/Metasploit
CVE-2009-3103,0.0,0.9728,"Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka ""SMBv2 Negotiation Vulnerability."" NOTE: some of these details are obtained from third party information.",2009-09-08 22:30:00.517,EPSS
CVE-2009-3111,0.0,0.95514,"The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11.  NOTE: this is a regression error related to CVE-2003-0967.",2009-09-09 18:30:00.860,EPSS
CVE-2009-3129,0.0,0.96889,"Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a spreadsheet with a FEATHEADER record containing an invalid cbHdrData size element that affects a pointer offset, aka ""Excel Featheader Record Memory Corruption Vulnerability.""",2009-11-11 19:30:00.530,EPSS/CISA/Metasploit
CVE-2009-3214,0.0,0.73343,"Multiple stack-based buffer overflows in Photodex ProShow Gold 4.0.2549 allow remote attackers to execute arbitrary code via a crafted Slideshow project (.psh) file, related to the (1) cell[n].images[m].image and (2) cell[n].sound.file fields.",2009-09-16 17:30:00.657,Metasploit
CVE-2009-3318,0.0,0.01062,Directory traversal vulnerability in the Roland Breedveld Album (com_album) component 1.14 for Joomla! allows remote attackers to access arbitrary directories and have unspecified other impact via a .. (dot dot) in the target parameter to index.php.,2009-09-23 12:08:35.360,Nuclei
CVE-2009-3429,0.0,0.95402,Stack-based buffer overflow in Pirate Radio Destiny Media Player 1.61 allows remote attackers to execute arbitrary code via a long string in a .pls playlist file.,2009-09-25 22:30:16.327,EPSS/Metasploit
CVE-2009-3459,0.0,0.97291,"Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption, as exploited in the wild in October 2009. NOTE: some of these details are obtained from third party information.",2009-10-13 10:30:00.577,EPSS
CVE-2009-3563,0.0,0.96493,"ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.",2009-12-09 18:30:00.390,EPSS/Metasploit
CVE-2009-3591,0.0,0.29409,Dopewars 1.5.12 allows remote attackers to cause a denial of service (segmentation fault) via a REQUESTJET message with an invalid location.,2009-10-08 17:30:00.297,Metasploit
CVE-2009-3672,0.0,0.78225,"Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory that (1) were not properly initialized or (2) are deleted, which allows remote attackers to execute arbitrary code via vectors involving a call to the getElementsByTagName method for the STYLE tag name, selection of the single element in the returned list, and a change to the outerHTML property of this element, related to Cascading Style Sheets (CSS) and mshtml.dll, aka ""HTML Object Memory Corruption Vulnerability."" NOTE: some of these details are obtained from third party information. NOTE: this issue was originally assigned CVE-2009-4054, but Microsoft assigned a duplicate identifier of CVE-2009-3672. CVE consumers should use this identifier instead of CVE-2009-4054.",2009-12-02 11:30:00.453,Metasploit
CVE-2009-3676,0.0,0.95244,"The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that contains (a) an incorrect length value in a NetBIOS header or (b) an additional length field at the end of this response packet, aka ""SMB Client Incomplete Response Vulnerability.""",2009-11-13 15:30:00.733,EPSS
CVE-2009-3693,0.0,0.90105,Directory traversal vulnerability in the Persits.XUpload.2 ActiveX control (XUpload.ocx) in HP LoadRunner 9.5 allows remote attackers to create arbitrary files via \.. (backwards slash dot dot) sequences in the third argument to the MakeHttpRequest method.,2009-10-13 10:30:00.717,Metasploit
CVE-2009-3699,0.0,0.72138,"Stack-based buffer overflow in libcsa.a (aka the calendar daemon library) in IBM AIX 5.x through 5.3.10 and 6.x through 6.1.3, and VIOS 2.1 and earlier, allows remote attackers to execute arbitrary code via a long XDR string in the first argument to procedure 21 of rpc.cmsd.",2009-10-15 10:30:01.267,Metasploit
CVE-2009-3711,0.0,0.75346,"Stack-based buffer overflow in the h_handlepeer function in http.cpp in httpdx 1.4, and possibly 1.4.3, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request.",2009-10-16 16:30:01.000,Metasploit
CVE-2009-3733,0.0,0.95875,"Directory traversal vulnerability in VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138 on Linux, VMware ESXi 3.5, and VMware ESX 3.0.3 and 3.5 allows remote attackers to read arbitrary files via unspecified vectors.",2009-11-02 15:30:00.813,EPSS/Metasploit
CVE-2009-3837,0.0,0.68503,Stack-based buffer overflow in Eureka Email 2.2q allows remote POP3 servers to execute arbitrary code via a long error message.,2009-11-02 15:30:00.937,Metasploit
CVE-2009-3844,0.0,0.96235,Stack-based buffer overflow in the OmniInet process in HP OpenView Data Protector Application Recovery Manager 5.50 and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted MSG_PROTOCOL packet.,2009-12-08 23:30:00.327,EPSS/Metasploit
CVE-2009-3849,0.0,0.9671,"Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) a long Template parameter to nnmRptConfig.exe, related to the strcat function; or (2) a long Oid parameter to snmp.exe.",2009-12-10 22:30:00.517,EPSS/Metasploit
CVE-2009-3853,0.0,0.96754,"Stack-based buffer overflow in the client acceptor daemon (CAD) scheduler in the client in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.7, 5.4 before 5.4.3, 5.5 before 5.5.2.2, and 6.1 before 6.1.0.2, and TSM Express 5.3.3.0 through 5.3.6.6, allows remote attackers to execute arbitrary code via crafted data in a TCP packet.",2009-11-04 15:30:00.670,EPSS/Metasploit
CVE-2009-3861,0.0,0.88066,"Stack-based buffer overflow in SafeNet SoftRemote 10.8.5 (Build 2) and 10.3.5 (Build 6), and possibly other versions before 10.8.9, allows local users to execute arbitrary code via a long string in a (1) TREENAME or (2) GROUPNAME Policy file (spd).",2009-11-04 17:30:00.343,Metasploit
CVE-2009-3867,0.0,0.94099,"Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a long file: URL in an argument, aka Bug Id 6854303.",2009-11-05 16:30:00.343,Metasploit
CVE-2009-3869,0.0,0.94943,"Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a crafted argument, aka Bug Id 6872357.",2009-11-05 16:30:00.390,Metasploit
CVE-2009-3953,0.0,0.97142,"The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration ""array boundary issue,"" a different vulnerability than CVE-2009-2994.",2010-01-13 19:30:00.343,EPSS/CISA/Metasploit
CVE-2009-3960,0.0,0.96812,"Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are associated with a request, and related to injected tags and external entity references in XML documents.",2010-02-15 18:30:00.407,EPSS/CISA/Metasploit
CVE-2009-3976,0.0,0.01273,Buffer overflow in Labtam ProFTP 2.9 allows remote FTP servers to cause a denial of service (application crash) or execute arbitrary code via a long 220 reply (aka connection greeting or welcome message).,2009-11-18 23:30:00.767,Metasploit
CVE-2009-3999,0.0,0.94962,Stack-based buffer overflow in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to execute arbitrary code via a long fileName parameter.,2010-01-20 22:30:00.367,Metasploit
CVE-2009-4006,0.0,0.95385,"Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server 7.0.0.1, 9.0.0.5, and other versions before 9.1.0.0 allows remote attackers to execute arbitrary code via a long hexadecimal string.",2009-11-20 11:30:00.297,EPSS/Metasploit
CVE-2009-4098,0.0,0.1283,"Unrestricted file upload vulnerability in banner-edit.php in OpenX adserver 2.8.1 and earlier allows remote authenticated users with banner / file upload permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an images directory.",2009-11-29 13:08:29.343,Metasploit
CVE-2009-4140,0.0,0.97276,"Unrestricted file upload vulnerability in ofc_upload_image.php in Open Flash Chart v2 Beta 1 through v2 Lug Wyrm Charmer, as used in Piwik 0.2.35 through 0.4.3, Woopra Analytics Plugin before 1.4.3.2, and possibly other products, when register_globals is enabled, allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension through the name parameter with the code in the HTTP_RAW_POST_DATA parameter, then accessing it via a direct request to the file in tmp-upload-images/.",2009-12-22 22:30:00.530,EPSS
CVE-2009-4146,0.0,0.00042,"The _rtld function in the Run-Time Link-Editor (rtld) in libexec/rtld-elf/rtld.c in FreeBSD 7.1, 7.2, and 8.0 does not clear the LD_PRELOAD environment variable, which allows local users to gain privileges by executing a setuid or setguid program with a modified LD_PRELOAD variable containing an untrusted search path that points to a Trojan horse library, a different vector than CVE-2009-4147.",2009-12-02 18:30:00.297,Metasploit
CVE-2009-4147,0.0,0.00042,"The _rtld function in the Run-Time Link-Editor (rtld) in libexec/rtld-elf/rtld.c in FreeBSD 7.1 and 8.0 does not clear the (1) LD_LIBMAP, (2) LD_LIBRARY_PATH, (3) LD_LIBMAP_DISABLE, (4) LD_DEBUG, and (5) LD_ELF_HINTS_PATH environment variables, which allows local users to gain privileges by executing a setuid or setguid program with a modified variable containing an untrusted search path that points to a Trojan horse library, different vectors than CVE-2009-4146.",2009-12-02 19:30:00.217,Metasploit
CVE-2009-4178,0.0,0.96525,"Heap-based buffer overflow in OvWebHelp.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long Topic parameter.",2009-12-10 22:30:00.577,EPSS/Metasploit
CVE-2009-4179,0.0,0.95231,"Stack-based buffer overflow in ovalarm.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long HTTP Accept-Language header in an OVABverbose action.",2009-12-10 22:30:00.610,EPSS/Metasploit
CVE-2009-4195,0.0,0.96828,"Buffer overflow in Adobe Illustrator CS4 14.0.0, CS3 13.0.3 and earlier, and CS3 13.0.0 allows remote attackers to execute arbitrary code via a long DSC comment in an Encapsulated PostScript (.eps) file. NOTE: some of these details are obtained from third party information.",2009-12-04 11:30:00.577,EPSS/Metasploit
CVE-2009-4202,0.0,0.02323,Directory traversal vulnerability in the Omilen Photo Gallery (com_omphotogallery) component Beta 0.5 for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter to index.php.,2009-12-04 19:30:00.547,Nuclei
CVE-2009-4223,0.0,0.00804,PHP remote file inclusion vulnerability in adm/krgourl.php in KR-Web 1.1b2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter.,2009-12-07 17:30:00.500,Nuclei
CVE-2009-4225,0.0,0.93145,Stack-based buffer overflow in the PestPatrol ActiveX control (ppctl.dll) 5.6.7.9 in CA eTrust PestPatrol allows remote attackers to execute arbitrary code via a long argument to the Initialize method.,2009-12-08 18:30:00.233,Metasploit
CVE-2009-4265,0.0,0.95073,"Stack-based buffer overflow in Ideal Administration 2009 9.7.1, and possibly other versions, allows remote attackers to execute arbitrary code via a long Computer value in an .ipj project file.",2009-12-10 16:30:00.530,EPSS/Metasploit
CVE-2009-4324,0.0,0.96817,"Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009.",2009-12-15 02:30:00.217,EPSS/CISA
CVE-2009-4484,0.0,0.97172,"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9, as used in mysqld in MySQL 5.0.x before 5.0.90, MySQL 5.1.x before 5.1.43, MySQL 5.5.x through 5.5.0-m2, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field, as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.",2009-12-30 21:30:00.547,EPSS/Metasploit
CVE-2009-4498,0.0,0.63085,The node_process_command function in Zabbix Server before 1.8 allows remote attackers to execute arbitrary commands via a crafted request.,2009-12-31 18:30:01.627,Metasploit
CVE-2009-4502,0.0,0.92759,"The NET_TCP_LISTEN function in net.c in Zabbix Agent before 1.6.7, when running on FreeBSD or Solaris, allows remote attackers to bypass the EnableRemoteCommands setting and execute arbitrary commands via shell metacharacters in the argument to net.tcp.listen.  NOTE: this attack is limited to attacks from trusted IP addresses.",2009-12-31 18:30:01.797,Metasploit
CVE-2009-4588,0.0,0.93254,"Heap-based buffer overflow in the WindsPlayerIE.View.1 ActiveX control in WindsPly.ocx 3.5.0.0 Beta, 3.0.0.5, and earlier in AwingSoft Awakening Web3D Player and Winds3D Viewer allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long SceneUrl property value, a different vulnerability than CVE-2009-2386.  NOTE: some of these details are obtained from third party information.",2010-01-07 18:30:00.887,Metasploit
CVE-2009-4655,0.0,0.06744,"The dhost web service in Novell eDirectory 8.8.5 uses a predictable session cookie, which makes it easier for remote attackers to hijack sessions via a modified cookie.",2010-02-26 18:30:00.447,Metasploit
CVE-2009-4656,0.0,0.42866,"Stack-based buffer overflow in E-Soft DJ Studio Pro 4.2 including 4.2.2.7.5, and 5.x including 5.1.4.3.1, allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a playlist file (.pls) containing a long string.  NOTE: some of these details are obtained from third party information.",2010-03-03 20:30:00.367,Metasploit
CVE-2009-4660,0.0,0.21471,Stack-based buffer overflow in the AntServer Module (AntServer.exe) in BigAnt IM Server 2.50 allows remote attackers to execute arbitrary code via a long GET request to TCP port 6660.,2010-03-03 20:30:00.493,Metasploit
CVE-2009-4679,0.0,0.00826,Directory traversal vulnerability in the inertialFATE iF Portfolio Nexus (com_if_nexus) component 1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.,2010-03-08 15:30:00.480,Nuclei
CVE-2009-4850,0.0,0.86242,The Awingsoft Awakening Winds3D Viewer plugin 3.5.0.9 allows remote attackers to execute arbitrary programs via a SceneURL property value with a URL for a .exe file.,2010-05-07 18:30:01.360,Metasploit
CVE-2009-4962,0.0,0.8688,Stack-based buffer overflow in Fat Player 0.6b allows remote attackers to execute arbitrary code via a long string in a .wav file.  NOTE: some of these details are obtained from third party information.,2010-07-28 14:43:41.167,Metasploit
CVE-2009-4988,0.0,0.93899,Stack-based buffer overflow in NT_Naming_Service.exe in SAP Business One 2005 A 6.80.123 and 6.80.320 allows remote attackers to execute arbitrary code via a long GIOP request to TCP port 30000.,2010-08-25 20:00:15.563,Metasploit
CVE-2009-5020,0.0,0.00253,Open redirect vulnerability in awredir.pl in AWStats before 6.95 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.,2010-12-02 16:22:20.613,Nuclei
CVE-2009-5109,0.0,0.36304,Stack-based buffer overflow in Mini-Stream Ripper 3.0.1.1 allows remote attackers to execute arbitrary code via a long entry in a .pls file.,2011-12-25 01:55:01.773,Metasploit
CVE-2009-5114,0.0,0.01122,Directory traversal vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the DOC parameter.,2012-03-19 18:55:02.327,Nuclei
CVE-2010-0010,0.0,0.96198,Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.,2010-02-02 16:30:02.437,EPSS
CVE-2010-0017,0.0,0.00659,"Race condition in the SMB client implementation in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code, and in the SMB client implementation in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges, via a crafted SMB Negotiate response, aka ""SMB Client Race Condition Vulnerability.""",2010-02-10 18:30:00.923,Metasploit
CVE-2010-0018,0.0,0.95406,"Integer overflow in the Embedded OpenType (EOT) Font Engine (t2embed.dll) in Microsoft Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attackers to execute arbitrary code via compressed data that represents a crafted EOT font, aka ""Microtype Express Compressed Fonts Integer Flaw in the LZCOMP Decompressor Vulnerability.""",2010-01-13 19:30:00.640,EPSS
CVE-2010-0027,0.0,0.95493,"The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka ""URL Validation Vulnerability.""",2010-01-22 22:00:00.350,EPSS
CVE-2010-0033,0.0,0.96687,"Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka ""PowerPoint Viewer TextBytesAtom Record Stack Overflow Vulnerability.""",2010-02-10 18:30:01.300,EPSS/Metasploit
CVE-2010-0049,0.0,0.95496,Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via HTML elements with right-to-left (RTL) text directionality.,2010-03-15 14:15:32.043,EPSS
CVE-2010-0072,0.0,0.96304,"Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a buffer overflow in observiced.exe that allows remote attackers to execute arbitrary code via vectors related to a ""reverse lookup of connections"" to TCP port 10000.",2010-01-13 01:30:01.107,EPSS
CVE-2010-0094,0.0,0.9231,"Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.  NOTE: the previous information was obtained from the March 2010 CPU.  Oracle has not commented on claims from a reliable researcher that this is due to missing privilege checks during deserialization of RMIConnectionImpl objects, which allows remote attackers to call system-level Java functions via the ClassLoader of a constructor that is being deserialized.",2010-04-01 16:30:00.767,Metasploit
CVE-2010-0110,0.0,0.95111,"Multiple stack-based buffer overflows in Intel Alert Management System (aka AMS or AMS2), as used in Symantec AntiVirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allow remote attackers to execute arbitrary code via (1) a long string to msgsys.exe, related to the AMSSendAlertAct function in AMSLIB.dll in the Intel Alert Handler service (aka Symantec Intel Handler service); a long (2) modem string or (3) PIN number to msgsys.exe, related to pagehndl.dll in the Intel Alert Handler service; or (4) a message to msgsys.exe, related to iao.exe in the Intel Alert Originator service.",2011-01-31 21:00:01.610,EPSS
CVE-2010-0111,0.0,0.30069,"HDNLRSVC.EXE in the Intel Alert Handler service (aka Symantec Intel Handler service) in Intel Alert Management System (aka AMS or AMS2), as used in Symantec AntiVirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allows remote attackers to execute arbitrary programs by sending msgsys.exe a UNC share pathname, which is used directly in a CreateProcessA (aka CreateProcess) call.",2011-01-31 21:00:03.190,Metasploit
CVE-2010-0112,0.0,0.96475,"Multiple SQL injection vulnerabilities in the Administrative Interface in the IIS extension in Symantec IM Manager before 8.4.16 allow remote attackers to execute arbitrary SQL commands via (1) the rdReport parameter to rdpageimlogic.aspx, related to the sGetDefinition function in rdServer.dll, and SQL statements contained within a certain report file; (2) unspecified parameters in a DetailReportGroup (aka DetailReportGroup.lgx) action to rdpageimlogic.aspx; the (3) selclause, (4) whereTrendTimeClause, (5) TrendTypeForReport, (6) whereProtocolClause, or (7) groupClause parameter in a SummaryReportGroup (aka SummaryReportGroup.lgx) action to rdpageimlogic.aspx; the (8) loginTimeStamp, (9) dbo, (10) dateDiffParam, or (11) whereClause parameter in a LoggedInUsers (aka LoggedInUSers.lgx) action to (a) rdpageimlogic.aspx or (b) rdPage.aspx; the (12) selclause, (13) whereTrendTimeClause, (14) TrendTypeForReport, (15) whereProtocolClause, or (16) groupClause parameter to rdpageimlogic.aspx; (17) the groupList parameter to IMAdminReportTrendFormRun.asp; or (18) the email parameter to IMAdminScheduleReport.asp.",2010-10-28 20:00:02.483,EPSS
CVE-2010-0157,0.0,0.23423,Directory traversal vulnerability in the Bible Study (com_biblestudy) component 6.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter in a studieslist action to index.php.,2010-01-06 22:00:12.450,Nuclei
CVE-2010-0188,0.0,0.97493,Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.,2010-02-22 13:00:02.127,EPSS/CISA/Metasploit
CVE-2010-0212,0.0,0.96508,"OpenLDAP 2.4.22 allows remote attackers to cause a denial of service (crash) via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer dereference in the IA5StringNormalize function in schema_init.c, as demonstrated using the Codenomicon LDAPv3 test suite.",2010-07-28 12:48:51.683,EPSS
CVE-2010-0219,0.0,0.97452,"Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.",2010-10-18 17:00:03.457,EPSS/Nuclei
CVE-2010-0231,0.0,0.96353,"The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of entropy, which allows remote attackers to obtain access to files and other SMB resources via a large number of authentication requests, related to server-generated challenges, certain ""duplicate values,"" and spoofing of an authentication token, aka ""SMB NTLM Authentication Lack of Entropy Vulnerability.""",2010-02-10 18:30:01.393,EPSS
CVE-2010-0232,0.0,0.00049,"The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges by crafting a VDM_TIB data structure in the Thread Environment Block (TEB), and then calling the NtVdmControl function to start the Windows Virtual DOS Machine (aka NTVDM) subsystem, leading to improperly handled exceptions involving the #GP trap handler (nt!KiTrap0D), aka ""Windows Kernel Exception Handler Vulnerability.""",2010-01-21 19:30:00.900,CISA/Metasploit
CVE-2010-0248,0.0,0.97321,"Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka ""HTML Object Memory Corruption Vulnerability.""",2010-01-22 22:00:00.583,EPSS/Metasploit
CVE-2010-0249,8.8,0.96672,"Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object, related to incorrectly initialized memory and improper handling of objects in memory, as exploited in the wild in December 2009 and January 2010 during Operation Aurora, aka ""HTML Object Memory Corruption Vulnerability.""",2010-01-15 17:30:00.533,EPSS/Metasploit
CVE-2010-0266,0.0,0.97097,"Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does not properly verify e-mail attachments with a PR_ATTACH_METHOD property value of ATTACH_BY_REFERENCE, which allows user-assisted remote attackers to execute arbitrary code via a crafted message, aka ""Microsoft Outlook SMB Attachment Vulnerability.""",2010-07-15 12:57:12.453,EPSS
CVE-2010-0356,0.0,0.8517,Stack-based buffer overflow in the MOVIEPLAYER.MoviePlayerCtrl.1 ActiveX control in MoviePlayer.ocx 6.8.0.0 in Viscom Software Movie Player Pro SDK ActiveX 6.8 allows remote attackers to execute arbitrary code via a long strFontName parameter to the DrawText method.,2010-01-18 19:30:00.650,Metasploit
CVE-2010-0361,0.0,0.9541,Stack-based buffer overflow in the WebDAV implementation in webservd in Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via a long URI in an HTTP OPTIONS request.,2010-01-20 16:30:00.587,EPSS/Metasploit
CVE-2010-0425,0.0,0.97311,"modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and ""orphaned callback pointers.""",2010-03-05 19:30:00.517,EPSS/Metasploit
CVE-2010-0442,0.0,0.95606,"The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL 8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users to cause a denial of service (daemon crash) or have unspecified other impact via vectors involving a negative integer in the third argument, as demonstrated by a SELECT statement that contains a call to the substring function for a bit string, related to an ""overflow.""",2010-02-02 18:30:00.360,EPSS
CVE-2010-0467,5.8,0.06955,Directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a ccnewsletter action to index.php.,2010-02-02 17:30:00.407,Nuclei
CVE-2010-0476,0.0,0.96055,"The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted SMB transaction response that uses (1) SMBv1 or (2) SMBv2, aka ""SMB Client Response Parsing Vulnerability.""",2010-04-14 16:00:01.680,EPSS
CVE-2010-0478,0.0,0.96912,"Stack-based buffer overflow in nsum.exe in the Windows Media Unicast Service in Media Services for Microsoft Windows 2000 Server SP4 allows remote attackers to execute arbitrary code via crafted packets associated with transport information, aka ""Media Services Stack-based Buffer Overflow Vulnerability.""",2010-04-14 16:00:01.757,EPSS/Metasploit
CVE-2010-0480,0.0,0.96645,"Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to execute arbitrary code via a crafted AVI file, aka ""MPEG Layer-3 Audio Decoder Stack Overflow Vulnerability.""",2010-04-14 16:00:01.803,EPSS/Metasploit
CVE-2010-0483,0.0,0.97432,"vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution involving winhlp32.exe when the F1 key is pressed, aka ""VBScript Help Keypress Vulnerability.""",2010-03-03 19:30:00.587,EPSS/Metasploit
CVE-2010-0679,0.0,0.75974,Multiple stack-based buffer overflows in the HyleosChemView.HLChemView ActiveX control (HyleosChemView.ocx) in Hyleos ChemView 1.9.5.1 allow remote attackers to execute arbitrary code via a large number of white space characters in the filename argument to the (1) SaveasMolFile and (2) ReadMolFile methods.,2010-02-22 21:30:00.483,Metasploit
CVE-2010-0688,0.0,0.93859,Stack-based buffer overflow in Orbital Viewer 1.04 allows user-assisted remote attackers to execute arbitrary code via a crafted (1) .orb or (2) .ov file.,2010-03-19 20:30:00.453,Metasploit
CVE-2010-0696,0.0,0.57303,Directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter.,2010-02-23 18:30:00.717,Nuclei
CVE-2010-0738,0.0,0.97402,"The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.",2010-04-28 22:30:00.447,EPSS/CISA
CVE-2010-0740,0.0,0.95591,"The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number.  NOTE: some of these details are obtained from third party information.",2010-03-26 18:30:00.467,EPSS
CVE-2010-0759,0.0,0.01569,"Directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allows remote attackers to read, and possibly include and execute, arbitrary files via directory traversal sequences in the files[] parameter, a different vector than CVE-2010-0760.",2010-02-27 00:30:00.883,Nuclei
CVE-2010-0805,0.0,0.97217,"The Tabular Data Control (TDC) ActiveX control in Microsoft Internet Explorer 5.01 SP4, 6 on Windows XP SP2 and SP3, and 6 SP1 allows remote attackers to execute arbitrary code via a long URL (DataURL parameter) that triggers memory corruption in the CTDCCtl::SecurityCHeckDataURL function, aka ""Memory Corruption Vulnerability.""",2010-03-31 19:30:00.577,EPSS/Metasploit
CVE-2010-0806,0.0,0.97308,"Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka ""Uninitialized Memory Corruption Vulnerability.""",2010-03-10 22:30:01.323,EPSS/Metasploit
CVE-2010-0816,0.0,0.95764,"Integer overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, 6, and 6 SP1; Windows Live Mail on Windows XP SP2 and SP3, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; and Windows Mail on Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote e-mail servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) POP3 or (2) IMAP response, as demonstrated by a certain +OK response on TCP port 110, aka ""Outlook Express and Windows Mail Integer Overflow Vulnerability.""",2010-05-12 11:46:51.000,EPSS
CVE-2010-0822,0.0,0.96942,"Stack-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted OBJ (0x5D) record, aka ""Excel Object Stack Overflow Vulnerability.""",2010-06-08 20:30:01.990,EPSS/Metasploit
CVE-2010-0823,0.0,0.95887,"Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2; Office 2004 for mac; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; allows remote attackers to execute arbitrary code via a crafted Excel file, aka ""Excel Memory Corruption Vulnerability,"" a different vulnerability than CVE-2010-1247 and CVE-2010-1249.",2010-06-08 20:30:02.023,EPSS
CVE-2010-0840,0.0,0.94408,"Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.  NOTE: the previous information was obtained from the March 2010 CPU.  Oracle has not commented on claims from a reliable researcher that this is related to improper checks when executing privileged methods in the Java Runtime Environment (JRE), which allows attackers to execute arbitrary code via (1) an untrusted object that extends the trusted class but has not modified a certain method, or (2) ""a similar trust issue with interfaces,"" aka ""Trusted Methods Chaining Remote Code Execution Vulnerability.""",2010-04-01 16:30:00.907,CISA/Metasploit
CVE-2010-0842,0.0,0.96978,"Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.  NOTE: the previous information was obtained from the March 2010 CPU.  Oracle has not commented on claims from a reliable researcher that this is an uncontrolled array index that allows remote attackers to execute arbitrary code via a MIDI file with a crafted MixerSequencer object, related to the GM_Song structure.",2010-04-01 16:30:00.953,EPSS/Metasploit
CVE-2010-0870,0.0,0.36048,"Unspecified vulnerability in the Change Data Capture component in Oracle Database 9.2.0.8 and 9.2.0.8DV allows remote authenticated users to affect confidentiality and integrity, related to SYS.DBMS_CDC_PUBLISH.",2010-04-13 22:30:00.947,Metasploit
CVE-2010-0886,0.0,0.7799,"Unspecified vulnerability in the Java Deployment Toolkit component in Oracle Java SE and Java for Business JDK and JRE 6 Update 10 through 19 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.",2010-04-20 19:30:00.333,Metasploit
CVE-2010-0899,0.0,0.97214,"Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0898, CVE-2010-0907, and CVE-2010-0906.",2010-07-13 22:30:01.750,EPSS
CVE-2010-0906,0.0,0.97214,"Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.",2010-07-13 22:30:01.983,EPSS
CVE-2010-0907,0.0,0.96836,"Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0898, CVE-2010-0899, CVE-2010-0904, and CVE-2010-0906.",2010-07-13 22:30:02.030,EPSS
CVE-2010-0926,0.0,0.03072,"The default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3, when a writable share exists, allows remote authenticated users to leverage a directory traversal vulnerability, and access arbitrary files, by using the symlink command in smbclient to create a symlink containing .. (dot dot) sequences, related to the combination of the unix extensions and wide links options.",2010-03-10 20:13:04.090,Metasploit
CVE-2010-0942,0.0,0.00477,Directory traversal vulnerability in the jVideoDirect (com_jvideodirect) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.,2010-03-08 15:30:00.747,Nuclei
CVE-2010-0943,0.0,0.01155,Directory traversal vulnerability in the JA Showcase (com_jashowcase) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a jashowcase action to index.php.,2010-03-08 15:30:00.777,Nuclei
CVE-2010-0944,0.0,0.00477,Directory traversal vulnerability in the JCollection (com_jcollection) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.,2010-03-08 15:30:00.810,Nuclei
CVE-2010-0972,0.0,0.00813,Directory traversal vulnerability in the GCalendar (com_gcalendar) component 2.1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.,2010-03-16 19:00:00.727,Nuclei
CVE-2010-0982,0.0,0.22262,Directory traversal vulnerability in the CARTwebERP (com_cartweberp) component 1.56.75 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.,2010-03-16 19:30:00.697,Nuclei
CVE-2010-0985,0.0,0.01222,Directory traversal vulnerability in the Abbreviations Manager (com_abbrev) component 1.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.  NOTE: some of these details are obtained from third party information.,2010-03-16 19:30:00.790,Nuclei
CVE-2010-1042,0.0,0.96898,"Microsoft Windows Media Player 11 does not properly perform colorspace conversion, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .AVI file.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.",2010-03-23 00:53:22.487,EPSS
CVE-2010-1056,0.0,0.06484,Directory traversal vulnerability in the RokDownloads (com_rokdownloads) component before 1.0.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.,2010-03-23 17:30:00.627,Nuclei
CVE-2010-1081,0.0,0.37754,"Directory traversal vulnerability in the Community Polls (com_communitypolls) component 1.5.2, and possibly earlier, for Core Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.",2010-03-23 19:30:00.783,Nuclei
CVE-2010-1217,0.0,0.01155,"Directory traversal vulnerability in the JE Form Creator (com_jeformcr) component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter to index.php. NOTE: the original researcher states that the affected product is JE Tooltip, not Form Creator; however, the exploit URL suggests that Form Creator is affected.",2010-03-30 23:30:00.563,Nuclei
CVE-2010-1219,0.0,0.00813,Directory traversal vulnerability in the JA News (com_janews) component 1.0 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php.  NOTE: some of these details are obtained from third party information.,2010-03-30 23:30:00.657,Nuclei
CVE-2010-1249,0.0,0.95458,"Buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed ExternName (0x23) record, aka ""Excel Memory Corruption Vulnerability,"" a different vulnerability than CVE-2010-0823 and CVE-2010-1247.",2010-06-08 20:30:02.177,EPSS
CVE-2010-1250,0.0,0.95316,"Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with malformed (1) EDG (0x88) and (2) Publisher (0x89) records, aka ""Excel EDG Memory Corruption Vulnerability.""",2010-06-08 20:30:02.210,EPSS
CVE-2010-1262,0.0,0.95064,"Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, related to the CStyleSheet object and a free of the root container, aka ""Memory Corruption Vulnerability.""",2010-06-08 22:30:01.553,EPSS
CVE-2010-1264,0.0,0.96676,"Unspecified vulnerability in Microsoft Windows SharePoint Services 3.0 SP1 and SP2 allows remote attackers to cause a denial of service (hang) via crafted requests to the Help page that cause repeated restarts of the application pool, aka ""Sharepoint Help Page Denial of Service Vulnerability.""",2010-06-08 20:30:02.460,EPSS
CVE-2010-1297,0.0,0.35536,"Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010.",2010-06-08 18:30:10.007,CISA
CVE-2010-1302,0.0,0.01204,Directory traversal vulnerability in dwgraphs.php in the DecryptWeb DW Graphs (com_dwgraphs) component 1.0 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.,2010-04-07 18:30:00.547,Nuclei
CVE-2010-1304,0.0,0.0045,Directory traversal vulnerability in userstatus.php in the User Status (com_userstatus) component 1.21.16 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.,2010-04-08 16:30:00.797,Nuclei
CVE-2010-1305,0.0,0.03203,"Directory traversal vulnerability in jinventory.php in the JInventory (com_jinventory) component 1.23.02 and possibly other versions before 1.26.03, a module for Joomla!, allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.",2010-04-08 16:30:00.843,Nuclei
CVE-2010-1306,0.0,0.01242,Directory traversal vulnerability in the Picasa (com_joomlapicasa2) component 2.0 and 2.0.5 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php.  NOTE: some of these details are obtained from third party information.,2010-04-08 16:30:00.877,Nuclei
CVE-2010-1307,0.0,0.01751,Directory traversal vulnerability in the Magic Updater (com_joomlaupdater) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.,2010-04-08 16:30:00.907,Nuclei
CVE-2010-1308,0.0,0.01334,Directory traversal vulnerability in the SVMap (com_svmap) component 1.1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.,2010-04-08 16:30:00.937,Nuclei
CVE-2010-1312,0.0,0.01155,Directory traversal vulnerability in the iJoomla News Portal (com_news_portal) component 1.5.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.,2010-04-08 20:30:00.420,Nuclei
CVE-2010-1313,0.0,0.0045,"Directory traversal vulnerability in the Seber Cart (com_sebercart) component 1.0.0.12 and 1.0.0.13 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.  NOTE: some of these details are obtained from third party information.",2010-04-08 20:30:00.467,Nuclei
CVE-2010-1314,0.0,0.00477,Directory traversal vulnerability in the Highslide JS (com_hsconfig) component 1.5 and 2.0.9 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.  NOTE: some of these details are obtained from third party information.,2010-04-08 20:30:00.563,Nuclei
CVE-2010-1315,0.0,0.0087,Directory traversal vulnerability in weberpcustomer.php in the webERPcustomer (com_weberpcustomer) component 1.2.1 and 1.x before 1.06.02 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.  NOTE: some of these details are obtained from third party information.,2010-04-08 20:30:00.593,Nuclei
CVE-2010-1318,0.0,0.93724,"Stack-based buffer overflow in the AgentX::receive_agentx function in AgentX++ 1.4.16, as used in RealNetworks Helix Server and Helix Mobile Server 11.x through 13.x and other products, allows remote attackers to execute arbitrary code via unspecified vectors.",2010-04-20 15:30:00.630,Metasploit
CVE-2010-1340,0.0,0.01155,Directory traversal vulnerability in jresearch.php in the J!Research (com_jresearch) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.,2010-04-09 18:30:00.477,Nuclei
CVE-2010-1345,0.0,0.00477,Directory traversal vulnerability in the Cookex Agency CKForms (com_ckforms) component 1.3.3 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.,2010-04-09 18:30:00.633,Nuclei
CVE-2010-1352,0.0,0.00477,Directory traversal vulnerability in the JOOFORGE Jutebox (com_jukebox) component 1.0 and 1.7 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.  NOTE: some of these details are obtained from third party information.,2010-04-12 18:30:00.977,Nuclei
CVE-2010-1353,0.0,0.01751,Directory traversal vulnerability in the LoginBox Pro (com_loginbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.,2010-04-12 18:30:01.007,Nuclei
CVE-2010-1354,0.0,0.00477,Directory traversal vulnerability in the VJDEO (com_vjdeo) component 1.0 and 1.0.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information.,2010-04-12 18:30:01.053,Nuclei
CVE-2010-1423,0.0,0.9307,"Argument injection vulnerability in the URI handler in (a) Java NPAPI plugin and (b) Java Deployment Toolkit in Java 6 Update 10, 19, and other versions, when running on Windows and possibly on Linux, allows remote attackers to execute arbitrary code via the (1) -J or (2) -XXaltjvm argument to javaws.exe, which is processed by the launch method.  NOTE: some of these details are obtained from third party information.",2010-04-15 21:30:00.290,Metasploit
CVE-2010-1428,0.0,0.00881,"The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method.",2010-04-28 22:30:00.793,CISA/Metasploit
CVE-2010-1429,0.0,0.00573,"Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about ""deployed web contexts"" via a request to the status servlet, as demonstrated by a full=true query string.  NOTE: this issue exists because of a CVE-2008-3273 regression.",2010-04-28 22:30:00.840,Nuclei
CVE-2010-1461,0.0,0.00477,Directory traversal vulnerability in the Photo Battle (com_photobattle) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via the view parameter to index.php.,2010-04-16 19:30:00.570,Nuclei
CVE-2010-1465,0.0,0.49488,"Stack-based buffer overflow in Trellian FTP client 3.01, including 3.1.3.1789, allows remote attackers to execute arbitrary code via a long PASV response.",2010-04-16 19:30:00.680,Metasploit
CVE-2010-1469,0.0,0.00813,Directory traversal vulnerability in the Ternaria Informatica JProject Manager (com_jprojectmanager) component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.,2010-04-19 19:30:00.710,Nuclei
CVE-2010-1470,0.0,0.04616,Directory traversal vulnerability in the Web TV (com_webtv) component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.,2010-04-19 19:30:00.743,Nuclei
CVE-2010-1471,0.0,0.05684,Directory traversal vulnerability in the AddressBook (com_addressbook) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.,2010-04-19 19:30:00.790,Nuclei
CVE-2010-1472,0.0,0.05684,Directory traversal vulnerability in the Daily Horoscope (com_horoscope) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.,2010-04-19 19:30:00.820,Nuclei
CVE-2010-1473,0.0,0.00826,Directory traversal vulnerability in the Advertising (com_advertising) component 0.25 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.,2010-04-19 19:30:00.850,Nuclei
CVE-2010-1474,0.0,0.01242,Directory traversal vulnerability in the Sweety Keeper (com_sweetykeeper) component 1.5.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.,2010-04-19 19:30:00.883,Nuclei
CVE-2010-1475,0.0,0.01242,Directory traversal vulnerability in the Preventive & Reservation (com_preventive) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.,2010-04-19 19:30:00.913,Nuclei
CVE-2010-1476,0.0,0.03527,Directory traversal vulnerability in the AlphaUserPoints (com_alphauserpoints) component 1.5.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the view parameter to index.php.,2010-04-19 19:30:00.947,Nuclei
CVE-2010-1478,0.0,0.00826,Directory traversal vulnerability in the Ternaria Informatica Jfeedback! (com_jfeedback) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.,2010-04-19 19:30:01.007,Nuclei
CVE-2010-1491,0.0,0.00477,Directory traversal vulnerability in the MMS Blog (com_mmsblog) component 2.3.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.,2010-04-23 14:30:01.243,Nuclei
CVE-2010-1494,0.0,0.01827,Directory traversal vulnerability in the AWDwall (com_awdwall) component 1.5.4 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.,2010-04-23 14:30:01.370,Nuclei
CVE-2010-1495,0.0,0.04503,Directory traversal vulnerability in the Matamko (com_matamko) component 1.01 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.,2010-04-23 14:30:01.417,Nuclei
CVE-2010-1527,0.0,0.94328,Stack-based buffer overflow in Novell iPrint Client before 5.44 allows remote attackers to execute arbitrary code via a long call-back-url parameter in an op-client-interface-version action.,2010-08-23 22:00:02.000,Metasploit
CVE-2010-1531,0.0,0.01815,Directory traversal vulnerability in the redSHOP (com_redshop) component 1.0.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.,2010-04-26 18:30:00.630,Nuclei
CVE-2010-1532,0.0,0.00477,Directory traversal vulnerability in the givesight PowerMail Pro (com_powermail) component 1.5.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.,2010-04-26 18:30:00.660,Nuclei
CVE-2010-1533,0.0,0.00706,Directory traversal vulnerability in the TweetLA (com_tweetla) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.,2010-04-26 18:30:00.690,Nuclei
CVE-2010-1534,0.0,0.01385,Directory traversal vulnerability in the Shoutbox Pro (com_shoutbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.,2010-04-26 18:30:00.723,Nuclei
CVE-2010-1535,0.0,0.00706,Directory traversal vulnerability in the TRAVELbook (com_travelbook) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.,2010-04-26 18:30:00.753,Nuclei
CVE-2010-1540,0.0,0.0045,Directory traversal vulnerability in index.php in the MyBlog (com_myblog) component 3.0.329 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the task parameter.  NOTE: some of these details are obtained from third party information.,2010-04-26 19:30:00.660,Nuclei
CVE-2010-1549,0.0,0.92882,Unspecified vulnerability in the Agent in HP LoadRunner before 9.50 and HP Performance Center before 9.50 allows remote attackers to execute arbitrary code via unknown vectors.,2010-05-07 18:24:15.953,Metasploit
CVE-2010-1552,0.0,0.96709,"Stack-based buffer overflow in the doLoad function in snmpviewer.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via the act and app parameters.",2010-05-13 17:30:02.343,EPSS/Metasploit
CVE-2010-1553,0.0,0.96709,"Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid MaxAge parameter.",2010-05-13 17:30:02.377,EPSS/Metasploit
CVE-2010-1554,0.0,0.96749,"Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid iCount parameter.",2010-05-13 17:30:02.407,EPSS/Metasploit
CVE-2010-1555,0.0,0.96709,"Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid Hostname parameter.",2010-05-13 17:30:02.437,EPSS/Metasploit
CVE-2010-1586,0.0,0.00917,Open redirect vulnerability in red2301.html in HP System Management Homepage (SMH) 2.x.x.x allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the RedirectUrl parameter.,2010-04-28 22:30:00.917,Nuclei
CVE-2010-1587,0.0,0.5908,"The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.",2010-04-28 22:30:00.947,Metasploit
CVE-2010-1601,0.0,0.01299,Directory traversal vulnerability in the JA Comment (com_jacomment) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.,2010-04-29 17:30:00.590,Nuclei
CVE-2010-1602,0.0,0.03451,Directory traversal vulnerability in the ZiMB Comment (com_zimbcomment) component 0.8.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.,2010-04-29 17:30:00.650,Nuclei
CVE-2010-1603,0.0,0.03451,Directory traversal vulnerability in the ZiMB Core (aka ZiMBCore or com_zimbcore) component 0.1 in the ZiMB Manager collection for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.,2010-04-29 17:30:00.683,Nuclei
CVE-2010-1607,0.0,0.01726,Directory traversal vulnerability in wmi.php in the Webmoney Web Merchant Interface (aka WMI or com_wmi) component 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.,2010-04-29 17:30:00.807,Nuclei
CVE-2010-1653,0.0,0.03527,Directory traversal vulnerability in graphics.php in the Graphics (com_graphics) component 1.0.6 and 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.  NOTE: some of these details are obtained from third party information.,2010-05-03 13:51:53.057,Nuclei
CVE-2010-1657,0.0,0.01751,Directory traversal vulnerability in the SmartSite (com_smartsite) component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.,2010-05-03 13:51:53.183,Nuclei
CVE-2010-1658,0.0,0.01751,Directory traversal vulnerability in the Code-Garage NoticeBoard (com_noticeboard) component 1.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.,2010-05-03 13:51:53.247,Nuclei
CVE-2010-1659,0.0,0.01806,Directory traversal vulnerability in the Ultimate Portfolio (com_ultimateportfolio) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.,2010-05-03 13:51:53.277,Nuclei
CVE-2010-1681,0.0,0.74448,"Buffer overflow in VISIODWG.DLL before 10.0.6880.4 in Microsoft Office Visio allows user-assisted remote attackers to execute arbitrary code via a crafted DXF file, a different vulnerability than CVE-2010-0254 and CVE-2010-0256.",2010-05-06 12:47:23.753,Metasploit
CVE-2010-1714,0.0,0.01751,Directory traversal vulnerability in the Arcade Games (com_arcadegames) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.,2010-05-04 16:00:36.027,Nuclei
CVE-2010-1715,0.0,0.01242,Directory traversal vulnerability in the Online Examination (aka Online Exam or com_onlineexam) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.  NOTE: some of these details are obtained from third party information.,2010-05-04 16:00:36.073,Nuclei
CVE-2010-1717,0.0,0.01733,Directory traversal vulnerability in the iF surfALERT (com_if_surfalert) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.,2010-05-04 16:00:36.137,Nuclei
CVE-2010-1718,0.0,0.00826,Directory traversal vulnerability in archeryscores.php in the Archery Scores (com_archeryscores) component 1.0.6 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.,2010-05-04 16:00:36.167,Nuclei
CVE-2010-1719,0.0,0.01671,Directory traversal vulnerability in the MT Fire Eagle (com_mtfireeagle) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.,2010-05-04 16:00:36.200,Nuclei
CVE-2010-1722,0.0,0.01242,Directory traversal vulnerability in the Online Market (com_market) component 2.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.,2010-05-04 16:00:36.293,Nuclei
CVE-2010-1723,0.0,0.01956,Directory traversal vulnerability in the iNetLanka Contact Us Draw Root Map (com_drawroot) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.,2010-05-04 16:00:36.323,Nuclei
CVE-2010-1770,0.0,0.96474,"WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 on Mac OS X 10.4, and Google Chrome before 5.0.375.70 does not properly handle a transformation of a text node that has the IBM1147 character set, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document containing a BR element, related to a ""type checking issue.""",2010-06-11 19:30:20.440,EPSS
CVE-2010-1799,0.0,0.40401,Stack-based buffer overflow in the error-logging functionality in Apple QuickTime before 7.6.7 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.,2010-08-16 18:39:40.467,Metasploit
CVE-2010-1818,0.0,0.97059,"The IPersistPropertyBag2::Read function in QTPlugin.ocx in Apple QuickTime 6.x, 7.x before 7.6.8, and other versions allows remote attackers to execute arbitrary code via the _Marshaled_pUnk attribute, which triggers unmarshalling of an untrusted pointer.",2010-08-31 20:00:01.420,EPSS/Metasploit
CVE-2010-1858,0.0,0.01155,Directory traversal vulnerability in the SMEStorage (com_smestorage) component before 1.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.,2010-05-07 20:30:01.377,Nuclei
CVE-2010-1870,0.0,0.08484,"The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side context objects and bypass the ""#"" protection mechanism in ParameterInterceptors via the (1) #context, (2) #_memberAccess, (3) #root, (4) #this, (5) #_typeResolver, (6) #_classResolver, (7) #_traceEvaluations, (8) #_lastEvaluation, (9) #_keepLastEvaluation, and possibly other OGNL context variables, a different vulnerability than CVE-2008-6504.",2010-08-17 20:00:03.407,Metasploit/Nuclei
CVE-2010-1871,0.0,0.96767,"JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language (EL) expressions, which allows remote attackers to execute arbitrary code via a crafted URL.  NOTE: this is only a vulnerability when the Java Security Manager is not properly configured.",2010-08-05 13:23:09.477,EPSS/CISA
CVE-2010-1875,0.0,0.01222,Directory traversal vulnerability in the Real Estate Property (com_properties) component 3.1.22-03 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information.,2010-05-12 11:46:12.643,Nuclei
CVE-2010-1878,0.0,0.00826,Directory traversal vulnerability in the OrgChart (com_orgchart) component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.,2010-05-12 11:46:12.737,Nuclei
CVE-2010-1885,0.0,0.97407,"The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka ""Help Center URL Validation Vulnerability.""",2010-06-15 14:04:23.530,EPSS/Metasploit
CVE-2010-1899,0.0,0.97061,"Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka ""IIS Repeated Parameter Request Denial of Service Vulnerability.""",2010-09-15 19:00:18.790,EPSS/Metasploit
CVE-2010-1939,0.0,0.95729,"Use-after-free vulnerability in Apple Safari 4.0.5 on Windows allows remote attackers to execute arbitrary code by using window.open to create a popup window for a crafted HTML document, and then calling the parent window's close method, which triggers improper handling of a deleted window object.",2010-05-13 22:30:00.983,EPSS
CVE-2010-1952,0.0,0.01242,Directory traversal vulnerability in the BeeHeard (com_beeheard) and BeeHeard Lite (com_beeheardlite) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.,2010-05-19 12:07:52.477,Nuclei
CVE-2010-1953,0.0,0.05684,Directory traversal vulnerability in the iNetLanka Multiple Map (com_multimap) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.,2010-05-19 12:07:52.507,Nuclei
CVE-2010-1954,0.0,0.05684,Directory traversal vulnerability in the iNetLanka Multiple root (com_multiroot) component 1.0 and 1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.  NOTE: some of these details are obtained from third party information.,2010-05-19 12:07:52.570,Nuclei
CVE-2010-1955,0.0,0.01671,Directory traversal vulnerability in the Deluxe Blog Factory (com_blogfactory) component 1.1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.,2010-05-19 12:07:52.647,Nuclei
CVE-2010-1956,0.0,0.06055,Directory traversal vulnerability in the Gadget Factory (com_gadgetfactory) component 1.0.0 and 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.  NOTE: some of these details are obtained from third party information.,2010-05-19 12:07:52.727,Nuclei
CVE-2010-1957,0.0,0.01671,Directory traversal vulnerability in the Love Factory (com_lovefactory) component 1.3.4 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.,2010-05-19 12:07:52.820,Nuclei
CVE-2010-1960,0.0,0.84833,"Buffer overflow in the error handling functionality in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long, invalid option to jovgraph.exe.",2010-06-10 00:30:07.567,Metasploit
CVE-2010-1961,0.0,0.84833,"Buffer overflow in ovutil.dll in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unspecified variables to jovgraph.exe, which are not properly handled in a call to the sprintf function.",2010-06-10 00:30:07.613,Metasploit
CVE-2010-1964,0.0,0.96235,"Buffer overflow in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unspecified parameters to jovgraph.exe, aka ZDI-CAN-683.",2010-06-17 16:30:01.950,EPSS/Metasploit
CVE-2010-1977,0.0,0.00826,Directory traversal vulnerability in the J!WHMCS Integrator (com_jwhmcs) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.,2010-05-19 20:00:01.270,Nuclei
CVE-2010-1979,0.0,0.00826,Directory traversal vulnerability in the Affiliate Datafeeds (com_datafeeds) component build 880 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.,2010-05-19 20:00:01.333,Nuclei
CVE-2010-1980,0.0,0.02401,Directory traversal vulnerability in joomlaflickr.php in the Joomla Flickr (com_joomlaflickr) component 1.0.3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.,2010-05-19 20:00:01.397,Nuclei
CVE-2010-1981,0.0,0.00656,Directory traversal vulnerability in the Fabrik (com_fabrik) component 2.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.,2010-05-19 20:00:01.427,Nuclei
CVE-2010-1982,0.0,0.00477,Directory traversal vulnerability in the JA Voice (com_javoice) component 2.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.,2010-05-19 20:00:01.457,Nuclei
CVE-2010-1983,0.0,0.01815,Directory traversal vulnerability in the redTWITTER (com_redtwitter) component 1.0.x including 1.0b11 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.  NOTE: some of these details are obtained from third party information.,2010-05-19 20:00:01.507,Nuclei
CVE-2010-2033,0.0,0.23423,Directory traversal vulnerability in the Percha Multicategory Article (com_perchacategoriestree) component 0.6 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.,2010-05-25 14:30:01.563,Nuclei
CVE-2010-2034,0.0,0.08973,Directory traversal vulnerability in the Percha Image Attach (com_perchaimageattach) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.,2010-05-25 14:30:01.593,Nuclei
CVE-2010-2035,0.0,0.08973,Directory traversal vulnerability in the Percha Gallery (com_perchagallery) component 1.6 Beta for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.,2010-05-25 14:30:01.627,Nuclei
CVE-2010-2036,0.0,0.08973,Directory traversal vulnerability in the Percha Fields Attach (com_perchafieldsattach) component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.,2010-05-25 14:30:01.657,Nuclei
CVE-2010-2037,0.0,0.08973,Directory traversal vulnerability in the Percha Downloads Attach (com_perchadownloadsattach) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.,2010-05-25 14:30:01.687,Nuclei
CVE-2010-2045,0.0,0.01671,Directory traversal vulnerability in the Dione Form Wizard (aka FDione or com_dioneformwizard) component 1.0.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.,2010-05-25 18:30:01.797,Nuclei
CVE-2010-2050,0.0,0.03527,Directory traversal vulnerability in the Moron Solutions MS Comment (com_mscomment) component 0.8.0b for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.,2010-05-25 18:30:01.987,Nuclei
CVE-2010-2063,0.0,0.97159,Buffer overflow in the SMB1 packet chaining implementation in the chain_reply function in process.c in smbd in Samba 3.0.x before 3.3.13 allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted field in a packet.,2010-06-17 16:30:01.983,EPSS/Metasploit
CVE-2010-2075,0.0,0.64951,"UnrealIRCd 3.2.8.1, as distributed on certain mirror sites from November 2009 through June 2010, contains an externally introduced modification (Trojan Horse) in the DEBUG3_DOLOG_SYSTEM macro, which allows remote attackers to execute arbitrary commands.",2010-06-15 14:04:26.327,Metasploit
CVE-2010-2115,0.0,0.50091,SolarWinds TFTP Server 10.4.0.10 allows remote attackers to cause a denial of service (no new connections) via a crafted read request.,2010-05-28 20:30:01.567,Metasploit
CVE-2010-2122,0.0,0.01806,Directory traversal vulnerability in the SimpleDownload (com_simpledownload) component before 0.9.6 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.,2010-06-01 21:30:01.070,Nuclei
CVE-2010-2128,0.0,0.01242,Directory traversal vulnerability in the JE Quotation Form (com_jequoteform) component 1.0b1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the view parameter to index.php.,2010-06-01 21:30:01.290,Nuclei
CVE-2010-2156,0.0,0.96675,ISC DHCP 4.1 before 4.1.1-P1 and 4.0 before 4.0.2-P1 allows remote attackers to cause a denial of service (server exit) via a zero-length client ID.,2010-06-07 17:13:07.327,EPSS/Metasploit
CVE-2010-2259,0.0,0.01671,Directory traversal vulnerability in the BF Survey (com_bfsurvey) component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.,2010-06-09 20:30:29.663,Nuclei
CVE-2010-2263,0.0,0.02695,"nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.",2010-06-15 14:04:24.313,Metasploit
CVE-2010-2307,0.0,0.00917,"Multiple directory traversal vulnerabilities in the web server for Motorola SURFBoard cable modem SBV6120E running firmware SBV6X2X-1.0.0.5-SCM-02-SHPC allow remote attackers to read arbitrary files via (1) ""//"" (multiple leading slash), (2) ../ (dot dot) sequences, and encoded dot dot sequences in a URL request.",2010-06-16 20:30:02.717,Nuclei
CVE-2010-2309,0.0,0.92197,Buffer overflow in the web server for EvoLogical EvoCam 3.6.6 and 3.6.7 allows remote attackers to execute arbitrary code via a long GET request.,2010-06-16 20:30:02.780,Metasploit
CVE-2010-2333,0.0,0.91424,LiteSpeed Technologies LiteSpeed Web Server 4.0.x before 4.0.15 allows remote attackers to read the source code of scripts via an HTTP request with a null byte followed by a .txt file extension.,2010-06-18 20:30:01.360,Metasploit
CVE-2010-2343,0.0,0.95104,"Stack-based buffer overflow in D.R. Software Audio Converter 8.1, 2007, and 8.05 allows remote attackers to execute arbitrary code via a crafted pls playlist file.",2010-06-21 15:30:03.007,EPSS/Metasploit
CVE-2010-2415,0.0,0.10213,"Unspecified vulnerability in the Change Data Capture component in Oracle Database Server 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_CDC_PUBLISH.",2010-10-14 02:00:02.337,Metasploit
CVE-2010-2426,0.0,0.0725,"Directory traversal vulnerability in TitanFTPd in South River Technologies Titan FTP Server 8.10.1125, and probably earlier versions, allows remote authenticated users to read arbitrary files, determine file size, via ""..//"" sequences in the xcrc command.",2010-06-24 12:17:45.170,Metasploit
CVE-2010-2507,0.0,0.01671,Directory traversal vulnerability in the Picasa2Gallery (com_picasa2gallery) component 1.2.8 and earlier for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.,2010-06-28 20:30:01.140,Nuclei
CVE-2010-2550,0.0,0.9711,"The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate fields in an SMB request, which allows remote attackers to execute arbitrary code via a crafted SMB packet, aka ""SMB Pool Overflow Vulnerability.""",2010-08-11 18:47:50.717,EPSS/Metasploit
CVE-2010-2556,0.0,0.95905,"Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka ""Uninitialized Memory Corruption Vulnerability.""",2010-08-11 18:47:50.890,EPSS
CVE-2010-2557,0.0,0.95905,"Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka ""Uninitialized Memory Corruption Vulnerability.""",2010-08-11 18:47:50.920,EPSS
CVE-2010-2559,0.0,0.95905,"Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka ""Uninitialized Memory Corruption Vulnerability,"" a different vulnerability than CVE-2009-3671, CVE-2009-3674, CVE-2010-0245, and CVE-2010-0246.",2010-08-11 18:47:50.967,EPSS
CVE-2010-2560,0.0,0.95075,"Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka ""HTML Layout Memory Corruption Vulnerability.""",2010-08-11 18:47:51.000,EPSS
CVE-2010-2562,0.0,0.9693,"Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Excel file, aka ""Excel Memory Corruption Vulnerability.""",2010-08-11 18:47:51.063,EPSS
CVE-2010-2568,0.0,0.97165,"Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems.",2010-07-22 05:43:49.703,EPSS/CISA
CVE-2010-2572,0.0,0.91353,"Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint 95 document, aka ""PowerPoint Parsing Buffer Overflow Vulnerability.""",2010-11-10 03:00:01.850,CISA
CVE-2010-2573,0.0,0.95271,"Integer underflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3, PowerPoint Viewer SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka ""PowerPoint Integer Underflow Causes Heap Corruption Vulnerability.""",2010-11-10 03:00:01.897,EPSS
CVE-2010-2590,0.0,0.90761,Heap-based buffer overflow in the CrystalReports12.CrystalPrintControl.1 ActiveX control in PrintControl.dll 12.3.2.753 in SAP Crystal Reports 2008 SP3 Fix Pack 3.2 allows remote attackers to execute arbitrary code via a long ServerResourceVersion property value.,2010-12-22 03:00:03.000,Metasploit
CVE-2010-2620,0.0,0.52413,"Open&Compact FTP Server (Open-FTPD) 1.2 and earlier allows remote attackers to bypass authentication by sending (1) LIST, (2) RETR, (3) STOR, or other commands without performing the required login steps first.",2010-07-02 20:30:01.677,Metasploit
CVE-2010-2680,0.0,0.00826,Directory traversal vulnerability in the JExtensions JE Section/Property Finder (jesectionfinder) component for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the view parameter to index.php.,2010-07-12 13:27:27.923,Nuclei
CVE-2010-2682,0.0,0.00826,Directory traversal vulnerability in the Realtyna Translator (com_realtyna) component 1.0.15 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.,2010-07-12 13:27:28.097,Nuclei
CVE-2010-2703,0.0,0.96124,"Stack-based buffer overflow in the execvp_nc function in the ov.dll module in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53, when running on Windows, allows remote attackers to execute arbitrary code via a long HTTP request to webappmon.exe.",2010-07-28 12:48:53.323,EPSS/Metasploit
CVE-2010-2709,0.0,0.96473,Stack-based buffer overflow in webappmon.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long OvJavaLocale value in a cookie.,2010-08-05 18:17:57.573,EPSS/Metasploit
CVE-2010-2729,0.0,0.9708,"The Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when printer sharing is enabled, does not properly validate spooler access permissions, which allows remote attackers to create files in a system directory, and consequently execute arbitrary code, by sending a crafted print request over RPC, as exploited in the wild in September 2010, aka ""Print Spooler Service Impersonation Vulnerability.""",2010-09-15 19:00:19.103,EPSS/Metasploit
CVE-2010-2731,0.0,0.24769,"Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 on Windows XP SP3, when directory-based Basic Authentication is enabled, allows remote attackers to bypass intended access restrictions and execute ASP files via a crafted request, aka ""Directory Authentication Bypass Vulnerability.""",2010-09-15 19:00:19.260,Metasploit
CVE-2010-2743,0.0,0.00044,"The kernel-mode drivers in Microsoft Windows XP SP3 do not properly perform indexing of a function-pointer table during the loading of keyboard layouts from disk, which allows local users to gain privileges via a crafted application, as demonstrated in the wild in July 2010 by the Stuxnet worm, aka ""Win32k Keyboard Layout Vulnerability.""  NOTE: this might be a duplicate of CVE-2010-3888 or CVE-2010-3889.",2011-01-20 21:00:01.380,Metasploit
CVE-2010-2857,0.0,0.00826,Directory traversal vulnerability in the Music Manager component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the cid parameter to album.html.,2010-07-25 02:04:14.593,Nuclei
CVE-2010-2861,0.0,0.97078,"Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/.",2010-08-11 18:47:51.157,EPSS/CISA/Metasploit/Nuclei
CVE-2010-2883,0.0,0.59597,"Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF document with a long field in a Smart INdependent Glyphlets (SING) table in a TTF font, as exploited in the wild in September 2010. NOTE: some of these details are obtained from third party information.",2010-09-09 22:00:02.250,CISA
CVE-2010-2918,0.0,0.02847,PHP remote file inclusion vulnerability in core/include/myMailer.class.php in the Visites (com_joomla-visites) component 1.1 RC2 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.,2010-07-30 20:30:03.847,Nuclei
CVE-2010-2920,0.0,0.03527,Directory traversal vulnerability in the Foobla Suggestions (com_foobla_suggestions) component 1.5.1.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.,2010-07-30 20:30:03.927,Nuclei
CVE-2010-3000,0.0,0.95085,Multiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allow remote attackers to execute arbitrary code via crafted (1) HX_FLV_META_AMF_TYPE_MIXEDARRAY or (2) HX_FLV_META_AMF_TYPE_ARRAY data in an FLV file.,2010-08-30 20:00:02.640,EPSS
CVE-2010-3007,0.0,0.92158,"Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3.x before build 56936 and 4.x before build 56906 allows local users to gain privileges or cause a denial of service via unknown vectors.",2010-09-09 22:00:02.437,Metasploit
CVE-2010-3035,0.0,0.02424,"Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote attackers to cause a denial of service (peering reset) via a crafted prefix announcement, as demonstrated in the wild in August 2010 with attribute type code 99, aka Bug ID CSCti62211.",2010-08-30 21:00:12.203,CISA
CVE-2010-3072,0.0,0.9565,The string-comparison functions in String.cci in Squid 3.x before 3.1.8 and 3.2.x before 3.2.0.2 allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request.,2010-09-20 21:00:02.597,EPSS
CVE-2010-3106,0.0,0.17464,"The ienipp.ocx ActiveX control in the browser plugin in Novell iPrint Client before 5.42 does not properly validate the debug parameter, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a parameter value with a crafted length, related to the ExecuteRequest method.",2010-08-23 22:00:03.393,Metasploit
CVE-2010-3138,0.0,0.97041,"Untrusted search path vulnerability in the Indeo Codec in iac25_32.ax in Microsoft Windows XP SP3 allows local users to gain privileges via a Trojan horse iacenc.dll file in the current working directory, as demonstrated by access through BS.Player or Media Player Classic to a directory that contains a .avi, .mka, .ra, or .ram file, aka ""Indeo Codec Insecure Library Loading Vulnerability."" NOTE: some of these details are obtained from third party information.",2010-08-27 19:00:01.393,EPSS
CVE-2010-3145,0.0,0.9697,"Untrusted search path vulnerability in the BitLocker Drive Encryption API, as used in sdclt.exe in Backup Manager in Microsoft Windows Vista SP1 and SP2, allows local users to gain privileges via a Trojan horse fveapi.dll file in the current working directory, as demonstrated by a directory that contains a Windows Backup Catalog (.wbcat) file, aka ""Backup Manager Insecure Library Loading Vulnerability.""",2010-08-27 19:00:02.160,EPSS
CVE-2010-3146,0.0,0.96227,"Multiple untrusted search path vulnerabilities in Microsoft Groove 2007 SP2 allow local users to gain privileges via a Trojan horse (1) mso.dll or (2) GroovePerfmon.dll file in the current working directory, as demonstrated by a directory that contains a Groove vCard (.vcg) or Groove Tool Archive (.gta) file, aka ""Microsoft Groove Insecure Library Loading Vulnerability.""",2010-08-27 19:00:02.287,EPSS
CVE-2010-3189,0.0,0.95629,The extSetOwner function in the UfProxyBrowserCtrl ActiveX control (UfPBCtrl.dll) in Trend Micro Internet Security Pro 2010 allows remote attackers to execute arbitrary code via an invalid address that is dereferenced as a pointer.,2010-08-31 20:00:02.107,EPSS/Metasploit
CVE-2010-3203,0.0,0.02108,Directory traversal vulnerability in the PicSell (com_picsell) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dflink parameter in a prevsell dwnfree action to index.php.,2010-09-03 18:00:02.577,Nuclei
CVE-2010-3231,0.0,0.95321,"Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka ""Excel Record Parsing Memory Corruption Vulnerability.""",2010-10-13 19:00:45.493,EPSS
CVE-2010-3239,0.0,0.96541,"Microsoft Excel 2002 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka ""Extra Out of Boundary Record Parsing Vulnerability.""",2010-10-13 19:00:46.010,EPSS
CVE-2010-3275,0.0,0.93759,"libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an AMV file, related to a ""dangling pointer vulnerability.""",2011-03-28 16:55:02.530,Metasploit
CVE-2010-3324,0.0,0.96144,"The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka ""HTML Sanitization Vulnerability,"" a different vulnerability than CVE-2010-1257.",2010-09-17 18:00:03.290,EPSS
CVE-2010-3326,0.0,0.95635,"Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka ""Uninitialized Memory Corruption Vulnerability.""",2010-10-13 19:00:46.227,EPSS
CVE-2010-3329,0.0,0.96106,"mshtmled.dll in Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code via a crafted Microsoft Office document that causes the HtmlDlgHelper class destructor to access uninitialized memory, aka ""Uninitialized Memory Corruption Vulnerability.""",2010-10-13 19:00:46.353,EPSS
CVE-2010-3331,0.0,0.95635,"Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory in certain circumstances involving use of Microsoft Word to read Word documents, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka ""Uninitialized Memory Corruption Vulnerability.""",2010-10-13 19:00:46.430,EPSS
CVE-2010-3332,0.0,0.96931,"Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka ""ASP.NET Padding Oracle Vulnerability.""",2010-09-22 19:00:06.213,EPSS
CVE-2010-3333,0.0,0.97312,"Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka ""RTF Stack Buffer Overflow Vulnerability.""",2010-11-10 03:00:02.087,EPSS/CISA/Metasploit
CVE-2010-3334,0.0,0.95365,"Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing an Office Art Drawing record with crafted msofbtSp records and unspecified flags, which triggers memory corruption, aka ""Office Art Drawing Records Vulnerability.""",2010-11-10 03:00:02.133,EPSS
CVE-2010-3337,0.0,0.95801,"Untrusted search path vulnerability in Microsoft Office 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka ""Insecure Library Loading Vulnerability."" NOTE: this might overlap CVE-2010-3141 and CVE-2010-3142.",2010-11-10 03:00:02.257,EPSS
CVE-2010-3338,0.0,0.0022,"The Windows Task Scheduler in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the security context of scheduled tasks, which allows local users to gain privileges via a crafted application, aka ""Task Scheduler Vulnerability."" NOTE: this might overlap CVE-2010-3888.",2010-12-16 19:33:02.287,Metasploit
CVE-2010-3345,0.0,0.95621,"Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka ""HTML Element Memory Corruption Vulnerability.""",2010-12-16 19:33:02.457,EPSS
CVE-2010-3346,0.0,0.95621,"Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka ""HTML Element Memory Corruption Vulnerability.""",2010-12-16 19:33:02.490,EPSS
CVE-2010-3407,0.0,0.93298,"Stack-based buffer overflow in the MailCheck821Address function in nnotes.dll in the nrouter.exe service in the server in IBM Lotus Domino 8.0.x before 8.0.2 FP5 and 8.5.x before 8.5.1 FP2 allows remote attackers to execute arbitrary code via a long e-mail address in an ORGANIZER:mailto header in an iCalendar calendar-invitation e-mail message, aka SPR NRBY7ZPJ9V.",2010-09-16 21:00:02.233,Metasploit
CVE-2010-3426,0.0,0.00826,Directory traversal vulnerability in jphone.php in the JPhone (com_jphone) component 1.0 Alpha 3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.,2010-09-16 22:00:03.267,Nuclei
CVE-2010-3552,0.0,0.96625,"Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.",2010-10-19 22:00:02.893,EPSS/Metasploit
CVE-2010-3563,0.0,0.96294,"Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to ""how Web Start retrieves security policies,"" BasicServiceImpl, and forged policies that bypass sandbox restrictions.",2010-10-19 22:00:03.300,EPSS/Metasploit
CVE-2010-3585,0.0,0.97099,"Unspecified vulnerability in the OracleVM component in Oracle VM 2.2.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to ovs-agent. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a third party researcher that this is related to the exposure of unspecified functions using XML-RPC.",2010-10-14 18:00:19.383,EPSS/Metasploit
CVE-2010-3600,0.0,0.97182,"Unspecified vulnerability in the Client System Analyzer component in Oracle Database Server 11.1.0.7 and 11.2.0.1 and Enterprise Manager Grid Control 10.2.0.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU.  Oracle has not commented on claims from a reliable third party coordinator that this issue involves an exposed JSP script that accepts XML uploads in conjunction with NULL bytes in an unspecified parameter that allow execution of arbitrary code.",2011-01-19 16:00:03.000,EPSS/Metasploit
CVE-2010-3653,0.0,0.86821,"The Director module (dirapi.dll) in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with a crafted rcsL chunk containing a field whose value is used as a pointer offset, as exploited in the wild in October 2010. NOTE: some of these details are obtained from third party information.",2010-10-26 18:00:01.597,Metasploit
CVE-2010-3654,0.0,0.96917,"Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x through 9.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted SWF content, as exploited in the wild in October 2010.",2010-10-29 19:00:02.060,EPSS/Metasploit
CVE-2010-3714,0.0,0.08517,"The jumpUrl (aka access tracking) implementation in tslib/class.tslib_fe.php in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly compare certain hash values during access-control decisions, which allows remote attackers to read arbitrary files via unspecified vectors.",2010-10-25 20:01:04.473,Metasploit
CVE-2010-3747,0.0,0.95303,"An ActiveX control in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 does not properly initialize an unspecified object component during parsing of a CDDA URI, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer dereference and application crash) via a long URI.",2010-10-19 00:00:01.457,EPSS/Metasploit
CVE-2010-3765,0.0,0.96733,"Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.",2010-10-28 00:00:05.237,EPSS/Metasploit
CVE-2010-3856,0.0,0.00042,"ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so.",2011-01-07 19:00:17.843,Metasploit
CVE-2010-3904,0.0,0.00088,"The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.",2010-12-06 20:13:00.513,CISA/Metasploit
CVE-2010-3962,0.0,0.97032,"Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an ""invalid flag reference"" issue or ""Uninitialized Memory Corruption Vulnerability,"" as exploited in the wild in November 2010.",2010-11-05 17:00:02.890,EPSS/Metasploit
CVE-2010-3964,0.0,0.97027,"Unrestricted file upload vulnerability in the Document Conversions Launcher Service in Microsoft Office SharePoint Server 2007 SP2, when the Document Conversions Load Balancer Service is enabled, allows remote attackers to execute arbitrary code via a crafted SOAP request to TCP port 8082, aka ""Malformed Request Code Execution Vulnerability.""",2010-12-16 19:33:03.367,EPSS/Metasploit
CVE-2010-3965,0.0,0.96151,"Untrusted search path vulnerability in Windows Media Encoder 9 on Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Windows Media Profile (PRX) file, aka ""Insecure Library Loading Vulnerability.""",2010-12-16 19:33:03.397,EPSS
CVE-2010-3966,0.0,0.96108,"Untrusted search path vulnerability in Microsoft Windows Server 2008 R2 and Windows 7, when BranchCache is supported, allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an EML file, an RSS file, or a WPOST file, aka ""BranchCache Insecure Library Loading Vulnerability.""",2010-12-16 19:33:03.443,EPSS
CVE-2010-3967,0.0,0.96972,"Untrusted search path vulnerability in Microsoft Windows Movie Maker (WMM) 2.6 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Movie Maker (MSWMM) file, aka ""Insecure Library Loading Vulnerability.""",2010-12-16 19:33:03.473,EPSS
CVE-2010-3970,0.0,0.97344,"Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unspecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao, aka ""Windows Shell Graphics Processing Overrun Vulnerability.""",2010-12-22 21:00:16.770,EPSS/Metasploit
CVE-2010-3971,0.0,0.97153,"Use-after-free vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets (CSS) parser in mshtml.dll, as used in Microsoft Internet Explorer 6 through 8 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a self-referential @import rule in a stylesheet, aka ""CSS Memory Corruption Vulnerability.""",2010-12-22 21:00:17.723,EPSS/Metasploit
CVE-2010-3972,0.0,0.96992,"Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka ""IIS FTP Service Heap Buffer Overrun Vulnerability."" NOTE: some of these details are obtained from third party information.",2010-12-23 18:00:02.557,EPSS/Metasploit
CVE-2010-3973,0.0,0.96934,"The WMITools ActiveX control in WBEMSingleView.ocx 1.50.1131.0 in Microsoft WMI Administrative Tools 1.1 and earlier in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted argument to the AddContextRef method, possibly an untrusted pointer dereference, aka ""Microsoft WMITools ActiveX Control Vulnerability.""",2010-12-23 18:00:03.150,EPSS/Metasploit
CVE-2010-3974,0.0,0.95166,"fxscover.exe in the Fax Cover Page Editor in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse FAX cover pages, which allows remote attackers to execute arbitrary code via a crafted .cov file, aka ""Fax Cover Page Editor Memory Corruption Vulnerability.""",2011-04-13 18:55:00.890,EPSS
CVE-2010-4170,0.0,0.00058,"The staprun runtime tool in SystemTap 1.3 does not properly clear the environment before executing modprobe, which allows local users to gain privileges by setting the MODPROBE_OPTIONS environment variable to specify a malicious configuration file.",2010-12-07 22:00:02.437,Metasploit
CVE-2010-4221,0.0,0.96409,Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a (1) FTP or (2) FTPS server.,2010-11-09 21:00:06.383,EPSS
CVE-2010-4231,0.0,0.01615,Directory traversal vulnerability in the web-based administration interface on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.,2010-11-17 01:00:03.857,Nuclei
CVE-2010-4239,9.8,0.02675,Tiki Wiki CMS Groupware 5.2 has Local File Inclusion,2019-10-28 15:15:12.583,Nuclei
CVE-2010-4279,0.0,0.96357,"The default configuration of Pandora FMS 3.1 and earlier specifies an empty string for the loginhash_pwd field, which allows remote attackers to bypass authentication by sending a request to index.php with ""admin"" in the loginhash_user parameter, in conjunction with the md5 hash of ""admin"" in the loginhash_data parameter.",2010-12-02 17:15:00.503,EPSS/Metasploit
CVE-2010-4282,0.0,0.0084,"Multiple directory traversal vulnerabilities in Pandora FMS before 3.1.1 allow remote attackers to include and execute arbitrary local files via (1) the page parameter to ajax.php or (2) the id parameter to general/pandora_help.php, and allow remote attackers to include and execute, create, modify, or delete arbitrary local files via (3) the layout parameter to operation/agentes/networkmap.php.",2010-12-02 17:15:00.597,Nuclei
CVE-2010-4321,0.0,0.40597,"Stack-based buffer overflow in an ActiveX control in ienipp.ocx in Novell iPrint Client 5.52 allows remote attackers to execute arbitrary code via a long argument to (1) the GetDriverSettings2 method, as reachable by (2) the GetDriverSettings method.",2010-12-30 19:00:04.517,Metasploit
CVE-2010-4323,0.0,0.95353,"Heap-based buffer overflow in novell-tftp.exe in Novell ZENworks Configuration Manager (ZCM) 10.3.1, 10.3.2, and 11.0, and earlier versions, allows remote attackers to execute arbitrary code via a long TFTP request.",2011-02-19 01:00:01.243,EPSS
CVE-2010-4335,0.0,0.91642,"The _validatePost function in libs/controller/components/security.php in CakePHP 1.3.x through 1.3.5 and 1.2.8 allows remote attackers to modify the internal Cake cache and execute arbitrary code via a crafted data[_Token][fields] value that is processed by the unserialize function, as demonstrated by modifying the file_map cache to execute arbitrary local files.",2011-01-14 23:00:46.850,Metasploit
CVE-2010-4344,0.0,0.93069,"Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.",2010-12-14 16:00:04.163,CISA/Metasploit
CVE-2010-4345,0.0,0.00121,"Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.",2010-12-14 16:00:04.257,CISA/Metasploit
CVE-2010-4398,0.0,0.00043,"Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka ""Driver Improper Interaction with Windows Kernel Vulnerability.""",2010-12-06 13:44:54.863,CISA
CVE-2010-4417,0.0,0.81475,"Unspecified vulnerability in the Services for Beehive component in Oracle Fusion Middleware 2.0.1.0, 2.0.1.1, 2.0.1.2, 2.0.1.2.1, and 2.0.1.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.  NOTE: the previous information was obtained from the January 2011 CPU.  Oracle has not commented on claims from a reliable third party coordinator that voice-servlet/prompt-qa/Index.jspf does not properly handle null (%00) bytes in the evaluation parameter that is used in a filename, which allows attackers to create a file with an executable extension and execute arbitrary JSP code.",2011-01-19 16:00:03.203,Metasploit
CVE-2010-4435,0.0,0.95419,"Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote attackers to affect confidentiality, integrity, and availability, related to CDE Calendar Manager Service Daemon and RPC.  NOTE: the previous information was obtained from the January 2011 CPU.  Oracle has not commented on claims from other software vendors that this affects other operating systems, such as HP-UX, or claims from a reliable third party that this is a buffer overflow in rpc.cmsd via long XDR-encoded ASCII strings in RPC call 10.",2011-01-19 17:00:02.123,EPSS
CVE-2010-4452,0.0,0.96452,"Unspecified vulnerability in the Deployment component in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors.",2011-02-17 19:00:01.260,EPSS/Metasploit
CVE-2010-4566,0.0,0.11685,"The web authentication form in the NT4 authentication component in Citrix Access Gateway Enterprise Edition 9.2-49.8 and earlier, and the NTLM authentication component in Access Gateway Standard and Advanced Editions before Access Gateway 5.0, allows attackers to execute arbitrary commands via shell metacharacters in the password field.",2011-01-14 23:00:47.207,Metasploit
CVE-2010-4617,0.0,0.00826,Directory traversal vulnerability in the JotLoader (com_jotloader) component 2.2.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php.,2010-12-29 22:33:32.633,Nuclei
CVE-2010-4701,0.0,0.9643,"Heap-based buffer overflow in the CDrawPoly::Serialize function in fxscover.exe in Microsoft Windows Fax Services Cover Page Editor 5.2 r2 in Windows XP Professional SP3, Server 2003 R2 Enterprise Edition SP2, and Windows 7 Professional allows remote attackers to execute arbitrary code via a long record in a Fax Cover Page (.cov) file. NOTE: some of these details are obtained from third party information.",2011-01-20 19:00:07.147,EPSS
CVE-2010-4719,0.0,0.04503,Directory traversal vulnerability in JRadio (com_jradio) component before 1.5.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.,2011-02-01 23:00:03.437,Nuclei
CVE-2010-4740,0.0,0.56451,"Stack-based buffer overflow in WTclient.dll in SCADA Engine BACnet OPC Client before 1.0.25 allows user-assisted remote attackers to execute arbitrary code via a crafted .csv file, related to a status log message.",2011-02-16 03:00:03.633,Metasploit
CVE-2010-4741,0.0,0.33231,Stack-based buffer overflow in MDMUtil.dll in MDMTool.exe in MDM Tool before 2.3 in Moxa Device Manager allows remote MDM Gateways to execute arbitrary code via crafted data in a session on TCP port 54321.,2011-02-18 18:00:00.743,Metasploit
CVE-2010-4742,0.0,0.65423,Stack-based buffer overflow in a certain ActiveX control in MediaDBPlayback.DLL 2.2.0.5 in the Moxa ActiveX SDK allows remote attackers to execute arbitrary code via a long PlayFileName property value.,2011-02-18 18:00:00.917,Metasploit
CVE-2010-4769,0.0,0.23423,Directory traversal vulnerability in the Jimtawl (com_jimtawl) component 1.0.2 Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the task parameter to index.php.,2011-03-23 22:00:01.683,Nuclei
CVE-2010-4804,0.0,0.09736,"The Android browser in Android before 2.3.4 allows remote attackers to obtain SD card contents via crafted content:// URIs, related to (1) BrowserActivity.java and (2) BrowserSettings.java in com/android/browser/.",2011-06-09 10:36:27.617,Metasploit
CVE-2010-4977,0.0,0.0016,SQL injection vulnerability in menu.php in the Canteen (com_canteen) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the mealid parameter to index.php.,2011-11-01 22:55:04.023,Nuclei
CVE-2010-5028,0.0,0.00316,SQL injection vulnerability in the JExtensions JE Job (com_jejob) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php.,2011-11-02 21:55:16.997,Nuclei
CVE-2010-5081,0.0,0.32504,Stack-based buffer overflow in Mini-Stream RM-MP3 Converter 3.1.2.1 allows remote attackers to execute arbitrary code via a long URL in a .pls file.,2011-12-25 01:55:01.817,Metasploit
CVE-2010-5193,0.0,0.94432,Stack-based buffer overflow in the TIFMergeMultiFiles function in the SCRIBBLE.ScribbleCtrl.1 ActiveX control (ImageViewer2.ocx) in Viscom Image Viewer CP Pro 8.0 and Gold 6.0 allows remote attackers to execute arbitrary code via a long strDelimit parameter.,2012-08-31 21:55:00.980,Metasploit
CVE-2010-5278,0.0,0.06135,"Directory traversal vulnerability in manager/controllers/default/resource/tvs.php in MODx Revolution 2.0.2-pl, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the class_key parameter.  NOTE: some of these details are obtained from third party information.",2012-10-07 20:55:00.907,Nuclei
CVE-2010-5286,0.0,0.08973,Directory traversal vulnerability in Jstore (com_jstore) component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.,2012-11-26 23:55:01.300,Nuclei
CVE-2010-5299,0.0,0.7655,"Stack-based buffer overflow in MicroP 0.1.1.1600 allows remote attackers to execute arbitrary code via a crafted .mppl file.  NOTE: it has been reported that the overflow is in the lpFileName parameter of the CreateFileA function, but the overflow is probably caused by a separate, unnamed function.",2014-05-23 00:55:03.350,Metasploit
CVE-2010-5324,0.0,0.82281,"Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 before 10.3 allows remote attackers to execute arbitrary code via a zenworks-fileupload request with a crafted directory name in the type parameter, in conjunction with a WAR filename in the filename parameter and WAR content in the POST data, a different vulnerability than CVE-2010-5323.",2015-06-07 23:59:01.473,Metasploit
CVE-2010-5326,10.0,0.16132,"The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require authentication, which allows remote attackers to execute arbitrary code via an HTTP or HTTPS request, as exploited in the wild in 2013 through 2016, aka a ""Detour"" attack.",2016-05-13 10:59:00.173,CISA
CVE-2010-5330,0.0,0.02693,"On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP info) because the ifname variable is not sanitized, as demonstrated by shell metacharacters. The fixed version is v4.0.1 for 802.11 ISP products, v5.3.5 for AirMax ISP products, and v5.4.5 for AirSync firmware. For example, Nanostation5 (Air OS) is affected.",2019-06-11 21:29:00.350,CISA
CVE-2011-0027,0.0,0.95723,"Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a large CacheSize property that triggers an integer wrap and a buffer overflow, aka ""ADO Record Memory Vulnerability.""  NOTE: this might be a duplicate of CVE-2010-1117 or CVE-2010-1118.",2011-01-12 01:00:01.887,EPSS
CVE-2011-0028,0.0,0.95608,"WordPad in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse fields in Word documents, which allows remote attackers to execute arbitrary code via a crafted .doc file, aka ""WordPad Converter Parsing Vulnerability.""",2011-04-13 18:55:00.923,EPSS
CVE-2011-0029,0.0,0.95824,"Untrusted search path vulnerability in the client in Microsoft Remote Desktop Connection 5.2, 6.0, 6.1, and 7.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .rdp file, aka ""Remote Desktop Insecure Library Loading Vulnerability.""",2011-03-09 23:00:01.793,EPSS
CVE-2011-0038,0.0,0.95186,"Untrusted search path vulnerability in Microsoft Internet Explorer 8 might allow local users to gain privileges via a Trojan horse IEShims.dll in the current working directory, as demonstrated by a Desktop directory that contains an HTML file, aka ""Internet Explorer Insecure Library Loading Vulnerability.""",2011-02-10 16:00:13.613,EPSS
CVE-2011-0041,0.0,0.95236,"Integer overflow in gdiplus.dll in GDI+ in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted EMF image, aka ""GDI+ Integer Overflow Vulnerability.""",2011-04-13 18:55:01.017,EPSS
CVE-2011-0049,0.0,0.8814,"Directory traversal vulnerability in the _list_file_get function in lib/Majordomo.pm in Majordomo 2 before 20110131 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the help command, as demonstrated using (1) a crafted email and (2) cgi-bin/mj_wwwusr in the web interface.",2011-02-04 01:00:07.400,Metasploit/Nuclei
CVE-2011-0063,0.0,0.03979,"The _list_file_get function in lib/Majordomo.pm in Majordomo 2 20110203 and earlier allows remote attackers to conduct directory traversal attacks and read arbitrary files via a ./.../ sequence in the ""extra"" parameter to the help command, which causes the regular expression to produce .. (dot dot) sequences.  NOTE: this vulnerability is due to an incomplete fix for CVE-2011-0049.",2011-03-15 17:55:02.937,Metasploit
CVE-2011-0065,0.0,0.96905,"Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mChannel.",2011-05-07 18:55:00.997,EPSS
CVE-2011-0073,0.0,0.96482,"Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly use nsTreeRange data structures, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a ""dangling pointer.""",2011-05-07 18:55:01.293,EPSS/Metasploit
CVE-2011-0094,0.0,0.95766,"Use-after-free vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka ""Layouts Handling Memory Corruption Vulnerability.""",2011-04-13 18:55:01.047,EPSS
CVE-2011-0096,0.0,0.9705,"The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for content blocks in a document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site that is visited in Internet Explorer, aka ""MHTML Mime-Formatted Request Vulnerability.""",2011-01-31 20:00:49.173,EPSS
CVE-2011-0097,0.0,0.96558,"Integer underflow in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via a crafted 400h substream in an Excel file, which triggers a stack-based buffer overflow, aka ""Excel Integer Overrun Vulnerability.""",2011-04-13 18:55:01.080,EPSS
CVE-2011-0098,0.0,0.96558,"Integer signedness error in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via an XLS file with a large record size, aka ""Excel Heap Overflow Vulnerability.""",2011-04-13 18:55:01.127,EPSS
CVE-2011-0101,0.0,0.95869,"Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RealTimeData record, related to a stTopic field, double-byte characters, and an incorrect pointer calculation, aka ""Excel Record Parsing WriteAV Vulnerability.""",2011-04-13 18:55:01.157,EPSS
CVE-2011-0104,0.0,0.96303,"Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HLink record in an Excel file, aka ""Excel Buffer Overwrite Vulnerability.""",2011-04-13 18:55:01.220,EPSS
CVE-2011-0105,0.0,0.96762,"Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac obtain a certain length value from an uninitialized memory location, which allows remote attackers to trigger a buffer overflow and execute arbitrary code via a crafted Excel file, aka ""Excel Data Initialization Vulnerability.""",2011-04-13 18:55:01.250,EPSS/Metasploit
CVE-2011-0257,0.0,0.9589,Integer signedness error in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PnSize opcode in a PICT file that triggers a stack-based buffer overflow.,2011-08-15 21:55:01.270,EPSS/Metasploit
CVE-2011-0266,0.0,0.95358,"Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long nameParams parameter, a different vulnerability than CVE-2011-0267.2.",2011-01-13 19:00:05.447,EPSS/Metasploit
CVE-2011-0267,0.0,0.96665,"Multiple buffer overflows in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allow remote attackers to execute arbitrary code via a long (1) schdParams or (2) nameParams parameter, a different vulnerability than CVE-2011-0266.",2011-01-13 19:00:05.493,EPSS/Metasploit
CVE-2011-0276,0.0,0.97066,"HP OpenView Performance Insight Server 5.2, 5.3, 5.31, 5.4, and 5.41 contains a ""hidden account"" in the com.trinagy.security.XMLUserManager Java class, which allows remote attackers to execute arbitrary code via the doPost method in the com.trinagy.servlet.HelpManagerServlet class.",2011-02-02 01:00:06.533,EPSS/Metasploit
CVE-2011-0340,0.0,0.84078,"Multiple buffer overflows in the ISSymbol ActiveX control in ISSymbol.ocx 61.6.0.0 and 301.1009.2904.0 in the ISSymbol virtual machine, as distributed in Advantech Studio 6.1 SP6 61.6.01.05, InduSoft Web Studio before 7.0+SP1, and InduSoft Thin Client 7.0, allow remote attackers to execute arbitrary code via a long (1) InternationalOrder, (2) InternationalSeparator, or (3) LogFileName property value; or (4) a long bstrFileName argument to the OpenScreen method.",2011-05-04 22:55:01.467,Metasploit
CVE-2011-0404,0.0,0.92903,"Stack-based buffer overflow in NetSupport Manager Agent for Linux 11.00, for Solaris 9.50, and for Mac OS X 11.00 allows remote attackers to execute arbitrary code via a long control hostname to TCP port 5405, probably a different vulnerability than CVE-2007-5252.",2011-01-11 03:00:05.877,Metasploit
CVE-2011-0419,0.0,0.9672,"Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.",2011-05-16 17:55:02.387,EPSS
CVE-2011-0499,0.0,0.04334,"Buffer overflow in VideoSpirit Pro 1.6.8.1 and possibly earlier versions, and VideoSpirit Lite 1.4.0.1 and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via a VideoSpirit project (.visprj) file containing a valitem element with a long ""name"" attribute.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.",2011-01-20 19:00:09.880,Metasploit
CVE-2011-0500,0.0,0.02449,"Buffer overflow in VideoSpirit Pro 1.6.8.1, 1.68, and earlier; and VideoSpirit Lite 1.4.0.1 and possibly other versions; allows user-assisted remote attackers to execute arbitrary code via a VideoSpirit project (.visprj) file containing a valitem element with a long ""value"" attribute, as demonstrated using a valitem with the mp3 name.",2011-01-20 19:00:09.943,Metasploit
CVE-2011-0514,0.0,0.96661,The RDS service (rds.exe) in HP Data Protector Manager 6.11 allows remote attackers to cause a denial of service (crash) via a packet with a large data size to TCP port 1530.,2011-01-20 19:00:11.567,EPSS/Metasploit
CVE-2011-0517,0.0,0.96316,"Stack-based buffer overflow in Sielco Sistemi Winlog Pro 2.07.00 and earlier, when Run TCP/IP server is enabled, allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a crafted 0x02 opcode to TCP port 46823.",2011-01-20 19:00:12.287,EPSS/Metasploit
CVE-2011-0518,0.0,0.52793,"Directory traversal vulnerability in core/lib/router.php in LotusCMS Fraise 3.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via the system parameter to index.php.",2011-01-20 19:00:12.333,Metasploit
CVE-2011-0531,0.0,0.96783,"demux/mkv/mkv.hpp in the MKV demuxer plugin in VideoLAN VLC media player 1.1.6.1 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary commands via a crafted MKV (WebM or Matroska) file that triggers memory corruption, related to ""class mismatching"" and the MKV_IS_ID macro.",2011-02-07 21:00:16.697,EPSS/Metasploit
CVE-2011-0554,0.0,0.95625,"The management console in Symantec IM Manager before 8.4.18 allows remote attackers to execute arbitrary code via unspecified vectors, related to a ""code injection issue.""",2011-10-02 02:53:33.697,EPSS
CVE-2011-0609,0.0,0.97405,"Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x through 10.0.1 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, as demonstrated by a .swf file embedded in an Excel spreadsheet, and as exploited in the wild in March 2011.",2011-03-15 17:55:03.827,EPSS/CISA/Metasploit
CVE-2011-0611,8.8,0.97142,"Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a ""group of included constants,"" object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011.",2011-04-13 14:55:01.217,EPSS/CISA/Metasploit
CVE-2011-0647,0.0,0.96426,The irccd.exe service in EMC Replication Manager Client before 5.3 and NetWorker Module for Microsoft Applications 2.1.x and 2.2.x allows remote attackers to execute arbitrary commands via the RunProgram function to TCP port 6542.,2011-02-10 18:00:59.083,EPSS/Metasploit
CVE-2011-0654,0.0,0.95178,"Integer underflow in the BowserWriteErrorLogEntry function in the Common Internet File System (CIFS) browser service in Mrxsmb.sys or bowser.sys in Active Directory in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a malformed BROWSER ELECTION message, leading to a heap-based buffer overflow, aka ""Browser Pool Corruption Vulnerability."" NOTE: some of these details are obtained from third party information.",2011-02-16 01:00:02.617,EPSS/Metasploit
CVE-2011-0657,0.0,0.82596,"DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process DNS queries, which allows remote attackers to execute arbitrary code via (1) a crafted LLMNR broadcast query or (2) a crafted application, aka ""DNS Query Vulnerability.""",2011-04-13 18:55:01.390,Metasploit
CVE-2011-0762,0.0,0.25271,"The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632.",2011-03-02 20:00:01.770,Metasploit
CVE-2011-0807,0.0,0.96476,"Unspecified vulnerability in Oracle Sun GlassFish Enterprise Server 2.1, 2.1.1, and 3.0.1, and Sun Java System Application Server 9.1, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Administration.",2011-04-20 03:14:06.583,EPSS
CVE-2011-0922,0.0,0.95923,The client in HP Data Protector allows remote attackers to execute arbitrary programs via an EXEC_SETUP command that references a UNC share pathname.,2011-02-09 01:00:09.667,EPSS/Metasploit
CVE-2011-0923,0.0,0.97183,"The client in HP Data Protector does not properly validate EXEC_CMD arguments, which allows remote attackers to execute arbitrary Perl code via a crafted command, related to the ""local bin directory.""",2011-02-09 01:00:09.760,EPSS
CVE-2011-0951,0.0,0.01466,"The web-based management interface in Cisco Secure Access Control System (ACS) 5.1 before 5.1.0.44.6 and 5.2 before 5.2.0.26.3 allows remote attackers to change arbitrary user passwords via unspecified vectors, aka Bug ID CSCtl77440.",2011-04-04 12:27:36.843,Metasploit
CVE-2011-0976,0.0,0.95106,"Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and PowerPoint Viewer 2007 SP2 do not properly handle Office Art containers that have invalid records, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a PowerPoint document with a container that triggers certain access to an uninitialized object, aka ""OfficeArt Atom RCE Vulnerability.""",2011-02-10 19:00:01.753,EPSS
CVE-2011-0997,0.0,0.96946,"dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script.",2011-04-08 15:17:27.387,EPSS
CVE-2011-1140,0.0,0.02073,"Multiple stack consumption vulnerabilities in the dissect_ms_compressed_string and dissect_mscldap_string functions in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allow remote attackers to cause a denial of service (infinite recursion) via a crafted (1) SMB or (2) Connection-less LDAP (CLDAP) packet.",2011-03-03 01:00:01.457,Metasploit
CVE-2011-1220,0.0,0.974,"Stack-based buffer overflow in lcfd.exe in Tivoli Endpoint in IBM Tivoli Management Framework 3.7.1, 4.1, 4.1.1, and 4.3.1 allows remote authenticated users to execute arbitrary code via a long opts field.",2011-06-02 20:55:02.637,EPSS/Metasploit
CVE-2011-1260,0.0,0.97335,"Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka ""Layout Memory Corruption Vulnerability.""",2011-06-16 20:55:01.853,EPSS/Metasploit
CVE-2011-1276,0.0,0.96351,"Buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Excel spreadsheet, related to improper validation of record information, aka ""Excel Buffer Overrun Vulnerability.""",2011-06-16 20:55:02.213,EPSS
CVE-2011-1485,0.0,0.00068,"Race condition in the pkexec utility and polkitd daemon in PolicyKit (aka polkit) 0.96 allows local users to gain privileges by executing a setuid program from pkexec, related to the use of the effective user ID instead of the real user ID.",2011-05-31 20:55:02.313,Metasploit
CVE-2011-1565,0.0,0.43442,Directory traversal vulnerability in IGSSdataServer.exe 9.00.00.11063 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to (1) read (opcode 0x3) or (2) create or write (opcode 0x2) arbitrary files via ..\ (dot dot backslash) sequences to TCP port 12401.,2011-04-05 15:19:35.993,Metasploit
CVE-2011-1574,0.0,0.31184,Stack-based buffer overflow in the ReadS3M method in load_s3m.cpp in libmodplug before 0.8.8.2 allows remote attackers to execute arbitrary code via a crafted S3M file.,2011-05-09 22:55:01.990,Metasploit
CVE-2011-1591,0.0,0.95077,Stack-based buffer overflow in the DECT dissector in epan/dissectors/packet-dect.c in Wireshark 1.4.x before 1.4.5 allows remote attackers to execute arbitrary code via a crafted .pcap file.,2011-04-29 22:55:02.653,EPSS
CVE-2011-1653,0.0,0.9719,"Multiple SQL injection vulnerabilities in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 allow remote attackers to execute arbitrary SQL commands via vectors involving the (1) UnAssignFunctionalRoles, (2) UnassignAdminRoles, (3) DeleteFilter, (4) NonAssignedUserList, (5) DeleteReportLayout, (6) DeleteReports, and (7) RegenerateReport stored procedures.",2011-04-18 15:00:43.327,EPSS/Metasploit
CVE-2011-1655,0.0,0.9634,"The management.asmx module in the Management Web Service in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 sends a cleartext response to unspecified getDBConfigSettings requests, which makes it easier for remote attackers to obtain database credentials, and subsequently execute arbitrary code, by sniffing the network, related to the UNCWS Web Service.",2011-04-18 15:00:43.437,EPSS
CVE-2011-1669,0.0,0.02966,Directory traversal vulnerability in wp-download.php in the WP Custom Pages module 0.5.0.1 for WordPress allows remote attackers to read arbitrary files via ..%2F (encoded dot dot) sequences in the url parameter.,2011-04-10 02:51:20.167,Nuclei
CVE-2011-1774,0.0,0.96868,"WebKit in Apple Safari before 5.0.6 has improper libxslt security settings, which allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via a crafted web site.  NOTE: this may overlap CVE-2011-1425.",2011-07-21 23:55:02.707,EPSS
CVE-2011-1823,0.0,0.00073,"The vold volume manager daemon on Android 3.0 and 2.x before 2.3.4 trusts messages that are received from a PF_NETLINK socket, which allows local users to execute arbitrary code and gain root privileges via a negative index that bypasses a maximum-only signed integer check in the DirectVolume::handlePartitionAdded method, which triggers memory corruption, as demonstrated by Gingerbreak.",2011-06-09 10:36:27.680,CISA
CVE-2011-1865,0.0,0.9549,Multiple stack-based buffer overflows in the inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allow remote attackers to execute arbitrary code via a request containing crafted parameters.,2011-07-01 10:55:02.003,EPSS
CVE-2011-1871,0.0,0.95526,"Tcpip.sys in the TCP/IP stack in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a series of crafted ICMP messages, aka ""ICMP Denial of Service Vulnerability.""",2011-08-10 21:55:01.187,EPSS
CVE-2011-1889,0.0,0.6358,"The NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway (TMG) 2010 allows remote attackers to execute arbitrary code via vectors involving unspecified requests, aka ""TMG Firewall Client Memory Corruption Vulnerability.""",2011-06-16 20:55:02.543,CISA
CVE-2011-1900,0.0,0.00579,Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 6.1 and 7.x before 7.0+Patch 1 allows remote attackers to execute arbitrary code via an invalid request.,2011-05-04 22:55:03.687,Metasploit
CVE-2011-1961,0.0,0.96408,"The telnet URI handler in Microsoft Internet Explorer 6 through 9 does not properly launch the handler application, which allows remote attackers to execute arbitrary programs via a crafted web site, aka ""Telnet Handler Remote Code Execution Vulnerability.""",2011-08-10 21:55:01.343,EPSS
CVE-2011-1968,0.0,0.95526,"The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly process packets in memory, which allows remote attackers to cause a denial of service (reboot) by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, as exploited in the wild in 2011, aka ""Remote Desktop Protocol Vulnerability.""",2011-08-10 21:55:01.767,EPSS
CVE-2011-1986,0.0,0.95213,"Use-after-free vulnerability in Microsoft Excel 2003 SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka ""Excel Use after Free WriteAV Vulnerability.""",2011-09-15 12:26:48.837,EPSS
CVE-2011-1987,0.0,0.95191,"Array index error in Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka ""Excel Out of Bounds Array Indexing Vulnerability.""",2011-09-15 12:26:48.867,EPSS
CVE-2011-1988,0.0,0.95191,"Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly parse records in Excel spreadsheets, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka ""Excel Heap Corruption Vulnerability.""",2011-09-15 12:26:48.897,EPSS
CVE-2011-1990,0.0,0.95034,"Microsoft Excel 2007 SP2; Excel in Office 2007 SP2; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and Excel Services on Office SharePoint Server 2007 SP2 do not properly validate the sign of an unspecified array index, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka ""Excel Out of Bounds Array Indexing Vulnerability.""",2011-09-15 12:26:48.977,EPSS
CVE-2011-1991,0.0,0.96844,"Multiple untrusted search path vulnerabilities in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .rtf, or .txt file, related to (1) deskpan.dll in the Display Panning CPL Extension, (2) EAPHost Authenticator Service, (3) Folder Redirection, (4) HyperTerminal, (5) the Japanese Input Method Editor (IME), and (6) Microsoft Management Console (MMC), aka ""Windows Components Insecure Library Loading Vulnerability.""",2011-09-15 12:26:49.007,EPSS
CVE-2011-1996,0.0,0.94106,"Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka ""Option Element Remote Code Execution Vulnerability.""",2011-10-12 02:52:43.597,Metasploit
CVE-2011-1999,0.0,0.95279,"Microsoft Internet Explorer 8 does not properly allocate and access memory, which allows remote attackers to execute arbitrary code via vectors involving a ""dereferenced memory address,"" aka ""Select Element Remote Code Execution Vulnerability.""",2011-10-12 02:52:43.737,EPSS
CVE-2011-2005,0.0,0.00079,"afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka ""Ancillary Function Driver Elevation of Privilege Vulnerability.""",2011-10-12 02:52:43.910,CISA/Metasploit
CVE-2011-2007,0.0,0.95686,"Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka ""Endless Loop DoS in snabase.exe Vulnerability.""",2011-10-12 02:52:43.957,EPSS
CVE-2011-2039,0.0,0.78187,"The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.185 on Windows, and on Windows Mobile, downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a certain ActiveX control in vpnweb.ocx, aka Bug ID CSCsy00904.",2011-06-02 19:55:04.373,Metasploit
CVE-2011-2089,0.0,0.50753,Stack-based buffer overflow in the SetActiveXGUID method in the VersionInfo ActiveX control in GenVersion.dll 8.0.138.0 in the WebHMI subsystem in ICONICS BizViz 9.x before 9.22 and GENESIS32 9.x before 9.22 allows remote attackers to execute arbitrary code via a long string in the argument.  NOTE: some of these details are obtained from third party information.,2011-05-13 17:05:45.643,Metasploit
CVE-2011-2110,0.0,0.97046,"Adobe Flash Player before 10.3.181.26 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.23 and earlier on Android, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in June 2011.",2011-06-16 23:55:02.120,EPSS/Metasploit
CVE-2011-2140,0.0,0.92779,"Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2417, and CVE-2011-2425.",2011-08-10 22:55:00.890,Metasploit
CVE-2011-2217,0.0,0.95776,"Certain ActiveX controls in (1) tsgetxu71ex552.dll and (2) tsgetx71ex552.dll in Tom Sawyer GET Extension Factory 5.5.2.237, as used in VI Client (aka VMware Infrastructure Client) 2.0.2 before Build 230598 and 2.5 before Build 204931 in VMware Infrastructure 3, do not properly handle attempted initialization within Internet Explorer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document.",2011-06-06 19:55:03.800,EPSS/Metasploit
CVE-2011-2261,0.0,0.95519,"Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.3.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2011-2252.",2011-07-20 23:55:01.753,EPSS
CVE-2011-2371,0.0,0.95687,"Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript Array object.",2011-06-30 16:55:05.333,EPSS/Metasploit
CVE-2011-2386,0.0,0.91048,"VisiWaveReport.exe in AZO Technologies, Inc. VisiWave Site Survey before 2.1.9 allows user-assisted remote attackers to execute arbitrary code via a (1) vws and (2) vwr file with an invalid Type property, which triggers an untrusted pointer dereference.",2011-06-08 10:36:14.573,Metasploit
CVE-2011-2404,0.0,0.82643,"A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-4786 and CVE-2011-4787.",2011-08-11 22:55:01.037,Metasploit
CVE-2011-2462,0.0,0.97056,"Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.",2011-12-07 19:55:01.673,EPSS/CISA/Metasploit
CVE-2011-2474,0.0,0.02371,Directory traversal vulnerability in the HTTP Server in Sybase EAServer 6.3.1 Developer Edition allows remote attackers to read arbitrary files via a /.\../\../\ sequence in a path.,2011-06-09 21:55:01.557,Metasploit
CVE-2011-2523,9.8,0.88312,vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.,2019-11-27 21:15:12.387,Nuclei
CVE-2011-2595,0.0,0.90421,Multiple stack-based buffer overflows in ACDSee FotoSlate 4.0 Build 146 allow remote attackers to execute arbitrary code via a long id parameter in a (1) String or (2) Int tag in a FotoSlate Project (aka PLP) file.,2011-09-14 17:17:03.880,Metasploit
CVE-2011-2653,0.0,0.94128,Directory traversal vulnerability in the rtrlet component in Novell ZENworks Asset Management (ZAM) 7.5 allows remote attackers to execute arbitrary code by uploading an executable file.,2011-12-08 11:55:01.407,Metasploit
CVE-2011-2657,0.0,0.96512,"Directory traversal vulnerability in the LaunchProcess function in the LaunchHelp.HelpLauncher.1 ActiveX control in LaunchHelp.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.2, 10.3, and 11 SP1 allows remote attackers to execute arbitrary commands via a pathname in the first argument.",2012-07-26 22:55:01.090,EPSS/Metasploit
CVE-2011-2744,0.0,0.01541,Directory traversal vulnerability in Chyrp 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the action parameter to the default URI.,2011-07-19 20:55:01.257,Nuclei
CVE-2011-2748,0.0,0.96324,"The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted DHCP packet.",2011-08-15 21:55:02.737,EPSS
CVE-2011-2749,0.0,0.95199,"The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted BOOTP packet.",2011-08-15 21:55:02.800,EPSS
CVE-2011-2750,0.0,0.48524,NFRAgent.exe in Novell File Reporter 1.0.4.2 and earlier allows remote attackers to delete arbitrary files via a full pathname in an SRS OPERATION 4 CMD 5 request to /FSF/CMD.,2011-07-17 20:55:01.687,Metasploit
CVE-2011-2763,0.0,0.43559,The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) and 4.7.18 allows remote attackers to execute arbitrary commands via a modified request to the LSRoom_Remoting.doCommand function in gateway.php.,2011-09-02 16:55:04.943,Metasploit
CVE-2011-2780,0.0,0.03327,"Directory traversal vulnerability in includes/lib/gz.php in Chyrp 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, a different vulnerability than CVE-2011-2744.",2011-07-19 21:55:00.837,Nuclei
CVE-2011-2882,0.0,0.9603,"Stack-based buffer overflow in the NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 before 9.1-96.4 allows remote attackers to execute arbitrary code via crafted HTTP header data.",2011-07-21 23:55:04.270,EPSS/Metasploit
CVE-2011-2921,9.8,0.26057,"ktsuss versions 1.4 and prior has the uid set to root and does not drop privileges prior to executing user specified commands, which can result in command execution with root privileges.",2019-11-19 17:15:10.987,Metasploit
CVE-2011-2950,0.0,0.94412,Heap-based buffer overflow in qcpfformat.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a crafted QCP file.,2011-08-18 23:55:01.007,Metasploit
CVE-2011-3011,0.0,0.94798,"BaseServiceImpl.class in CA ARCserve D2D r15 does not properly handle sessions, which allows remote attackers to obtain credentials, and consequently execute arbitrary commands, via unspecified vectors.",2011-08-15 19:55:04.737,Metasploit
CVE-2011-3167,0.0,0.95781,"Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1210.",2011-11-02 17:55:01.043,EPSS/Metasploit
CVE-2011-3175,0.0,0.97091,Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x6c request.,2012-04-09 20:55:01.820,EPSS/Metasploit
CVE-2011-3176,0.0,0.97091,Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x4c request.,2012-04-09 20:55:01.960,EPSS/Metasploit
CVE-2011-3192,0.0,0.96315,"The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.",2011-08-29 15:55:02.017,EPSS/Metasploit
CVE-2011-3200,0.0,0.15535,Stack-based buffer overflow in the parseLegacySyslogMsg function in tools/syslogd.c in rsyslogd in rsyslog 4.6.x before 4.6.8 and 5.2.0 through 5.8.4 might allow remote attackers to cause a denial of service (application exit) via a long TAG in a legacy syslog message.,2011-09-06 16:55:10.837,Metasploit
CVE-2011-3230,0.0,0.93715,"Apple Safari before 5.1.1 on Mac OS X does not enforce an intended policy for file: URLs, which allows remote attackers to execute arbitrary code via a crafted web site.",2011-10-14 10:55:09.463,Metasploit
CVE-2011-3305,0.0,0.015,"Directory traversal vulnerability in Cisco Network Admission Control (NAC) Manager 4.8.x allows remote attackers to read arbitrary files via crafted traffic to TCP port 443, aka Bug ID CSCtq10755.",2011-10-06 10:55:05.723,Metasploit
CVE-2011-3315,0.0,0.77848,"Directory traversal vulnerability in Cisco Unified Communications Manager (CUCM) 5.x and 6.x before 6.1(5)SU2, 7.x before 7.1(5b)SU2, and 8.x before 8.0(3), and Cisco Unified Contact Center Express (aka Unified CCX or UCCX) and Cisco Unified IP Interactive Voice Response (Unified IP-IVR) before 6.0(1)SR1ES8, 7.0(x) before 7.0(2)ES1, 8.0(x) through 8.0(2)SU3, and 8.5(x) before 8.5(1)SU2, allows remote attackers to read arbitrary files via a crafted URL, aka Bug IDs CSCth09343 and CSCts44049.",2011-10-27 21:55:00.823,Nuclei
CVE-2011-3322,0.0,0.95287,"Core Server HMI Service (Coreservice.exe) in Scadatec Limited Procyon SCADA 1.06, and other versions before 1.14, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password to the Telnet (TCP/23) port, which triggers an out-of-bounds read or write, leading to a stack-based buffer overflow.",2011-09-15 17:58:42.403,EPSS/Metasploit
CVE-2011-3360,0.0,0.97419,Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 and 1.6.x before 1.6.2 allows local users to gain privileges via a Trojan horse Lua script in an unspecified directory.,2011-09-20 10:55:04.813,EPSS/Metasploit
CVE-2011-3368,0.0,0.97402,"The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.",2011-10-05 22:55:02.643,EPSS/Metasploit
CVE-2011-3389,0.0,0.00854,"The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a ""BEAST"" attack.",2011-09-06 19:55:03.197,Metasploit
CVE-2011-3397,0.0,0.95597,"The Microsoft Time component in DATIME.DLL in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted web site that leverages an unspecified ""binary behavior"" in Internet Explorer, aka ""Microsoft Time Remote Code Execution Vulnerability.""",2011-12-14 00:55:01.417,EPSS
CVE-2011-3400,0.0,0.97018,"Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 do not properly handle OLE objects in memory, which allows remote attackers to execute arbitrary code via a crafted object in a file, aka ""OLE Property Vulnerability.""",2011-12-14 00:55:01.450,EPSS/Metasploit
CVE-2011-3402,0.0,0.96754,"Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka ""TrueType Font Parsing Vulnerability.""",2011-11-04 21:55:04.693,EPSS/Metasploit
CVE-2011-3403,0.0,0.95744,"Microsoft Excel 2003 SP3 and Office 2004 for Mac do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet, aka ""Record Memory Corruption Vulnerability.""",2011-12-14 00:55:01.527,EPSS
CVE-2011-3410,0.0,0.95414,"Array index error in Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka ""Publisher Out-of-bounds Array Index Vulnerability.""",2011-12-14 00:55:01.667,EPSS
CVE-2011-3414,0.0,0.96649,"The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka ""Collisions in HashTable May Cause DoS Vulnerability.""",2011-12-30 01:55:01.017,EPSS
CVE-2011-3416,0.0,0.96418,"The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka ""ASP.Net Forms Authentication Bypass Vulnerability.""",2011-12-30 01:55:01.093,EPSS
CVE-2011-3486,0.0,0.64467,"Beckhoff TwinCAT 2.11.0.2004 and earlier allows remote attackers to cause a denial of service via a crafted request to UDP port 48899, which triggers an out-of-bounds read.",2011-09-16 14:28:11.950,Metasploit
CVE-2011-3492,0.0,0.90122,Stack-based buffer overflow in Azeotech DAQFactory 5.85 build 1853 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a crafted NETB packet to UDP port 20034.,2011-09-16 14:28:13.073,Metasploit
CVE-2011-3494,0.0,0.56326,"WinSig.exe in eSignal 10.6.2425 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a long StyleTemplate element in a QUO, SUM or POR file, which triggers a stack-based buffer overflow, or (2) a long Font->FaceName field (aka FaceName element), which triggers a heap-based buffer overflow.  NOTE: some of these details are obtained from third party information.",2011-09-16 14:28:13.137,Metasploit
CVE-2011-3497,0.0,0.22937,"service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary DLL functions via the XF function, possibly related to an insecure exposed method.",2011-09-16 17:26:14.777,Metasploit
CVE-2011-3544,0.0,0.97216,"Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.",2011-10-19 21:55:01.097,EPSS/CISA/Metasploit
CVE-2011-3575,0.0,0.95318,Stack-based buffer overflow in the NSFComputeEvaluateExt function in Nnotes.dll in IBM Lotus Domino 8.5.2 allows remote authenticated users to execute arbitrary code via a long tHPRAgentName parameter in an fmHttpPostRequest OpenForm action to WebAdmin.nsf.,2011-09-19 12:02:57.323,EPSS
CVE-2011-3587,0.0,0.96894,"Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p_ class in OFS/misc_.py and the use of Python modules.",2011-10-10 10:55:06.787,EPSS/Metasploit
CVE-2011-3658,0.0,0.95518,"The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via vectors involving removal of SVG elements.",2011-12-21 04:02:00.897,EPSS/Metasploit
CVE-2011-3659,0.0,0.91659,"Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect AttributeChildRemoved notifications that affect access to removed nsDOMAttribute child nodes.",2012-02-01 16:55:00.790,Metasploit
CVE-2011-3829,0.0,0.01198,"ftp_upload_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to obtain sensitive information via the file name, which reveals the installation path in an error message.",2012-01-29 04:04:44.343,Metasploit
CVE-2011-3833,0.0,0.01052,"Unrestricted file upload vulnerability in ftp_upload_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in an unspecified directory.",2012-01-29 04:04:44.593,Metasploit
CVE-2011-3923,9.8,0.94953,Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands.,2019-11-01 14:15:10.877,Metasploit
CVE-2011-3976,0.0,0.18056,"Stack-based buffer overflow in AmmSoft ScriptFTP 3.3 allows remote FTP servers to execute arbitrary code via a long filename in a response to a LIST command, as demonstrated using (1) GETLIST or (2) GETFILE in a ScriptFTP script.",2011-10-04 10:55:10.427,Metasploit
CVE-2011-4040,0.0,0.64415,Buffer overflow in MiniSmtp 3.0.11818 in NJStar Communicator allows remote attackers to execute arbitrary code via a crafted packet.,2011-11-21 11:55:03.227,Metasploit
CVE-2011-4044,0.0,0.31394,"An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to modify files via calls to unknown methods.",2012-04-03 03:44:36.023,Metasploit
CVE-2011-4050,0.0,0.04577,Buffer overflow in 7-Technologies (7T) Interactive Graphical SCADA System (IGSS) 9.0.0.11200 allows remote attackers to cause a denial of service via a crafted packet to TCP port 12401.,2011-12-27 04:01:39.607,Metasploit
CVE-2011-4051,0.0,0.44828,"CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 does not require authentication, which allows remote attackers to execute arbitrary code via vectors related to creation of a file, loading a DLL, and process control.",2011-12-05 11:55:06.600,Metasploit
CVE-2011-4063,0.0,0.96549,"chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.7.1 and 10.x before 10.0.0-rc1 does not properly initialize variables during request parsing, which allows remote authenticated users to cause a denial of service (daemon crash) via a malformed request.",2011-10-21 10:55:03.927,EPSS
CVE-2011-4075,0.0,0.36379,"The masort function in lib/functions.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to execute arbitrary PHP code via the orderby parameter (aka sortby variable) in a query_engine action to cmd.php, as exploited in the wild in October 2011.",2011-11-02 17:55:01.387,Metasploit
CVE-2011-4166,0.0,0.9597,Directory traversal vulnerability in the MPAUploader.Uploader.1.UploadFiles method in HP Managed Printing Administration before 2.6.4 allows remote attackers to create arbitrary files via crafted form data.,2011-12-27 04:01:39.670,EPSS/Metasploit
CVE-2011-4336,6.1,0.00255,"Tiki Wiki CMS Groupware 7.0 has XSS via the GET ""ajax"" parameter to snarf_ajax.php.",2020-01-15 14:15:11.433,Nuclei
CVE-2011-4350,6.5,0.17412,Yaws 1.91 has a directory traversal vulnerability in the way certain URLs are processed. A remote authenticated user could use this flaw to obtain content of arbitrary local files via specially-crafted URL request.,2019-11-26 05:15:14.537,Metasploit
CVE-2011-4404,0.0,0.96627,"The default configuration of the HTTP server in Jetty in vSphere Update Manager in VMware vCenter Update Manager 4.0 before Update 4 and 4.1 before Update 2 allows remote attackers to conduct directory traversal attacks and read arbitrary files via unspecified vectors, a related issue to CVE-2009-1523.",2011-11-19 03:58:55.760,EPSS/Metasploit
CVE-2011-4451,0.0,0.01626,"libs/Wakka.class.php in WikkaWiki 1.3.1 and 1.3.2, when the spam_logging option is enabled, allows remote attackers to write arbitrary PHP code to the spamlog_path file via the User-Agent HTTP header in an addcomment request.  NOTE: the vendor disputes this issue because the rendering of the spamlog_path file never uses the PHP interpreter",2012-09-05 20:55:01.240,Metasploit
CVE-2011-4453,0.0,0.90132,"The PageListSort function in scripts/pagelist.php in PmWiki 2.x before 2.2.35 allows remote attackers to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive, leading to unintended use of the PHP create_function function.",2011-12-22 15:29:20.357,Metasploit
CVE-2011-4535,0.0,0.5126,"Buffer overflow in TurboPower Abbrevia before 4.0, as used in ScadaTEC ScadaPhone 5.3.11.1230 and earlier, ScadaTEC ModbusTagServer 4.1.1.81 and earlier, and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ZIP file.",2012-04-03 03:44:36.117,Metasploit
CVE-2011-4542,0.0,0.75988,Hastymail2 2.1.1 before RC2 allows remote attackers to execute arbitrary commands via the (1) rs or (2) rsargs[] parameter in a mailbox Drafts action to the default URI.,2011-11-30 04:05:58.747,Metasploit
CVE-2011-4618,0.0,0.01913,Cross-site scripting (XSS) vulnerability in advancedtext.php in Advanced Text Widget plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.,2013-01-24 01:55:02.003,Nuclei
CVE-2011-4624,0.0,0.00446,Cross-site scripting (XSS) vulnerability in facebook.php in the GRAND FlAGallery plugin (flash-album-gallery) before 1.57 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter.,2014-10-01 14:55:09.323,Nuclei
CVE-2011-4640,0.0,0.06306,Directory traversal vulnerability in logs-x.php in SpamTitan WebTitan before 3.60 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the fname parameter in a view action.,2012-10-08 10:47:44.980,Nuclei
CVE-2011-4642,0.0,0.01653,"mappy.py in Splunk Web in Splunk 4.2.x before 4.2.5 does not properly restrict use of the mappy command to access Python classes, which allows remote authenticated administrators to execute arbitrary code by leveraging the sys module in a request to the search application, as demonstrated by a cross-site request forgery (CSRF) attack, aka SPL-45172.",2012-01-03 11:55:03.690,Metasploit
CVE-2011-4722,0.0,0.0938,Directory traversal vulnerability in the TFTP Server 1.0.0.24 in Ipswitch WhatsUp Gold allows remote attackers to read arbitrary files via a .. (dot dot) in the Filename field of an RRQ operation.,2014-12-28 02:59:00.047,Metasploit
CVE-2011-4723,0.0,0.00566,"The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information via unspecified vectors.",2011-12-20 11:55:08.413,CISA
CVE-2011-4786,0.0,0.93311,"A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-2404 and CVE-2011-4787.",2012-01-12 19:55:00.810,Metasploit
CVE-2011-4789,0.0,0.90167,"Stack-based buffer overflow in magentservice.exe in the server in HP LoadRunner 11.00 before patch 4 allows remote attackers to execute arbitrary code via a crafted size value in a packet.  NOTE: it was originally reported that the affected product is HP Diagnostics Server, but HP states that ""the vulnerable product is actually HP LoadRunner.""",2012-01-13 04:14:38.910,Metasploit
CVE-2011-4804,0.0,0.44913,Directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.,2011-12-14 00:55:04.810,Nuclei
CVE-2011-4825,0.0,0.96927,"Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters.",2011-12-15 03:57:34.667,EPSS/Metasploit
CVE-2011-4828,0.0,0.95098,"Unrestricted file upload vulnerability in includes/inline_image_upload.php in AutoSec Tools V-CMS 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in temp/.",2011-12-15 03:57:34.777,EPSS/Metasploit
CVE-2011-4858,0.0,0.65134,"Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.",2012-01-05 19:55:01.033,Metasploit
CVE-2011-4862,0.0,0.96787,"Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.",2011-12-25 01:55:02.210,EPSS
CVE-2011-4885,0.0,0.87474,"PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.",2011-12-30 01:55:01.563,Metasploit
CVE-2011-4908,9.8,0.61272,TinyBrowser plugin for Joomla! before 1.5.13 allows arbitrary file upload via upload.php.,2020-02-12 22:15:12.457,Metasploit
CVE-2011-4926,0.0,0.01792,Cross-site scripting (XSS) vulnerability in adminimize/adminimize_page.php in the Adminimize plugin before 1.7.22 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.,2012-08-29 04:39:40.707,Nuclei
CVE-2011-4929,0.0,0.96346,Unspecified vulnerability in the bazaar repository adapter in Redmine 0.9.x and 1.0.x before 1.0.5 allows remote attackers to execute arbitrary commands via unknown vectors.,2012-10-08 18:55:01.057,EPSS/Metasploit
CVE-2011-4971,0.0,0.0662,"Multiple integer signedness errors in the (1) process_bin_sasl_auth, (2) process_bin_complete_sasl_auth, (3) process_bin_update, and (4) process_bin_append_prepend functions in Memcached 1.4.5 and earlier allow remote attackers to cause a denial of service (crash) via a large body length value in a packet.",2013-12-12 18:55:03.897,Metasploit
CVE-2011-5001,0.0,0.9481,Stack-based buffer overflow in the CGenericScheduler::AddTask function in cmdHandlerRedAlertController.dll in CmdProcessor.exe in Trend Micro Control Manager 5.5 before Build 1613 allows remote attackers to execute arbitrary code via a crafted IPC packet to TCP port 20101.,2011-12-25 01:55:02.773,Metasploit
CVE-2011-5003,0.0,0.91097,Stack-based buffer overflow in the Phonetic Indexer (AvidPhoneticIndexer.exe) in Avid Media Composer 5.5.3 and earlier allows remote attackers to execute arbitrary code via a long request to TCP port 4659.,2011-12-25 01:55:03.007,Metasploit
CVE-2011-5007,0.0,0.83466,"Stack-based buffer overflow in the CmpWebServer component in 3S CoDeSys 3.4 SP4 Patch 2 and earlier, as used on the ABB AC500 PLC and possibly other products, allows remote attackers to execute arbitrary code via a long URI to TCP port 8080.",2011-12-25 01:55:04.647,Metasploit
CVE-2011-5010,0.0,0.82428,"apps/a3/cfg_ethping.cgi in the Ctek SkyRouter 4200 and 4300 allows remote attackers to execute arbitrary commands via shell metacharacters in the PINGADDRESS parameter for a ""u"" action.",2011-12-25 01:55:04.773,Metasploit
CVE-2011-5034,0.0,0.0119,"Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.  NOTE: this might overlap CVE-2011-4461.",2011-12-30 01:55:01.610,Metasploit
CVE-2011-5035,0.0,0.02522,"Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka Oracle security ticket S0104869.",2011-12-30 01:55:01.640,Metasploit
CVE-2011-5052,0.0,0.04684,Stack-based buffer overflow in CoCSoft Stream Down 6.8.0 allows remote web servers to execute arbitrary code via a long response to a download request.,2012-01-04 19:55:02.473,Metasploit
CVE-2011-5106,0.0,0.00434,Cross-site scripting (XSS) vulnerability in edit-post.php in the Flexible Custom Post Type plugin before 0.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter.,2012-08-23 20:55:02.327,Nuclei
CVE-2011-5107,0.0,0.00231,"Cross-site scripting (XSS) vulnerability in post_alert.php in Alert Before Your Post plugin, possibly 0.1.1 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the name parameter.",2012-08-23 20:55:02.373,Nuclei
CVE-2011-5124,0.0,0.49045,"Stack-based buffer overflow in the BCAAA component before build 60258, as used by Blue Coat ProxySG 4.2.3 through 6.1 and ProxyOne, allows remote attackers to execute arbitrary code via a large packet to the synchronization port (16102/tcp).",2012-08-26 19:55:01.793,Metasploit
CVE-2011-5130,0.0,0.76972,"dev/less.php in Family Connections CMS (FCMS) 2.5.0 - 2.7.1, when register_globals is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the argv[1] parameter.",2012-08-30 22:55:03.983,Metasploit
CVE-2011-5164,0.0,0.13604,Stack-based buffer overflow in VanDyke Software AbsoluteFTP 1.9.6 through 2.2.10 allows remote FTP servers to execute arbitrary code via a crafted file name in a LIST command response.,2012-09-15 17:55:04.660,Metasploit
CVE-2011-5165,0.0,0.4745,"Stack-based buffer overflow in Free MP3 CD Ripper 1.1, 2.6 and earlier, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted .wav file.",2012-09-15 17:55:04.707,Metasploit
CVE-2011-5170,0.0,0.93544,Stack-based buffer overflow in Castillo Bueno Systems CCMPlayer 1.5 allows remote attackers to execute arbitrary code via a long track name in an m3u playlist.,2012-09-15 17:55:05.380,Metasploit
CVE-2011-5171,0.0,0.93065,Multiple stack-based buffer overflows in CyberLink Power2Go 7 (build 196) and 8 (build 1031) allow remote attackers to execute arbitrary code via the (1) src and (2) name parameters in a p2g project file.,2012-09-15 17:55:05.440,Metasploit
CVE-2011-5179,0.0,0.00231,"Cross-site scripting (XSS) vulnerability in skysa-official/skysa.php in Skysa App Bar Integration plugin, possibly before 1.04, for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter.",2012-09-20 10:55:23.710,Nuclei
CVE-2011-5181,0.0,0.00431,Cross-site scripting (XSS) vulnerability in clickdesk.php in ClickDesk Live Support - Live Chat plugin 2.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cdwidgetid parameter.  NOTE: some of these details are obtained from third party information.,2012-09-20 10:55:26.773,Nuclei
CVE-2011-5227,0.0,0.9071,Stack-based buffer overflow in the Syslog service (nssyslogd.exe) in Enterasys Network Management Suite (NMS) before 4.1.0.80 allows remote attackers to execute arbitrary code via a long PRIO field in a message to UDP port 514.,2012-10-25 17:55:06.217,Metasploit
CVE-2011-5252,0.0,0.0201,"Open redirect vulnerability in Users/Account/LogOff in Orchard 1.0.x before 1.0.21, 1.1.x before 1.1.31, 1.2.x before 1.2.42, and 1.3.x before 1.3.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the ReturnUrl parameter.",2013-01-12 04:33:48.993,Nuclei
CVE-2011-5265,0.0,0.00478,Cross-site scripting (XSS) vulnerability in cached_image.php in the Featurific For WordPress plugin 1.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the snum parameter.  NOTE: this has been disputed by a third party.,2013-02-12 20:55:04.200,Nuclei
CVE-2012-0003,0.0,0.97323,"Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a crafted MIDI file, aka ""MIDI Remote Code Execution Vulnerability.""",2012-01-10 21:55:03.727,EPSS/Metasploit
CVE-2012-0007,0.0,0.96992,"The Microsoft Anti-Cross Site Scripting (AntiXSS) Library 3.x and 4.0 does not properly evaluate characters after the detection of a Cascading Style Sheets (CSS) escaped character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML input, aka ""AntiXSS Library Bypass Vulnerability.""",2012-01-10 21:55:03.930,EPSS
CVE-2012-0009,0.0,0.9703,"Untrusted search path vulnerability in the Windows Object Packager configuration in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse executable file in the current working directory, as demonstrated by a directory that contains a file with an embedded packaged object, aka ""Object Packager Insecure Executable Launching Vulnerability.""",2012-01-10 21:55:03.977,EPSS
CVE-2012-0011,0.0,0.96504,"Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka ""HTML Layout Remote Code Execution Vulnerability.""",2012-02-14 22:55:01.033,EPSS
CVE-2012-0012,0.0,0.95711,"Microsoft Internet Explorer 9 does not properly handle the creation and initialization of string objects, which allows remote attackers to read data from arbitrary process-memory locations via a crafted web site, aka ""Null Byte Information Disclosure Vulnerability.""",2012-02-14 22:55:01.113,EPSS
CVE-2012-0013,0.0,0.97055,"Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce application in a Microsoft Office document, related to .application files, aka ""Assembly Execution Vulnerability.""",2012-01-10 21:55:04.010,EPSS/Metasploit
CVE-2012-0017,0.0,0.95346,"Cross-site scripting (XSS) vulnerability in inplview.aspx in Microsoft SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka ""XSS in inplview.aspx Vulnerability.""",2012-02-14 22:55:01.363,EPSS
CVE-2012-0124,0.0,0.92613,Unspecified vulnerability in HP Data Protector Express (aka DPX) 5.0.00 before build 59287 and 6.0.00 before build 11974 allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors.,2012-03-14 03:28:49.687,Metasploit
CVE-2012-0127,0.0,0.95087,Unspecified vulnerability in HP Performance Manager 9.00 allows remote attackers to execute arbitrary code via unknown vectors.,2012-03-31 14:55:00.940,EPSS
CVE-2012-0144,0.0,0.95346,"Cross-site scripting (XSS) vulnerability in themeweb.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka ""XSS in themeweb.aspx Vulnerability.""",2012-02-14 22:55:01.817,EPSS
CVE-2012-0145,0.0,0.95346,"Cross-site scripting (XSS) vulnerability in wizardlist.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka ""XSS in wizardlist.aspx Vulnerability.""",2012-02-14 22:55:01.863,EPSS
CVE-2012-0151,0.0,0.94199,"The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute arbitrary code via a modified file with additional content, aka ""WinVerifyTrust Signature Validation Vulnerability.""",2012-04-10 21:55:01.597,CISA
CVE-2012-0155,0.0,0.96504,"Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka ""VML Remote Code Execution Vulnerability.""",2012-02-14 22:55:02.113,EPSS
CVE-2012-0158,0.0,0.9731,"The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2003 Web Components SP3; SQL Server 2000 SP4, 2005 SP4, and 2008 SP2, SP3, and R2; BizTalk Server 2002 SP1; Commerce Server 2002 SP4, 2007 SP2, and 2009 Gold and R2; Visual FoxPro 8.0 SP1 and 9.0 SP2; and Visual Basic 6.0 Runtime allow remote attackers to execute arbitrary code via a crafted (a) web site, (b) Office document, or (c) .rtf file that triggers ""system state"" corruption, as exploited in the wild in April 2012, aka ""MSCOMCTL.OCX RCE Vulnerability.""",2012-04-10 21:55:01.687,EPSS/CISA/Metasploit
CVE-2012-0171,0.0,0.95952,"Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka ""SelectAll Remote Code Execution Vulnerability.""",2012-04-10 21:55:01.970,EPSS
CVE-2012-0185,0.0,0.95171,"Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 Gold and SP1, Excel Viewer, and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers incorrect handling of memory during opening, aka ""Excel MergeCells Record Heap Overflow Vulnerability.""",2012-05-09 00:55:01.943,EPSS
CVE-2012-0198,0.0,0.9554,Stack-based buffer overflow in the RunAndUploadFile method in the Isig.isigCtl.1 ActiveX control in IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 allows remote attackers to execute arbitrary code via vectors related to an Asset Information file.,2012-03-06 04:18:03.063,EPSS/Metasploit
CVE-2012-0201,0.0,0.93023,Stack-based buffer overflow in pcspref.dll in pcsws.exe in IBM Personal Communications 5.9.x before 5.9.8 and 6.0.x before 6.0.4 might allow remote attackers to execute arbitrary code via a long profile string in a WorkStation (aka .ws) file.,2012-03-02 11:55:00.853,Metasploit
CVE-2012-0202,0.0,0.9679,Multiple stack-based buffer overflows in tm1admsd.exe in the Admin Server in IBM Cognos TM1 9.4.x and 9.5.x before 9.5.2 FP2 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted data.,2012-05-04 16:55:01.137,EPSS/Metasploit
CVE-2012-0209,0.0,0.89621,"Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edition 1.2.10, as distributed by FTP between November 2011 and February 2012, contains an externally introduced modification (Trojan Horse) in templates/javascript/open_calendar.js, which allows remote attackers to execute arbitrary PHP code.",2012-09-25 22:55:00.753,Metasploit
CVE-2012-0217,0.0,0.00055,"The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application.  NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier.",2012-06-12 22:55:01.343,Metasploit
CVE-2012-0261,0.0,0.87175,license.php in system-portal before 1.6.2 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the timestamp parameter for an install action.,2013-12-31 20:55:04.133,Metasploit
CVE-2012-0262,0.0,0.90946,op5config/welcome in system-op5config before 2.0.3 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the password parameter.,2013-12-31 20:55:15.040,Metasploit
CVE-2012-0266,0.0,0.93646,"Multiple stack-based buffer overflows in the NTR ActiveX control before 2.0.4.8 allow remote attackers to execute arbitrary code via (1) a long bstrUrl parameter to the StartModule method, (2) a long bstrParams parameter to the Check method, a long bstrUrl parameter to the (3) Download or (4) DownloadModule method during construction of a .ntr pathname, or a long bstrUrl parameter to the (5) Download or (6) DownloadModule method during construction of a URL.",2012-01-15 03:55:13.060,Metasploit
CVE-2012-0267,0.0,0.93,The StopModule method in the NTR ActiveX control before 2.0.4.8 allows remote attackers to execute arbitrary code via a crafted lModule parameter that triggers use of an arbitrary memory address as a function pointer.,2012-01-15 03:55:13.107,Metasploit
CVE-2012-0270,0.0,0.94757,Multiple stack-based buffer overflows in Csound before 5.16.6 allow remote attackers to execute arbitrary code via a crafted (1) hetro file to the getnum function in util/heti_main.c or (2) PVOC file to the getnum function in util/pv_import.c.,2014-02-17 16:55:07.883,Metasploit
CVE-2012-0284,0.0,0.96793,Stack-based buffer overflow in the SetSource method in the Cisco Linksys PlayerPT ActiveX control 1.0.0.15 in PlayerPT.ocx on the Cisco WVC200 Wireless-G PTZ Internet video camera allows remote attackers to execute arbitrary code via a long URL in the first argument (aka the sURL argument).,2012-07-19 15:55:02.673,EPSS
CVE-2012-0297,0.0,0.97269,"The management GUI in Symantec Web Gateway 5.0.x before 5.0.3 does not properly restrict access to application scripts, which allows remote attackers to execute arbitrary code by (1) injecting crafted data or (2) including crafted data.",2012-05-21 20:55:17.727,EPSS
CVE-2012-0299,0.0,0.96974,"The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to upload arbitrary code to a designated pathname, and possibly execute this code, via unspecified vectors.",2012-05-21 20:55:17.837,EPSS/Metasploit
CVE-2012-0391,0.0,0.30838,"The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.",2012-01-08 15:55:01.217,CISA/Metasploit
CVE-2012-0392,0.0,0.96151,"The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.",2012-01-08 15:55:01.373,EPSS/Nuclei
CVE-2012-0394,0.0,0.93787,"The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors.  NOTE: the vendor characterizes this behavior as not ""a security vulnerability itself.",2012-01-08 15:55:01.467,Metasploit/Nuclei
CVE-2012-0419,0.0,0.9649,Directory traversal vulnerability in the agent HTTP interfaces in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to read arbitrary files via directory traversal sequences in a request.,2012-09-28 10:40:20.880,EPSS/Metasploit
CVE-2012-0432,0.0,0.938,Stack-based buffer overflow in the Novell NCP implementation in NetIQ eDirectory 8.8.7.x before 8.8.7.2 allows remote attackers to have an unspecified impact via unknown vectors.,2012-12-25 12:13:04.207,Metasploit
CVE-2012-0439,0.0,0.96711,An ActiveX control in gwcls1.dll in the client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code via (1) a pointer argument to the SetEngine method or (2) an XPItem pointer argument to an unspecified method.,2013-02-24 04:37:19.907,EPSS/Metasploit
CVE-2012-0500,0.0,0.17802,"Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and JavaFX 2.0.2 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.",2012-02-15 22:55:01.067,Metasploit
CVE-2012-0507,0.0,0.96756,"Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency.  NOTE: the previous information was obtained from the February 2012 Oracle CPU. Oracle has not commented on claims from a downstream vendor and third party researchers that this issue occurs because the AtomicReferenceArray class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions.  NOTE: this issue was originally mapped to CVE-2011-3571, but that identifier was already assigned to a different issue.",2012-06-07 22:55:17.883,EPSS/CISA/Metasploit
CVE-2012-0518,0.0,0.00475,"Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware 10.1.4.3.0 allows remote attackers to affect integrity via unknown vectors related to Redirects, a different vulnerability than CVE-2012-3175.",2012-10-16 23:55:03.087,CISA
CVE-2012-0549,0.0,0.95531,"Unspecified vulnerability in the Oracle AutoVue Office component in Oracle Supply Chain Products Suite 20.1.1 allows remote attackers to affect confidentiality, integrity, and availability, related to Desktop API.",2012-05-03 18:55:01.513,EPSS/Metasploit
CVE-2012-0663,0.0,0.96769,Multiple stack-based buffer overflows in Apple QuickTime before 7.7.2 on Windows allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TeXML file.,2012-05-16 10:12:56.990,EPSS/Metasploit
CVE-2012-0694,9.8,0.93557,"SugarCRM CE <= 6.3.1 contains scripts that use ""unserialize()"" with user controlled input which allows remote attackers to execute arbitrary PHP code.",2019-10-29 21:15:10.747,Metasploit
CVE-2012-0708,0.0,0.96098,"Heap-based buffer overflow in the Ole API in the CQOle ActiveX control in cqole.dll in IBM Rational ClearQuest 7.1.1 before 7.1.1.9, 7.1.2 before 7.1.2.6, and 8.0.0 before 8.0.0.2 allows remote attackers to execute arbitrary code via a crafted web page that leverages a RegisterSchemaRepoFromFileByDbSet function-prototype mismatch.",2012-04-22 18:55:03.750,EPSS/Metasploit
CVE-2012-0754,0.0,0.97334,"Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.",2012-02-16 19:55:01.130,EPSS/CISA/Metasploit
CVE-2012-0767,0.0,0.00278,"Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka ""Universal XSS (UXSS),"" as exploited in the wild in February 2012.",2012-02-16 19:55:01.303,CISA
CVE-2012-0779,0.0,0.73516,"Adobe Flash Player before 10.3.183.19 and 11.x before 11.2.202.235 on Windows, Mac OS X, and Linux; before 11.1.111.9 on Android 2.x and 3.x; and before 11.1.115.8 on Android 4.x allows remote attackers to execute arbitrary code via a crafted file, related to an ""object confusion vulnerability,"" as exploited in the wild in May 2012.",2012-05-04 19:55:04.263,Metasploit
CVE-2012-0870,0.0,0.96076,"Heap-based buffer overflow in process.c in smbd in Samba 3.0, as used in the file-sharing service on the BlackBerry PlayBook tablet before 2.0.0.7971 and other products, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a Batched (aka AndX) request that triggers infinite recursion.",2012-02-23 12:33:55.407,EPSS
CVE-2012-0896,0.0,0.01844,Absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter.,2012-01-20 17:55:01.910,Nuclei
CVE-2012-0897,0.0,0.94502,Stack-based buffer overflow in the JPEG2000 plugin in IrfanView PlugIns before 4.33 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QCD) marker segment.,2012-01-20 17:55:02.017,Metasploit
CVE-2012-0901,0.0,0.00223,Cross-site scripting (XSS) vulnerability in yousaytoo.php in YouSayToo auto-publishing plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter.,2012-01-20 17:55:02.330,Nuclei
CVE-2012-0911,9.8,0.94684,"TikiWiki CMS/Groupware before 6.7 LTS and before 8.4 allows remote attackers to execute arbitrary PHP code via a crafted serialized object in the (1) cookieName to lib/banners/bannerlib.php; (2) printpages or (3) printstructures parameter to (a) tiki-print_multi_pages.php or (b) tiki-print_pages.php; or (4) sendpages, (5) sendstructures, or (6) sendarticles parameter to tiki-send_objects.php, which is not properly handled when processed by the unserialize function.",2012-07-12 19:55:03.530,Metasploit
CVE-2012-0938,0.0,0.00787,"Multiple SQL injection vulnerabilities in TestLink 1.9.3, 1.8.5b, and earlier allow remote authenticated users with certain permissions to execute arbitrary SQL commands via the root_node parameter in the display_children function to (1) getrequirementnodes.php or (2) gettprojectnodes.php in lib/ajax/; the (3) cfield_id parameter in an edit action to lib/cfields/cfieldsEdit.php; the (4) id parameter in an edit action or (5) plan_id parameter in a create action to lib/plan/planMilestonesEdit.php; or the req_spec_id parameter to (6) reqImport.php or (7) in a create action to reqEdit.php in lib/requirements/.  NOTE: some of these details are obtained from third party information.",2014-08-14 14:55:04.617,Metasploit
CVE-2012-0942,0.0,0.96489,Buffer overflow in rn5auth.dll in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to execute arbitrary code via crafted authentication credentials.,2012-04-17 04:26:07.667,EPSS
CVE-2012-0981,0.0,0.01277,Directory traversal vulnerability in phpShowtime 2.0 allows remote attackers to list arbitrary directories and image files via a .. (dot dot) in the r parameter to index.php.  NOTE: Some of these details are obtained from third party information.,2012-02-02 17:55:01.677,Nuclei
CVE-2012-0991,0.0,0.72743,"Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the formname parameter to (1) contrib/acog/print_form.php; or (2) load_form.php, (3) view_form.php, or (4) trend_form.php in interface/patient_file/encounter.",2012-02-07 21:55:03.547,Nuclei
CVE-2012-0996,0.0,0.02876,Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary files via a .. (dot dot) in the class parameter to (1) index.php or (2) admin/index.php.,2012-02-24 13:55:02.733,Nuclei
CVE-2012-1153,0.0,0.93357,"Unrestricted file upload vulnerability in addons/uploadify/uploadify.php in appRain CMF 0.1.5 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads directory.",2012-10-06 21:55:03.770,Metasploit
CVE-2012-1182,0.0,0.7008,"The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.",2012-04-10 21:55:02.203,Metasploit
CVE-2012-1184,0.0,0.9691,Stack-based buffer overflow in the ast_parse_digest function in main/utils.c in Asterisk 1.8.x before 1.8.10.1 and 10.x before 10.2.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in an HTTP Digest Authentication header.,2012-09-18 18:55:04.270,EPSS
CVE-2012-1195,0.0,0.68845,"Unrestricted file upload vulnerability in andesk/managementsuite/core/core.anonymous/ServerSetup.asmx in the ServerSetup web service in Lenovo ThinkManagement Console 9.0.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension via a PutUpdateFileCore command in a RunAMTCommand SOAP request, then accessing the file via a direct request to the file in the web root.",2012-02-18 00:55:02.543,Metasploit
CVE-2012-1196,0.0,0.35198,Directory traversal vulnerability in the VulCore web service (WSVulnerabilityCore/VulCore.asmx) in Lenovo ThinkManagement Console 9.0.3 allows remote attackers to delete arbitrary files via a .. (dot dot) in the filename parameter in a SetTaskLogByFile SOAP request.,2012-02-18 00:55:02.590,Metasploit
CVE-2012-1226,0.0,0.09636,Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 Alpha allow remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the (1) file parameter to document.php or (2) backtopage parameter in a create action to comm/action/fiche.php.,2012-02-21 13:31:47.830,Nuclei
CVE-2012-1420,0.0,0.97018,"The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \7fELF character sequence.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.",2012-03-21 10:11:47.130,EPSS
CVE-2012-1421,0.0,0.97212,"The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Norman Antivirus 6.06.12, Rising Antivirus 22.83.00.03, and AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial MSCF character sequence.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.",2012-03-21 10:11:47.177,EPSS
CVE-2012-1422,0.0,0.9709,"The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial ITSF character sequence.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.",2012-03-21 10:11:47.253,EPSS
CVE-2012-1423,0.0,0.96195,"The TAR file parser in Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, K7 AntiVirus 9.77.3565, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.",2012-03-21 10:11:47.317,EPSS
CVE-2012-1424,0.0,0.9727,"The TAR file parser in Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka Cat QuickHeal) 11.00, Jiangmin Antivirus 13.0.900, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a POSIX TAR file with a \19\04\00\10 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.",2012-03-21 10:11:47.347,EPSS
CVE-2012-1425,0.0,0.97402,"The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka Cat QuickHeal) 11.00, Emsisoft Anti-Malware 5.1.0.1, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, and Trend Micro HouseCall 9.120.0.1004 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \50\4B\03\04 character sequence.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.",2012-03-21 10:11:47.397,EPSS
CVE-2012-1426,0.0,0.96663,"The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, K7 AntiVirus 9.77.3565, Norman Antivirus 6.06.12, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \42\5A\68 character sequence.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.",2012-03-21 10:11:47.443,EPSS
CVE-2012-1427,0.0,0.96885,"The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Norman Antivirus 6.06.12, and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a POSIX TAR file with a \57\69\6E\5A\69\70 character sequence at a certain location.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.",2012-03-21 10:11:47.473,EPSS
CVE-2012-1428,0.0,0.96885,"The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Norman Antivirus 6.06.12, and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a POSIX TAR file with a \4a\46\49\46 character sequence at a certain location.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.",2012-03-21 10:11:47.520,EPSS
CVE-2012-1429,0.0,0.97429,"The ELF file parser in Bitdefender 7.2, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, and nProtect Anti-Virus 2011-01-17.01 allows remote attackers to bypass malware detection via an ELF file with a ustar character sequence at a certain location.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.",2012-03-21 10:11:47.550,EPSS
CVE-2012-1430,0.0,0.97271,"The ELF file parser in Bitdefender 7.2, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, nProtect Anti-Virus 2011-01-17.01, Sophos Anti-Virus 4.61.0, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via an ELF file with a \19\04\00\10 character sequence at a certain location.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.",2012-03-21 10:11:47.583,EPSS
CVE-2012-1431,0.0,0.97214,"The ELF file parser in Bitdefender 7.2, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, McAfee Gateway (formerly Webwasher) 2010.1C, nProtect Anti-Virus 2011-01-17.01, Sophos Anti-Virus 4.61.0, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via an ELF file with a \4a\46\49\46 character sequence at a certain location.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.",2012-03-21 10:11:47.630,EPSS
CVE-2012-1432,0.0,0.97161,"The Microsoft EXE file parser in Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \57\69\6E\5A\69\70 character sequence at a certain location.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.",2012-03-21 10:11:47.660,EPSS
CVE-2012-1433,0.0,0.97161,"The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \4a\46\49\46 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.",2012-03-21 10:11:47.693,EPSS
CVE-2012-1435,0.0,0.97161,"The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \50\4B\4C\49\54\45 character sequence at a certain location.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.",2012-03-21 10:11:47.770,EPSS
CVE-2012-1436,0.0,0.97161,"The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \2D\6C\68 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.",2012-03-21 10:11:47.800,EPSS
CVE-2012-1439,0.0,0.97423,"The ELF file parser in eSafe 7.0.17.0, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified padding field.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.",2012-03-21 10:11:47.927,EPSS
CVE-2012-1440,0.0,0.96169,"The ELF file parser in Norman Antivirus 6.06.12, eSafe 7.0.17.0, CA eTrust Vet Antivirus 36.1.8511, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified identsize field.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.",2012-03-21 10:11:47.957,EPSS
CVE-2012-1442,0.0,0.97457,"The ELF file parser in Quick Heal (aka Cat QuickHeal) 11.00, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, eSafe 7.0.17.0, Kaspersky Anti-Virus 7.0.0.125, F-Secure Anti-Virus 9.0.16160.0, Sophos Anti-Virus 4.61.0, Antiy Labs AVL SDK 2.0.3.7, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified class field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.",2012-03-21 10:11:48.037,EPSS
CVE-2012-1443,0.0,0.97468,"The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations.",2012-03-21 10:11:48.083,EPSS
CVE-2012-1444,0.0,0.95144,"The ELF file parser in eSafe 7.0.17.0, Prevx 3.0, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified abiversion field.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.",2012-03-21 10:11:48.130,EPSS
CVE-2012-1445,0.0,0.97423,"The ELF file parser in eSafe 7.0.17.0, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified abi field.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.",2012-03-21 10:11:48.207,EPSS
CVE-2012-1446,0.0,0.97338,"The ELF file parser in Quick Heal (aka Cat QuickHeal) 11.00, McAfee Anti-Virus Scanning Engine 5.400.0.1158, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Norman Antivirus 6.06.12, eSafe 7.0.17.0, Kaspersky Anti-Virus 7.0.0.125, McAfee Gateway (formerly Webwasher) 2010.1C, Sophos Anti-Virus 4.61.0, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified encoding field.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.",2012-03-21 10:11:48.270,EPSS
CVE-2012-1447,0.0,0.9527,"The ELF file parser in Fortinet Antivirus 4.2.254.0, eSafe 7.0.17.0, Dr.Web 5.0.2.03300, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified e_version field.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.",2012-03-21 10:11:48.333,EPSS
CVE-2012-1448,0.0,0.96501,"The CAB file parser in Quick Heal (aka Cat QuickHeal) 11.00, Trend Micro AntiVirus 9.120.0.1004, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Trend Micro HouseCall 9.120.0.1004, and Emsisoft Anti-Malware 5.1.0.1 allows remote attackers to bypass malware detection via a CAB file with a modified cbCabinet field.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations.",2012-03-21 10:11:48.613,EPSS
CVE-2012-1450,0.0,0.96274,"The CAB file parser in Emsisoft Anti-Malware 5.1.0.1, Sophos Anti-Virus 4.61.0, and Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0 allows remote attackers to bypass malware detection via a CAB file with a modified reserved3 field.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations.",2012-03-21 10:11:48.693,EPSS
CVE-2012-1452,0.0,0.96533,"The CAB file parser in Emsisoft Anti-Malware 5.1.0.1, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Quick Heal (aka Cat QuickHeal) 11.00 allows remote attackers to bypass malware detection via a CAB file with a modified reserved1 field.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations.",2012-03-21 10:11:48.770,EPSS
CVE-2012-1453,0.0,0.97462,"The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Sophos Anti-Virus 4.61.0, Trend Micro AntiVirus 9.120.0.1004, McAfee Gateway (formerly Webwasher) 2010.1C, Emsisoft Anti-Malware 5.1.0.1, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Rising Antivirus 22.83.00.03, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via a CAB file with a modified coffFiles field.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations.",2012-03-21 10:11:48.847,EPSS
CVE-2012-1454,0.0,0.97432,"The ELF file parser in Dr.Web 5.0.2.03300, eSafe 7.0.17.0, McAfee Gateway (formerly Webwasher) 2010.1C, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified ei_version field.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.",2012-03-21 10:11:49.160,EPSS
CVE-2012-1456,0.0,0.97179,"The TAR file parser in AVG Anti-Virus 10.0.0.1190, Quick Heal (aka Cat QuickHeal) 11.00, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, and Trend Micro HouseCall 9.120.0.1004 allows remote attackers to bypass malware detection via a TAR file with an appended ZIP file.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.",2012-03-21 10:11:49.240,EPSS
CVE-2012-1457,0.0,0.97397,"The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.",2012-03-21 10:11:49.287,EPSS
CVE-2012-1459,0.0,0.97481,"The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.",2012-03-21 10:11:49.597,EPSS
CVE-2012-1460,0.0,0.96716,"The Gzip file parser in Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, and VBA32 3.12.14.2 allows remote attackers to bypass malware detection via a .tar.gz file with stray bytes at the end. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different Gzip parser implementations.",2012-03-21 10:11:49.630,EPSS
CVE-2012-1461,0.0,0.97285,"The Gzip file parser in AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, and VBA32 3.12.14.2 allows remote attackers to bypass malware detection via a .tar.gz file with multiple compressed streams.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different Gzip parser implementations.",2012-03-21 10:11:49.677,EPSS
CVE-2012-1462,0.0,0.96015,"The ZIP file parser in AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, Quick Heal (aka Cat QuickHeal) 11.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, Norman Antivirus 6.06.12, Sophos Anti-Virus 4.61.0, and AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11 allows remote attackers to bypass malware detection via a ZIP file containing an invalid block of data at the beginning.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ZIP parser implementations.",2012-03-21 10:11:49.707,EPSS
CVE-2012-1463,0.0,0.97312,"The ELF file parser in AhnLab V3 Internet Security 2011.01.18.00, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified endianness field.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.",2012-03-21 10:11:49.740,EPSS
CVE-2012-1493,0.0,0.46586,"F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x before 11.0.0-HF2, and 11.1.x before 11.1.0-HF3, and Enterprise Manager before 2.1.0-HF2, 2.2.x before 2.2.0-HF1, and 2.3.x before 2.3.0-HF3, use a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins via the PubkeyAuthentication option.",2012-07-09 22:55:00.887,Metasploit
CVE-2012-1495,9.8,0.97001,install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter.,2020-01-27 15:15:11.027,EPSS/Metasploit
CVE-2012-1527,0.0,0.96736,"Integer underflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka ""Windows Briefcase Integer Underflow Vulnerability.""",2012-11-14 00:55:01.060,EPSS
CVE-2012-1528,0.0,0.96769,"Integer overflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka ""Windows Briefcase Integer Overflow Vulnerability.""",2012-11-14 00:55:01.107,EPSS
CVE-2012-1533,0.0,0.5052,"Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2012-3159.",2012-10-16 21:55:01.307,Metasploit
CVE-2012-1535,0.0,0.93285,"Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted SWF content, as exploited in the wild in August 2012 with SWF content in a Word document.",2012-08-15 10:31:40.677,CISA/Metasploit
CVE-2012-1573,0.0,0.95566,"gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure.",2012-03-26 19:55:01.390,EPSS
CVE-2012-1675,0.0,0.97368,"The TNS Listener, as used in Oracle Database 11g 11.1.0.7, 11.2.0.2, and 11.2.0.3, and 10g 10.2.0.3, 10.2.0.4, and 10.2.0.5, as used in Oracle Fusion Middleware, Enterprise Manager, E-Business Suite, and possibly other products, allows remote attackers to execute arbitrary database commands by performing a remote registration of a database (1) instance or (2) service name that already exists, then conducting a man-in-the-middle (MITM) attack to hijack database connections, aka ""TNS Poison.""",2012-05-08 22:55:01.010,EPSS/Metasploit
CVE-2012-1710,0.0,0.94846,"Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Designer, a different vulnerability than CVE-2012-1709.",2012-05-03 22:55:02.967,CISA
CVE-2012-1723,0.0,0.97082,"Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.",2012-06-16 21:55:03.500,EPSS/CISA/Metasploit
CVE-2012-1775,0.0,0.9646,Stack-based buffer overflow in VideoLAN VLC media player before 2.0.1 allows remote attackers to execute arbitrary code via a crafted MMS:// stream.,2012-03-19 16:55:01.123,EPSS/Metasploit
CVE-2012-1803,0.0,0.00721,"RuggedCom Rugged Operating System (ROS) 3.10.x and earlier has a factory account with a password derived from the MAC Address field in the banner, which makes it easier for remote attackers to obtain access by performing a calculation on this address value, and then establishing a (1) TELNET, (2) remote shell (aka rsh), or (3) serial-console session.",2012-04-28 00:55:01.203,Metasploit
CVE-2012-1823,0.0,0.97309,"sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.",2012-05-11 10:15:48.043,EPSS/CISA/Metasploit/Nuclei
CVE-2012-1835,0.0,0.00919,"Multiple cross-site scripting (XSS) vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to app/view/agenda-widget-form.php; (2) args, (3) title, (4) before_title, or (5) after_title parameter to app/view/agenda-widget.php; (6) button_value parameter to app/view/box_publish_button.php; or (7) msg parameter to /app/view/save_successful.php.",2012-08-14 21:55:00.923,Nuclei
CVE-2012-1856,0.0,0.92375,"The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL Server 2008 SP2, SP3, R2, R2 SP1, and R2 SP2, Commerce Server 2002 SP4, Commerce Server 2007 SP2, Commerce Server 2009 Gold and R2, Host Integration Server 2004 SP1, Visual FoxPro 8.0 SP1, Visual FoxPro 9.0 SP2, and Visual Basic 6.0 Runtime allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption, aka ""MSCOMCTL.OCX RCE Vulnerability.""",2012-08-15 01:55:01.490,CISA
CVE-2012-1858,0.0,0.95285,"The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka ""HTML Sanitization Vulnerability.""",2012-06-12 22:55:01.547,EPSS
CVE-2012-1875,0.0,0.97049,"Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka ""Same ID Property Remote Code Execution Vulnerability.""",2012-06-12 22:55:01.907,EPSS/Metasploit
CVE-2012-1876,0.0,0.97017,"Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflow, aka ""Col Element Remote Code Execution Vulnerability,"" as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.",2012-06-12 22:55:01.937,EPSS/Metasploit
CVE-2012-1885,0.0,0.95318,"Heap-based buffer overflow in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Office 2008 and 2011 for Mac; and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka ""Excel SerAuxErrBar Heap Overflow Vulnerability.""",2012-11-14 00:55:01.247,EPSS
CVE-2012-1889,0.0,0.97499,"Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.",2012-06-13 04:46:46.190,EPSS/CISA/Metasploit
CVE-2012-1923,0.0,0.95987,"RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x store passwords in cleartext under adm_b_db\users\, which allows local users to obtain sensitive information by reading a database.",2012-04-17 04:26:07.917,EPSS
CVE-2012-2019,0.0,0.94634,"Unspecified vulnerability in HP Operations Agent before 11.03.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1325.",2012-07-11 04:54:29.490,Metasploit
CVE-2012-2020,0.0,0.94634,"Unspecified vulnerability in HP Operations Agent before 11.03.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1326.",2012-07-11 04:54:29.537,Metasploit
CVE-2012-2034,0.0,0.01424,"Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2037.",2012-06-09 00:55:00.987,CISA
CVE-2012-2122,0.0,0.9681,"sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value.",2012-06-26 18:55:05.083,EPSS/Metasploit
CVE-2012-2174,0.0,0.96951,The URL handler in IBM Lotus Notes 8.x before 8.5.3 FP2 allows remote attackers to execute arbitrary code via a crafted notes:// URL.,2012-06-20 10:27:28.363,EPSS/Metasploit
CVE-2012-2175,0.0,0.97008,Buffer overflow in the Attachment_Times method in a certain ActiveX control in dwa85W.dll in IBM Lotus iNotes 8.5.x before 8.5.3 FP2 allows remote attackers to execute arbitrary code via a long argument.,2012-06-20 10:27:28.397,EPSS/Metasploit
CVE-2012-2176,0.0,0.76578,Multiple stack-based buffer overflows in a certain ActiveX control in qp2.cab in IBM Lotus Quickr 8.2 before 8.2.0.27-002a for Domino allow remote attackers to execute arbitrary code via a long argument to the (1) Attachment_Times or (2) Import_Times method.,2012-05-25 20:55:01.743,Metasploit
CVE-2012-2288,0.0,0.94347,"Format string vulnerability in the nsrd RPC service in EMC NetWorker 7.6.3 and 7.6.4 before 7.6.4.1, and 8.0 before 8.0.0.1, allows remote attackers to execute arbitrary code via format string specifiers in a message.",2012-09-04 11:04:48.967,Metasploit
CVE-2012-2329,0.0,0.60554,Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.,2012-05-11 10:15:48.263,Metasploit
CVE-2012-2371,0.0,0.01099,Cross-site scripting (XSS) vulnerability in index.php in the WP-FaceThumb plugin 0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pagination_wp_facethumb parameter.,2012-08-13 20:55:04.740,Nuclei
CVE-2012-2415,0.0,0.95463,"Heap-based buffer overflow in chan_skinny.c in the Skinny channel driver in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 allows remote authenticated users to cause a denial of service or possibly have unspecified other impact via a series of KEYPAD_BUTTON_MESSAGE events.",2012-04-30 20:55:02.657,EPSS
CVE-2012-2515,0.0,0.90991,"Multiple stack-based buffer overflows in the KeyHelp.KeyCtrl.1 ActiveX control in KeyHelp.ocx 1.2.312 in KeyWorks KeyHelp Module (aka the HTML Help component), as used in EMC Documentum ApplicationXtender Desktop 5.4; EMC Captiva Quickscan Pro 4.6 SP1; GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5; GE Intelligent Platforms Proficy HMI/SCADA iFIX 5.0 and 5.1; GE Intelligent Platforms Proficy Pulse 1.0; GE Intelligent Platforms Proficy Batch Execution 5.6; GE Intelligent Platforms SI7 I/O Driver 7.20 through 7.42; and other products, allow remote attackers to execute arbitrary code via a long string in the second argument to the (1) JumpMappedID or (2) JumpURL method.",2012-07-05 03:23:18.480,Metasploit
CVE-2012-2516,0.0,0.90124,"An ActiveX control in KeyHelp.ocx in KeyWorks KeyHelp Module (aka the HTML Help component), as used in GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5; Proficy HMI/SCADA iFIX 5.0 and 5.1; Proficy Pulse 1.0; Proficy Batch Execution 5.6; SI7 I/O Driver 7.20 through 7.42; and other products, allows remote attackers to execute arbitrary commands via crafted input, related to a ""command injection vulnerability.""",2012-07-05 03:23:18.527,Metasploit
CVE-2012-2539,0.0,0.78204,"Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; and Office Web Apps 2010 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka ""Word RTF 'listoverridecount' Remote Code Execution Vulnerability.""",2012-12-12 00:55:01.060,CISA
CVE-2012-2611,0.0,0.94993,"The DiagTraceR3Info function in the Dialog processor in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2, when a certain Developer Trace configuration is enabled, allows remote attackers to execute arbitrary code via a crafted SAP Diag packet.",2012-05-15 04:21:43.547,Metasploit
CVE-2012-2626,0.0,0.81299,"cgi-bin/admin.cgi in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 does not require token authentication, which allows remote attackers to add administrative accounts via a userprefs action.",2012-07-31 10:45:41.357,Metasploit
CVE-2012-2686,0.0,0.18334,crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service (application crash) via crafted CBC data.,2013-02-08 19:55:00.890,Metasploit
CVE-2012-2763,0.0,0.96525,"Buffer overflow in the readstr_upto function in plug-ins/script-fu/tinyscheme/scheme.c in GIMP 2.6.12 and earlier, and possibly 2.6.13, allows remote attackers to execute arbitrary code via a long string in a command to the script-fu server.",2012-07-12 19:55:06.297,EPSS/Metasploit
CVE-2012-2915,0.0,0.92996,Stack-based buffer overflow in Lattice Semiconductor PAC-Designer 6.2.1344 allows remote attackers to execute arbitrary code via a long string in a Value tag in a SymbolicSchematicData definition tag in PAC Design (.pac) file.,2012-05-21 18:55:07.540,Metasploit
CVE-2012-2926,9.1,0.45862,"Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and 3.4.x before 3.4.5; and Crowd before 2.0.9, 2.1 before 2.1.2, 2.2 before 2.2.9, 2.3 before 2.3.7, and 2.4 before 2.4.1 do not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.",2012-05-22 15:55:02.853,Metasploit
CVE-2012-2948,0.0,0.96044,chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by closing a connection in off-hook mode.,2012-06-02 15:55:01.027,EPSS
CVE-2012-2953,0.0,0.95937,The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary commands via crafted input to application scripts.,2012-07-23 17:55:03.497,EPSS/Metasploit
CVE-2012-2957,0.0,0.95523,"The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows local users to gain privileges by modifying files, related to a ""file inclusion"" issue.",2012-07-23 17:55:03.547,EPSS
CVE-2012-2962,0.0,0.97452,SQL injection vulnerability in d4d/statusFilter.php in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.2 allows remote authenticated users to execute arbitrary SQL commands via the q parameter.,2012-07-30 22:55:03.020,EPSS/Metasploit
CVE-2012-2982,0.0,0.97295,"file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid character in a pathname, as demonstrated by a | (pipe) character.",2012-09-11 18:55:01.237,EPSS/Metasploit
CVE-2012-2983,0.0,0.01702,"file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a file's unedited contents, which allows remote attackers to read arbitrary files via the file field.",2012-09-11 18:55:01.283,Metasploit
CVE-2012-3001,0.0,0.20168,"Mutiny Standard before 4.5-1.12 allows remote attackers to execute arbitrary commands via the network-interface menu, related to a ""command injection vulnerability.""",2012-10-22 16:55:01.210,Metasploit
CVE-2012-3152,0.0,0.97369,"Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Report Server Component.  NOTE: the previous information is from the October 2012 CPU. Oracle has not commented on claims from the original researcher that the URLPARAMETER functionality allows remote attackers to read and upload arbitrary files to reports/rwservlet, and that this issue occurs in earlier versions.  NOTE: this can be leveraged with CVE-2012-3153 to execute arbitrary code by uploading a .jsp file.",2012-10-16 23:55:03.823,EPSS/CISA/Metasploit
CVE-2012-3153,0.0,0.95986,"Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Servlet.  NOTE: the previous information is from the October 2012 CPU. Oracle has not commented on claims from the original researcher that the PARSEQUERY function allows remote attackers to obtain database credentials via reports/rwservlet/parsequery, and that this issue occurs in earlier versions.  NOTE: this can be leveraged with CVE-2012-3152 to execute arbitrary code by uploading a .jsp file.",2012-10-16 23:55:03.870,EPSS/Metasploit/Nuclei
CVE-2012-3260,0.0,0.10724,"Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1462.",2012-09-25 11:07:46.753,Metasploit
CVE-2012-3261,0.0,0.10724,"Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1463.",2012-09-25 11:07:46.860,Metasploit
CVE-2012-3274,0.0,0.90113,Stack-based buffer overflow in uam.exe in the User Access Manager (UAM) component in HP Intelligent Management Center (IMC) before 5.1 E0101P01 allows remote attackers to execute arbitrary code via vectors related to log data.,2012-12-06 11:45:47.310,Metasploit
CVE-2012-3399,0.0,0.9506,Config/diff.php in Basilic 1.5.14 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter.,2012-07-12 19:55:06.390,EPSS/Metasploit
CVE-2012-3485,0.0,0.00223,"Tunnelblick 3.3beta20 and earlier relies on argv[0] to determine the name of an appropriate (1) kernel module pathname or (2) executable file pathname, which allows local users to gain privileges via an execl system call.",2012-08-26 19:55:02.043,Metasploit
CVE-2012-3569,0.0,0.96477,"Format string vulnerability in VMware OVF Tool 2.1 on Windows, as used in VMware Workstation 8.x before 8.0.5, VMware Player 4.x before 4.0.5, and other products, allows user-assisted remote attackers to execute arbitrary code via a crafted OVF file.",2012-11-14 12:30:59.257,EPSS
CVE-2012-3579,0.0,0.22352,"Symantec Messaging Gateway (SMG) before 10.0 has a default password for an unspecified account, which makes it easier for remote attackers to obtain privileged access via an SSH session.",2012-08-29 10:56:40.143,Metasploit
CVE-2012-3752,0.0,0.97021,Multiple buffer overflows in Apple QuickTime before 7.7.3 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted style element in a QuickTime TeXML file.,2012-11-09 19:55:01.380,EPSS/Metasploit
CVE-2012-3753,0.0,0.97211,Buffer overflow in the plugin in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MIME type.,2012-11-09 19:55:01.427,EPSS/Metasploit
CVE-2012-3811,0.0,0.92147,Unrestricted file upload vulnerability in ImageUpload.ashx in the Wallboard application in Avaya IP Office Customer Call Reporter 7.0 before 7.0.5.8 Q1 2012 Maintenance Release and 8.0 before 8.0.9.13 Q1 2012 Maintenance Release allows remote attackers to execute arbitrary code by uploading an executable file and then accessing it via a direct request.,2012-07-03 19:55:04.663,Metasploit
CVE-2012-3815,0.0,0.79622,Buffer overflow in RunTime.exe in Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 46824.  NOTE: some of these details are obtained from third party information.,2012-06-27 21:55:05.957,Metasploit
CVE-2012-3951,0.0,0.7949,"The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) 9.0.1.19899 and earlier has a default password of admin for the (1) scrutinizer and (2) scrutremote accounts, which allows remote attackers to execute arbitrary SQL commands via a TCP session.",2012-07-31 10:45:42.763,Metasploit
CVE-2012-3993,0.0,0.01467,"The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not properly interact with failures of InstallTrigger methods, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site, related to an ""XrayWrapper pollution"" issue.",2012-10-10 17:55:02.050,Metasploit
CVE-2012-4031,0.0,0.22013,Multiple directory traversal vulnerabilities in src/acloglogin.php in Wangkongbao CNS-1000 and 1100 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) lang or (2) langid cookie to port 85.,2012-07-17 21:55:02.397,Metasploit
CVE-2012-4032,0.0,0.00663,Open redirect vulnerability in the login page in WebsitePanel before 1.2.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in ReturnUrl to Default.aspx.,2012-07-17 21:55:02.583,Nuclei
CVE-2012-4177,0.0,0.85318,The web browser plugin for Ubisoft Uplay PC before 2.0.4 allows remote attackers to execute arbitrary programs via the -orbit_exe_path command line argument.,2012-08-07 20:55:04.327,Metasploit
CVE-2012-4242,0.0,0.00216,Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page.,2012-10-01 23:55:01.440,Nuclei
CVE-2012-4253,0.0,0.01162,"Multiple directory traversal vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) language parameter to learn/cubemail/install.php or (2) f parameter learn/cubemail/filemanagement.php, or execute arbitrary local files via a .. (dot dot) in the (3) config parameter to learn/cubemail/menu.php.",2012-08-13 18:55:05.740,Nuclei
CVE-2012-4273,0.0,0.00252,Cross-site scripting (XSS) vulnerability in libs/xing.php in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xing-url parameter.,2012-08-13 22:55:01.567,Nuclei
CVE-2012-4284,9.8,0.05453,"A Privilege Escalation vulnerability exists in Viscosity 1.4.1 on Mac OS X due to a path name validation issue in the setuid-set ViscosityHelper binary, which could let a remote malicious user execute arbitrary code",2020-01-10 20:15:14.320,Metasploit
CVE-2012-4333,0.0,0.61173,Multiple stack-based buffer overflows in the BackupToAvi method in the (1) UMS_Ctrl 1.5.1.1 and (2) UMS_Ctrl_STW 2.0.1.0 ActiveX controls in Samsung NET-i viewer 1.37.120316 allow remote attackers to execute arbitrary code via a long string in the fname parameter.  NOTE: some of these details are obtained from third party information.,2012-08-14 22:55:02.567,Metasploit
CVE-2012-4347,0.0,0.90957,Multiple directory traversal vulnerabilities in the management console in Symantec Messaging Gateway (SMG) 9.5.x allow remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) logFile parameter in a logs action to brightmail/export or (2) localBackupFileSelection parameter in an APPLIANCE restoreSource action to brightmail/admin/restore/download.do.,2012-12-05 11:57:14.850,Metasploit
CVE-2012-4356,0.0,0.02325,"Multiple directory traversal vulnerabilities in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allow remote attackers to read arbitrary files via port-46824 TCP packets specifying a file-open operation with opcode 0x78 and a .. (dot dot) in a pathname, followed by a file-read operation with opcode (1) 0x96, (2) 0x97, or (3) 0x98.",2012-08-19 20:55:01.863,Metasploit
CVE-2012-4361,0.0,0.24674,lhn/public/network/ping in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the second parameter.,2012-08-20 22:55:01.503,Metasploit
CVE-2012-4547,0.0,0.0023,Unspecified vulnerability in awredir.pl in AWStats before 7.1 has unknown impact and attack vectors.,2012-10-31 10:50:32.123,Nuclei
CVE-2012-4554,0.0,0.16602,The OpenID module in Drupal 7.x before 7.16 allows remote OpenID servers to read arbitrary files via a crafted DOCTYPE declaration in an XRDS file.,2012-11-11 13:00:55.900,Metasploit
CVE-2012-4598,0.0,0.93401,"An unspecified ActiveX control in McAfee Virtual Technician (MVT) before 6.4, and ePO-MVT, allows remote attackers to execute arbitrary code or cause a denial of service (Internet Explorer crash) via a crafted web site.",2012-08-22 10:42:05.523,Metasploit
CVE-2012-4681,0.0,0.97525,"Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by (1) using com.sun.beans.finder.ClassFinder.findClass and leveraging an exception with the forName method to access restricted classes from arbitrary packages such as sun.awt.SunToolkit, then (2) using ""reflection with a trusted immediate caller"" to leverage the getField method to access and modify private fields, as exploited in the wild in August 2012 using Gondzz.class and Gondvv.class.",2012-08-28 00:55:01.860,EPSS/CISA/Metasploit
CVE-2012-4705,0.0,0.67257,Directory traversal vulnerability in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via vectors involving a crafted pathname.,2013-02-24 11:48:21.063,Metasploit
CVE-2012-4711,0.0,0.85057,"Buffer overflow in kingMess.exe 65.20.2003.10300 in WellinTech KingView 6.52, kingMess.exe 65.20.2003.10400 in KingView 6.53, and kingMess.exe 65.50.2011.18049 in KingView 6.55 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted packet.",2013-02-15 12:09:27.820,Metasploit
CVE-2012-4768,0.0,0.00825,Cross-site scripting (XSS) vulnerability in the Download Monitor plugin before 3.3.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dlsearch parameter to the default URI.,2014-09-04 14:55:09.960,Nuclei
CVE-2012-4792,0.0,0.91568,"Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.",2012-12-30 18:55:01.477,Metasploit
CVE-2012-4869,0.0,0.36239,"The callme_startcall function in recordings/misc/callme_page.php in FreePBX 2.9, 2.10, and earlier allows remote attackers to execute arbitrary commands via the callmenum parameter in a c action.",2012-09-06 17:55:02.300,Metasploit
CVE-2012-4876,0.0,0.88338,Stack-based buffer overflow in the UltraMJCam ActiveX Control in TRENDnet SecurView TV-IP121WN Wireless Internet Camera allows remote attackers to execute arbitrary code via a long string to the OpenFileDlg method.,2012-09-06 21:55:03.207,Metasploit
CVE-2012-4878,0.0,0.00328,Absolute path traversal vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 allows remote administrators to read arbitrary files via a full pathname in the dir parameter in a contents/Files action.,2012-09-06 21:55:03.330,Nuclei
CVE-2012-4889,0.0,0.03526,"Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to createAnomaly.do; (3) url, (4) subTab, or (5) tab parameter to mindex.do; (6) tab parameter to index2.do; or (7) port parameter to syslogViewer.do.",2012-09-10 22:55:07.413,Nuclei
CVE-2012-4914,0.0,0.81029,Stack-based buffer overflow in the reader in CoolPDF 3.0.2.256 allows remote attackers to execute arbitrary code via a PDF document with a crafted stream.,2013-01-26 23:55:01.103,Metasploit
CVE-2012-4915,0.0,0.91112,Directory traversal vulnerability in the Google Doc Embedder plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to libs/pdf.php.,2014-05-29 14:19:06.487,Metasploit
CVE-2012-4924,0.0,0.94215,Buffer overflow in the CxDbgPrint function in the ipswcom.dll ActiveX component 1.0.0.1 for ASUS Net4Switch 1.0.0020 allows remote attackers to execute arbitrary code via a long parameter to the Alert method.,2012-09-15 17:55:07.473,Metasploit
CVE-2012-4933,0.0,0.97115,"The rtrlet web application in the Web Console in Novell ZENworks Asset Management (ZAM) 7.5 uses a hard-coded username of Ivanhoe and a hard-coded password of Scott for the (1) GetFile_Password and (2) GetConfigInfo_Password operations, which allows remote attackers to obtain sensitive information via a crafted rtrlet/rtr request for the HandleMaintenanceCalls function.",2012-10-20 18:55:01.303,EPSS
CVE-2012-4940,0.0,0.12986,"Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. (dot dot) in (1) the fileName parameter in a download action to source/loggin/page_log_dwn_file.hsp, or the fileName parameter in (2) an edit action or (3) a delete action to the default URI.",2012-10-31 19:55:00.983,Metasploit/Nuclei
CVE-2012-4956,0.0,0.10796,Heap-based buffer overflow in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to execute arbitrary code via a large number of VOL elements in an SRS record.,2012-11-18 19:55:01.337,Metasploit
CVE-2012-4957,0.0,0.95431,Absolute path traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbitrary files via a /FSF/CMD request with a full pathname in a PATH element of an SRS record.,2012-11-18 19:55:01.417,EPSS/Metasploit
CVE-2012-4958,0.0,0.94779,Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbitrary files via a 126 /FSF/CMD request with a .. (dot dot) in a FILE element of an FSFUI record.,2012-11-18 19:55:01.463,Metasploit
CVE-2012-4959,0.0,0.75557,Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to upload and execute files via a 130 /FSF/CMD request with a .. (dot dot) in a FILE element of an FSFUI record.,2012-11-18 19:55:01.510,Metasploit
CVE-2012-4969,0.0,0.82122,"Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012.",2012-09-18 10:39:14.147,CISA/Metasploit
CVE-2012-4982,0.0,0.00357,Open redirect vulnerability in assets/login on the Forescout CounterACT NAC device before 7.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the a parameter.,2012-12-05 11:57:15.210,Nuclei
CVE-2012-5002,0.0,0.61423,"Stack-based buffer overflow in SR10 FTP server (SR10.exe) 1.1.0.6 in Ricoh DC Software DL-10 4.5.0.1, when the Log file name option is enabled, allows remote attackers to execute arbitrary code via a long USER FTP command.",2012-09-19 19:55:09.233,Metasploit
CVE-2012-5054,0.0,0.43303,Integer overflow in the copyRawDataTo method in the Matrix3D class in Adobe Flash Player before 11.4.402.265 allows remote attackers to execute arbitrary code via malformed arguments.,2012-09-24 17:55:07.217,CISA
CVE-2012-5076,0.0,0.96866,"Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JAX-WS.",2012-10-16 21:55:02.073,EPSS/CISA
CVE-2012-5081,0.0,0.04214,"Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect availability, related to JSSE.",2012-10-16 21:55:02.260,Metasploit
CVE-2012-5088,0.0,0.91681,"Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.",2012-10-16 21:55:02.540,Metasploit
CVE-2012-5159,0.0,0.92505,"phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror during an unspecified time frame in 2012, contains an externally introduced modification (Trojan Horse) in server_sync.php, which allows remote attackers to execute arbitrary PHP code via an eval injection attack.",2012-09-25 22:55:00.813,Metasploit
CVE-2012-5192,0.0,0.04171,"Directory traversal vulnerability in gmap/view_overlay.php in Bitweaver 2.8.1 and earlier allows remote attackers to read arbitrary files via ""''%2F"" (dot dot encoded slash) sequences in the overlay_type parameter.",2014-01-28 00:55:03.800,Metasploit
CVE-2012-5201,0.0,0.78443,"Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1611.",2013-03-09 11:55:01.360,Metasploit
CVE-2012-5202,0.0,0.71572,"Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1612.",2013-03-09 11:55:01.367,Metasploit
CVE-2012-5203,0.0,0.71572,"Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1613.",2013-03-09 11:55:01.377,Metasploit
CVE-2012-5204,0.0,0.71572,"Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1614.",2013-03-09 11:55:01.387,Metasploit
CVE-2012-5223,0.0,0.91296,"The proc_deutf function in includes/functions_vbseocp_abstract.php in vBSEO 3.5.0, 3.5.1, 3.5.2, 3.6.0, and earlier allows remote attackers to insert and execute arbitrary PHP code via ""complex curly syntax"" in the char_repl parameter, which is inserted into a regular expression that is processed by the preg_replace function with the eval switch.",2012-10-01 20:55:03.987,Metasploit
CVE-2012-5321,0.0,0.01708,"tiki-featured_link.php in TikiWiki CMS/Groupware 8.3 allows remote attackers to load arbitrary web site pages into frames and conduct phishing attacks via the url parameter, aka ""frame injection.""",2012-10-08 18:55:01.370,Nuclei
CVE-2012-5357,0.0,0.96676,"Ektron Content Management System (CMS) before 8.02 SP5 uses the XslCompiledTransform class with enablescript set to true, which allows remote attackers to execute arbitrary code with NETWORK SERVICE privileges via crafted XSL data.",2017-10-30 14:29:00.220,EPSS/Metasploit
CVE-2012-5519,0.0,0.00119,"CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging the web interface.",2012-11-20 00:55:01.337,Metasploit
CVE-2012-5525,0.0,0.00178,The get_page_from_gfn hypercall function in Xen 4.2 allows local PV guest OS administrators to cause a denial of service (crash) via a crafted GFN that triggers a buffer over-read.,2012-12-13 11:53:49.167,Metasploit
CVE-2012-5612,0.0,0.96147,"Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code, as demonstrated using certain variations of the (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER TABLE, (10) DELETE FROM, (11) UPDATE, and (12) SET PASSWORD commands.",2012-12-03 12:49:43.597,EPSS
CVE-2012-5613,0.0,0.96437,"MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the FILE privilege to users who should not have administrative privileges, allows remote authenticated users to gain privileges by leveraging the FILE privilege to create files as the MySQL administrator. NOTE: the vendor disputes this issue, stating that this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: it could be argued that this should not be included in CVE because it is a configuration issue.",2012-12-03 12:49:43.643,EPSS
CVE-2012-5643,0.0,0.96362,"Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via (1) invalid Content-Length headers, (2) long POST requests, or (3) crafted authentication credentials.",2012-12-20 12:02:19.840,EPSS
CVE-2012-5687,0.0,0.02952,Directory traversal vulnerability in the web-based management feature on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to the help/ URI.,2012-11-01 10:44:47.843,Metasploit
CVE-2012-5691,0.0,0.81676,Buffer overflow in RealNetworks RealPlayer before 16.0.0.282 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a crafted RealMedia file.,2012-12-19 11:55:56.500,Metasploit
CVE-2012-5692,0.0,0.95629,Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3.x has unknown impact and remote attack vectors.,2012-10-31 10:50:32.560,EPSS/Metasploit
CVE-2012-5896,0.0,0.66148,"The Annotation Objects Extension ActiveX control in AnnotateX.dll in Quest InTrust 10.4.0.853 and earlier does not properly implement the Add method, which allows remote attackers to execute arbitrary code via a memory address in the first argument, related to an ""uninitialized pointer.""",2012-11-17 21:55:04.500,Metasploit
CVE-2012-5913,0.0,0.01861,Cross-site scripting (XSS) vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to parameter to wp-login.php.,2012-11-17 21:55:06.063,Nuclei
CVE-2012-5932,0.0,0.79933,Eval injection vulnerability in the ldapagnt_eval function in ldapagnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote attackers to execute arbitrary Perl code via a crafted application/x-amf request.,2012-12-24 18:55:02.430,Metasploit
CVE-2012-5945,0.0,0.95298,Multiple buffer overflows in the Vsflex8l ActiveX control in IBM SPSS SamplePower 3.0 before FP1 allow remote attackers to execute arbitrary code via a long (1) ComboList or (2) ColComboList property value.,2013-04-30 03:33:29.703,EPSS
CVE-2012-5946,0.0,0.96277,Buffer overflow in the c1sizer ActiveX control in C1sizer.ocx in IBM SPSS SamplePower 3.0 before FP1 allows remote attackers to execute arbitrary code via a long TabCaption string.,2013-04-30 03:33:41.970,EPSS/Metasploit
CVE-2012-5958,0.0,0.97414,"Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a UDP packet with a crafted string that is not properly handled after a certain pointer subtraction.",2013-01-31 21:55:01.037,EPSS
CVE-2012-5959,0.0,0.94609,"Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a long UDN (aka uuid) field within a string that contains a :: (colon colon) in a UDP packet.",2013-01-31 21:55:01.083,Metasploit
CVE-2012-5975,0.0,0.6008,"The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6.2.5, and 6.3.0 through 6.3.2 on UNIX and Linux, when old-style password authentication is enabled, allows remote attackers to bypass authentication via a crafted session involving entry of blank passwords, as demonstrated by a root login session from a modified OpenSSH client with an added input_userauth_passwd_changereq call in sshconnect2.c.",2012-12-04 23:55:00.973,Metasploit
CVE-2012-6066,0.0,0.24863,"freeSSHd.exe in freeSSHd through 1.2.6 allows remote attackers to bypass authentication via a crafted session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c.",2012-12-04 23:55:01.033,Metasploit
CVE-2012-6081,0.0,0.95472,"Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as exploited in the wild in July 2012.",2013-01-03 01:55:04.483,EPSS/Metasploit
CVE-2012-6096,0.0,0.96792,"Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before 1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow remote attackers to execute arbitrary code via a long (1) host_name variable (host parameter) or (2) svc_description variable.",2013-01-22 23:55:03.247,EPSS/Metasploit
CVE-2012-6274,0.0,0.92469,"BigAntSoft BigAnt IM Message Server does not require authentication for file uploading, which allows remote attackers to create arbitrary files under AntServer\DocData\Public via unspecified vectors.",2013-02-24 11:48:21.330,Metasploit
CVE-2012-6275,0.0,0.92936,Multiple stack-based buffer overflows in AntDS.exe in BigAntSoft BigAnt IM Message Server allow remote attackers to have an unspecified impact via (1) the filename header in an SCH request or (2) the userid component in a DUPF request.,2013-02-24 11:48:21.377,Metasploit
CVE-2012-6301,0.0,0.04559,The Browser application in Android 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted market: URI in the SRC attribute of an IFRAME element.,2012-12-10 20:55:01.217,Metasploit
CVE-2012-6315,0.0,0.00198,Rejected reason: DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2013-0209.  Reason: This candidate is a reservation duplicate of CVE-2013-0209.  Notes: All CVE users should reference CVE-2013-0209 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage,2013-01-23 01:55:00.730,Metasploit
CVE-2012-6499,0.0,0.03575,Open redirect vulnerability in age-verification.php in the Age Verification plugin 0.4 and earlier for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_to parameter.,2013-01-12 04:33:49.197,Nuclei
CVE-2012-6530,0.0,0.85479,"Stack-based buffer overflow in Sysax Multi Server before 5.52, when HTTP is enabled, allows remote authenticated users with the create folder permission to execute arbitrary code via a crafted request.",2013-01-31 05:44:00.947,Metasploit
CVE-2012-6554,0.0,0.89178,"functions/html_to_text.php in the Chat module before 1.5.2 for activeCollab allows remote authenticated users to execute arbitrary PHP code via the message[message_text] parameter to chat/add_messag, which is not properly handled when executing the preg_replace function with the eval switch.",2013-05-23 15:55:01.687,Metasploit
CVE-2012-6636,0.0,0.04057,"The Android API before 17 does not properly restrict the WebView.addJavascriptInterface method, which allows remote attackers to execute arbitrary methods of Java objects by using the Java Reflection API within crafted JavaScript code that is loaded into the WebView component in an application targeted to API level 16 or earlier, a related issue to CVE-2013-4710.",2014-03-03 04:50:46.173,Metasploit
CVE-2012-6663,7.5,0.01467,General Electric D20ME devices are not properly configured and reveal plaintext passwords.,2020-01-23 22:15:09.873,Metasploit
CVE-2012-6664,0.0,0.13312,Multiple directory traversal vulnerabilities in the TFTP Server in Distinct Intranet Servers 3.10 and earlier allow remote attackers to read or write arbitrary files via a .. (dot dot) in the (1) get or (2) put commands.,2024-06-21 22:15:09.767,Metasploit
CVE-2013-0006,0.0,0.95278,"Microsoft XML Core Services (aka MSXML) 3.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka ""MSXML Integer Truncation Vulnerability.""",2013-01-09 18:09:40.163,EPSS
CVE-2013-0008,0.0,0.00079,"win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle window broadcast messages, which allows local users to gain privileges via a crafted application, aka ""Win32k Improper Message Handling Vulnerability.""",2013-01-09 18:09:40.320,Metasploit
CVE-2013-0025,0.0,0.97278,"Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka ""Internet Explorer SLayoutRun Use After Free Vulnerability.""",2013-02-13 12:04:12.040,EPSS/Metasploit
CVE-2013-0074,0.0,0.96215,"Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote attackers to execute arbitrary code via a crafted Silverlight application, aka ""Silverlight Double Dereference Vulnerability.""",2013-03-13 00:55:01.137,EPSS/CISA/Metasploit
CVE-2013-0080,0.0,0.95337,"Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allow remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka ""Callback Function Vulnerability.""",2013-03-13 00:55:01.183,EPSS
CVE-2013-0083,0.0,0.95886,"Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via crafted content, leading to administrative command execution, aka ""SharePoint XSS Vulnerability.""",2013-03-13 00:55:01.200,EPSS
CVE-2013-0108,0.0,0.67604,"An ActiveX control in HscRemoteDeploy.dll in Honeywell Enterprise Buildings Integrator (EBI) R310, R400.2, R410.1, and R410.2; SymmetrE R310, R410.1, and R410.2; ComfortPoint Open Manager (aka CPO-M) Station R100; and HMIWeb Browser client packages allows remote attackers to execute arbitrary code via a crafted HTML document.",2013-02-24 11:48:21.407,Metasploit
CVE-2013-0109,0.0,0.00065,"The NVIDIA driver before 307.78, and Release 310 before 311.00, in the NVIDIA Display Driver service on Windows does not properly handle exceptions, which allows local users to gain privileges or cause a denial of service (memory overwrite) via a crafted application.",2013-04-08 16:55:01.977,Metasploit
CVE-2013-0156,0.0,0.97253,"active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion.",2013-01-13 22:55:00.947,EPSS
CVE-2013-0209,0.0,0.11596,"lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for requests to database-migration functions, which allows remote attackers to conduct eval injection and SQL injection attacks via crafted parameters, as demonstrated by an eval injection attack against the core_drop_meta_for_table function, leading to execution of arbitrary Perl code.",2013-01-23 01:55:01.150,Metasploit
CVE-2013-0229,0.0,0.97105,The ProcessSSDPRequest function in minissdp.c in the SSDP handler in MiniUPnP MiniUPnPd before 1.4 allows remote attackers to cause a denial of service (service crash) via a crafted request that triggers a buffer over-read.,2013-01-31 21:55:01.490,EPSS
CVE-2013-0232,0.0,0.65676,"includes/functions.php in ZoneMinder Video Server 1.24.0, 1.25.0, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) runState parameter in the packageControl function; or (2) key or (3) command parameter in the setDeviceStatusX10 function.",2013-03-20 15:55:00.910,Metasploit
CVE-2013-0233,0.0,0.13896,"Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certain databases, does not properly perform type conversion when performing database queries, which might allow remote attackers to cause incorrect results to be returned and bypass security checks via unknown vectors, as demonstrated by resetting passwords of arbitrary accounts.",2013-04-25 23:55:01.460,Metasploit
CVE-2013-0235,0.0,0.14163,"The XMLRPC API in WordPress before 3.5.1 allows remote attackers to send HTTP requests to intranet servers, and conduct port-scanning attacks, by specifying a crafted source URL for a pingback, related to a Server-Side Request Forgery (SSRF) issue.",2013-07-08 20:55:00.883,Metasploit
CVE-2013-0333,0.0,0.97385,"lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows remote attackers to execute arbitrary code, conduct SQL injection attacks, or bypass authentication via crafted data that triggers unsafe decoding, a different vulnerability than CVE-2013-0156.",2013-01-30 12:00:08.930,EPSS
CVE-2013-0422,0.0,0.97245,"Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object, then retrieving arbitrary Class references using the findClass method, and (2) using the Reflection API with recursion in a way that bypasses a security check by the java.lang.invoke.MethodHandles.Lookup.checkSecurityManager method due to the inability of the sun.reflect.Reflection.getCallerClass method to skip frames related to the new reflection API, as exploited in the wild in January 2013, as demonstrated by Blackhole and Nuclear Pack, and a different vulnerability than CVE-2012-4681 and CVE-2012-3174. NOTE: some parties have mapped the recursive Reflection API issue to CVE-2012-3174, but CVE-2012-3174 is for a different vulnerability whose details are not public as of 20130114.  CVE-2013-0422 covers both the JMX/MBean and Reflection API issues.  NOTE: it was originally reported that Java 6 was also vulnerable, but the reporter has retracted this claim, stating that Java 6 is not exploitable because the relevant code is called in a way that does not bypass security checks.  NOTE: as of 20130114, a reliable third party has claimed that the findClass/MBeanInstantiator vector was not fixed in Oracle Java 7 Update 11.  If there is still a vulnerable condition, then a separate CVE identifier might be created for the unfixed issue.",2013-01-10 21:55:00.777,EPSS/CISA/Metasploit
CVE-2013-0431,0.0,0.96771,"Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka ""Issue 52,"" a different vulnerability than CVE-2013-1490.",2013-01-31 14:55:01.327,EPSS/CISA/Metasploit
CVE-2013-0625,0.0,0.86185,"Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, as exploited in the wild in January 2013.",2013-01-09 01:55:00.803,CISA
CVE-2013-0629,0.0,0.93731,"Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10, when a password is not configured, allows attackers to access restricted directories via unspecified vectors, as exploited in the wild in January 2013.",2013-01-09 01:55:03.553,CISA
CVE-2013-0631,0.0,0.96634,"Adobe ColdFusion 9.0, 9.0.1, and 9.0.2 allows attackers to obtain sensitive information via unspecified vectors, as exploited in the wild in January 2013.",2013-01-09 01:55:03.617,EPSS/CISA
CVE-2013-0632,0.0,0.97403,"administrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication and possibly execute arbitrary code by logging in to the RDS component using the default empty password and leveraging this session to access the administrative web interface, as exploited in the wild in January 2013.",2013-01-17 00:55:01.200,EPSS/CISA/Metasploit
CVE-2013-0634,0.0,0.96207,"Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on Linux, before 11.1.111.32 on Android 2.x and 3.x, and before 11.1.115.37 on Android 4.x allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, as exploited in the wild in February 2013.",2013-02-08 11:58:21.593,EPSS/Metasploit
CVE-2013-0640,0.0,0.94888,"Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, as exploited in the wild in February 2013.",2013-02-14 01:55:02.023,CISA
CVE-2013-0641,0.0,0.94887,"Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allows remote attackers to execute arbitrary code via a crafted PDF document, as exploited in the wild in February 2013.",2013-02-14 01:55:02.070,CISA
CVE-2013-0653,0.0,0.01451,"Directory traversal vulnerability in substitute.bcl in the WebView CimWeb subsystem in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to read arbitrary files via a crafted packet.",2013-01-27 18:55:03.460,Metasploit
CVE-2013-0680,0.0,0.01055,"Stack-based buffer overflow in the web server in Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long HTTP header.",2013-04-05 21:55:00.827,Metasploit
CVE-2013-0726,0.0,0.80855,Stack-based buffer overflow in the ERM_convert_to_correct_webpath function in ermapper_u.dll in ERDAS ER Viewer before 13.00.0001 allows remote attackers to execute arbitrary code via a crafted pathname in an ERS file.,2013-05-05 11:07:00.433,Metasploit
CVE-2013-0733,0.0,0.96944,"Untrusted search path vulnerability in Corel PaintShop Pro X5 and X6 16.0.0.113, 15.2.0.2, and earlier allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .jpg file.",2014-06-05 20:55:04.267,EPSS
CVE-2013-0753,0.0,0.97122,"Use-after-free vulnerability in the serializeToStream implementation in the XMLSerializer component in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via crafted web content.",2013-01-13 20:55:01.853,EPSS/Metasploit
CVE-2013-0757,0.0,0.09475,"The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not prevent modifications to the prototype of an object, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by referencing Object.prototype.__proto__ in a crafted HTML document.",2013-01-13 20:55:02.010,Metasploit
CVE-2013-0758,0.0,0.1201,"Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging improper interaction between plugin objects and SVG elements.",2013-01-13 20:55:02.040,Metasploit
CVE-2013-0803,9.8,0.94148,"A PHP File Upload Vulnerability exists in PolarBear CMS 2.5 via upload.php, which could let a malicious user execute arbitrary code.",2020-02-11 17:15:11.500,Metasploit
CVE-2013-0810,0.0,0.96711,"Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, and Windows Server 2008 SP2 allow remote attackers to execute arbitrary code via a crafted screensaver in a theme file, aka ""Windows Theme File Remote Code Execution Vulnerability.""",2013-09-11 14:03:48.000,EPSS/Metasploit
CVE-2013-0928,0.0,0.2284,"The NetWorker command processor in rrobotd.exe in the Device Manager in EMC AlphaStor 4.0 before build 800 allows remote attackers to execute arbitrary commands via a DCP ""run command"" operation.",2013-01-21 21:55:01.277,Metasploit
CVE-2013-1017,0.0,0.96916,Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted dref atoms in a movie file.,2013-05-24 16:43:58.620,EPSS
CVE-2013-1080,0.0,0.86898,"The web server in Novell ZENworks Configuration Management (ZCM) 10.3 and 11.2 before 11.2.4 does not properly perform authentication for zenworks/jsp/index.jsp, which allows remote attackers to conduct directory traversal attacks, and consequently upload and execute arbitrary programs, via a request to TCP port 443.",2013-03-29 16:09:05.620,Metasploit
CVE-2013-1300,0.0,0.00076,"win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka ""Win32k Memory Allocation Vulnerability.""",2013-07-10 03:46:09.717,Metasploit
CVE-2013-1305,0.0,0.95208,"HTTP.sys in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP header, aka ""HTTP.sys Denial of Service Vulnerability.""",2013-05-15 03:36:33.447,EPSS
CVE-2013-1311,0.0,0.96124,"Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka ""Internet Explorer Use After Free Vulnerability.""",2013-05-15 03:36:34.077,EPSS
CVE-2013-1331,0.0,0.96432,"Buffer overflow in Microsoft Office 2003 SP3 and Office 2011 for Mac allows remote attackers to execute arbitrary code via crafted PNG data in an Office document, leading to improper memory allocation, aka ""Office Buffer Overflow Vulnerability.""",2013-06-12 03:29:57.117,EPSS/CISA
CVE-2013-1347,0.0,0.97299,"Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013.",2013-05-05 11:07:00.527,EPSS/CISA/Metasploit
CVE-2013-1349,0.0,0.7169,Eval injection vulnerability in ajax.php in openSIS 4.5 through 5.2 allows remote attackers to execute arbitrary PHP code via the modname parameter.,2013-12-09 16:36:43.427,Metasploit
CVE-2013-1359,9.8,0.97165,"An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface (/appliance/), which could let a remote malicious user obtain access to the root account.",2020-02-11 17:15:11.593,EPSS/Metasploit
CVE-2013-1362,0.0,0.93813,"Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor (NRPE) before 2.14 might allow remote attackers to execute arbitrary shell commands via ""$()"" shell metacharacters, which are processed by bash.",2013-07-09 17:55:00.890,Metasploit
CVE-2013-1391,7.5,0.97169,"Authentication bypass vulnerability in the the web interface in Hunt CCTV, Capture CCTV, Hachi CCTV, NoVus CCTV, and Well-Vision Inc DVR systems allows a remote attacker to retrieve the device configuration.",2019-10-30 21:15:11.507,EPSS/Metasploit
CVE-2013-1412,0.0,0.96097,"DataLife Engine (DLE) 9.7 allows remote attackers to execute arbitrary PHP code via the catlist[] parameter to engine/preview.php, which is used in a preg_replace function call with an e modifier.",2014-06-02 15:55:09.433,EPSS/Metasploit
CVE-2013-1416,0.0,0.95626,"The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request.",2013-04-19 11:44:26.017,EPSS
CVE-2013-1428,0.0,0.05468,Stack-based buffer overflow in the receive_tcppacket function in net_packet.c in tinc before 1.0.21 and 1.1 before 1.1pre7 allows remote authenticated peers to cause a denial of service (crash) or possibly execute arbitrary code via a large TCP packet.,2013-04-26 16:55:01.507,Metasploit
CVE-2013-1488,0.0,0.96991,"The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to execute arbitrary code via unspecified vectors involving reflection, Libraries, ""improper toString calls,"" and the JDBC driver manager, as demonstrated by James Forshaw during a Pwn2Own competition at CanSecWest 2013.",2013-03-08 18:55:01.583,EPSS/Metasploit
CVE-2013-1493,0.0,0.96646,"The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013.",2013-03-05 22:06:35.043,EPSS/Metasploit
CVE-2013-1559,0.0,0.97098,Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1 and 11.1.1.6.0 allows remote authenticated users to affect availability via unknown vectors related to Content Server.,2013-04-17 12:19:45.110,EPSS/Metasploit
CVE-2013-1662,0.0,0.00112,"vmware-mount in VMware Workstation 8.x and 9.x and VMware Player 4.x and 5.x, on systems based on Debian GNU/Linux, allows host OS users to gain host OS privileges via a crafted lsb_release binary in a directory in the PATH, related to use of the popen library function.",2013-08-24 01:55:04.017,Metasploit
CVE-2013-1675,0.0,0.00411,"Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.",2013-05-16 11:45:30.877,CISA
CVE-2013-1690,0.0,0.0878,"Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location.",2013-06-26 03:19:10.793,CISA/Metasploit
CVE-2013-1775,0.0,0.00044,sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch.,2013-03-05 21:38:56.293,Metasploit
CVE-2013-1814,0.0,0.92062,"The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.",2013-03-14 00:55:01.090,Metasploit
CVE-2013-1892,0.0,0.657,"MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMonkey, which allows remote authenticated users to cause a denial of service (invalid memory access and server crash) or execute arbitrary code via a crafted memory address in the first argument.",2013-10-01 20:55:03.513,Metasploit
CVE-2013-1896,0.0,0.95616,"mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.",2013-07-10 20:55:01.023,EPSS
CVE-2013-1899,0.0,0.97129,"Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a ""-"" (hyphen).",2013-04-04 17:55:00.877,EPSS/Metasploit
CVE-2013-1965,0.0,0.00813,"Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.",2013-07-10 19:55:04.683,Nuclei
CVE-2013-1966,0.0,0.01858,Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.,2013-07-10 19:55:04.713,Metasploit
CVE-2013-2010,9.8,0.97101,WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability,2020-02-12 15:15:11.540,EPSS/Metasploit
CVE-2013-2028,0.0,0.1516,"The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.",2013-07-20 03:37:20.730,Metasploit
CVE-2013-2050,0.0,0.01381,SQL injection vulnerability in the miq_policy controller in Red Hat CloudForms 2.0 Management Engine (CFME) 5.1 and ManageIQ Enterprise Virtualization Manager 5.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the profile[] parameter in an explorer action.,2014-01-11 01:55:02.940,Metasploit
CVE-2013-2068,0.0,0.6243,"Multiple directory traversal vulnerabilities in the AgentController in Red Hat CloudForms Management Engine 2.0 allow remote attackers to create and overwrite arbitrary files via a .. (dot dot) in the filename parameter to the (1) log, (2) upload, or (3) linuxpkgs method.",2013-09-28 19:55:02.977,Metasploit
CVE-2013-2094,0.0,0.00179,"The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call.",2013-05-14 20:55:01.527,CISA
CVE-2013-2113,0.0,0.11095,The create method in app/controllers/users_controller.rb in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create or edit other users to gain privileges by (1) changing the admin flag or (2) assigning an arbitrary role.,2013-07-31 13:20:25.083,Metasploit
CVE-2013-2115,8.1,0.00299,Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.,2013-07-10 19:55:04.770,Metasploit
CVE-2013-2121,0.0,0.50859,Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute.,2013-07-31 13:20:25.127,Metasploit
CVE-2013-2134,0.0,0.96646,"Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.",2013-07-16 18:55:01.380,EPSS
CVE-2013-2135,0.0,0.95739,"Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both ""${}"" and ""%{}"" sequences, which causes the OGNL code to be evaluated twice.",2013-07-16 18:55:01.403,EPSS
CVE-2013-2143,0.0,0.74849,"The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by setting a user account to an administrator account.",2014-04-17 14:55:05.730,Metasploit
CVE-2013-2171,0.0,0.00273,"The vm_map_lookup function in sys/vm/vm_map.c in the mmap implementation in the kernel in FreeBSD 9.0 through 9.1-RELEASE-p4 does not properly determine whether a task should have write access to a memory location, which allows local users to bypass filesystem write permissions and consequently gain privileges via a crafted application that leverages read permissions, and makes mmap and ptrace system calls.",2013-07-02 03:43:33.647,Metasploit
CVE-2013-2248,0.0,0.97189,Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.,2013-07-20 03:37:30.717,EPSS/Nuclei
CVE-2013-2251,0.0,0.97408,"Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.",2013-07-20 03:37:30.737,EPSS/CISA/Metasploit/Nuclei
CVE-2013-2287,0.0,0.00219,Multiple cross-site scripting (XSS) vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) notify or (2) blog parameter.,2014-04-04 14:55:11.307,Nuclei
CVE-2013-2333,0.0,0.95284,"Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1680.",2013-06-06 13:02:15.367,EPSS/Metasploit
CVE-2013-2343,0.0,0.78733,"Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1510.",2013-07-02 21:55:00.863,Metasploit
CVE-2013-2347,0.0,0.43047,"The Backup Client Service (OmniInet.exe) in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary commands or cause a denial of service via a crafted EXEC_BAR packet to TCP port 5555, aka ZDI-CAN-1885.",2014-01-04 04:51:17.257,Metasploit
CVE-2013-2367,0.0,0.94634,"Multiple unspecified vulnerabilities in HP SiteScope 11.20 and 11.21, when SOAP is used, allow remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1678.",2013-07-31 13:20:18.803,Metasploit
CVE-2013-2370,0.0,0.94634,"Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1671.",2013-07-29 13:59:14.223,Metasploit
CVE-2013-2423,0.0,0.96849,"Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via unknown vectors related to HotSpot.  NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from the original researcher that this vulnerability allows remote attackers to bypass permission checks by the MethodHandles method and modify arbitrary public final fields using reflection and type confusion, as demonstrated using integer and double fields to disable the security manager.",2013-04-17 18:55:07.087,EPSS/CISA/Metasploit
CVE-2013-2460,0.0,0.96846,"Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serviceability.  NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to ""insufficient access checks"" in the tracing component.",2013-06-18 22:55:02.707,EPSS/Metasploit
CVE-2013-2465,0.0,0.85847,"Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.  NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to ""Incorrect image channel verification"" in 2D.",2013-06-18 22:55:02.807,CISA/Metasploit
CVE-2013-2492,0.0,0.76137,"Stack-based buffer overflow in Firebird 2.1.3 through 2.1.5 before 18514, and 2.5.1 through 2.5.3 before 26623, on Windows allows remote attackers to execute arbitrary code via a crafted packet to TCP port 3050, related to a missing size check during extraction of a group number from CNCT information.",2013-03-15 22:55:01.003,Metasploit
CVE-2013-2551,0.0,0.97212,"Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka ""Internet Explorer Use After Free Vulnerability,"" a different vulnerability than CVE-2013-1308 and CVE-2013-1309.",2013-03-11 10:55:01.070,EPSS/CISA/Metasploit
CVE-2013-2566,0.0,0.00536,"The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.",2013-03-15 21:55:01.047,Metasploit
CVE-2013-2578,0.0,0.01608,"cgi-bin/admin/servetest in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the ServerName parameter and (2) other unspecified parameters.",2013-10-11 21:55:41.887,Metasploit
CVE-2013-2596,0.0,0.00897,"Integer overflow in the fb_mmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9, as used in a certain Motorola build of Android 4.1.2 and other products, allows local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted /dev/graphics/fb0 mmap2 system calls, as demonstrated by the Motochopper pwn program.",2013-04-13 02:59:46.627,CISA
CVE-2013-2597,0.0,0.00157,"Stack-based buffer overflow in the acdb_ioctl function in audio_acdb.c in the acdb audio driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges via an application that leverages /dev/msm_acdb access and provides a large size value in an ioctl argument.",2014-08-31 10:55:03.753,CISA
CVE-2013-2621,6.1,0.03431,Open Redirection Vulnerability in the redir.php script in Telaen before 1.3.1 allows remote attackers to redirect victims to arbitrary websites via a crafted URL.,2020-02-03 15:15:11.007,Nuclei
CVE-2013-2641,0.0,0.92073,Directory traversal vulnerability in patience.cgi in Sophos Web Appliance before 3.7.8.2 allows remote attackers to read arbitrary files via the id parameter.,2014-03-18 17:02:51.840,Metasploit
CVE-2013-2729,0.0,0.97099,"Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-2727.",2013-05-16 11:45:31.263,EPSS/CISA
CVE-2013-2730,0.0,0.07103,"Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-2733.",2013-05-16 11:45:31.287,Metasploit
CVE-2013-2751,0.0,0.52033,"Eval injection vulnerability in frontview/lib/np_handler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to execute arbitrary Perl code via a crafted request, related to the ""forgot password workflow.""",2013-12-12 18:55:10.807,Metasploit
CVE-2013-2827,0.0,0.57358,"An unspecified ActiveX control in WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before 3.1.2 allows remote attackers to download arbitrary DLL code onto a client machine and execute this code via the ProjectURL property value.",2014-01-15 16:08:18.173,Metasploit
CVE-2013-3027,0.0,0.95044,"Integer overflow in the DWA9W ActiveX control in iNotes in IBM Domino 9.0 before IF3 allows remote attackers to execute arbitrary code via a crafted web page, aka SPR PTHN97XHFW.",2013-08-09 19:55:06.367,EPSS
CVE-2013-3163,0.0,0.96143,"Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Internet Explorer Memory Corruption Vulnerability,"" a different vulnerability than CVE-2013-3144 and CVE-2013-3151.",2013-07-10 03:46:10.527,EPSS/CISA/Metasploit
CVE-2013-3184,0.0,0.97042,"Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Internet Explorer Memory Corruption Vulnerability.""",2013-08-14 11:10:36.287,EPSS/Metasploit
CVE-2013-3205,0.0,0.97042,"Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Internet Explorer Memory Corruption Vulnerability.""",2013-09-11 14:03:48.167,EPSS/Metasploit
CVE-2013-3214,9.8,0.85019,vtiger CRM 5.4.0 and earlier contain a PHP Code Injection Vulnerability in 'vtigerolservice.php'.,2020-01-28 21:15:11.733,Metasploit
CVE-2013-3215,9.8,0.17344,vtiger CRM 5.4.0 and earlier contain an Authentication Bypass Vulnerability due to improper authentication validation in the validateSession function.,2020-01-29 18:15:12.077,Metasploit
CVE-2013-3238,0.0,0.97277,"phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote authenticated users to execute arbitrary code via a /e\x00 sequence, which is not properly handled before making a preg_replace function call within the ""Replace table prefix"" feature.",2013-04-26 03:34:23.440,EPSS/Metasploit
CVE-2013-3248,0.0,0.00311,"Untrusted search path vulnerability in Corel PDF Fusion 1.11 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .pdf or .xps file.",2013-10-03 23:55:04.847,Metasploit
CVE-2013-3319,0.0,0.03101,The GetComputerSystem method in the HostControl service in SAP Netweaver 7.03 allows remote attackers to obtain sensitive information via a crafted SOAP request to TCP port 1128.,2013-08-16 17:55:05.050,Metasploit
CVE-2013-3336,0.0,0.97291,"Unspecified vulnerability in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to read arbitrary files via unknown vectors.",2013-05-09 12:31:19.857,EPSS/Metasploit
CVE-2013-3346,0.0,0.97198,"Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.",2013-08-30 20:55:06.230,EPSS/CISA
CVE-2013-3482,0.0,0.91019,Stack-based buffer overflow in the rf_report_error function in ermapper_u.dll in Intergraph ERDAS ER Viewer before 13.0.1.1301 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long string in an ERS file.,2014-01-19 17:16:28.803,Metasploit
CVE-2013-3502,0.0,0.1421,"monarch_scan.cgi in the MONARCH component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to execute arbitrary commands, and consequently obtain sensitive information, by leveraging a JOSSO SSO cookie.",2013-05-08 12:09:33.877,Metasploit
CVE-2013-3520,0.0,0.92254,"VMware vCenter Chargeback Manager (aka CBM) before 2.5.1 does not proper handle uploads, which allows remote attackers to execute arbitrary code via unspecified vectors.",2013-06-17 03:29:45.100,Metasploit
CVE-2013-3526,0.0,0.00519,"Cross-site scripting (XSS) vulnerability in js/ta_loaded.js.php in the Traffic Analyzer plugin, possibly 3.3.2 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the aoid parameter.",2013-05-10 21:55:02.460,Nuclei
CVE-2013-3563,0.0,0.45717,Stack-based buffer overflow in db_netserver in Lianja SQL Server before 1.0.0RC5.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted string to TCP port 8001.,2013-07-04 14:33:41.597,Metasploit
CVE-2013-3568,8.8,0.97342,Cross-site request forgery (CSRF) vulnerability in Cisco Linksys WRT110 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors.,2020-02-06 22:15:10.577,EPSS/Metasploit
CVE-2013-3576,0.0,0.46478,ginkgosnmp.inc in HP System Management Homepage (SMH) allows remote authenticated users to execute arbitrary commands via shell metacharacters in the PATH_INFO to smhutil/snmpchp.php.en.,2013-06-14 18:55:01.780,Metasploit
CVE-2013-3591,8.8,0.95891,vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability,2020-02-07 15:15:10.383,EPSS/Metasploit
CVE-2013-3617,0.0,0.29861,"The XML API in Openbravo ERP 2.5, 3.0, and earlier allows remote authenticated users to read arbitrary files via an XML document with an external entity declaration in conjunction with an entity reference to /ws/dal/ADUser or other /ws/dal/XXX interfaces, related to an XML External Entity (XXE) issue.",2013-11-02 19:55:04.523,Metasploit
CVE-2013-3619,8.1,0.01225,Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before SMT_X9_317 and firmware for Supermicro X8 generation motherboards before SMT X8 312 contain harcoded private encryption keys for the (1) Lighttpd web server SSL interface and the (2) Dropbear SSH daemon.,2020-01-02 18:15:11.323,Metasploit
CVE-2013-3621,0.0,0.00241,Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-3607. Reason: This candidate is a reservation duplicate of CVE-2013-3607. Notes: All CVE users should reference CVE-2013-3607 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage,2020-01-02 18:15:11.477,Metasploit
CVE-2013-3623,0.0,0.97091,Multiple stack-based buffer overflows in cgi/close_window.cgi in the web interface in the Intelligent Platform Management Interface (IPMI) with firmware before 3.15 (SMT_X9_315) on Supermicro X9 generation motherboards allow remote attackers to execute arbitrary code via the (1) sess_sid or (2) ACT parameter.,2013-12-10 16:11:18.697,EPSS
CVE-2013-3628,8.8,0.95957,Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability,2020-02-07 15:15:10.477,EPSS/Metasploit
CVE-2013-3629,8.8,0.91501,ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution,2020-02-07 15:15:10.587,Metasploit
CVE-2013-3630,0.0,0.02369,Moodle through 2.5.2 allows remote authenticated administrators to execute arbitrary programs by configuring the aspell pathname and then triggering a spell-check operation within the TinyMCE editor.,2013-11-01 02:55:04.247,Metasploit
CVE-2013-3631,0.0,0.45698,"NAS4Free 9.1.0.1.804 and earlier allows remote authenticated users to execute arbitrary PHP code via a request to exec.php, aka the ""Advanced | Execute Command"" feature.  NOTE: this issue might not be a vulnerability, since it appears to be part of legitimate, intentionally-exposed functionality by the developer and is allowed within the intended security policy.",2013-11-02 19:55:04.540,Metasploit
CVE-2013-3632,0.0,0.85,The Cron service in rpc.php in OpenMediaVault allows remote authenticated users to execute cron jobs as arbitrary users and execute arbitrary commands via the username parameter.,2014-09-29 22:55:08.847,Metasploit
CVE-2013-3660,0.0,0.00061,"The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka ""Win32k Read AV Vulnerability.""",2013-05-24 20:55:01.903,CISA/Metasploit
CVE-2013-3763,0.0,0.97226,"Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 7.4.0 and 7.5.1.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2013-3764.",2013-07-17 13:41:16.667,EPSS/Metasploit
CVE-2013-3827,0.0,0.17496,"Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.3.0, 11.1.2.4.0, and 12.1.2.0.0; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.1 allows remote attackers to affect confidentiality via unknown vectors related to Java Server Faces or Web Container.",2013-10-16 15:55:33.820,Nuclei
CVE-2013-3843,0.0,0.3587,Stack-based buffer overflow in the mk_request_header_process function in mk_request.c in Monkey HTTP Daemon (monkeyd) before 1.2.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP header.,2014-06-13 14:55:12.913,Metasploit
CVE-2013-3870,0.0,0.95225,"Double free vulnerability in Microsoft Outlook 2007 SP3 and 2010 SP1 and SP2 allows remote attackers to execute arbitrary code by including many nested S/MIME certificates in an e-mail message, aka ""Message Certificate Vulnerability.""",2013-09-11 14:03:48.677,EPSS
CVE-2013-3881,0.0,0.00042,"win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 allows local users to gain privileges via a crafted application, aka ""Win32k NULL Page Vulnerability.""",2013-10-09 14:53:24.793,Metasploit
CVE-2013-3893,0.0,0.96503,"Use-after-free vulnerability in the SetMouseCapture implementation in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript strings, as demonstrated by use of an ms-help: URL that triggers loading of hxds.dll.",2013-09-18 10:08:24.867,EPSS/Metasploit
CVE-2013-3896,0.0,0.26114,"Microsoft Silverlight 5 before 5.1.20913.0 does not properly validate pointers during access to Silverlight elements, which allows remote attackers to obtain sensitive information via a crafted Silverlight application, aka ""Silverlight Vulnerability.""",2013-10-09 14:53:25.230,CISA/Metasploit
CVE-2013-3897,0.0,0.9638,"Use-after-free vulnerability in the CDisplayPointer class in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted JavaScript code that uses the onpropertychange event handler, as exploited in the wild in September and October 2013, aka ""Internet Explorer Memory Corruption Vulnerability.""",2013-10-09 14:54:25.747,EPSS/CISA/Metasploit
CVE-2013-3900,0.0,0.74218,"The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate PE file digests during Authenticode signature verification, which allows remote attackers to execute arbitrary code via a crafted PE file, aka ""WinVerifyTrust Signature Validation Vulnerability.""",2013-12-11 00:55:03.693,CISA
CVE-2013-3906,0.0,0.97025,"GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2; Office 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Office Compatibility Pack SP3; and Lync 2010, 2010 Attendee, 2013, and Basic 2013 allows remote attackers to execute arbitrary code via a crafted TIFF image, as demonstrated by an image in a Word document, and exploited in the wild in October and November 2013.",2013-11-06 15:55:05.860,EPSS/CISA/Metasploit
CVE-2013-3918,0.0,0.96329,"The InformationCardSigninHelper Class ActiveX control in icardie.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted web page that is accessed by Internet Explorer, as exploited in the wild in November 2013, aka ""InformationCardSigninHelper Vulnerability.""",2013-11-12 14:35:11.713,EPSS/Metasploit
CVE-2013-3928,0.0,0.94957,Stack-based buffer overflow in the ReadFile function in flt_BMP.dll in Chasys Draw IES before 4.11.02 allows remote attackers to execute arbitrary code via crafted biPlanes and biBitCount fields in a BMP file.,2014-03-11 19:37:02.007,Metasploit
CVE-2013-3940,0.0,0.95487,"Integer overflow in the Graphics Device Interface (GDI) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image in a Windows Write (.wri) document, which is not properly handled in WordPad, aka ""Graphics Device Interface Integer Overflow Vulnerability.""",2013-11-13 00:55:03.730,EPSS
CVE-2013-3956,0.0,0.0032,"The NICM.SYS kernel driver 3.1.11.0 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003; Novell Client 2 SP2 on Windows Vista and Windows Server 2008; and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted 0x143B6B IOCTL call.",2013-07-31 13:20:28.763,Metasploit
CVE-2013-3975,0.0,0.00405,"Unspecified vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to discover user names, full names, and e-mail addresses via a search.",2014-05-26 04:29:15.740,Metasploit
CVE-2013-3977,0.0,0.00567,The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to determine which meeting rooms are owned by a user by leveraging knowledge of valid user names.,2014-05-26 04:29:15.817,Metasploit
CVE-2013-3982,0.0,0.00405,The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to obtain unspecified installation information and technical data via a request to a public page.,2014-05-26 04:29:16.007,Metasploit
CVE-2013-3986,0.0,0.01052,IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote attackers to cause a denial of service (WebPlayer Firefox extension crash) via a crafted Audio Visual (AV) session.,2013-11-08 15:55:13.717,Metasploit
CVE-2013-3993,0.0,0.00618,"IBM InfoSphere BigInsights before 2.1.0.3 allows remote authenticated users to bypass intended file and directory restrictions, or access untrusted data or code, via crafted parameters in unspecified API calls.",2014-07-07 11:01:28.383,CISA
CVE-2013-4011,0.0,0.00105,"Multiple unspecified vulnerabilities in the InfiniBand subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allow local users to gain privileges via vectors involving (1) arp.ib or (2) ibstat.",2013-07-18 16:51:55.827,Metasploit
CVE-2013-4074,0.0,0.06088,"The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 incorrectly uses a -1 data value to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.",2013-06-09 21:55:01.397,Metasploit
CVE-2013-4117,0.0,0.01217,Cross-site scripting (XSS) vulnerability in includes/CatGridPost.php in the Category Grid View Gallery plugin 2.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ID parameter.,2013-07-16 14:08:50.963,Nuclei
CVE-2013-4124,0.0,0.96821,"Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.",2013-08-06 02:56:00.710,EPSS/Metasploit
CVE-2013-4164,0.0,0.0454,"Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse.",2013-11-23 19:55:03.517,Metasploit
CVE-2013-4211,9.8,0.97193,"A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, which could let a remote malicious user execute arbitrary PHP code",2020-02-14 20:15:09.650,EPSS/Metasploit
CVE-2013-4212,0.0,0.96005,"Certain getText methods in the ActionSupport controller in Apache Roller before 5.0.2 allow remote attackers to execute arbitrary OGNL expressions via the first or second parameter, as demonstrated by the pageTitle parameter in the !getPageTitle sub-URL to roller-ui/login.rol, which uses a subclass of UIAction, aka ""OGNL Injection.""",2013-12-07 20:55:02.320,EPSS/Metasploit
CVE-2013-4341,0.0,0.00167,"Multiple cross-site scripting (XSS) vulnerabilities in Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 allow remote attackers to inject arbitrary web script or HTML via a crafted blog link within an RSS feed.",2013-09-16 13:02:48.083,Metasploit
CVE-2013-4450,0.0,0.08049,The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of service (memory and CPU consumption) by sending a large number of pipelined requests without reading the response.,2013-10-21 17:55:03.537,Metasploit
CVE-2013-4467,0.0,0.20716,"Multiple SQL injection vulnerabilities in the agent interface (agc/) in VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier allow (1) remote attackers to execute arbitrary SQL commands via the campaign variable in SCRIPT_multirecording_AJAX.php, (2) remote authenticated users to execute arbitrary SQL commands via the server_ip parameter to manager_send.php, or (3) other unspecified vectors.  NOTE: some of these details are obtained from third party information.",2014-03-11 19:37:03.053,Metasploit
CVE-2013-4468,0.0,0.32961,"VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in the extension parameter in an OriginateVDRelogin action to manager_send.php.",2014-05-14 19:55:10.077,Metasploit
CVE-2013-4490,0.0,0.22184,"The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before 1.7.3, as used in GitLab 5.0 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the public key.",2014-05-13 15:55:03.937,Metasploit
CVE-2013-4547,0.0,0.95433,nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI.,2013-11-23 18:55:04.687,EPSS
CVE-2013-4614,0.0,0.00498,"English/pages_MacUS/wls_set_content.html on the Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers shows the Wi-Fi PSK passphrase in cleartext, which allows physically proximate attackers to obtain sensitive information by reading the screen of an unattended workstation.",2013-06-21 21:55:01.033,Metasploit
CVE-2013-4615,0.0,0.73416,"The Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers allow remote attackers to cause a denial of service (device hang) via a crafted LAN_TXT24 parameter to English/pages_MacUS/cgi_lan.cgi followed by a direct request to English/pages_MacUS/lan_set_content.html.  NOTE: the vendor has apparently responded by stating ""Canon believes that its printers will not have to deal with unauthorized access to the network from an external location as long as the printers are used in a secured environment.""",2013-06-21 21:55:01.057,Metasploit
CVE-2013-4625,0.0,0.01217,Cross-site scripting (XSS) vulnerability in files/installer.cleanup.php in the Duplicator plugin before 0.4.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the package parameter.,2013-08-09 21:55:07.157,Nuclei
CVE-2013-4660,0.0,0.93623,"The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, which allows remote attackers to execute arbitrary code via a crafted string that triggers an eval operation.",2013-06-28 14:55:02.803,Metasploit
CVE-2013-4710,0.0,0.03582,"Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows remote attackers to execute arbitrary methods of Java objects or cause a denial of service (reboot) via a crafted web page, as demonstrated by use of the WebView.addJavascriptInterface method, a related issue to CVE-2012-6636.",2014-03-03 04:50:46.237,Metasploit
CVE-2013-4776,0.0,0.96585,"NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier, GS748Tv4 5.4.1.14, and GS510TP 5.0.4.4 allows remote attackers to cause a denial of service (reboot or crash) via a crafted HTTP request to filesystem/.",2013-12-19 04:24:51.823,EPSS
CVE-2013-4782,0.0,0.07008,The Supermicro BMC implementation allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password.,2013-07-08 22:55:01.107,Metasploit
CVE-2013-4786,0.0,0.23983,"The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks by obtaining the HMAC from a RAKP message 2 response from a BMC.",2013-07-08 22:55:01.217,Metasploit
CVE-2013-4798,0.0,0.96046,"Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1705.",2013-07-29 13:59:14.263,EPSS/Metasploit
CVE-2013-4800,0.0,0.9697,"Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1735.",2013-07-29 13:59:14.300,EPSS/Metasploit
CVE-2013-4810,0.0,0.91458,"HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet or (2) JMXInvokerServlet, aka ZDI-CAN-1760. NOTE: this is probably a duplicate of CVE-2007-1036, CVE-2010-0738, and/or CVE-2012-0874.",2013-09-16 13:01:46.207,CISA
CVE-2013-4811,0.0,0.9618,"UpdateDomainControllerServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the adCert argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743.",2013-09-16 13:01:46.220,EPSS/Metasploit
CVE-2013-4812,0.0,0.9618,"UpdateCertificatesServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the fileName argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743.",2013-09-16 13:01:46.220,EPSS/Metasploit
CVE-2013-4822,0.0,0.94634,"Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Branch Intelligent Management System Software Module (aka BIMS) allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1606.",2013-10-13 10:20:04.117,Metasploit
CVE-2013-4823,0.0,0.9128,"Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Branch Intelligent Management System Software Module (aka BIMS) allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-1607.",2013-10-13 10:20:04.130,Metasploit
CVE-2013-4824,0.0,0.94835,"Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to bypass authentication via unknown vectors, aka ZDI-CAN-1644.",2013-10-13 10:20:04.163,Metasploit
CVE-2013-4826,0.0,0.01297,"Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-1647.",2013-10-13 10:20:04.193,Metasploit
CVE-2013-4835,0.0,0.97024,"The APISiteScopeImpl SOAP service in HP SiteScope 10.1x and 11.x before 11.22 allows remote attackers to bypass authentication and execute arbitrary code via a direct request to the issueSiebelCmd method, aka ZDI-CAN-1765.",2013-11-04 16:55:04.873,EPSS/Metasploit
CVE-2013-4837,0.0,0.94634,"Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1832.",2013-11-04 16:55:04.920,Metasploit
CVE-2013-4854,0.0,0.95342,"The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.",2013-07-29 13:59:37.537,EPSS
CVE-2013-4983,0.0,0.9171,The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to end-user/index.php.,2013-09-10 11:28:40.997,Metasploit
CVE-2013-4984,0.0,0.00075,The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows local users to gain privileges via shell metacharacters in the second argument.,2013-09-10 11:28:41.073,Metasploit
CVE-2013-4988,0.0,0.6703,Stack-based buffer overflow in IcoFX 2.5 and earlier allows remote attackers to execute arbitrary code via a long idCount value in an ICONDIR structure in an ICO file.  NOTE: some of these details are obtained from third party information.,2013-12-13 18:07:51.373,Metasploit
CVE-2013-5014,0.0,0.83177,"The management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.",2014-02-14 13:10:27.043,Metasploit
CVE-2013-5015,0.0,0.00572,"SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.",2014-02-14 13:10:30.433,Metasploit
CVE-2013-5019,0.0,0.92617,Stack-based buffer overflow in Ultra Mini HTTPD 1.21 allows remote attackers to execute arbitrary code via a long resource name in an HTTP request.,2013-07-31 13:20:28.917,Metasploit
CVE-2013-5036,0.0,0.91927,The Square Squash allows remote attackers to execute arbitrary code via a YAML document in the (1) namespace parameter to the deobfuscation function or (2) sourcemap parameter to the sourcemap function in app/controllers/api/v1_controller.rb.,2014-05-27 14:55:10.477,Metasploit
CVE-2013-5045,0.0,0.00079,"Microsoft Internet Explorer 10 and 11 allows local users to bypass the Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code, aka ""Internet Explorer Elevation of Privilege Vulnerability.""",2013-12-11 00:55:03.833,Metasploit
CVE-2013-5065,0.0,0.00057,"NDProxy.sys in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in November 2013.",2013-11-28 00:55:04.677,CISA/Metasploit
CVE-2013-5093,0.0,0.96884,"The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object.",2013-09-27 10:08:03.133,EPSS/Metasploit
CVE-2013-5211,0.0,0.96703,"The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.",2014-01-02 14:59:03.470,EPSS
CVE-2013-5223,0.0,0.00927,"Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2760U Gateway (Rev. E1) allow remote authenticated users to inject arbitrary web script or HTML via the (1) ntpServer1 parameter to sntpcfg.cgi, username parameter to (2) ddnsmngr.cmd or (3) todmngr.tod, (4) TodUrlAdd parameter to urlfilter.cmd, (5) appName parameter to scprttrg.cmd, (6) fltName in an add action or (7) rmLst parameter in a remove action to scoutflt.cmd, (8) groupName parameter to portmapcfg.cmd, (9) snmpRoCommunity parameter to snmpconfig.cgi, (10) fltName parameter to scinflt.cmd, (11) PolicyName in an add action or (12) rmLst parameter in a remove action to prmngr.cmd, (13) ippName parameter to ippcfg.cmd, (14) smbNetBiosName or (15) smbDirName parameter to samba.cgi, or (16) wlSsid parameter to wlcfg.wl.",2013-11-19 04:50:12.063,CISA
CVE-2013-5331,0.0,0.96271,"Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before 11.9.900.170 on Windows and Mac OS X and before 11.2.202.332 on Linux, Adobe AIR before 3.9.0.1380, Adobe AIR SDK before 3.9.0.1380, and Adobe AIR SDK & Compiler before 3.9.0.1380 allow remote attackers to execute arbitrary code via crafted .swf content that leverages an unspecified ""type confusion,"" as exploited in the wild in December 2013.",2013-12-11 15:55:05.870,EPSS/Metasploit
CVE-2013-5397,0.0,0.95871,"Unspecified vulnerability in the Webservice Axis Gateway in IBM Rational Focal Point 6.4 before devfix1, 6.4.1.3 before devfix1, 6.5.1 before devfix1, 6.5.2 before devfix4, 6.5.2.3 before devfix9, 6.6 before devfix5, 6.6.0.1 before devfix2, and 6.6.1 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2013-5398.",2013-12-18 16:04:33.507,EPSS
CVE-2013-5398,0.0,0.95871,"Unspecified vulnerability in the Webservice Axis Gateway in IBM Rational Focal Point 6.4 before devfix1, 6.4.1.3 before devfix1, 6.5.1 before devfix1, 6.5.2 before devfix4, 6.5.2.3 before devfix9, 6.6 before devfix5, 6.6.0.1 before devfix2, and 6.6.1 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2013-5397.",2013-12-18 16:04:33.523,EPSS
CVE-2013-5447,0.0,0.9561,Stack-based buffer overflow in IBM Forms Viewer 4.x before 4.0.0.3 and 8.x before 8.0.1.1 allows remote attackers to execute arbitrary code via an XFDL form with a long fontname value.,2013-12-10 06:14:55.180,EPSS/Metasploit
CVE-2013-5486,0.0,0.97186,"Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to write arbitrary files via the chartid parameter, aka Bug IDs CSCue77035 and CSCue77036.  NOTE: this can be leveraged to execute arbitrary commands by using the JBoss autodeploy functionality.",2013-09-23 10:18:59.157,EPSS/Metasploit
CVE-2013-5528,0.0,0.00722,"Directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug ID CSCui78815.",2013-10-11 03:54:53.800,Nuclei
CVE-2013-5576,0.0,0.79864,"administrator/components/com_media/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote authenticated users or remote attackers to bypass intended access restrictions and upload files with dangerous extensions via a filename with a trailing . (dot), as exploited in the wild in August 2013.",2013-10-09 14:54:26.780,Metasploit
CVE-2013-5696,0.0,0.68562,"inc/central.class.php in GLPI before 0.84.2 does not attempt to make install/install.php unavailable after an installation is completed, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and (1) perform a SQL injection via an Etape_4 action or (2) execute arbitrary PHP code via an update_1 action.",2013-09-23 03:49:27.943,Metasploit
CVE-2013-5743,9.8,0.97399,"Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7.",2019-12-11 19:15:12.483,EPSS/Metasploit
CVE-2013-5795,0.0,0.88378,"Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.1, 12.2.2, and 12.2.3 allows remote attackers to affect confidentiality via unknown vectors related to DM Others.",2014-01-15 16:11:04.693,Metasploit
CVE-2013-5877,0.0,0.88378,"Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.0, and 12.2.1 allows remote attackers to affect confidentiality via unknown vectors related to DM Others.",2014-01-15 16:11:05.147,Metasploit
CVE-2013-5979,0.0,0.06371,Directory traversal vulnerability in Spring Signage Xibo 1.2.x before 1.2.3 and 1.4.x before 1.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter to index.php.,2013-10-02 22:55:23.680,Nuclei
CVE-2013-6031,0.0,0.00594,"The Huawei E355 adapter with firmware 21.157.37.01.910 does not require authentication for API pages, which allows remote attackers to change passwords and settings, or obtain sensitive information, via a direct request to (1) api/wlan/security-settings, (2) api/device/information, (3) api/wlan/basic-settings, (4) api/wlan/mac-filter, (5) api/monitoring/status, or (6) api/dhcp/settings.",2014-03-11 13:00:49.623,Metasploit
CVE-2013-6117,0.0,0.95804,"Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.",2014-07-11 19:55:02.673,EPSS/Metasploit
CVE-2013-6129,0.0,0.71342,"The install/upgrade.php scripts in vBulletin 4.1 and 5 allow remote attackers to create administrative accounts via the customerid, htmldata[password], htmldata[confirmpassword], and htmldata[email] parameters, as exploited in the wild in October 2013.",2013-10-19 10:36:09.633,Metasploit
CVE-2013-6194,0.0,0.76096,"Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1905.",2014-01-04 04:51:17.367,Metasploit
CVE-2013-6221,0.0,0.97125,"Directory traversal vulnerability in CommunicationServlet in HP Service Virtualization 3.x before 3.50.1, when the AutoPass license server is enabled, allows remote attackers to create arbitrary files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-2031.",2014-06-18 16:55:06.517,EPSS/Metasploit
CVE-2013-6271,0.0,0.00508,Android 4.0 through 4.3 allows attackers to bypass intended access restrictions and remove device locks via a crafted application that invokes the updateUnlockMethodAndFinish method in the com.android.settings.ChooseLockGeneric class with the PASSWORD_QUALITY_UNSPECIFIED option.,2013-12-14 20:55:03.673,Metasploit
CVE-2013-6281,0.0,0.0028,"Cross-site scripting (XSS) vulnerability in codebase/spreadsheet.php in the Spreadsheet (dhtmlxSpreadsheet) plugin 2.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ""page"" parameter.",2013-10-25 14:55:02.763,Nuclei
CVE-2013-6282,0.0,0.02354,"The (1) get_user and (2) put_user API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses, which allows attackers to read or modify the contents of arbitrary kernel memory locations via a crafted application, as exploited in the wild against Android devices in October and November 2013.",2013-11-20 13:19:43.023,CISA/Metasploit
CVE-2013-6414,0.0,0.1734,actionpack/lib/action_view/lookup_context.rb in Action View in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to cause a denial of service (memory consumption) via a header containing an invalid MIME type that leads to excessive caching.,2013-12-07 00:55:03.693,Metasploit
CVE-2013-6771,0.0,0.95517,"Directory traversal vulnerability in the collect script in Splunk before 5.0.5 allows remote attackers to execute arbitrary commands via a .. (dot dot) in the file parameter.  NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2013-7394 is for the issue in the ""runshellscript echo.sh"" script.",2014-08-07 11:13:34.377,EPSS
CVE-2013-6829,0.0,0.01861,admin/confnetworking.html in PineApp Mail-SeCure allows remote attackers to execute arbitrary commands via shell metacharacters in the pinghost parameter during a ping operation.,2013-11-20 14:12:50.773,Metasploit
CVE-2013-6935,0.0,0.88308,Buffer overflow in VideoCharge Software Watermark Master 2.2.23 allows remote attackers to execute arbitrary code via a long string in the SourcePath value in a .wcf file.,2013-12-04 18:56:56.710,Metasploit
CVE-2013-6955,0.0,0.97331,"webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header.",2014-01-09 18:07:04.033,EPSS/Metasploit
CVE-2013-7091,0.0,0.97337,"Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a ..  (dot dot) in the skin parameter.  NOTE: this can be leveraged to execute arbitrary code by obtaining LDAP credentials and accessing the service/admin/soap API.",2013-12-13 18:07:54.780,EPSS/Metasploit/Nuclei
CVE-2013-7102,0.0,0.20099,"Multiple unrestricted file upload vulnerabilities in (1) media-upload.php, (2) media-upload-lncthumb.php, and (3) media-upload-sq_button.php in lib/admin/ in the OptimizePress theme before 1.61 for WordPress allow remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images_comingsoon, images_lncthumbs, or images_optbuttons in wp-content/uploads/optpress/, as exploited in the wild in November 2013.",2013-12-23 23:55:04.513,Metasploit
CVE-2013-7240,0.0,0.26523,Directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dew_file parameter.,2014-01-03 18:54:09.240,Nuclei
CVE-2013-7260,0.0,0.96522,"Multiple stack-based buffer overflows in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before 12.0.1.1738, allow remote attackers to execute arbitrary code via a long (1) version number or (2) encoding declaration in the XML declaration of an RMP file, a different issue than CVE-2013-6877.",2014-01-03 20:55:06.383,EPSS/Metasploit
CVE-2013-7285,9.8,0.48314,"Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a remote attacker to run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. e.g. JSON.",2019-05-15 17:29:00.297,Nuclei
CVE-2013-7331,0.0,0.5372,"The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the existence of local pathnames, UNC share pathnames, intranet hostnames, and intranet IP addresses by examining error codes, as demonstrated by a res:// URL, and exploited in the wild in February 2014.",2014-02-26 14:55:08.520,CISA/Metasploit
CVE-2013-7390,9.8,0.09729,"Unrestricted file upload vulnerability in AgentLogUploadServlet in ManageEngine DesktopCentral 7.x and 8.0.0 before build 80293 allows remote attackers to execute arbitrary code by uploading a file with a jsp extension, then accessing it via a direct request to the file in the webroot.",2020-01-27 18:15:10.743,Metasploit
CVE-2013-7409,0.0,0.22309,Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a .m3u (playlist) file.,2014-10-30 15:55:05.717,Metasploit
CVE-2014-0001,0.0,0.95229,Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.,2014-01-31 23:55:04.503,EPSS
CVE-2014-0038,0.0,0.0006,"The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIG_X86_X32 is enabled, allows local users to gain privileges via a recvmmsg system call with a crafted timeout pointer parameter.",2014-02-06 22:55:03.327,Metasploit
CVE-2014-0050,0.0,0.16404,"MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.",2014-04-01 06:27:51.373,Metasploit
CVE-2014-0094,0.0,0.97093,"The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to ""manipulate"" the ClassLoader via the class parameter, which is passed to the getClass method.",2014-03-11 13:00:37.107,EPSS/Metasploit
CVE-2014-0112,0.0,0.97397,"ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to ""manipulate"" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.",2014-04-29 10:37:03.670,EPSS/Metasploit
CVE-2014-0113,0.0,0.96867,"CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to ""manipulate"" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.",2014-04-29 10:37:03.700,EPSS
CVE-2014-0114,0.0,0.97314,"Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to ""manipulate"" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.",2014-04-30 10:49:03.973,EPSS/Metasploit
CVE-2014-0117,0.0,0.96497,"The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service (child-process crash) via a crafted HTTP Connection header.",2014-07-20 11:12:48.823,EPSS
CVE-2014-0130,0.0,0.00328,"Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files via a crafted request.",2014-05-07 10:55:04.133,CISA
CVE-2014-0160,7.5,0.9746,"The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.",2014-04-07 22:55:03.893,EPSS/CISA
CVE-2014-0195,0.0,0.96803,"The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment.",2014-06-05 21:55:06.147,EPSS/Metasploit
CVE-2014-0196,0.0,0.01914,"The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the ""LECHO & !OPOST"" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.",2014-05-07 10:55:04.337,CISA
CVE-2014-0221,0.0,0.96541,"The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.",2014-06-05 21:55:06.207,EPSS
CVE-2014-0224,7.4,0.97395,"OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the ""CCS Injection"" vulnerability.",2014-06-05 21:55:07.817,EPSS/Metasploit
CVE-2014-0226,0.0,0.9571,"Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c.",2014-07-20 11:12:48.933,EPSS
CVE-2014-0257,0.0,0.76647,"Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine whether it is safe to execute a method, which allows remote attackers to execute arbitrary code via (1) a crafted web site or (2) a crafted .NET Framework application that exposes a COM server endpoint, aka ""Type Traversal Vulnerability.""",2014-02-12 04:50:39.987,Metasploit
CVE-2014-0263,0.0,0.95402,"The Direct2D implementation in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a large 2D geometric figure that is encountered with Internet Explorer, aka ""Microsoft Graphics Component Memory Corruption Vulnerability.""",2014-02-12 04:50:40.033,EPSS
CVE-2014-0266,0.0,0.96517,"The XMLHTTP ActiveX controls in XML Core Services 3.0 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to bypass the Same Origin Policy via a web page that is visited in Internet Explorer, aka ""MSXML Information Disclosure Vulnerability.""",2014-02-12 04:50:40.063,EPSS
CVE-2014-0282,0.0,0.96828,"Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Internet Explorer Memory Corruption Vulnerability,"" a different vulnerability than CVE-2014-1775, CVE-2014-1779, CVE-2014-1799, CVE-2014-1803, and CVE-2014-2757.",2014-06-11 04:56:16.350,EPSS
CVE-2014-0307,0.0,0.97341,"Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a certain sequence of manipulations of a TextRange element, aka ""Internet Explorer Memory Corruption Vulnerability.""",2014-03-12 05:15:19.567,EPSS/Metasploit
CVE-2014-0315,0.0,0.96747,"Untrusted search path vulnerability in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a Trojan horse cmd.exe file in the current working directory, as demonstrated by a directory that contains a .bat or .cmd file, aka ""Windows File Handling Vulnerability.""",2014-04-08 23:55:05.853,EPSS
CVE-2014-0322,0.0,0.97382,"Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via vectors involving crafted JavaScript code, CMarkup, and the onpropertychange attribute of a script element, as exploited in the wild in January and February 2014.",2014-02-14 16:55:07.500,EPSS/CISA/Metasploit
CVE-2014-0476,0.0,0.0009,"The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable.  NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option.",2014-10-25 22:55:04.070,Metasploit
CVE-2014-0496,0.0,0.0334,Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors.,2014-01-15 16:13:04.100,CISA
CVE-2014-0497,0.0,0.97326,"Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors.",2014-02-05 05:15:29.897,EPSS/Metasploit
CVE-2014-0514,0.0,0.74816,"The Adobe Reader Mobile application before 11.2 for Android does not properly restrict use of JavaScript, which allows remote attackers to execute arbitrary code via a crafted PDF document, a related issue to CVE-2012-6636.",2014-04-15 23:13:14.743,Metasploit
CVE-2014-0515,0.0,0.96972,"Buffer overflow in Adobe Flash Player before 11.7.700.279 and 11.8.x through 13.0.x before 13.0.0.206 on Windows and OS X, and before 11.2.202.356 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in April 2014.",2014-04-29 10:37:03.733,EPSS/Metasploit
CVE-2014-0546,0.0,0.01263,"Adobe Reader and Acrobat 10.x before 10.1.11 and 11.x before 11.0.08 on Windows allow attackers to bypass a sandbox protection mechanism, and consequently execute native code in a privileged context, via unspecified vectors.",2014-08-12 21:55:06.460,CISA
CVE-2014-0556,0.0,0.97275,"Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0559.",2014-09-10 01:55:08.870,EPSS/Metasploit
CVE-2014-0569,0.0,0.97423,"Integer overflow in Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allows attackers to execute arbitrary code via unspecified vectors.",2014-10-15 10:55:06.193,EPSS/Metasploit
CVE-2014-0644,0.0,0.47249,"EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote attackers to read arbitrary files via an api/login request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, as demonstrated by reading the /etc/shadow file.",2014-04-17 01:55:05.657,Metasploit
CVE-2014-0659,0.0,0.34073,"The Cisco WAP4410N access point with firmware through 2.0.6.1, WRVS4400N router with firmware 1.x through 1.1.13 and 2.x through 2.0.2.1, and RVS4000 router with firmware through 2.0.3.2 allow remote attackers to read credential and configuration data, and execute arbitrary commands, via requests to the test interface on TCP port 32764, aka Bug IDs CSCum37566, CSCum43693, CSCum43700, and CSCum43685.",2014-01-12 18:34:55.957,Metasploit
CVE-2014-0750,0.0,0.38697,"Directory traversal vulnerability in gefebt.exe in the WebView CimWeb components in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY through 8.2 SIM 24, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary code via a crafted HTTP request, aka ZDI-CAN-1622.",2014-01-25 22:55:04.550,Metasploit
CVE-2014-0763,0.0,0.01231,Multiple SQL injection vulnerabilities in DBVisitor.dll in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary SQL commands via SOAP requests to unspecified functions.,2014-04-12 04:37:31.440,Metasploit
CVE-2014-0780,0.0,0.96383,"Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 7.1 before SP2 Patch 4 allows remote attackers to read administrative passwords in APP files, and consequently execute arbitrary code, via unspecified web requests.",2014-04-25 05:12:07.787,EPSS/CISA
CVE-2014-0781,0.0,0.11317,Heap-based buffer overflow in BKCLogSvr.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via crafted UDP packets.,2014-03-14 10:55:05.817,Metasploit
CVE-2014-0782,0.0,0.43639,"Stack-based buffer overflow in BKESimmgr.exe in the Expanded Test Functions package in Yokogawa CENTUM CS 1000, CENTUM CS 3000 Entry Class R3.09.50 and earlier, CENTUM VP R5.03.00 and earlier, CENTUM VP Entry Class R5.03.00 and earlier, Exaopc R3.71.02 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier allows remote attackers to execute arbitrary code via a crafted packet.",2014-05-16 11:12:00.243,Metasploit
CVE-2014-0783,0.0,0.20839,Stack-based buffer overflow in BKHOdeq.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via a crafted TCP packet.,2014-03-14 10:55:05.850,Metasploit
CVE-2014-0784,0.0,0.2535,Stack-based buffer overflow in BKBCopyD.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via a crafted TCP packet.,2014-03-14 10:55:05.863,Metasploit
CVE-2014-0980,0.0,0.95867,Buffer overflow in Poster Software PUBLISH-iT 3.6d allows remote attackers to execute arbitrary code via a crafted PUI file.,2014-02-11 17:55:06.793,EPSS/Metasploit
CVE-2014-0983,0.0,0.00478,"Multiple array index errors in programs that are automatically generated by VBox/HostServices/SharedOpenGL/crserverlib/server_dispatch.py in Oracle VirtualBox 4.2.x through 4.2.20 and 4.3.x before 4.3.8, when using 3D Acceleration, allow local guest OS users to execute arbitrary code on the Chromium server via certain CR_MESSAGE_OPCODES messages with a crafted index, which are not properly handled by the (1) CR_VERTEXATTRIB4NUBARB_OPCODE to the crServerDispatchVertexAttrib4NubARB function, (2) CR_VERTEXATTRIB1DARB_OPCODE to the crServerDispatchVertexAttrib1dARB function, (3) CR_VERTEXATTRIB1FARB_OPCODE to the crServerDispatchVertexAttrib1fARB function, (4) CR_VERTEXATTRIB1SARB_OPCODE to the crServerDispatchVertexAttrib1sARB function, (5) CR_VERTEXATTRIB2DARB_OPCODE to the crServerDispatchVertexAttrib2dARB function, (6) CR_VERTEXATTRIB2FARB_OPCODE to the crServerDispatchVertexAttrib2fARB function, (7) CR_VERTEXATTRIB2SARB_OPCODE to the crServerDispatchVertexAttrib2sARB function, (8) CR_VERTEXATTRIB3DARB_OPCODE to the crServerDispatchVertexAttrib3dARB function, (9) CR_VERTEXATTRIB3FARB_OPCODE to the crServerDispatchVertexAttrib3fARB function, (10) CR_VERTEXATTRIB3SARB_OPCODE to the crServerDispatchVertexAttrib3sARB function, (11) CR_VERTEXATTRIB4DARB_OPCODE to the crServerDispatchVertexAttrib4dARB function, (12) CR_VERTEXATTRIB4FARB_OPCODE to the crServerDispatchVertexAttrib4fARB function, and (13) CR_VERTEXATTRIB4SARB_OPCODE to the crServerDispatchVertexAttrib4sARB function.",2014-03-31 14:58:35.663,Metasploit
CVE-2014-100002,0.0,0.61408,Directory traversal vulnerability in ManageEngine SupportCenter Plus 7.9 before 7917 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the attach parameter to WorkOrder.do in the file attachment for a new ticket.,2015-01-13 11:59:01.273,Metasploit
CVE-2014-100005,0.0,0.86063,"Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management via a crafted configuration module to hedwig.cgi, (3) activate new configuration settings via a SETCFG,SAVE,ACTIVATE action to pigwidgeon.cgi, or (4) send a ping via a ping action to diagnostic.php.",2015-01-13 11:59:04.477,CISA/Metasploit
CVE-2014-100015,0.0,0.55297,Directory traversal vulnerability in pdmwService.exe in SolidWorks Workgroup PDM 2014 allows remote attackers to write to arbitrary files via a .. (dot dot) in the filename in a file upload.,2015-01-13 15:59:03.913,Metasploit
CVE-2014-10037,0.0,0.14101,Directory traversal vulnerability in DomPHP 0.83 and earlier allows remote attackers to have unspecified impact via a .. (dot dot) in the url parameter to photoalbum/index.php.,2015-01-13 15:59:47.367,Nuclei
CVE-2014-1203,9.8,0.02045,The get_login_ip_config_file function in Eyou Mail System before 3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to admin/domain/ip_login_set/d_ip_login_get.php.,2017-10-24 14:29:00.237,Nuclei
CVE-2014-1510,9.8,0.95615,"The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call.",2014-03-19 10:55:06.613,EPSS/Metasploit
CVE-2014-1511,9.8,0.95382,"Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors.",2014-03-19 10:55:06.647,EPSS/Metasploit
CVE-2014-1610,0.0,0.08324,"MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the page parameter to includes/media/DjVu.php; (2) the w parameter (aka width field) to thumb.php, which is not properly handled by includes/media/PdfHandler_body.php; and possibly unspecified vectors in (3) includes/media/Bitmap.php and (4) includes/media/ImageHandler.php.",2014-01-30 23:55:02.413,Metasploit
CVE-2014-1635,0.0,0.95579,Buffer overflow in login.cgi in MiniHttpd in Belkin N750 Router with firmware before F9K1103_WW_1.10.17m allows remote attackers to execute arbitrary code via a long string in the jump parameter.,2014-11-12 16:55:06.513,EPSS/Metasploit
CVE-2014-1649,0.0,0.97488,The server in Symantec Workspace Streaming (SWS) before 7.5.0.749 allows remote attackers to access files and functionality by sending a crafted XMLRPC request over HTTPS.,2014-05-16 11:12:00.773,EPSS/Metasploit
CVE-2014-1683,0.0,0.95084,"The bashMail function in cms/data/skins/techjunkie/fragments/contacts/functions.php in SkyBlueCanvas CMS before 1.1 r248-04, when the pid parameter is 4, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) name, (2) email, (3) subject, or (4) message parameter to index.php.",2014-01-29 18:55:27.027,EPSS/Metasploit
CVE-2014-1691,0.0,0.94484,The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the _formvars form.,2014-04-01 15:55:06.363,Metasploit
CVE-2014-1761,0.0,0.63365,"Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac 2011; Word Automation Services on SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, as exploited in the wild in March 2014.",2014-03-25 13:24:01.067,CISA/Metasploit
CVE-2014-1776,0.0,0.96565,"Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the CMarkup::IsConnectedToPrimaryMarkup function, as exploited in the wild in April 2014.  NOTE: this issue originally emphasized VGX.DLL, but Microsoft clarified that ""VGX.DLL does not contain the vulnerable code leveraged in this exploit. Disabling VGX.DLL is an exploit-specific workaround that provides an immediate, effective workaround to help block known attacks.""",2014-04-27 10:55:03.340,EPSS/CISA
CVE-2014-1812,0.0,0.00374,"The Group Policy implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not properly handle distribution of passwords, which allows remote authenticated users to obtain sensitive credential information and consequently gain privileges by leveraging access to the SYSVOL share, as exploited in the wild in May 2014, aka ""Group Policy Preferences Password Elevation of Privilege Vulnerability.""",2014-05-14 11:13:06.630,CISA/Metasploit
CVE-2014-1815,0.0,0.9623,"Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, as exploited in the wild in May 2014, aka ""Internet Explorer Memory Corruption Vulnerability,"" a different vulnerability than CVE-2014-0310.",2014-05-14 11:13:06.773,EPSS
CVE-2014-1903,0.0,0.96524,"admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the API handler, which allows remote attackers to execute arbitrary PHP code via the function and args parameters to admin/config.php.",2014-02-18 11:55:16.977,EPSS/Metasploit
CVE-2014-2127,0.0,0.00562,"Cisco Adaptive Security Appliance (ASA) Software 8.x before 8.2(5.48), 8.3 before 8.3(2.40), 8.4 before 8.4(7.9), 8.6 before 8.6(1.13), 9.0 before 9.0(4.1), and 9.1 before 9.1(4.3) does not properly process management-session information during privilege validation for SSL VPN portal connections, which allows remote authenticated users to gain privileges by establishing a Clientless SSL VPN session and entering crafted URLs, aka Bug ID CSCul70099.",2014-04-10 04:34:50.960,Metasploit
CVE-2014-2206,0.0,0.77168,"Stack-based buffer overflow in GetGo Download Manager 4.9.0.1982, 4.8.2.1346, 4.4.5.502, and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a long HTTP Response Header.",2014-03-05 16:37:40.500,Metasploit
CVE-2014-2238,0.0,0.00512,SQL injection vulnerability in the manage configuration page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.16 allows remote authenticated administrators to execute arbitrary SQL commands via the filter_config_id parameter.,2014-03-05 16:37:41.047,Metasploit
CVE-2014-2268,0.0,0.95825,"views/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restrict access, which allows remote attackers to re-install the application via a request that sets the X-Requested-With HTTP header, as demonstrated by executing arbitrary PHP code via the db_name parameter.",2014-11-16 01:59:00.130,EPSS/Metasploit
CVE-2014-2270,0.0,0.95863,softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.,2014-03-14 15:55:05.667,EPSS
CVE-2014-2299,0.0,0.95171,Buffer overflow in the mpeg_read function in wiretap/mpeg.c in the MPEG parser in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large record in MPEG data.,2014-03-11 13:01:10.280,EPSS/Metasploit
CVE-2014-2314,0.0,0.93975,Directory traversal vulnerability in the Issue Collector plugin in Atlassian JIRA before 6.0.4 allows remote attackers to create arbitrary files via unspecified vectors.,2014-03-09 13:16:57.130,Metasploit
CVE-2014-2321,0.0,0.95564,"web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated by using ""set TelnetCfg"" commands to enable a TELNET service with specified credentials.",2014-03-11 13:01:19.140,EPSS/Nuclei
CVE-2014-2323,9.8,0.96033,"SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname.",2014-03-14 15:55:05.743,EPSS/Nuclei
CVE-2014-2324,0.0,0.95615,"Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. (dot dot) in the host name, related to request_check_hostname.",2014-03-14 15:55:05.760,EPSS
CVE-2014-2364,0.0,0.42535,"Multiple stack-based buffer overflows in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary code via a long string in the (1) ProjectName, (2) SetParameter, (3) NodeName, (4) CCDParameter, (5) SetColor, (6) AlarmImage, (7) GetParameter, (8) GetColor, (9) ServerResponse, (10) SetBaud, or (11) IPAddress parameter to an ActiveX control in (a) webvact.ocx, (b) dvs.ocx, or (c) webdact.ocx.",2014-07-19 05:09:27.563,Metasploit
CVE-2014-2383,0.0,0.00434,"dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the input_file parameter, as demonstrated by a php://filter/read=convert.base64-encode/resource in the input_file parameter.",2014-04-28 14:09:06.707,Nuclei
CVE-2014-2424,0.0,0.97352,Unspecified vulnerability in the Oracle Event Processing component in Oracle Fusion Middleware 11.1.1.7.0 allows remote authenticated users to affect integrity via vectors related to CEP system.,2014-04-16 02:55:15.663,EPSS/Metasploit
CVE-2014-2477,0.0,0.00075,"Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect integrity and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-2486.",2014-07-17 05:10:14.107,Metasploit
CVE-2014-2533,0.0,0.00087,/sbin/ifwatchd in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to gain privileges by providing an arbitrary program name as a command-line argument.,2014-03-18 05:18:19.143,Metasploit
CVE-2014-2623,0.0,0.52178,Unspecified vulnerability in HP Storage Data Protector 8.x allows remote attackers to execute arbitrary code via unknown vectors.,2014-07-18 00:55:04.737,Metasploit
CVE-2014-2624,0.0,0.97063,"Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x, 9.1x, and 9.2x allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2264.",2014-09-11 01:55:03.657,EPSS/Metasploit
CVE-2014-2630,0.0,0.00079,"Unspecified vulnerability in HP Operations Agent 11.00, when Glance is used, allows local users to gain privileges via unknown vectors.",2014-08-12 05:01:03.827,Metasploit
CVE-2014-2817,0.0,0.01193,"Microsoft Internet Explorer 6 through 11 allows remote attackers to gain privileges via a crafted web site, aka ""Internet Explorer Elevation of Privilege Vulnerability.""",2014-08-12 21:55:07.007,CISA
CVE-2014-2849,0.0,0.27612,The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request.,2014-04-11 15:55:27.660,Metasploit
CVE-2014-2850,0.0,0.63274,The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address parameter.,2014-04-11 15:55:27.693,Metasploit
CVE-2014-2908,0.0,0.0045,Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,2014-04-25 05:12:07.847,Nuclei
CVE-2014-2928,0.0,0.62365,"The iControl API in F5 BIG-IP LTM, APM, ASM, GTM, Link Controller, and PSM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, BIG-IP AAM 11.4.0 through 11.5.1, BIG-IP AFM and PEM 11.3.0 through 11.5.1, BIG-IP Analytics 11.0.0 through 11.5.1, BIG-IP Edge Gateway, WebAccelerator, WOM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, Enterprise Manager 2.1.0 through 2.3.0 and 3.0.0 through 3.1.1, and BIG-IQ Cloud, Device, and Security 4.0.0 through 4.3.0 allows remote administrators to execute arbitrary commands via shell metacharacters in the hostname element in a SOAP request.",2014-05-12 14:55:06.587,Metasploit
CVE-2014-2962,0.0,0.95942,Absolute path traversal vulnerability in the webproc cgi module on the Belkin N150 F9K1009 v1 router with firmware before 1.00.08 allows remote attackers to read arbitrary files via a full pathname in the getpage parameter.,2014-06-19 10:50:04.583,EPSS/Nuclei
CVE-2014-2973,0.0,0.58087,Rejected reason: DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2008-5753.  Reason: This candidate is a duplicate of CVE-2008-5753.  Notes: All CVE users should reference CVE-2008-5753 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage,2014-12-15 18:59:02.017,Metasploit
CVE-2014-3120,0.0,0.53209,"The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search.  NOTE: this only violates the vendor's intended security policy if the user does not run Elasticsearch in its own independent virtual machine.",2014-07-28 19:55:04.490,CISA/Metasploit/Nuclei
CVE-2014-3153,0.0,0.00129,"The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.",2014-06-07 14:55:27.240,CISA/Metasploit
CVE-2014-3206,0.0,0.23922,Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php.,2018-02-23 17:29:00.410,Nuclei
CVE-2014-3470,0.0,0.96958,"The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value.",2014-06-05 21:55:07.880,EPSS
CVE-2014-3566,3.4,0.97488,"The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the ""POODLE"" issue.",2014-10-15 00:55:02.137,EPSS/Metasploit
CVE-2014-3609,0.0,0.95797,"HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via a request with crafted ""Range headers with unidentifiable byte-range values.""",2014-09-11 18:55:05.150,EPSS
CVE-2014-3704,0.0,0.9753,"The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys.",2014-10-16 00:55:06.653,EPSS/Metasploit/Nuclei
CVE-2014-3744,0.0,0.00672,Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in an unspecified path.,2017-10-23 18:29:00.617,Nuclei
CVE-2014-3789,0.0,0.29801,GetPermissions.asp in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary commands via unspecified vectors.,2014-05-22 23:55:03.767,Metasploit
CVE-2014-3791,0.0,0.93965,Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 6.8 allows remote attackers to execute arbitrary code via a long string in a cookie UserID parameter to vfolder.ghp.,2014-05-20 14:55:07.443,Metasploit
CVE-2014-3804,0.0,0.95305,"The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) update_system_info_debian_package, (2) ossec_task, (3) set_ossim_setup admin_ip, (4) sync_rserver, or (5) set_ossim_setup framework_ip request, a different vulnerability than CVE-2014-3805.",2014-06-13 14:55:15.667,EPSS/Metasploit
CVE-2014-3828,0.0,0.91418,"Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allow remote attackers to execute arbitrary SQL commands via (1) the index_id parameter to views/graphs/common/makeXML_ListMetrics.php, (2) the sid parameter to views/graphs/GetXmlTree.php, (3) the session_id parameter to views/graphs/graphStatus/displayServiceStatus.php, (4) the mnftr_id parameter to configuration/configObject/traps/GetXMLTrapsForVendor.php, or (5) the index parameter to common/javascript/commandGetArgs/cmdGetExample.php in include/.",2014-10-23 01:55:16.033,Metasploit
CVE-2014-3829,0.0,0.58473,"displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) session_id or (2) template_id parameter, related to the command_line variable.",2014-10-23 01:55:16.173,Metasploit
CVE-2014-3888,0.0,0.42943,"Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 and earlier, CENTUM VP R5.03.20 and earlier, Exaopc R3.72.00 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier, when FCS/Test Function is enabled, allows remote attackers to execute arbitrary code via a crafted packet.",2014-07-10 11:06:28.880,Metasploit
CVE-2014-3913,0.0,0.89457,Stack-based buffer overflow in AccessServer32.exe in Ericom AccessNow Server allows remote attackers to execute arbitrary code via a request for a non-existent file.,2014-06-04 14:55:05.137,Metasploit
CVE-2014-3914,0.0,0.96924,"Directory traversal vulnerability in the Admin Center for Tivoli Storage Manager (TSM) in Rocket ServerGraph 1.2 allows remote attackers to (1) create arbitrary files via a .. (dot dot) in the query parameter in a writeDataFile action to the fileRequestor servlet, execute arbitrary files via a .. (dot dot) in the query parameter in a (2) run or (3) runClear action to the fileRequestor servlet, (4) read arbitrary files via a readDataFile action to the fileRequestor servlet, (5) execute arbitrary code via a save_server_groups action to the userRequest servlet, or (6) delete arbitrary files via a del action in the fileRequestServlet servlet.",2014-08-07 11:13:36.157,EPSS/Metasploit
CVE-2014-3915,0.0,0.96368,"The userRequest servlet in the Admin Center for Tivoli Storage Manager in Rocket Servergraph allows remote attackers to execute arbitrary commands via a (1) auth, (2) auth_session, (3) auth_simple, (4) add, (5) add_flat, (6) remove, (7) set_pwd, (8) add_permissions, (9) revoke_permissions, (10) runAsync, or (11) tsmRequest command.",2014-06-11 14:55:09.190,EPSS
CVE-2014-3936,0.0,0.96392,"Stack-based buffer overflow in the do_hnap function in www/my_cgi.cgi in D-Link DSP-W215 (Rev. A1) with firmware 1.01b06 and earlier, DIR-505 with firmware before 1.08b10, and DIR-505L with firmware 1.01 and earlier allows remote attackers to execute arbitrary code via a long Content-Length header in a GetDeviceSettings action in an HNAP request.",2014-06-02 14:55:04.263,EPSS/Metasploit
CVE-2014-3996,0.0,0.94941,"SQL injection vulnerability in the LinkViewFetchServlet servlet in ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90043, Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7 build 7003, IT360 and IT360 Managed Service Providers (MSP) edition before 10.3.3 build 10330, and possibly other ManageEngine products, allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the sv parameter to LinkViewFetchServlet.dat.",2014-12-05 15:59:00.073,Metasploit
CVE-2014-4076,0.0,0.0005,"Microsoft Windows Server 2003 SP2 allows local users to gain privileges via a crafted IOCTL call to (1) tcpip.sys or (2) tcpip6.sys, aka ""TCP/IP Elevation of Privilege Vulnerability.""",2014-11-11 22:55:04.530,Metasploit
CVE-2014-4077,0.0,0.00739,"Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Office 2007 SP3, when IMJPDCT.EXE (aka IME for Japanese) is installed, allow remote attackers to bypass a sandbox protection mechanism via a crafted PDF document, aka ""Microsoft IME (Japanese) Elevation of Privilege Vulnerability,"" as exploited in the wild in 2014.",2014-11-11 22:55:04.637,CISA
CVE-2014-4113,0.0,0.02281,"win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, as exploited in the wild in October 2014, aka ""Win32k.sys Elevation of Privilege Vulnerability.""",2014-10-15 10:55:07.473,CISA/Metasploit
CVE-2014-4114,0.0,0.96854,"Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object in an Office document, as exploited in the wild with a ""Sandworm"" attack in June through October 2014, aka ""Windows OLE Remote Code Execution Vulnerability.""",2014-10-15 10:55:07.817,EPSS/CISA/Metasploit
CVE-2014-4123,0.0,0.01041,"Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka ""Internet Explorer Elevation of Privilege Vulnerability,"" as exploited in the wild in October 2014, a different vulnerability than CVE-2014-4124.",2014-10-15 10:55:08.037,CISA
CVE-2014-4148,0.0,0.51056,"win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted TrueType font, as exploited in the wild in October 2014, aka ""TrueType Font Parsing Remote Code Execution Vulnerability.""",2014-10-15 10:55:08.693,CISA
CVE-2014-4210,0.0,0.9683,Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect confidentiality via vectors related to WLS - Web Services.,2014-07-17 05:10:15.733,EPSS/Nuclei
CVE-2014-4404,0.0,0.0064,Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted key-mapping properties.,2014-09-18 10:55:09.827,CISA/Metasploit
CVE-2014-4511,0.0,0.96489,"Gitlist before 0.5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name in the URI of a request for a (1) blame, (2) file, or (3) stats page, as demonstrated by requests to blame/master/, master/, and stats/master/.",2014-07-22 14:55:09.770,EPSS/Metasploit
CVE-2014-4513,0.0,0.00145,"Multiple cross-site scripting (XSS) vulnerabilities in server/offline.php in the ActiveHelper LiveHelp Live Chat plugin 3.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) MESSAGE, (2) EMAIL, or (3) NAME parameter.",2014-07-01 14:55:05.017,Nuclei
CVE-2014-4535,6.1,0.00135,Cross-site scripting (XSS) vulnerability in the Import Legacy Media plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php.,2019-12-27 20:15:11.253,Nuclei
CVE-2014-4536,6.1,0.00149,"Multiple cross-site scripting (XSS) vulnerabilities in tests/notAuto_test_ContactService_pauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) go, (2) contactId, or (3) campaignId parameter.",2019-12-27 20:15:11.487,Nuclei
CVE-2014-4539,6.1,0.00135,Cross-site scripting (XSS) vulnerability in the Movies plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php.,2019-12-27 19:15:11.787,Nuclei
CVE-2014-4544,6.1,0.00118,Cross-site scripting (XSS) vulnerability in the Podcast Channels plugin 0.20 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the Filename parameter to getid3/demos/demo.write.php.,2019-12-27 19:15:12.007,Nuclei
CVE-2014-4550,6.1,0.00135,Cross-site scripting (XSS) vulnerability in preview-shortcode-external.php in the Shortcode Ninja plugin 1.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the shortcode parameter.,2019-12-27 20:15:11.550,Nuclei
CVE-2014-4558,6.1,0.00135,Cross-site scripting (XSS) vulnerability in test-plugin.php in the Swipe Checkout for WooCommerce plugin 2.7.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the api_url parameter.,2019-12-27 19:15:12.193,Nuclei
CVE-2014-4561,6.1,0.00098,The ultimate-weather plugin 1.0 for WordPress has XSS,2020-01-10 14:15:10.247,Nuclei
CVE-2014-4592,6.1,0.00135,Cross-site scripting (XSS) vulnerability in rss.class/scripts/magpie_debug.php in the WP-Planet plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter.,2019-12-27 17:15:16.077,Nuclei
CVE-2014-4671,0.0,0.01529,"Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API.",2014-07-09 05:04:24.960,Metasploit
CVE-2014-4863,0.0,0.03073,"The Arris Touchstone DG950A cable modem with software 7.10.131 has an SNMP community of public, which allows remote attackers to obtain sensitive password, key, and SSID information via an SNMP request.",2014-09-05 17:55:06.953,Metasploit
CVE-2014-4872,0.0,0.95655,"BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9010, which allows remote attackers to upload arbitrary files, execute arbitrary code, or obtain sensitive credential and configuration information via a .NET Remoting request to (1) FileStorageService or (2) ConfigurationService.",2014-10-10 10:55:07.523,EPSS
CVE-2014-4877,0.0,0.07815,"Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink.",2014-10-29 10:55:05.417,Metasploit
CVE-2014-4880,0.0,0.95309,"Buffer overflow in Hikvision DVR DS-7204 Firmware 2.2.10 build 131009, and other models and versions, allows remote attackers to execute arbitrary code via an RTSP PLAY request with a long Authorization header.",2014-12-08 11:59:07.127,EPSS/Metasploit
CVE-2014-4936,0.0,0.01202,The upgrade functionality in Malwarebytes Anti-Malware (MBAM) consumer before 2.0.3 and Malwarebytes Anti-Exploit (MBAE) consumer 1.04.1.1012 and earlier allow man-in-the-middle attackers to execute arbitrary code by spoofing the update server and uploading an executable.,2014-12-16 18:59:02.827,Metasploit
CVE-2014-4940,0.0,0.04191,Multiple directory traversal vulnerabilities in Tera Charts (tera-charts) plugin 0.1 for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the fn parameter to (1) charts/treemap.php or (2) charts/zoomabletreemap.php.,2014-07-11 20:55:03.420,Nuclei
CVE-2014-4942,0.0,0.02766,"The EasyCart (wp-easycart) plugin before 2.0.6 for WordPress allows remote attackers to obtain configuration information via a direct request to inc/admin/phpinfo.php, which calls the phpinfo function.",2014-07-11 20:55:03.500,Nuclei
CVE-2014-4977,0.0,0.959,"Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) selectedUserGroup parameter in a create new user request to cgi-bin/admin.cgi or the (2) user_id parameter in the changeUnit function, (3) methodDetail parameter in the methodDetail function, or (4) xcNetworkDetail parameter in the xcNetworkDetail function in d4d/exporters.php.",2014-07-16 14:19:04.370,EPSS/Metasploit
CVE-2014-5005,0.0,0.97218,Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter in an LFU action to statusUpdate.,2014-10-21 15:55:06.877,EPSS/Metasploit
CVE-2014-5073,0.0,0.91568,vmtadmin.cgi in VMTurbo Operations Manager before 4.6 build 28657 allows remote attackers to execute arbitrary commands via shell metacharacters in the fileDate parameter in a DOWN call.,2014-08-29 16:55:11.013,Metasploit
CVE-2014-5111,0.0,0.02876,"Multiple directory traversal vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to (1) home/index.php, (2) asterisk_info/asterisk_info.php, (3) repo/repo.php, or (4) endpointcfg/endpointcfg.php in maint/modules/.",2014-07-28 15:55:04.477,Nuclei
CVE-2014-5160,0.0,0.95652,"Multiple directory traversal vulnerabilities in crs.exe in the Cell Request Service in HP Data Protector allow remote attackers to create arbitrary files via an opcode-1091 request, or create or delete arbitrary files via an opcode-305 request.  NOTE: the vendor reportedly asserts that this behavior is ""by design.",2014-08-01 11:13:09.790,EPSS
CVE-2014-5208,0.0,0.08156,"BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 3000 through R3.09.50 and CENTUM VP through R4.03.00 and R5.x through R5.04.00, and Exaopc through R3.72.10, does not require authentication, which allows remote attackers to read arbitrary files via a RETR operation, write to arbitrary files via a STOR operation, or obtain sensitive database-location information via a PMODE operation, a different vulnerability than CVE-2014-0784.",2014-12-22 17:59:00.063,Metasploit
CVE-2014-5258,0.0,0.01386,Directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter.,2014-11-06 18:55:06.187,Nuclei
CVE-2014-5266,0.0,0.9286,"The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of elements in an XML document, which allows remote attackers to cause a denial of service (CPU consumption) via a large document, a different vulnerability than CVE-2014-5265.",2014-08-18 11:15:27.497,Metasploit
CVE-2014-5301,0.0,0.97071,Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4.,2017-08-28 15:29:00.343,EPSS/Metasploit
CVE-2014-5337,0.0,0.02667,"The WordPress Mobile Pack plugin before 2.0.2 for WordPress does not properly restrict access to password protected posts, which allows remote attackers to obtain sensitive information via an exportarticles action to export/content.php.",2014-08-29 13:55:05.410,Metasploit
CVE-2014-5368,0.0,0.09191,Directory traversal vulnerability in the file_get_contents function in downloadfiles/download.php in the WP Content Source Control (wp-source-control) plugin 3.0.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter.,2014-08-22 14:55:09.377,Nuclei
CVE-2014-5377,0.0,0.23903,ReadUsersFromMasterServlet in ManageEngine DeviceExpert before 5.9 build 5981 allows remote attackers to obtain user account credentials via a direct request.,2014-09-04 17:55:06.670,Metasploit
CVE-2014-5383,0.0,0.02886,SQL injection vulnerability in AlienVault OSSIM before 4.7.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.,2014-08-21 14:55:05.947,Metasploit
CVE-2014-5445,0.0,0.975,Multiple absolute path traversal vulnerabilities in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allow remote attackers or remote authenticated users to read arbitrary files via a full pathname in the schFilePath parameter to the (1) CSVServlet or (2) CReportPDFServlet servlet.,2014-12-04 17:59:00.067,EPSS/Metasploit
CVE-2014-5460,0.0,0.92309,"Unrestricted file upload vulnerability in the Tribulant Slideshow Gallery plugin before 1.4.7 for WordPress allows remote authenticated users to execute arbitrary code by uploading a PHP file, then accessing it via a direct request to the file in wp-content/uploads/slideshow-gallery/.",2014-09-11 15:55:05.223,Metasploit
CVE-2014-5468,8.8,0.49657,"A File Inclusion vulnerability exists in Railo 4.2.1 and earlier via a specially-crafted URL request to the thumbnail.cfm to specify a malicious PNG file, which could let a remote malicious user obtain sensitive information or execute arbitrary code.",2020-02-07 17:15:10.237,Metasploit
CVE-2014-5470,0.0,0.13312,Actual Analyzer through 2014-08-29 allows code execution via shell metacharacters because untrusted input is used for part of the input data passed to an eval operation.,2024-06-21 22:15:10.417,Metasploit
CVE-2014-5519,0.0,0.94852,The Ploticus module in PhpWiki 1.5.0 allows remote attackers to execute arbitrary code via shell metacharacters in a device option in the edit[content] parameter to index.php/HeIp.  NOTE: some of these details are obtained from third party information.,2014-09-11 14:16:04.083,Metasploit
CVE-2014-6034,0.0,0.96288,"Directory traversal vulnerability in the com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector servlet in ZOHO ManageEngine OpManager 8.8 through 11.3, Social IT Plus 11.0, and IT360 10.4 and earlier allows remote attackers or remote authenticated users to write to and execute arbitrary WAR files via a .. (dot dot) in the regionID parameter.",2014-12-04 17:59:02.863,EPSS/Metasploit
CVE-2014-6037,0.0,0.96656,"Directory traversal vulnerability in the agentUpload servlet in ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 allows remote attackers to execute arbitrary code by uploading a ZIP file which contains an executable file with .. (dot dot) sequences in its name, then accessing the executable via a direct request to the file under the web root. Fixed in Build 11072.",2014-10-26 19:55:04.907,EPSS/Metasploit
CVE-2014-6038,7.5,0.69621,Zoho ManageEngine EventLog Analyzer versions 7 through 9.9 build 9002 have a database Information Disclosure Vulnerability. Fixed in EventLog Analyzer 10.0 Build 10000.,2020-01-13 13:15:12.163,Metasploit
CVE-2014-6039,7.5,0.65588,ManageEngine EventLog Analyzer version 7 through 9.9 build 9002 has a Credentials Disclosure Vulnerability. Fixed version 10 Build 10000.,2020-01-13 13:15:12.287,Metasploit
CVE-2014-6271,9.8,0.97568,"GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka ""ShellShock.""  NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.",2014-09-24 18:48:04.477,EPSS/CISA/Nuclei
CVE-2014-6277,0.0,0.97256,"GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations) via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271 and CVE-2014-7169.",2014-09-27 22:55:02.660,EPSS
CVE-2014-6278,0.0,0.97346,"GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277.",2014-09-30 10:55:04.723,EPSS
CVE-2014-6287,9.8,0.97341,The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action.,2014-10-07 10:55:04.493,EPSS/CISA/Metasploit/Nuclei
CVE-2014-6308,0.0,0.0922,Directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a render action to oc-admin/index.php.,2014-10-20 14:55:06.827,Nuclei
CVE-2014-6321,0.0,0.96909,"Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via crafted packets, aka ""Microsoft Schannel Remote Code Execution Vulnerability.""",2014-11-11 22:55:04.997,EPSS
CVE-2014-6324,0.0,0.97209,"The Kerberos Key Distribution Center (KDC) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote authenticated domain users to obtain domain administrator privileges via a forged signature in a ticket, as exploited in the wild in November 2014, aka ""Kerberos Checksum Vulnerability.""",2014-11-18 23:59:02.503,EPSS/CISA/Metasploit
CVE-2014-6332,0.0,0.97357,"OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted web site, as demonstrated by an array-redimensioning attempt that triggers improper handling of a size value in the SafeArrayDimen function, aka ""Windows OLE Automation Array Remote Code Execution Vulnerability.""",2014-11-11 22:55:05.200,EPSS/CISA/Metasploit
CVE-2014-6352,0.0,0.96697,"Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object, as exploited in the wild in October 2014 with a crafted PowerPoint document.",2014-10-22 14:55:06.247,EPSS/CISA
CVE-2014-6365,0.0,0.96578,"Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the XSS filter via a crafted attribute of an element in an HTML document, aka ""Internet Explorer XSS Filter Bypass Vulnerability,"" a different vulnerability than CVE-2014-6328.",2014-12-11 00:59:15.347,EPSS
CVE-2014-6446,0.0,0.71162,"The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for WordPress does not properly restrict access, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code via a request to utilities/code_generator.php.",2014-09-26 21:55:07.097,Metasploit
CVE-2014-6593,0.0,0.69755,"Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit 27.8.4 and 28.3.4 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.",2015-01-21 15:28:29.337,Metasploit
CVE-2014-7146,0.0,0.35298,"The XmlImportExport plugin in MantisBT 1.2.17 and earlier allows remote attackers to execute arbitrary PHP code via a crafted (1) description field or (2) issuelink attribute in an XML file, which is not properly handled when executing the preg_replace function with the e modifier.",2014-11-18 15:59:02.500,Metasploit
CVE-2014-7169,0.0,0.97251,"GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.",2014-09-25 01:55:04.367,EPSS/CISA
CVE-2014-7186,0.0,0.97467,"The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here documents, aka the ""redir_stack"" issue.",2014-09-28 19:55:06.223,EPSS
CVE-2014-7187,0.0,0.97281,"Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the ""word_lineno"" issue.",2014-09-28 19:55:06.270,EPSS
CVE-2014-7205,0.0,0.87994,Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for the hapi server framework for Node.js allows remote attackers to execute arbitrary Javascript code via unspecified vectors.,2014-10-08 17:55:05.217,Metasploit
CVE-2014-7228,0.0,0.95499,"Akeeba Restore (restore.php), as used in Joomla! 2.5.4 through 2.5.25, 3.x through 3.2.5, and 3.3.0 through 3.3.4; Akeeba Backup for Joomla! Professional 3.0.0 through 4.0.2; Backup Professional for WordPress 1.0.b1 through 1.1.3; Solo 1.0.b1 through 1.1.2; Admin Tools Core and Professional 2.0.0 through 2.4.4; and CMS Update 1.0.a1 through 1.0.1, when performing a backup or update for an archive, does not delete parameters from $_GET and $_POST when it is cleansing $_REQUEST, but later accesses $_GET and $_POST using the getQueryParam function, which allows remote attackers to bypass encryption and execute arbitrary code via a command message that extracts a crafted archive.",2014-11-03 22:55:08.413,EPSS/Metasploit
CVE-2014-7236,9.1,0.95077,Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary Perl code via the debugenableplugins parameter to do/view/Main/WebHome.,2020-02-17 22:15:11.483,EPSS/Metasploit
CVE-2014-7285,0.0,0.4676,The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP scripts.,2014-12-17 16:59:00.067,Metasploit
CVE-2014-7816,0.0,0.04584,"Directory traversal vulnerability in JBoss Undertow 1.0.x before 1.0.17, 1.1.x before 1.1.0.CR5, and 1.2.x before 1.2.0.Beta3, when running on Windows, allows remote attackers to read arbitrary files via a .. (dot dot) in a resource URI.",2014-12-01 15:59:06.610,Metasploit
CVE-2014-7862,0.0,0.96104,The DCPluginServelet servlet in ManageEngine Desktop Central and Desktop Central MSP before build 90109 allows remote attackers to create administrator accounts via an addPlugInUser action.,2018-01-04 17:29:00.200,EPSS/Metasploit
CVE-2014-7863,7.5,0.97507,"The FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine Applications Manager before 11.9 build 11912, OpManager 8 through 11.5 build 11400, and IT360 10.5 and earlier does not properly restrict access, which allows remote attackers and remote authenticated users to (1) read arbitrary files via the fileName parameter in a copyfile operation or (2) obtain sensitive information via a directory listing in a listdirectory operation to servlet/FailOverHelperServlet.",2020-02-08 17:15:10.980,EPSS
CVE-2014-7868,0.0,0.96358,"Multiple SQL injection vulnerabilities in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the (1) OPM_BVNAME parameter in a Delete operation to the APMBVHandler servlet or (2) query parameter in a compare operation to the DataComparisonServlet servlet.",2014-12-04 17:59:06.720,EPSS
CVE-2014-7992,0.0,0.02543,"The DLSw implementation in Cisco IOS does not initialize packet buffers, which allows remote attackers to obtain sensitive credential information from process memory via a session on TCP port 2067, aka Bug ID CSCur14014.",2014-11-18 01:59:07.217,Metasploit
CVE-2014-8270,0.0,0.02084,"BMC Track-It! 11.3 allows remote attackers to gain privileges and execute arbitrary code by creating an account whose name matches that of a local system account, then performing a password reset.",2014-12-12 11:59:05.657,Metasploit
CVE-2014-8361,0.0,0.96797,"The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023.",2015-05-01 15:59:01.287,EPSS/CISA
CVE-2014-8394,0.0,0.97498,Multiple untrusted search path vulnerabilities in Corel CAD 2014 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) FxManagedCommands_3.08_9.tx or (2) TD_Mgd_3.08_9.dll file in the current working directory.,2015-01-15 15:59:09.637,EPSS
CVE-2014-8395,0.0,0.97501,Untrusted search path vulnerability in Corel Painter 2015 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wacommt.dll file that is located in the same folder as the file being processed.,2015-01-15 15:59:10.623,EPSS
CVE-2014-8396,0.0,0.97501,Untrusted search path vulnerability in Corel PDF Fusion allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse quserex.dll file that is located in the same folder as the file being processed.,2015-01-15 15:59:11.637,EPSS
CVE-2014-8397,0.0,0.97501,Untrusted search path vulnerability in Corel VideoStudio PRO X7 or FastFlick allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse u32ZLib.dll file that is located in the same folder as the file being processed.,2015-01-15 15:59:12.593,EPSS
CVE-2014-8398,0.0,0.97498,"Multiple untrusted search path vulnerabilities in Corel FastFlick allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) igfxcmrt32.dll, (2) ipl.dll, (3) MSPStyleLib.dll, (4) uFioUtil.dll, (5) uhDSPlay.dll, (6) uipl.dll, (7) uvipl.dll, (8) VC1DecDll.dll, or (9) VC1DecDll_SSE3.dll file that is located in the same folder as the file being processed.",2015-01-15 15:59:13.437,EPSS
CVE-2014-8423,0.0,0.40911,Unspecified vulnerability in the management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to execute arbitrary commands via unknown vectors.,2014-11-28 15:59:03.150,Metasploit
CVE-2014-8424,0.0,0.87928,"ARRIS VAP2500 before FW08.41 does not properly validate passwords, which allows remote attackers to bypass authentication.",2014-11-28 15:59:04.433,Metasploit
CVE-2014-8439,0.0,0.82949,"Adobe Flash Player before 13.0.0.258 and 14.x and 15.x before 15.0.0.239 on Windows and OS X and before 11.2.202.424 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference) via unspecified vectors.",2014-11-25 23:59:00.053,CISA
CVE-2014-8440,0.0,0.97382,"Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0576, CVE-2014-0581, and CVE-2014-8441.",2014-11-11 23:55:02.690,EPSS/Metasploit
CVE-2014-8499,0.0,0.0149,Multiple SQL injection vulnerabilities in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allow remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parameter to (1) SQLAdvancedALSearchResult.cc or (2) AdvancedSearchResult.cc.,2014-11-17 16:59:04.010,Metasploit
CVE-2014-8516,9.8,0.96908,"Unrestricted file upload vulnerability in Visual Mining NetCharts Server allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors.",2020-01-03 21:15:11.690,EPSS/Metasploit
CVE-2014-8517,0.0,0.95886,"The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect.",2014-11-17 16:59:05.213,EPSS/Metasploit
CVE-2014-8586,0.0,0.10872,SQL injection vulnerability in the CP Multi View Event Calendar plugin 1.01 for WordPress allows remote attackers to execute arbitrary SQL commands via the calid parameter.,2014-11-04 15:55:06.357,Metasploit
CVE-2014-8598,0.0,0.0065,"The XML Import/Export plugin in MantisBT 1.2.x does not restrict access, which allows remote attackers to (1) upload arbitrary XML files via the import page or (2) obtain sensitive information via the export page.  NOTE: this issue can be combined with CVE-2014-7146 to execute arbitrary PHP code.",2014-11-18 15:59:06.750,Metasploit
CVE-2014-8636,0.0,0.937,"The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via unspecified vectors.",2015-01-14 11:59:05.570,Metasploit
CVE-2014-8676,0.0,0.00195,Directory traversal vulnerability in the file_get_contents function in SOPlanning 1.32 and earlier allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in a URL path parameter.,2017-08-31 22:29:00.233,Nuclei
CVE-2014-8682,0.0,0.00624,"Multiple SQL injection vulnerabilities in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.6.1105 Beta allow remote attackers to execute arbitrary SQL commands via the q parameter to (1) api/v1/repos/search, which is not properly handled in models/repo.go, or (2) api/v1/users/search, which is not properly handled in models/user.go.",2014-11-21 15:59:09.773,Nuclei
CVE-2014-8684,0.0,0.00247,CodeIgniter before 3.0 and Kohana 3.2.3 and earlier and 3.3.x through 3.3.2 make it easier for remote attackers to spoof session cookies and consequently conduct PHP object injection attacks by leveraging use of standard string comparison operators to compare cryptographic hashes.,2017-09-19 19:29:00.203,Metasploit
CVE-2014-8686,0.0,0.00382,CodeIgniter before 2.2.0 makes it easier for attackers to decode session cookies by leveraging fallback to a custom XOR-based encryption scheme when the Mcrypt extension for PHP is not available.,2017-09-19 19:29:00.263,Metasploit
CVE-2014-8687,0.0,0.35706,Seagate Business NAS devices with firmware before 2015.00322 allow remote attackers to execute arbitrary code with root privileges by leveraging use of a static encryption key to create session tokens.,2017-06-08 16:29:00.247,Metasploit
CVE-2014-8741,9.8,0.96835,Directory traversal vulnerability in the GfdFileUploadServerlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to write to arbitrary files via unspecified vectors.,2020-01-27 18:15:11.117,EPSS/Metasploit
CVE-2014-8791,0.0,0.29099,"project/register.php in Tuleap before 7.7, when sys_create_project_in_one_step is disabled, allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via the data parameter.",2014-12-02 01:59:05.887,Metasploit
CVE-2014-8799,0.0,0.17844,Directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter to lib/dp_image.php.,2014-11-28 15:59:07.417,Metasploit/Nuclei
CVE-2014-8998,0.0,0.95426,"lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote authenticated users to execute arbitrary PHP code via a crafted HTTP header to index.php, which is processed by the preg_replace function with the eval switch.",2014-11-20 13:55:07.907,EPSS/Metasploit
CVE-2014-9016,0.0,0.03994,The password hashing API in Drupal 7.x before 7.34 and the Secure Password Hashes (aka phpass) module 6.x-2.x before 6.x-2.1 for Drupal allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted request.,2014-11-24 15:59:17.920,Metasploit
CVE-2014-9094,0.0,0.25902,Multiple cross-site scripting (XSS) vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) swfloc or (2) designrand parameter.,2014-11-26 15:59:10.277,Nuclei
CVE-2014-9119,0.0,0.11324,Directory traversal vulnerability in download.php in the DB Backup plugin 4.5 and earlier for Wordpress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.,2014-12-31 22:59:04.583,Nuclei
CVE-2014-9163,0.0,0.07307,"Stack-based buffer overflow in Adobe Flash Player before 13.0.0.259 and 14.x and 15.x before 15.0.0.246 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in December 2014.",2014-12-10 21:59:35.163,CISA
CVE-2014-9180,0.0,0.00214,Open redirect vulnerability in go.php in Eleanor CMS allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the QUERY_STRING.,2014-12-02 16:59:17.087,Nuclei
CVE-2014-9195,0.0,0.058,"Phoenix Contact ProConOs and MultiProg do not require authentication, which allows remote attackers to execute arbitrary commands via protocol-compliant traffic.",2015-01-17 02:59:05.630,Metasploit
CVE-2014-9222,0.0,0.9702,"AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and products, allows remote attackers to gain privileges via a crafted cookie that triggers memory corruption, aka the ""Misfortune Cookie"" vulnerability.",2014-12-24 18:59:06.607,EPSS
CVE-2014-9295,0.0,0.96624,"Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function.",2014-12-20 02:59:02.693,EPSS
CVE-2014-9308,0.0,0.92253,"Unrestricted file upload vulnerability in inc/amfphp/administration/banneruploaderscript.php in the WP EasyCart (aka WordPress Shopping Cart) plugin before 3.0.9 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in products/banners/.",2015-01-15 15:59:17.450,Metasploit
CVE-2014-9312,0.0,0.84822,Unrestricted File Upload vulnerability in Photo Gallery 1.2.5.,2017-08-28 15:29:00.640,Metasploit
CVE-2014-9375,0.0,0.95612,Directory traversal vulnerability in the LibraryFileUploadServlet servlet in Lexmark Markvision Enterprise allows remote authenticated users to write to and execute arbitrary files via a .. (dot dot) in a file path in a ZIP archive.,2015-02-16 15:59:00.057,EPSS
CVE-2014-9390,9.8,0.94445,"Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.",2020-02-12 02:15:10.963,Metasploit
CVE-2014-9444,0.0,0.00619,Cross-site scripting (XSS) vulnerability in the Frontend Uploader plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the errors[fu-disallowed-mime-type][0][name] parameter to the default URI.,2015-01-02 20:59:02.587,Nuclei
CVE-2014-9566,0.0,0.96255,"Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwinds Orion Platform 2015.1, as used in Network Performance Monitor (NPM) before 11.5, NetFlow Traffic Analyzer (NTA) before 4.1, Network Configuration Manager (NCM) before 7.3.2, IP Address Manager (IPAM) before 4.3, User Device Tracker (UDT) before 3.2, VoIP & Network Quality Manager (VNQM) before 4.2, Server & Application Manager (SAM) before 6.2, Web Performance Monitor (WPM) before 2.2, and possibly other Solarwinds products, allow remote authenticated users to execute arbitrary SQL commands via the (1) dir or (2) sort parameter to the (a) GetAccounts or (b) GetAccountGroups endpoint.",2015-03-10 14:59:02.757,EPSS/Metasploit
CVE-2014-9583,0.0,0.96522,"common.c in infosvr in ASUS WRT firmware 3.0.0.4.376_1071, 3.0.0.376.2524-g0013f52, and other versions, as used in RT-AC66U, RT-N66U, and other routers, does not properly check the MAC address for a request, which allows remote attackers to bypass authentication and execute arbitrary commands via a NET_CMD_ID_MANU_CMD packet to UDP port 9999.  NOTE: this issue was incorrectly mapped to CVE-2014-10000, but that ID is invalid due to its use as an example of the 2014 CVE ID syntax change.",2015-01-08 20:59:02.243,EPSS/Metasploit
CVE-2014-9606,6.1,0.00102,"Multiple cross-site scripting (XSS) vulnerabilities in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) server parameter to remotereporter/load_logfiles.php, (2) customctid parameter to webadmin/policy/category_table_ajax.php, (3) urllist parameter to webadmin/alert/alert.php, (4) QUERY_STRING to webadmin/ajaxfilemanager/ajax_get_file_listing.php, or (5) PATH_INFO to webadmin/policy/policy_table_ajax.php/.",2020-02-19 20:15:13.017,Nuclei
CVE-2014-9607,6.1,0.00102,Cross-site scripting (XSS) vulnerability in remotereporter/load_logfiles.php in Netsweeper 4.0.3 and 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter.,2020-02-19 20:15:13.113,Nuclei
CVE-2014-9608,6.1,0.00102,"Cross-site scripting (XSS) vulnerability in webadmin/policy/group_table_ajax.php/ in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.",2020-02-19 20:15:13.173,Nuclei
CVE-2014-9609,5.3,0.00178,"Directory traversal vulnerability in webadmin/reporter/view_server_log.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to list directory contents via a .. (dot dot) in the log parameter in a stats action.",2020-02-19 20:15:13.253,Nuclei
CVE-2014-9614,9.8,0.01433,"The Web Panel in Netsweeper before 4.0.5 has a default password of branding for the branding account, which makes it easier for remote attackers to obtain access via a request to webadmin/.",2020-02-19 20:15:13.517,Nuclei
CVE-2014-9615,6.1,0.00102,Cross-site scripting (XSS) vulnerability in Netsweeper 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter to webadmin/deny/index.php.,2020-02-19 20:15:13.597,Nuclei
CVE-2014-9617,6.1,0.00109,Open redirect vulnerability in remotereporter/load_logfiles.php in Netsweeper before 4.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter.,2020-02-19 21:15:11.107,Nuclei
CVE-2014-9618,0.0,0.03433,"The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and subsequently create arbitrary profiles via a showdeny action to the default URL.",2017-09-19 15:29:00.460,Nuclei
CVE-2014-9707,0.0,0.09885,"EmbedThis GoAhead 3.0.0 through 3.4.1 does not properly handle path segments starting with a . (dot), which allows remote attackers to conduct directory traversal attacks, cause a denial of service (heap-based buffer overflow and crash), or possibly execute arbitrary code via a crafted URI.",2015-03-31 14:59:06.250,Metasploit
CVE-2014-9727,0.0,0.96199,AVM Fritz!Box allows remote attackers to execute arbitrary commands via shell metacharacters in the var:lang parameter to cgi-bin/webcm.,2015-05-29 15:59:02.280,EPSS/Metasploit
CVE-2014-9735,0.0,0.93501,"The ThemePunch Slider Revolution (revslider) plugin before 3.0.96 for WordPress and Showbiz Pro plugin 1.7.1 and earlier for Wordpress does not properly restrict access to administrator AJAX functionality, which allows remote attackers to (1) upload and execute arbitrary files via an update_plugin action; (2) delete arbitrary sliders via a delete_slider action; and (3) create, (4) update, (5) import, or (6) export arbitrary sliders via unspecified vectors.",2015-06-30 14:59:03.393,Metasploit
CVE-2014-9862,0.0,0.95921,"Integer signedness error in bspatch.c in bspatch in bsdiff, as used in Apple OS X before 10.11.6 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted patch file.",2016-07-22 02:59:00.127,EPSS
CVE-2015-0002,0.0,0.00043,"The AhcVerifyAdminContext function in ahcache.sys in the Application Compatibility component in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not verify that an impersonation token is associated with an administrative account, which allows local users to gain privileges by running AppCompatCache.exe with a crafted DLL file, aka MSRC ID 20544 or ""Microsoft Application Compatibility Infrastructure Elevation of Privilege Vulnerability.""",2015-01-13 22:59:01.253,Metasploit
CVE-2015-0016,0.0,0.26597,"Directory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) component in Microsoft Windows Vista SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via a crafted pathname in an executable file, as demonstrated by a transition from Low Integrity to Medium Integrity, aka ""Directory Traversal Elevation of Privilege Vulnerability.""",2015-01-13 22:59:07.190,CISA/Metasploit
CVE-2015-0064,0.0,0.95604,"Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Automation Services in SharePoint Server 2010, Web Applications 2010 SP2, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka ""Office Remote Code Execution Vulnerability.""",2015-02-11 03:01:07.200,EPSS
CVE-2015-0065,0.0,0.95468,"Microsoft Word 2007 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka ""OneTableDocumentStream Remote Code Execution Vulnerability.""",2015-02-11 03:01:07.967,EPSS
CVE-2015-0071,0.0,0.46202,"Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka ""Internet Explorer ASLR Bypass Vulnerability.""",2015-02-11 03:01:12.497,CISA
CVE-2015-0072,0.0,0.97181,"Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy and inject arbitrary web script or HTML via vectors involving an IFRAME element that triggers a redirect, a second IFRAME element that does not trigger a redirect, and an eval of a WindowProxy object, aka ""Universal XSS (UXSS).""",2015-02-07 19:59:07.723,EPSS/Metasploit
CVE-2015-0096,0.0,0.97321,"Untrusted search path vulnerability in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, leading to DLL loading during Windows Explorer access to the icon of a crafted shortcut, aka ""DLL Planting Remote Code Execution Vulnerability.""",2015-03-11 10:59:22.760,EPSS
CVE-2015-0235,0.0,0.97505,"Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka ""GHOST.""",2015-01-28 19:59:00.063,EPSS
CVE-2015-0240,0.0,0.97426,"The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c.",2015-02-24 01:59:00.050,EPSS/Metasploit
CVE-2015-0273,0.0,0.95481,"Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or (2) r type specifier in (a) DateTimeZone data handled by the php_date_timezone_initialize_from_hash function or (b) DateTime data handled by the php_date_initialize_from_hash function.",2015-03-30 10:59:06.507,EPSS
CVE-2015-0310,0.0,0.91946,"Adobe Flash Player before 13.0.0.262 and 14.x through 16.x before 16.0.0.287 on Windows and OS X and before 11.2.202.438 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism on Windows, and have an unspecified impact on other platforms, via unknown vectors, as exploited in the wild in January 2015.",2015-01-23 21:59:00.050,CISA
CVE-2015-0311,0.0,0.97275,"Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015.",2015-01-23 21:59:04.897,EPSS/CISA/Metasploit
CVE-2015-0313,0.0,0.9729,"Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2015, a different vulnerability than CVE-2015-0315, CVE-2015-0320, and CVE-2015-0322.",2015-02-02 19:59:00.053,EPSS/CISA/Metasploit
CVE-2015-0318,0.0,0.97514,"Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0314, CVE-2015-0316, CVE-2015-0321, CVE-2015-0329, and CVE-2015-0330.",2015-02-06 00:59:03.950,EPSS/Metasploit
CVE-2015-0336,0.0,0.96796,"Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code by leveraging an unspecified ""type confusion,"" a different vulnerability than CVE-2015-0334.",2015-03-13 17:59:04.083,EPSS/Metasploit
CVE-2015-0359,0.0,0.97466,"Double free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0346.",2015-04-14 22:59:12.680,EPSS/Metasploit
CVE-2015-0554,0.0,0.0139,"The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensitive information or cause a denial of service (device restart) as demonstrated by a direct request to (1) wlsecurity.html or (2) resetrouter.html.",2015-01-21 18:59:50.917,Nuclei
CVE-2015-0666,0.0,0.97385,"Directory traversal vulnerability in the fmserver servlet in Cisco Prime Data Center Network Manager (DCNM) before 7.1(1) allows remote attackers to read arbitrary files via a crafted pathname, aka Bug ID CSCus00241.",2015-04-03 10:59:04.290,EPSS/CISA
CVE-2015-0779,0.0,0.94608,"Directory traversal vulnerability in UploadServlet in Novell ZENworks Configuration Management (ZCM) 10 and 11 before 11.3.2 allows remote attackers to execute arbitrary code via a crafted directory name in the uid parameter, in conjunction with a WAR filename in the filename parameter and WAR content in the POST data, a different vulnerability than CVE-2010-5323 and CVE-2010-5324.",2015-06-07 23:59:04.487,Metasploit
CVE-2015-0816,0.0,0.961,"Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy, as demonstrated by the resource: URL associated with PDF.js.",2015-04-01 10:59:14.910,EPSS/Metasploit
CVE-2015-0921,0.0,0.02513,XML external entity (XXE) vulnerability in the Server Task Log in McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 allows remote authenticated users to read arbitrary files via the conditionXML parameter to the taskLogTable to orionUpdateTableFilter.do.,2015-01-09 18:59:10.600,Metasploit
CVE-2015-0922,0.0,0.00808,"McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 uses the same secret key across different customers' installations, which allows attackers to obtain the administrator password by leveraging knowledge of the encrypted password.",2015-01-09 18:59:11.540,Metasploit
CVE-2015-0923,0.0,0.77439,"The ContentBlockEx method in Workarea/ServerControlWS.asmx in Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference within an XML document named in the xslt parameter, related to an XML External Entity (XXE) issue.",2015-02-14 03:01:17.927,Metasploit
CVE-2015-0936,9.8,0.26604,"Ceragon FibeAir IP-10 have a default SSH public key in the authorized_keys file for the mateidu user, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key.",2017-06-01 16:29:00.200,Metasploit
CVE-2015-1000005,0.0,0.05258,Remote file download vulnerability in candidate-application-form v1.0 wordpress plugin,2016-10-06 14:59:05.817,Nuclei
CVE-2015-1000010,0.0,0.03181,Remote file download in simple-image-manipulator v1.0 wordpress plugin,2016-10-06 14:59:11.257,Nuclei
CVE-2015-1000012,0.0,0.00689,Local File Inclusion Vulnerability in mypixs v0.3 wordpress plugin,2016-10-06 14:59:13.537,Nuclei
CVE-2015-1126,0.0,0.92223,"WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors.",2015-04-10 14:59:39.713,Metasploit
CVE-2015-1130,0.0,0.00047,The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges via unspecified vectors.,2015-04-10 14:59:43.073,CISA/Metasploit
CVE-2015-1155,0.0,0.00874,"The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site.",2015-05-08 00:59:03.953,Metasploit
CVE-2015-1171,0.0,0.70634,Stack-based buffer overflow in GSM SIM Utility (aka SIM Card Editor) 6.6 allows remote attackers to execute arbitrary code via a long entry in a .sms file.,2015-08-28 21:59:01.870,Metasploit
CVE-2015-1172,0.0,0.94182,"Unrestricted file upload vulnerability in admin/upload-file.php in the Holding Pattern theme (aka holding_pattern) 0.6 and earlier for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in an unspecified directory.",2015-02-11 19:59:00.057,Metasploit
CVE-2015-1187,9.8,0.93831,The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp.,2017-09-21 16:29:00.147,CISA/Metasploit
CVE-2015-1318,0.0,0.00063,The crash reporting feature in Apport 2.13 through 2.17.x before 2.17.1 allows local users to gain privileges via a crafted usr/share/apport/apport file in a namespace (container).,2015-04-17 17:59:01.420,Metasploit
CVE-2015-1328,0.0,0.00062,"The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a configuration in which overlayfs is permitted in an arbitrary mount namespace.",2016-11-28 03:59:00.217,Metasploit
CVE-2015-1376,0.0,0.88832,"pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not validate hostnames, which allows remote authenticated users to write to arbitrary files via an upload URL with a host other than pixabay.com.",2015-01-28 11:59:07.307,Metasploit
CVE-2015-1427,0.0,0.85572,The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script.,2015-02-17 15:59:04.560,CISA/Metasploit/Nuclei
CVE-2015-1486,0.0,0.61621,The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote attackers to bypass authentication via a crafted password-reset action that triggers a new administrative session.,2015-08-01 01:59:03.537,Metasploit
CVE-2015-1487,0.0,0.72547,"The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to write to arbitrary files, and consequently obtain administrator privileges, via a crafted filename.",2015-08-01 01:59:04.600,Metasploit
CVE-2015-1489,0.0,0.40569,The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to gain privileges via unspecified vectors.,2015-08-01 01:59:06.427,Metasploit
CVE-2015-1497,0.0,0.93905,"radexecd.exe in Persistent Systems Radia Client Automation (RCA) 7.9, 8.1, 9.0, and 9.1 allows remote attackers to execute arbitrary commands via a crafted request to TCP port 3465.",2015-02-16 15:59:10.463,Metasploit
CVE-2015-1503,0.0,0.90421,Multiple directory traversal vulnerabilities in IceWarp Mail Server before 11.2 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the file parameter to a webmail/client/skins/default/css/css.php page or .../. (dot dot dot slash dot) in the (2) script or (3) style parameter to webmail/old/calendar/minimizer/index.php.,2018-05-08 20:29:00.250,Nuclei
CVE-2015-1538,0.0,0.954,"Integer overflow in the SampleTable::setSampleToChunkParams function in SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code via crafted atoms in MP4 data that trigger an unchecked multiplication, aka internal bug 20139950, a related issue to CVE-2015-4496.",2015-10-01 00:59:06.687,EPSS
CVE-2015-1545,0.0,0.96144,The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request.,2015-02-12 16:59:06.143,EPSS
CVE-2015-1579,0.0,0.67487,Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php.  NOTE: this vulnerability may be a duplicate of CVE-2014-9734.,2015-02-11 19:59:06.417,Nuclei
CVE-2015-1587,0.0,0.87801,"Unrestricted file upload vulnerability in file_to_index.php in Maarch LetterBox 2.8 and earlier and GEC/GED 1.4 and earlier allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a request to a predictable filename in tmp/.",2015-02-19 15:59:15.547,Metasploit
CVE-2015-1592,0.0,0.85547,"Movable Type Pro, Open Source, and Advanced before 5.2.12 and Pro and Advanced 6.0.x before 6.0.7 does not properly use the Perl Storable::thaw function, which allows remote attackers to include and execute arbitrary local Perl files and possibly execute arbitrary code via unspecified vectors.",2015-02-19 15:59:16.580,Metasploit
CVE-2015-1605,0.0,0.95999,Multiple SQL injection vulnerabilities in Dell ScriptLogic Asset Manager (aka Quest Workspace Asset Manager) before 9.5 allow remote attackers to execute arbitrary SQL commands via unspecified vectors to (1) GetClientPackage.aspx or (2) GetProcessedPackage.aspx.,2015-02-24 15:59:07.613,EPSS
CVE-2015-1635,0.0,0.9754,"HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka ""HTTP.sys Remote Code Execution Vulnerability.""",2015-04-14 20:59:01.263,EPSS/CISA/Nuclei
CVE-2015-1637,0.0,0.96341,"Schannel (aka Secure Channel) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the ""FREAK"" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1067.",2015-03-06 17:59:00.070,EPSS
CVE-2015-1641,0.0,0.95977,"Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allow remote attackers to execute arbitrary code via a crafted RTF document, aka ""Microsoft Office Memory Corruption Vulnerability.""",2015-04-14 20:59:05.250,EPSS/CISA
CVE-2015-1642,0.0,0.94142,"Microsoft Office 2007 SP3, 2010 SP2, and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted document, aka ""Microsoft Office Memory Corruption Vulnerability.""",2015-08-15 00:59:00.110,CISA
CVE-2015-1671,0.0,0.40207,"The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2; Office 2007 SP3 and 2010 SP2; Live Meeting 2007 Console; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; Lync Basic 2013 SP1; Silverlight 5 before 5.1.40416.00; and Silverlight 5 Developer Runtime before 5.1.40416.00, allows remote attackers to execute arbitrary code via a crafted TrueType font, aka ""TrueType Font Parsing Vulnerability.""",2015-05-13 10:59:03.910,CISA
CVE-2015-1701,0.0,0.00533,"Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in April 2015, aka ""Win32k Elevation of Privilege Vulnerability.""",2015-04-21 10:59:00.073,CISA/Metasploit
CVE-2015-1769,0.0,0.0014,"Mount Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 mishandles symlinks, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka ""Mount Manager Elevation of Privilege Vulnerability.""",2015-08-15 00:59:01.467,CISA
CVE-2015-1770,0.0,0.47243,"Microsoft Office 2013 SP1 and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka ""Microsoft Office Uninitialized Memory Use Vulnerability.""",2015-06-10 01:59:36.483,CISA
CVE-2015-1793,0.0,0.1051,"The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate.",2015-07-09 19:17:00.093,Metasploit
CVE-2015-1830,0.0,0.04594,Directory traversal vulnerability in the fileserver upload/download functionality for blob messages in Apache ActiveMQ 5.x before 5.11.2 for Windows allows remote attackers to create JSP files in arbitrary directories via unspecified vectors.,2015-08-19 15:59:00.133,Metasploit
CVE-2015-1880,0.0,0.00201,Cross-site scripting (XSS) vulnerability in the sslvpn login page in Fortinet FortiOS 5.2.x before 5.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,2015-05-12 19:59:08.053,Nuclei
CVE-2015-1941,0.0,0.95956,The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to read arbitrary files via a crafted TCP packet to an unspecified port.,2015-06-30 15:59:07.357,EPSS
CVE-2015-20067,7.5,0.05398,"The WP Attachment Export WordPress plugin before 0.2.4 does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on a Wordpress",2021-11-01 09:15:08.093,Nuclei
CVE-2015-2049,0.0,0.52655,Unrestricted file upload vulnerability in D-Link DCS-931L with firmware 1.04 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension.,2015-02-23 17:59:06.557,Metasploit
CVE-2015-2051,0.0,0.97188,The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface.,2015-02-23 17:59:08.320,EPSS/CISA
CVE-2015-2065,0.0,0.01198,SQL injection vulnerability in videogalleryrss.php in the Apptha WordPress Video Gallery (contus-video-gallery) plugin before 2.8 for WordPress allows remote attackers to execute arbitrary SQL commands via the vid parameter in a rss action to wp-admin/admin-ajax.php.,2015-02-24 17:59:01.253,Metasploit
CVE-2015-2067,0.0,0.00709,Directory traversal vulnerability in web/ajax_pluginconf.php in the MAGMI (aka Magento Mass Importer) plugin for Magento Server allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.,2015-02-24 17:59:03.817,Nuclei
CVE-2015-2068,0.0,0.00146,Multiple cross-site scripting (XSS) vulnerabilities in the MAGMI (aka Magento Mass Importer) plugin for Magento Server allow remote attackers to inject arbitrary web script or HTML via the (1) profile parameter to web/magmi.php or (2) QUERY_STRING to web/magmi_import_run.php.,2015-02-24 17:59:04.817,Nuclei
CVE-2015-2080,0.0,0.95345,"The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.",2016-10-07 14:59:00.193,EPSS/Nuclei
CVE-2015-2166,0.0,0.29639,"Directory traversal vulnerability in the Instance Monitor in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the default URI.",2015-04-06 15:59:02.213,Nuclei
CVE-2015-2196,0.0,0.00288,SQL injection vulnerability in Spider Event Calendar 1.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a spiderbigcalendar_month action to wp-admin/admin-ajax.php.,2015-03-03 19:59:02.467,Nuclei
CVE-2015-2208,0.0,0.96889,The saveObject function in moadmin.php in phpMoAdmin 1.1.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the object parameter.,2015-03-12 14:59:04.883,EPSS/Metasploit
CVE-2015-2219,0.0,0.00088,"Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allows local users to gain privileges by sending a valid token with a command to the System Update service (SUService.exe) through an unspecified named pipe.",2015-05-12 19:59:10.587,Metasploit
CVE-2015-2284,0.0,0.97377,"userlogin.jsp in SolarWinds Firewall Security Manager (FSM) before 6.6.5 HotFix1 allows remote attackers to gain privileges and execute arbitrary code via unspecified vectors, related to client session handling.",2015-03-24 17:59:11.070,EPSS/Metasploit
CVE-2015-2291,0.0,0.00105,"(1) IQVW32.sys before 1.3.1.0 and (2) IQVW64.sys before 1.3.1.0 in the Intel Ethernet diagnostics driver for Windows allows local users to cause a denial of service or possibly execute arbitrary code with kernel privileges via a crafted (a) 0x80862013, (b) 0x8086200B, (c) 0x8086200F, or (d) 0x80862007 IOCTL call.",2017-08-09 18:29:00.933,CISA
CVE-2015-2331,0.0,0.95332,"Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow.",2015-03-30 10:59:12.727,EPSS
CVE-2015-2342,0.0,0.97088,"The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol.",2015-10-12 10:59:01.633,EPSS
CVE-2015-2360,0.0,0.00084,"win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka ""Win32k Elevation of Privilege Vulnerability.""",2015-06-10 01:59:38.890,CISA
CVE-2015-2387,0.0,0.00043,"ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka ""ATMFD.DLL Memory Corruption Vulnerability.""",2015-07-14 22:59:08.103,CISA
CVE-2015-2419,0.0,0.97336,"JScript 9 in Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""JScript9 Memory Corruption Vulnerability.""",2015-07-14 21:59:33.283,EPSS/CISA
CVE-2015-2424,0.0,0.67103,"Microsoft PowerPoint 2007 SP3, Word 2007 SP3, PowerPoint 2010 SP2, Word 2010 SP2, PowerPoint 2013 SP1, Word 2013 SP1, and PowerPoint 2013 RT SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka ""Microsoft Office Memory Corruption Vulnerability.""",2015-07-14 21:59:35.987,CISA
CVE-2015-2425,0.0,0.9663,"Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Internet Explorer Memory Corruption Vulnerability,"" a different vulnerability than CVE-2015-2383 and CVE-2015-2384.",2015-07-14 21:59:36.813,EPSS/CISA
CVE-2015-2426,0.0,0.97379,"Buffer underflow in atmfd.dll in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka ""OpenType Font Driver Vulnerability.""",2015-07-20 18:59:01.210,EPSS/CISA/Metasploit
CVE-2015-2433,0.0,0.00061,"The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to bypass the ASLR protection mechanism via a crafted application, aka ""Kernel ASLR Bypass Vulnerability.""",2015-08-15 00:59:09.703,Metasploit
CVE-2015-2502,0.0,0.59435,"Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Memory Corruption Vulnerability,"" as exploited in the wild in August 2015.",2015-08-19 10:59:00.090,CISA
CVE-2015-2509,0.0,0.97297,"Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8, and Windows 8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted Media Center link (mcl) file, aka ""Windows Media Center RCE Vulnerability.""",2015-09-09 00:59:22.490,EPSS/Metasploit
CVE-2015-2520,0.0,0.95691,"Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel for Mac 2011 and 2016, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka ""Microsoft Office Memory Corruption Vulnerability.""",2015-09-09 00:59:32.363,EPSS
CVE-2015-2521,0.0,0.96056,"Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka ""Microsoft Office Memory Corruption Vulnerability.""",2015-09-09 00:59:33.300,EPSS
CVE-2015-2523,0.0,0.95691,"Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel for Mac 2011 and 2016, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka ""Microsoft Office Memory Corruption Vulnerability.""",2015-09-09 00:59:35.270,EPSS
CVE-2015-2545,0.0,0.9701,"Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted EPS image, aka ""Microsoft Office Malformed EPS File Vulnerability.""",2015-09-09 00:59:52.190,EPSS/CISA
CVE-2015-2546,0.0,0.00367,"The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka ""Win32k Memory Corruption Elevation of Privilege Vulnerability,"" a different vulnerability than CVE-2015-2511, CVE-2015-2517, and CVE-2015-2518.",2015-09-09 00:59:53.207,CISA
CVE-2015-2562,0.0,0.03518,"Multiple SQL injection vulnerabilities in the Web-Dorado ECommerce WD (com_ecommercewd) component 1.2.5 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) search_category_id, (2) sort_order, or (3) filter_manufacturer_ids in a displayproducts action to index.php.",2015-03-20 14:59:04.327,Metasploit
CVE-2015-2590,0.0,0.0238,"Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732.",2015-07-16 10:59:17.050,CISA
CVE-2015-2673,0.0,0.00777,The ec_ajax_update_option and ec_ajax_clear_all_taxrates functions in inc/admin/admin_ajax_functions.php in the WP EasyCart plugin 1.1.30 through 3.0.20 for WordPress allow remote attackers to gain administrator privileges and execute arbitrary code via the option_name and option_value parameters.,2017-10-06 22:29:00.633,Metasploit
CVE-2015-2755,0.0,0.01828,"Multiple cross-site request forgery (CSRF) vulnerabilities in the AB Google Map Travel (AB-MAP) plugin before 4.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) lat (Latitude), (2) long (Longitude), (3) map_width, (4) map_height, or (5) zoom (Map Zoom) parameter in the ab_map_options page to wp-admin/admin.php.",2015-04-01 14:59:07.803,Nuclei
CVE-2015-2794,0.0,0.9742,The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx.,2017-02-06 15:59:00.137,EPSS/Nuclei
CVE-2015-2797,0.0,0.81418,"Stack-based buffer overflow in AirTies Air 6372, 5760, 5750, 5650TT, 5453, 5444TT, 5443, 5442, 5343, 5342, 5341, and 5021 DSL modems with firmware 1.0.2.0 and earlier allows remote attackers to execute arbitrary code via a long string in the redirect parameter to cgi-bin/login.",2015-06-19 14:59:00.067,Metasploit
CVE-2015-2807,0.0,0.00294,Cross-site scripting (XSS) vulnerability in js/window.php in the Navis DocumentCloud plugin before 0.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter.,2015-09-01 14:59:02.073,Nuclei
CVE-2015-2843,0.0,0.01806,Multiple SQL injection vulnerabilities in GoAutoDial GoAdmin CE before 3.3-1421902800 allow remote attackers to execute arbitrary SQL commands via the (1) user_name or (2) user_pass parameter in go_login.php or the PATH_INFO to (3) go_login/validate_credentials/admin/ or (4) index.php/go_site/go_get_user_info/.,2015-05-12 19:59:19.057,Metasploit
CVE-2015-2845,0.0,0.0792,The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1421902800 allows remote attackers to execute arbitrary commands via the $type portion of the PATH_INFO.,2015-05-12 19:59:20.917,Metasploit
CVE-2015-2856,0.0,0.97065,Directory traversal vulnerability in the template function in function.inc in Accellion File Transfer Appliance devices before FTA_9_11_210 allows remote attackers to read arbitrary files via a .. (dot dot) in the statecode cookie.,2017-10-10 13:29:00.247,EPSS/Metasploit
CVE-2015-2857,9.8,0.95714,Accellion File Transfer Appliance before FTA_9_11_210 allows remote attackers to execute arbitrary code via shell metacharacters in the oauth_token parameter.,2017-08-22 15:29:00.210,EPSS/Metasploit
CVE-2015-2863,0.0,0.00626,"Open redirect vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.",2015-07-20 23:59:01.940,Nuclei
CVE-2015-2993,0.0,0.81666,"SysAid Help Desk before 15.2 does not properly restrict access to certain functionality, which allows remote attackers to (1) create administrator accounts via a crafted request to /createnewaccount or (2) write to arbitrary files via the fileName parameter to /userentry.",2015-06-08 14:59:01.320,Metasploit
CVE-2015-2994,0.0,0.87527,"Unrestricted file upload vulnerability in ChangePhoto.jsp in SysAid Help Desk before 15.2 allows remote administrators to execute arbitrary code by uploading a file with a .jsp extension, then accessing it via a direct request to the file in icons/user_photo/.",2015-06-08 14:59:02.587,Metasploit
CVE-2015-2995,0.0,0.91193,"The RdsLogsEntry servlet in SysAid Help Desk before 15.2 does not properly check file extensions, which allows remote attackers to upload and execute arbitrary files via a NULL byte after the extension, as demonstrated by a .war%00 file.",2015-06-08 14:59:03.603,Metasploit
CVE-2015-2996,0.0,0.44945,Multiple directory traversal vulnerabilities in SysAid Help Desk before 15.2 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the fileName parameter to getGfiUpgradeFile or (2) cause a denial of service (CPU and memory consumption) via a .. (dot dot) in the fileName parameter to calculateRdsFileChecksum.,2015-06-08 14:59:04.633,Nuclei
CVE-2015-2997,0.0,0.00658,"SysAid Help Desk before 15.2 allows remote attackers to obtain sensitive information via an invalid value in the accountid parameter to getAgentLogFile, as demonstrated by a large directory traversal sequence, which reveals the installation path in an error message.",2015-06-08 14:59:05.650,Metasploit
CVE-2015-2998,0.0,0.00552,"SysAid Help Desk before 15.2 uses a hardcoded encryption key, which makes it easier for remote attackers to obtain sensitive information, as demonstrated by decrypting the database password in WEB-INF/conf/serverConf.xml.",2015-06-08 14:59:06.650,Metasploit
CVE-2015-3035,0.0,0.58993,"Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310 allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/.",2015-04-22 01:59:02.553,CISA/Metasploit/Nuclei
CVE-2015-3043,0.0,0.02529,"Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in April 2015, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, and CVE-2015-3042.",2015-04-14 22:59:21.323,CISA/Metasploit
CVE-2015-3090,0.0,0.97378,"Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3078, CVE-2015-3089, and CVE-2015-3093.",2015-05-13 11:00:21.097,EPSS/Metasploit
CVE-2015-3105,0.0,0.97377,"Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.",2015-06-10 01:59:47.097,EPSS/Metasploit
CVE-2015-3113,0.0,0.96082,"Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in June 2015.",2015-06-23 21:59:01.960,EPSS/CISA/Metasploit
CVE-2015-3224,0.0,0.92904,"request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelisted_ips protection mechanism via a crafted request.",2015-07-26 22:59:03.023,Metasploit/Nuclei
CVE-2015-3245,0.0,0.00042,"Incomplete blacklist vulnerability in the chfn function in libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, allows local users to cause a denial of service (/etc/passwd corruption) via a newline character in the GECOS field.",2015-08-11 14:59:05.570,Metasploit
CVE-2015-3246,0.0,0.00042,"libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service (inconsistent file state) by causing an error during the modification. NOTE: this issue can be combined with CVE-2015-3245 to gain privileges.",2015-08-11 14:59:07.040,Metasploit
CVE-2015-3306,0.0,0.97091,The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.,2015-05-18 15:59:10.743,EPSS/Metasploit/Nuclei
CVE-2015-3315,0.0,0.00078,"Automatic Bug Reporting Tool (ABRT) allows local users to read, change the ownership of, or have other unspecified impact on arbitrary files via a symlink attack on (1) /var/tmp/abrt/*/maps, (2) /tmp/jvm-*/hs_error.log, (3) /proc/*/exe, (4) /etc/os-release in a chroot, or (5) an unspecified root directory related to librpm.",2017-06-26 15:29:00.427,Metasploit
CVE-2015-3337,0.0,0.96187,"Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, allows remote attackers to read arbitrary files via unspecified vectors.",2015-05-01 15:59:06.850,EPSS/Nuclei
CVE-2015-3628,0.0,0.60062,"The iControl API in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.0 before 11.5.3 HF2 and 11.6.0 before 11.6.0 HF6, BIG-IP AAM 11.4.0 before 11.5.3 HF2 and 11.6.0 before 11.6.0 HF6, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.3.0, BIG-IP GTM 11.3.0 before 11.6.0 HF6, BIG-IP PSM 11.3.0 through 11.4.1, Enterprise Manager 3.1.0 through 3.1.1, BIG-IQ Cloud and Security 4.0.0 through 4.5.0, BIG-IQ Device 4.2.0 through 4.5.0, and BIG-IQ ADC 4.5.0 allows remote authenticated users with the ""Resource Administrator"" role to gain privileges via an iCall (1) script or (2) handler in a SOAP request to iControl/iControlPortal.cgi.",2015-12-07 20:59:04.587,Metasploit
CVE-2015-3648,0.0,0.01342,Directory traversal vulnerability in pages/setup.php in Montala Limited ResourceSpace before 7.2.6727 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the defaultlanguage parameter.,2015-06-09 14:59:04.223,Nuclei
CVE-2015-3673,0.0,0.00047,"Admin Framework in Apple OS X before 10.10.4 does not properly restrict the location of writeconfig clients, which allows local users to obtain root privileges by moving and then modifying Directory Utility.",2015-07-03 01:59:30.417,Metasploit
CVE-2015-3760,0.0,0.00053,"dyld in Apple OS X before 10.10.5 does not properly validate pathnames in the environment, which allows local users to gain privileges via unspecified vectors.",2015-08-16 23:59:33.377,Metasploit
CVE-2015-3864,0.0,0.97022,"Integer underflow in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android before 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted MPEG-4 data, aka internal bug 23034759.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3824.",2015-10-01 00:59:31.560,EPSS/Metasploit
CVE-2015-3897,0.0,0.47853,Directory traversal vulnerability in Bonita BPM Portal before 6.5.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the theme parameter and a file path in the location parameter to bonita/portal/themeResource.,2015-06-18 18:59:01.303,Nuclei
CVE-2015-4000,0.0,0.97405,"The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the ""Logjam"" issue.",2015-05-21 00:59:00.087,EPSS/Metasploit
CVE-2015-4031,0.0,0.95552,Directory traversal vulnerability in saveFile.jsp in the development installation in Visual Mining NetChart allows remote attackers to write to arbitrary files via unspecified vectors.,2015-05-29 15:59:17.123,EPSS
CVE-2015-4050,0.0,0.00598,"FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the _controller attribute is set, which allows remote attackers to bypass URL signing and security rules by including (1) no hash or (2) an invalid hash in a request to /_fragment.",2015-06-02 14:59:12.253,Nuclei
CVE-2015-4062,0.0,0.0272,SQL injection vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the where1 parameter in the nsp_search page to wp-admin/admin.php.,2015-05-27 18:59:03.023,Nuclei
CVE-2015-4063,0.0,0.04016,Cross-site scripting (XSS) vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the where1 parameter in the nsp_search page to wp-admin/admin.php.,2015-05-27 18:59:04.163,Nuclei
CVE-2015-4068,0.0,0.97319,Directory traversal vulnerability in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive information or cause a denial of service via a crafted file path to the (1) reportFileServlet or (2) exportServlet servlet.,2015-05-29 15:59:23.327,EPSS/CISA
CVE-2015-4074,0.0,0.00598,Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a ticket.download_attachment task.,2017-09-20 16:29:00.643,Nuclei
CVE-2015-4127,0.0,0.0034,"Cross-site scripting (XSS) vulnerability in the church_admin plugin before 0.810 for WordPress allows remote attackers to inject arbitrary web script or HTML via the address parameter, as demonstrated by a request to index.php/2015/05/21/church_admin-registration-form/.",2015-05-28 14:59:08.440,Nuclei
CVE-2015-4133,0.0,0.83331,"Unrestricted file upload vulnerability in admin/scripts/FileUploader/php.php in the ReFlex Gallery plugin before 3.1.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in uploads/ directory.",2015-05-28 14:59:10.690,Metasploit
CVE-2015-4414,0.0,0.12486,Directory traversal vulnerability in download_audio.php in the SE HTML5 Album Audio Player (se-html5-album-audio-player) plugin 1.1.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.,2015-06-17 18:59:08.407,Nuclei
CVE-2015-4455,0.0,0.55856,"Unrestricted file upload vulnerability in includes/upload.php in the Aviary Image Editor Add-on For Gravity Forms plugin 3.0 beta for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/gform_aviary.",2017-05-23 04:29:00.447,Nuclei
CVE-2015-4495,0.0,0.96793,"The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015.",2015-08-08 00:59:04.597,EPSS/CISA/Metasploit
CVE-2015-4632,0.0,0.01619,"Multiple directory traversal vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the template_path parameter to (1) svc/virtualshelves/search or (2) svc/members/search.",2018-10-18 21:29:01.333,Nuclei
CVE-2015-4666,0.0,0.01686,Directory traversal vulnerability in opm/read_sessionlog.php in Xceedium Xsuite 2.4.4.5 and earlier allows remote attackers to read arbitrary files via a ....// (quadruple dot double slash) in the logFile parameter.,2015-08-13 14:59:05.173,Nuclei
CVE-2015-4668,0.0,0.00397,Open redirect vulnerability in Xsuite 2.4.4.5 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirurl parameter.,2017-09-25 17:29:00.320,Nuclei
CVE-2015-4694,0.0,0.02304,Directory traversal vulnerability in download.php in the Zip Attachments plugin before 1.5.1 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the za_file parameter.,2016-01-08 20:59:01.263,Nuclei
CVE-2015-4852,9.8,0.96725,"The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_common/modules/com.bea.core.apache.commons.collections.jar. NOTE: the scope of this CVE is limited to the WebLogic Server product.",2015-11-18 15:59:00.133,EPSS/CISA/Metasploit
CVE-2015-4902,0.0,0.00861,"Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60 allows remote attackers to affect integrity via unknown vectors related to Deployment.",2015-10-22 00:00:03.093,CISA
CVE-2015-5082,0.0,0.96346,Endian Firewall before 3.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) NEW_PASSWORD_1 or (2) NEW_PASSWORD_2 parameter to cgi-bin/chpasswd.cgi.,2015-09-28 15:59:00.097,EPSS/Metasploit
CVE-2015-5119,0.0,0.97409,"Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015.",2015-07-08 14:59:05.677,EPSS/CISA/Metasploit
CVE-2015-5122,0.0,0.97314,"Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property, as exploited in the wild in July 2015.",2015-07-14 10:59:00.213,EPSS/CISA/Metasploit
CVE-2015-5123,0.0,0.2242,"Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015.",2015-07-14 10:59:01.337,CISA
CVE-2015-5287,0.0,0.0009,"The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users with certain permissions to gain privileges via a symlink attack on a file with a predictable name, as demonstrated by /var/tmp/abrt/abrt-hax-coredump or /var/spool/abrt/abrt-hax-coredump.",2015-12-07 18:59:02.230,Metasploit
CVE-2015-5317,0.0,0.04876,The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name information via a direct request.,2015-11-25 20:59:07.680,CISA
CVE-2015-5354,0.0,0.00166,Open redirect vulnerability in Novius OS 5.0.1 (Elche) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter to admin/nos/login.,2015-07-01 16:59:01.130,Nuclei
CVE-2015-5371,0.0,0.9734,The AuthenticationFilter class in SolarWinds Storage Manager allows remote attackers to upload and execute arbitrary scripts via unspecified vectors.,2015-07-06 14:59:06.157,EPSS/Metasploit
CVE-2015-5453,0.0,0.0185,Watchguard XCS 9.2 and 10.0 before build 150522 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the id parameter to ADMIN/mailqueue.spl.,2015-07-08 15:59:05.647,Metasploit
CVE-2015-5461,0.0,0.0055,Open redirect vulnerability in the Redirect function in stageshow_redirect.php in the StageShow plugin before 5.0.9 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter.,2015-07-08 16:59:04.147,Nuclei
CVE-2015-5469,0.0,0.02243,Absolute path traversal vulnerability in the MDC YouTube Downloader plugin 2.1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter to includes/download.php.,2017-05-23 04:29:00.837,Nuclei
CVE-2015-5471,0.0,0.14014,Absolute path traversal vulnerability in include/user/download.php in the Swim Team plugin 1.44.10777 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter.,2016-01-12 19:59:03.893,Nuclei
CVE-2015-5477,0.0,0.97267,named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries.,2015-07-29 14:59:05.397,EPSS/Metasploit
CVE-2015-5531,0.0,0.97144,Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls.,2015-08-17 15:59:02.437,EPSS/Metasploit/Nuclei
CVE-2015-5603,0.0,0.55502,"The HipChat for JIRA plugin before 6.30.0 for Atlassian JIRA allows remote authenticated users to execute arbitrary Java code via unspecified vectors, related to ""Velocity Template Injection Vulnerability.""",2015-09-21 19:59:00.137,Metasploit
CVE-2015-5688,0.0,0.00953,Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the PATH_INFO to the default URI.,2015-09-04 15:59:02.680,Nuclei
CVE-2015-5722,0.0,0.96603,buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) by creating a zone containing a malformed DNSSEC key and issuing a query for a name in that zone.,2015-09-05 02:59:03.307,EPSS
CVE-2015-5889,0.0,0.00046,rsh in the remote_cmds component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving environment variables.,2015-10-09 05:59:23.267,Metasploit
CVE-2015-5958,8.8,0.01508,phpFileManager 0.9.8 allows remote attackers to execute arbitrary commands via a crafted URL.,2017-08-31 22:29:00.390,Metasploit
CVE-2015-5986,0.0,0.95812,openpgpkey_61.c in named in ISC BIND 9.9.7 before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted DNS response.,2015-09-05 02:59:04.367,EPSS
CVE-2015-6000,8.8,0.01771,"Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.3.0 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in test/logo/.",2020-02-06 14:15:10.597,Metasploit
CVE-2015-6053,0.0,0.96706,"Microsoft Internet Explorer 11 allows remote attackers to obtain sensitive information from process memory via crafted parameters in an ArrayBuffer.slice call, aka ""Internet Explorer Information Disclosure Vulnerability.""",2015-10-14 01:59:24.733,EPSS
CVE-2015-6127,0.0,0.84737,"Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8, and Windows 8.1 allows remote attackers to read arbitrary files via a crafted .mcl file, aka ""Windows Media Center Information Disclosure Vulnerability.""",2015-12-09 11:59:12.803,Metasploit
CVE-2015-6128,0.0,0.75868,"Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 mishandle library loading, which allows local users to gain privileges via a crafted application, aka ""Windows Library Loading Remote Code Execution Vulnerability.""",2015-12-09 11:59:13.833,Metasploit
CVE-2015-6132,0.0,0.96253,"Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle library loading, which allows local users to gain privileges via a crafted application, aka ""Windows Library Loading Remote Code Execution Vulnerability.""",2015-12-09 11:59:16.897,EPSS/Metasploit
CVE-2015-6133,0.0,0.78695,"Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle library loading, which allows local users to gain privileges via a crafted application, aka ""Windows Library Loading Remote Code Execution Vulnerability.""",2015-12-09 11:59:17.867,Metasploit
CVE-2015-6136,0.0,0.95514,"The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code via a crafted web site, aka ""Scripting Engine Memory Corruption Vulnerability.""",2015-12-09 11:59:20.683,EPSS
CVE-2015-6175,0.0,0.00043,"The kernel in Microsoft Windows 10 Gold allows local users to gain privileges via a crafted application, aka ""Windows Kernel Memory Elevation of Privilege Vulnerability.""",2015-12-09 11:59:56.580,CISA
CVE-2015-6477,0.0,0.00277,Multiple cross-site scripting (XSS) vulnerabilities in the Wind Farm Portal application in Nordex Control 2 (NC2) SCADA 16 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.,2015-10-18 19:59:01.400,Nuclei
CVE-2015-6522,0.0,0.97057,SQL injection vulnerability in the WP Symposium plugin before 15.8 for WordPress allows remote attackers to execute arbitrary SQL commands via the size parameter to get_album_item.php.,2015-08-19 15:59:11.947,EPSS/Metasploit
CVE-2015-6544,0.0,0.00284,Cross-site scripting (XSS) vulnerability in application/dashboard.class.inc.php in Combodo iTop before 2.2.0-2459 allows remote attackers to inject arbitrary web script or HTML via a dashboard title.,2018-02-20 20:29:00.193,Nuclei
CVE-2015-6920,0.0,0.0016,Cross-site scripting (XSS) vulnerability in js/window.php in the sourceAFRICA plugin 0.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter.,2015-09-11 20:59:02.430,Nuclei
CVE-2015-6946,0.0,0.95411,Multiple stack-based buffer overflows in the Reprise License Manager service in Borland AccuRev allow remote attackers to execute arbitrary code via the (1) akey or (2) actserver parameter to the activate_doit function or (3) licfile parameter to the service_startup_doit functionality.,2015-09-15 18:59:05.713,EPSS
CVE-2015-6967,0.0,0.22778,"Unrestricted file upload vulnerability in the My Image plugin in Nibbleblog before 4.0.5 allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in content/private/plugins/my_image/image.php.",2015-09-16 14:59:09.120,Metasploit
CVE-2015-7007,0.0,0.9732,Script Editor in Apple OS X before 10.11.1 allows remote attackers to bypass an intended user-confirmation requirement for AppleScript execution via unspecified vectors.,2015-10-23 21:59:42.000,EPSS/Metasploit
CVE-2015-7243,0.0,0.8187,Buffer overflow in Boxoft WAV to MP3 Converter allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted WAV file.,2015-09-18 16:59:02.027,Metasploit
CVE-2015-7245,0.0,0.96378,"Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remote attackers to read sensitive information via a .. (dot dot) in the errorpage parameter.",2017-04-24 18:59:00.163,EPSS/Nuclei
CVE-2015-7297,0.0,0.97553,"SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7858.",2015-10-29 20:59:08.307,EPSS/Nuclei
CVE-2015-7309,0.0,0.44879,"The theme editor in Bolt before 2.2.5 does not check the file extension when renaming files, which allows remote authenticated users to execute arbitrary code by renaming a crafted file and then directly accessing it.",2015-09-22 15:59:02.480,Metasploit
CVE-2015-7377,0.0,0.00232,Cross-site scripting (XSS) vulnerability in pie-register/pie-register.php in the Pie Register plugin before 2.0.19 for WordPress allows remote attackers to inject arbitrary web script or HTML via the invitaion_code parameter in a pie-register page to the default URI.,2015-10-16 20:59:14.653,Nuclei
CVE-2015-7387,0.0,0.9025,"ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier allows remote attackers to bypass intended restrictions and execute arbitrary SQL commands via an allowed query followed by a disallowed one in the query parameter to event/runQuery.do, as demonstrated by ""SELECT 1;INSERT INTO."" Fixed in Build 11200.",2015-09-28 15:59:04.427,Metasploit
CVE-2015-7450,0.0,0.97009,"Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransformer class in the Apache Commons Collections library.",2016-01-02 21:59:15.800,EPSS/CISA/Metasploit/Nuclei
CVE-2015-7547,0.0,0.9741,"Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing ""dual A/AAAA DNS queries"" and the libnss_dns.so.2 NSS module.",2016-02-18 21:59:00.120,EPSS
CVE-2015-7601,0.0,0.61283,Directory traversal vulnerability in PCMan's FTP Server 2.0.7 allows remote attackers to read arbitrary files via a ..// (dot dot double slash) in a RETR command.,2015-09-29 19:59:09.547,Metasploit
CVE-2015-7602,0.0,0.45755,Directory traversal vulnerability in BisonWare BisonFTP 3.5 allows remote attackers to read arbitrary files via a ../ (dot dot slash) in a RETR command.,2015-09-29 19:59:10.810,Metasploit
CVE-2015-7603,0.0,0.53161,Directory traversal vulnerability in Konica Minolta FTP Utility 1.0 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in a RETR command.,2015-09-29 19:59:11.733,Metasploit
CVE-2015-7611,0.0,0.77433,"Apache James Server 2.3.2, when configured with file-based user repositories, allows attackers to execute arbitrary system commands via unspecified vectors.",2016-06-07 14:06:09.777,Metasploit
CVE-2015-7645,0.0,0.97399,"Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x through 11.2.202.535 on Linux allows remote attackers to execute arbitrary code via a crafted SWF file, as exploited in the wild in October 2015.",2015-10-15 10:59:10.530,EPSS/CISA
CVE-2015-7709,0.0,0.8339,The arkeiad daemon in the Arkeia Backup Agent in Western Digital Arkeia 11.0.12 and earlier allows remote attackers to bypass authentication and execute arbitrary commands via a series of crafted requests involving the ARKFS_EXEC_CMD operation.,2015-10-05 15:59:06.207,Metasploit
CVE-2015-7755,0.0,0.97054,"Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b, and 6.3.0r20 before 6.3.0r21 allows remote attackers to obtain administrative access by entering an unspecified password during a (1) SSH or (2) TELNET session.",2015-12-19 14:59:01.453,EPSS/Metasploit
CVE-2015-7765,0.0,0.78915,"ZOHO ManageEngine OpManager 11.5 build 11600 and earlier uses a hardcoded password of ""plugin"" for the IntegrationUser account, which allows remote authenticated users to obtain administrator access by leveraging knowledge of this password.",2015-10-09 14:59:06.670,Metasploit
CVE-2015-7766,0.0,0.39385,"PGSQL:SubmitQuery.do in ZOHO ManageEngine OpManager 11.6, 11.5, and earlier allows remote administrators to bypass SQL query restrictions via a comment in the query to api/json/admin/SubmitQuery, as demonstrated by ""INSERT/**/INTO.""",2015-10-09 14:59:08.390,Metasploit
CVE-2015-7768,0.0,0.79151,Buffer overflow in Konica Minolta FTP Utility 1.0 allows remote attackers to execute arbitrary code via a long CWD command.,2015-10-09 14:59:10.390,Metasploit
CVE-2015-7780,0.0,0.00151,Directory traversal vulnerability in ManageEngine Firewall Analyzer before 8.0.,2017-06-27 20:29:00.637,Nuclei
CVE-2015-7808,0.0,0.76046,The vB_Api_Hook::decodeArguments method in vBulletin 5 Connect 5.1.2 through 5.1.9 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in the arguments parameter to ajax/api/hook/decodeArguments.,2015-11-24 20:59:07.983,Metasploit
CVE-2015-7823,0.0,0.00233,Open redirect vulnerability in CMSPages/GetDocLink.ashx in Kentico CMS 8.2 through 8.2.41 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the link parameter.,2015-10-21 15:59:02.977,Nuclei
CVE-2015-7855,6.5,0.97069,"The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value.",2017-08-07 20:29:00.950,EPSS
CVE-2015-7858,0.0,0.81423,"SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7297.",2015-10-29 20:59:12.243,Metasploit
CVE-2015-7871,9.8,0.97024,"Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.",2017-08-07 20:29:00.997,EPSS/Metasploit
CVE-2015-8000,0.0,0.95537,db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute.,2015-12-16 15:59:01.427,EPSS
CVE-2015-8249,0.0,0.96552,The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and execute arbitrary files via the ConnectionId parameter.,2017-09-28 01:29:00.777,EPSS/Metasploit
CVE-2015-8279,0.0,0.58102,Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to read arbitrary files via a request to an unspecified PHP script.,2016-01-15 03:59:10.763,Metasploit
CVE-2015-8349,0.0,0.0013,Cross-site scripting (XSS) vulnerability in SourceBans before 2.0 pre-alpha allows remote attackers to inject arbitrary web script or HTML via the advSearch parameter to index.php.,2017-09-11 20:29:00.377,Nuclei
CVE-2015-8399,0.0,0.9655,Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action.,2016-04-11 21:59:11.320,EPSS/Nuclei
CVE-2015-8562,0.0,0.97311,"Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015.",2015-12-16 21:59:06.390,EPSS/Metasploit
CVE-2015-8612,0.0,0.00514,The EnableNetwork method in the Network class in plugins/mechanism/Network.py in Blueman before 2.0.3 allows local users to gain privileges via the dhcp_handler argument.,2016-01-08 19:59:16.350,Metasploit
CVE-2015-8651,0.0,0.17948,"Integer overflow in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors.",2015-12-28 23:59:19.050,CISA
CVE-2015-8660,6.7,0.00115,"The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application.",2015-12-28 11:59:08.093,Metasploit
CVE-2015-8704,0.0,0.95805,"apl_42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed Address Prefix List (APL) record.",2016-01-20 15:59:00.330,EPSS
CVE-2015-8813,0.0,0.00511,The Page_Load function in Umbraco.Web/umbraco.presentation/umbraco/dashboard/FeedProxy.aspx.cs in Umbraco before 7.4.0 allows remote attackers to conduct server-side request forgery (SSRF) attacks via the url parameter.,2017-03-03 16:59:00.153,Nuclei
CVE-2015-9312,0.0,0.00088,The newstatpress plugin before 1.0.5 for WordPress has XSS related to an IMG element.,2019-08-14 15:15:11.347,Nuclei
CVE-2015-9323,9.8,0.0071,The 404-to-301 plugin before 2.0.3 for WordPress has SQL injection.,2019-08-16 21:15:10.487,Nuclei
CVE-2015-9414,6.1,0.00111,The wp-symposium plugin through 15.8.1 for WordPress has XSS via the wp-content/plugins/wp-symposium/get_album_item.php?size parameter.,2019-09-26 00:15:10.570,Nuclei
CVE-2015-9480,7.5,0.31598,The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter.,2019-10-10 17:15:16.233,Nuclei
CVE-2016-0015,0.0,0.96023,"DirectShow in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted file, aka ""DirectShow Heap Corruption Remote Code Execution Vulnerability.""",2016-01-13 05:59:12.997,EPSS
CVE-2016-0034,0.0,0.78826,"Microsoft Silverlight 5 before 5.1.41212.0 mishandles negative offsets during decoding, which allows remote attackers to execute arbitrary code or cause a denial of service (object-header corruption) via a crafted web site, aka ""Silverlight Runtime Remote Code Execution Vulnerability.""",2016-01-13 05:59:22.657,CISA
CVE-2016-0040,0.0,0.00044,"The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka ""Windows Elevation of Privilege Vulnerability.""",2016-02-10 11:59:06.440,CISA/Metasploit
CVE-2016-0041,0.0,0.91047,"Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold and 1511, and Internet Explorer 10 and 11 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka ""DLL Loading Remote Code Execution Vulnerability.""",2016-02-10 11:59:07.423,Metasploit
CVE-2016-0051,0.0,0.00053,"The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka ""WebDAV Elevation of Privilege Vulnerability.""",2016-02-10 11:59:15.567,Metasploit
CVE-2016-0099,0.0,0.00044,"The Secondary Logon Service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 does not properly process request handles, which allows local users to gain privileges via a crafted application, aka ""Secondary Logon Elevation of Privilege Vulnerability.""",2016-03-09 11:59:09.590,CISA/Metasploit
CVE-2016-0100,0.0,0.0588,"Microsoft Windows Vista SP2 and Server 2008 SP2 mishandle library loading, which allows local users to gain privileges via a crafted application, aka ""Library Loading Input Validation Remote Code Execution Vulnerability.""",2016-03-09 11:59:10.527,Metasploit
CVE-2016-0151,0.0,0.95646,"The Client-Server Run-time Subsystem (CSRSS) in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mismanages process tokens, which allows local users to gain privileges via a crafted application, aka ""Windows CSRSS Security Feature Bypass Vulnerability.""",2016-04-12 23:59:15.890,EPSS/CISA
CVE-2016-0162,0.0,0.05124,"Microsoft Internet Explorer 9 through 11 allows remote attackers to determine the existence of files via crafted JavaScript code, aka ""Internet Explorer Information Disclosure Vulnerability.""",2016-04-12 23:59:26.410,CISA
CVE-2016-0165,0.0,0.00519,"The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka ""Win32k Elevation of Privilege Vulnerability,"" a different vulnerability than CVE-2016-0143 and CVE-2016-0167.",2016-04-12 23:59:28.303,CISA
CVE-2016-0167,0.0,0.00093,"The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka ""Win32k Elevation of Privilege Vulnerability,"" a different vulnerability than CVE-2016-0143 and CVE-2016-0165.",2016-04-12 23:59:30.430,CISA
CVE-2016-0185,0.0,0.97118,"Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, and Windows 8.1 allows remote attackers to execute arbitrary code via a crafted Media Center link (aka .mcl) file, aka ""Windows Media Center Remote Code Execution Vulnerability.""",2016-05-11 01:59:26.097,EPSS/CISA
CVE-2016-0189,0.0,0.97304,"The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Scripting Engine Memory Corruption Vulnerability,"" a different vulnerability than CVE-2016-0187.",2016-05-11 01:59:30.537,EPSS/CISA/Metasploit
CVE-2016-0489,0.0,0.95167,"Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Test Manager for Web Apps.  NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the ActionServlet servlet, which allows remote authenticated users to upload and execute arbitrary files via directory traversal sequences in the tempfilename parameter in a ReportImage action.",2016-01-21 03:00:37.540,EPSS
CVE-2016-0491,0.0,0.95953,Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect integrity and availability via unknown vectors related to Load Testing for Web Apps.  NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that the UploadFileAction servlet allows remote authenticated users to upload and execute arbitrary files via an * (asterisk) character in the fileType parameter.,2016-01-21 03:00:39.387,EPSS/Metasploit
CVE-2016-0492,0.0,0.97121,"Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Load Testing for Web Apps, a different vulnerability than CVE-2016-0488.  NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the isAllowedUrl function, which allows remote attackers to bypass authentication via directory traversal sequences following a URI entry that does not require authentication, as demonstrated by olt/Login.do/../../olt/UploadFileUpload.do.",2016-01-21 03:00:40.353,EPSS/Metasploit
CVE-2016-0709,0.0,0.21714,"Directory traversal vulnerability in the Import/Export function in the Portal Site Manager in Apache Jetspeed before 2.3.1 allows remote authenticated administrators to write to arbitrary files, and consequently execute arbitrary code, via a .. (dot dot) in a ZIP archive entry, as demonstrated by ""../../webapps/x.jsp.""",2016-04-11 14:59:01.677,Metasploit
CVE-2016-0710,0.0,0.1189,Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the (1) role or (2) user parameter to services/usermanager/users/.,2016-04-11 14:59:03.160,Metasploit
CVE-2016-0752,0.0,0.97361,"Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname.",2016-02-16 02:59:06.783,EPSS/CISA/Metasploit
CVE-2016-0792,0.0,0.97164,"Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to execute arbitrary code via serialized data in an XML file, related to XStream and groovy.util.Expando.",2016-04-07 23:59:03.957,EPSS/Metasploit
CVE-2016-0800,0.0,0.95243,"The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ""DROWN"" attack.",2016-03-01 20:59:00.253,EPSS/Metasploit
CVE-2016-0854,0.0,0.55337,Unrestricted file upload vulnerability in the uploadImageCommon function in the UploadAjaxAction script in the WebAccess Dashboard Viewer in Advantech WebAccess before 8.1 allows remote attackers to write to files of arbitrary types via unspecified vectors.,2016-01-15 03:59:16.407,Metasploit
CVE-2016-0957,0.0,0.03344,"Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 does not properly implement a URL filter, which allows remote attackers to bypass dispatcher rules via unspecified vectors.",2016-02-10 20:59:09.967,Nuclei
CVE-2016-0984,8.8,0.06494,"Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0982, and CVE-2016-0983.",2016-02-10 20:59:32.563,CISA
CVE-2016-1000126,0.0,0.00119,Reflected XSS in wordpress plugin admin-font-editor v1.8,2016-10-10 20:59:00.173,Nuclei
CVE-2016-1000127,0.0,0.00119,Reflected XSS in wordpress plugin ajax-random-post v2.00,2016-10-10 20:59:01.563,Nuclei
CVE-2016-1000128,0.0,0.00142,Reflected XSS in wordpress plugin anti-plagiarism v3.60,2016-10-10 20:59:03.000,Nuclei
CVE-2016-1000129,0.0,0.00119,Reflected XSS in wordpress plugin defa-online-image-protector v3.3,2016-10-10 20:59:04.080,Nuclei
CVE-2016-1000130,0.0,0.00093,Reflected XSS in wordpress plugin e-search v1.0,2016-10-10 20:59:05.220,Nuclei
CVE-2016-1000131,0.0,0.00142,Reflected XSS in wordpress plugin e-search v1.0,2016-10-10 20:59:06.457,Nuclei
CVE-2016-1000132,0.0,0.00116,Reflected XSS in wordpress plugin enhanced-tooltipglossary v3.2.8,2016-10-10 20:59:07.783,Nuclei
CVE-2016-1000133,0.0,0.00142,Reflected XSS in wordpress plugin forget-about-shortcode-buttons v1.1.1,2016-10-10 20:59:09.080,Nuclei
CVE-2016-1000134,0.0,0.00142,Reflected XSS in wordpress plugin hdw-tube v1.2,2016-10-10 20:59:10.190,Nuclei
CVE-2016-1000135,0.0,0.00142,Reflected XSS in wordpress plugin hdw-tube v1.2,2016-10-10 20:59:11.313,Nuclei
CVE-2016-1000136,0.0,0.00119,Reflected XSS in wordpress plugin heat-trackr v1.0,2016-10-10 20:59:12.517,Nuclei
CVE-2016-1000137,0.0,0.00142,Reflected XSS in wordpress plugin hero-maps-pro v2.1.0,2016-10-10 20:59:13.550,Nuclei
CVE-2016-1000138,0.0,0.00119,Reflected XSS in wordpress plugin indexisto v1.0.5,2016-10-10 20:59:14.643,Nuclei
CVE-2016-1000139,0.0,0.00116,Reflected XSS in wordpress plugin infusionsoft v1.5.11,2016-10-10 20:59:15.753,Nuclei
CVE-2016-1000140,0.0,0.00119,Reflected XSS in wordpress plugin new-year-firework v1.1.9,2016-10-10 20:59:17.003,Nuclei
CVE-2016-1000141,0.0,0.00142,Reflected XSS in wordpress plugin page-layout-builder v1.9.3,2016-10-10 20:59:18.097,Nuclei
CVE-2016-1000142,0.0,0.00103,Reflected XSS in wordpress plugin parsi-font v4.2.5,2016-10-10 20:59:19.300,Nuclei
CVE-2016-1000143,0.0,0.00142,Reflected XSS in wordpress plugin photoxhibit v2.1.8,2016-10-10 20:59:20.470,Nuclei
CVE-2016-1000146,0.0,0.00119,Reflected XSS in wordpress plugin pondol-formmail v1.1,2016-10-10 20:59:24.160,Nuclei
CVE-2016-1000148,0.0,0.00119,Reflected XSS in wordpress plugin s3-video v0.983,2016-10-10 20:59:26.567,Nuclei
CVE-2016-1000149,0.0,0.00119,Reflected XSS in wordpress plugin simpel-reserveren v3.5.2,2016-10-10 20:59:27.567,Nuclei
CVE-2016-1000152,0.0,0.00353,Reflected XSS in wordpress plugin tidio-form v1.0,2016-10-10 20:59:30.673,Nuclei
CVE-2016-1000153,0.0,0.00142,Reflected XSS in wordpress plugin tidio-gallery v1.1,2016-10-10 20:59:31.877,Nuclei
CVE-2016-1000154,0.0,0.00142,Reflected XSS in wordpress plugin whizz v1.0.7,2016-10-10 20:59:32.940,Nuclei
CVE-2016-1000155,0.0,0.00103,Reflected XSS in wordpress plugin wpsolr-search-engine v7.6,2016-10-10 20:59:33.940,Nuclei
CVE-2016-1000282,0.0,0.00648,Haraka version 2.8.8 and earlier comes with a plugin for processing attachments for zip files. Versions 2.8.8 and earlier can be vulnerable to command injection.,2019-02-05 17:29:00.233,Metasploit
CVE-2016-10033,9.8,0.97129,"The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \"" (backslash double quote) in a crafted Sender property.",2016-12-30 19:59:00.137,EPSS/Nuclei
CVE-2016-10034,0.0,0.96408,"The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \"" (backslash double quote) in a crafted e-mail address.",2016-12-30 19:59:00.217,EPSS
CVE-2016-10045,9.8,0.96686,The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-10033.,2016-12-30 19:59:00.247,EPSS/Metasploit
CVE-2016-10073,0.0,0.00798,"The from method in library/core/class.email.php in Vanilla Forums before 2.3.1 allows remote attackers to spoof the email domain in sent messages and potentially obtain sensitive information via a crafted HTTP Host header, as demonstrated by a password reset request.",2017-05-23 04:29:01.180,Metasploit
CVE-2016-1008,0.0,0.96115,"Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.",2016-03-09 11:59:38.390,EPSS
CVE-2016-1010,8.8,0.94129,"Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0963 and CVE-2016-0993.",2016-03-12 15:59:25.090,CISA
CVE-2016-10108,0.0,0.84634,Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/google_analytics.php URL via a modified arg parameter in the POST data.,2017-01-03 06:59:00.230,Metasploit/Nuclei
CVE-2016-10134,0.0,0.04476,SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php.,2017-02-17 02:59:10.623,Metasploit/Nuclei
CVE-2016-10174,0.0,0.97165,The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution.,2017-01-30 04:59:00.157,EPSS/CISA/Metasploit
CVE-2016-10175,0.0,0.10556,"The NETGEAR WNR2000v5 router leaks its serial number when performing a request to the /BRS_netgear_success.html URI. This serial number allows a user to obtain the administrator username and password, when used in combination with the CVE-2016-10176 vulnerability that allows resetting the answers to the password-recovery questions.",2017-01-30 04:59:00.203,Metasploit
CVE-2016-10176,0.0,0.29595,"The NETGEAR WNR2000v5 router allows an administrator to perform sensitive actions by invoking the apply.cgi URL on the web server of the device. This special URL is handled by the embedded web server (uhttpd) and processed accordingly. The web server also contains another URL, apply_noauth.cgi, that allows an unauthenticated user to perform sensitive actions on the device. This functionality can be exploited to change the router settings (such as the answers to the password-recovery questions) and achieve remote code execution.",2017-01-30 04:59:00.250,Metasploit
CVE-2016-1019,9.8,0.95317,"Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, as exploited in the wild in April 2016.",2016-04-07 10:59:01.447,EPSS/CISA
CVE-2016-10225,7.8,0.00053,"The sunxi-debug driver in Allwinner 3.4 legacy kernel for H3, A83T and H8 devices allows local users to gain root privileges by sending ""rootmydevice"" to /proc/sunxi_debug/sunxi_debug.",2017-03-27 17:59:00.383,Metasploit
CVE-2016-10367,0.0,0.01001,"In Opsview Monitor Pro (Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch), an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request utilizing a simple URL encoding bypass, %252f instead of /.",2017-05-03 10:59:00.240,Nuclei
CVE-2016-10368,0.0,0.00153,"Open redirect vulnerability in Opsview Monitor Pro (Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the back parameter to the /login URI.",2017-05-03 10:59:00.270,Nuclei
CVE-2016-10372,0.0,0.97332,"The Eir D1000 modem does not properly restrict the TR-064 protocol, which allows remote attackers to execute arbitrary commands via TCP port 7547, as demonstrated by opening WAN access to TCP port 80, retrieving the login password (which defaults to the Wi-Fi password), and using the NewNTPServer feature.",2017-05-16 14:29:02.010,EPSS/Metasploit
CVE-2016-10709,0.0,0.49337,"pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the status_rrd_graph_img.php graph parameter, related to _rrd_graph_img.php.",2018-01-22 04:29:00.203,Metasploit
CVE-2016-10924,0.0,0.01089,The ebook-download plugin before 1.2 for WordPress has directory traversal.,2019-08-22 14:15:11.680,Nuclei
CVE-2016-10940,7.2,0.00703,The zm-gallery plugin 1.0 for WordPress has SQL injection via the order parameter.,2019-09-13 12:15:10.830,Nuclei
CVE-2016-10956,7.5,0.01135,The mail-masta plugin 1.0 for WordPress has local file inclusion in count_of_send.php and csvexport.php.,2019-09-16 12:15:10.037,Nuclei
CVE-2016-10960,8.8,0.02322,The wsecure plugin before 2.4 for WordPress has remote code execution via shell metacharacters in the wsecure-config.php publish parameter.,2019-09-16 13:15:10.510,Nuclei
CVE-2016-10973,6.1,0.00177,The Brafton plugin before 3.4.8 for WordPress has XSS via the wp-admin/admin.php?page=BraftonArticleLoader tab parameter to BraftonAdminPage.php.,2019-09-16 17:15:12.997,Nuclei
CVE-2016-10993,5.4,0.00245,The ScoreMe theme through 2016-04-01 for WordPress has XSS via the s parameter.,2019-09-17 15:15:12.910,Nuclei
CVE-2016-11021,7.2,0.96298,setSystemCommand on D-Link DCS-930L devices before 2.12 allows a remote attacker to execute code via an OS command in the SystemCommand parameter.,2020-03-09 01:15:10.780,EPSS/CISA
CVE-2016-1209,0.0,0.92948,The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request.,2016-05-14 15:59:03.020,Metasploit
CVE-2016-1240,0.0,0.00043,"The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before 8.0.14-1+deb8u3 on Debian jessie and the tomcat6 and libtomcat6-java packages before 6.0.35-1ubuntu3.8 on Ubuntu 12.04 LTS, the tomcat7 and libtomcat7-java packages before 7.0.52-1ubuntu0.7 on Ubuntu 14.04 LTS, and tomcat8 and libtomcat8-java packages before 8.0.32-1ubuntu1.2 on Ubuntu 16.04 LTS allows local users with access to the tomcat account to gain root privileges via a symlink attack on the Catalina log file, as demonstrated by /var/log/tomcat7/catalina.out.",2016-10-03 15:59:00.207,Metasploit
CVE-2016-1287,0.0,0.9688,"Buffer overflow in the IKEv1 and IKEv2 implementations in Cisco ASA Software before 8.4(7.30), 8.7 before 8.7(1.18), 9.0 before 9.0(4.38), 9.1 before 9.1(7), 9.2 before 9.2(4.5), 9.3 before 9.3(3.7), 9.4 before 9.4(2.4), and 9.5 before 9.5(2.2) on ASA 5500 devices, ASA 5500-X devices, ASA Services Module for Cisco Catalyst 6500 and Cisco 7600 devices, ASA 1000V devices, Adaptive Security Virtual Appliance (aka ASAv), Firepower 9300 ASA Security Module, and ISA 3000 devices allows remote attackers to execute arbitrary code or cause a denial of service (device reload) via crafted UDP packets, aka Bug IDs CSCux29978 and CSCux42019.",2016-02-11 18:59:00.137,EPSS
CVE-2016-1524,0.0,0.95808,"Multiple unrestricted file upload vulnerabilities in NETGEAR Management System NMS300 1.5.0.11 and earlier allow remote attackers to execute arbitrary Java code by using (1) fileUpload.do or (2) lib-1.0/external/flash/fileUpload.do to upload a JSP file, and then accessing it via a direct request for a /null URI.",2016-02-13 02:59:09.900,EPSS/Metasploit
CVE-2016-1525,0.0,0.26421,Directory traversal vulnerability in data/config/image.do in NETGEAR Management System NMS300 1.5.0.11 and earlier allows remote authenticated users to read arbitrary files via a .. (dot dot) in the realName parameter.,2016-02-13 02:59:10.900,Metasploit
CVE-2016-1531,0.0,0.00057,"Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument.",2016-04-07 23:59:04.847,Metasploit
CVE-2016-1542,0.0,0.33888,"The RPC API in RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and enumerate users by sending an action packet to xmlrpc after an authorization failure.",2016-06-13 14:59:00.150,Metasploit
CVE-2016-1543,0.0,0.33888,"The RPC API in the RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and reset arbitrary user passwords by sending an action packet to xmlrpc after an authorization failure.",2016-06-13 14:59:01.540,Metasploit
CVE-2016-1555,0.0,0.97355,"(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands.",2017-04-21 15:59:00.333,EPSS/CISA/Metasploit/Nuclei
CVE-2016-1560,0.0,0.01572,"ExaGrid appliances with firmware before 4.8 P26 have a default password of (1) inflection for the root shell account and (2) support for the support account in the web interface, which allows remote attackers to obtain administrative access via an SSH or HTTP session.",2017-04-21 20:59:00.447,Metasploit
CVE-2016-1561,0.0,0.01061,"ExaGrid appliances with firmware before 4.8 P26 have a default SSH public key in the authorized_keys file for root, which allows remote attackers to obtain SSH access by leveraging knowledge of a private key from another installation or a firmware image.",2017-04-21 20:59:00.477,Metasploit
CVE-2016-1593,0.0,0.86816,Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a .. (dot dot) in a filename within a multipart/form-data POST request to a LiveTime.woa URL.,2016-04-22 10:59:00.123,Metasploit
CVE-2016-1646,0.0,0.04289,"The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted JavaScript code.",2016-03-29 10:59:00.160,CISA
CVE-2016-1713,0.0,0.00552,"Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.4.0 allows remote authenticated users to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct request to the file in test/logo/.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6000.",2017-04-14 18:59:00.237,Metasploit
CVE-2016-1909,0.0,0.68188,"Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch 3.3.x before 3.3.3; FortiCache 3.0.x before 3.0.8; and FortiOS 4.1.x before 4.1.11, 4.2.x before 4.2.16, 4.3.x before 4.3.17 and 5.0.x before 5.0.8 have a hardcoded passphrase for the Fortimanager_Access account, which allows remote attackers to obtain administrative access via an SSH session.",2016-01-15 20:59:00.100,Metasploit
CVE-2016-1960,0.0,0.96256,"Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) by leveraging mishandling of end tags, as demonstrated by incorrect SVG processing, aka ZDI-CAN-3545.",2016-03-13 18:59:09.617,EPSS
CVE-2016-20017,9.8,0.01402,"D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as exploited in the wild in 2016 through 2022.",2022-10-19 05:15:08.817,CISA
CVE-2016-2004,0.0,0.36944,"HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2623.",2016-04-21 11:00:04.743,Metasploit/Nuclei
CVE-2016-2055,0.0,0.89416,"xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to read arbitrary files in the configuration directory via a ""config"" command.",2016-04-13 16:59:05.440,Metasploit
CVE-2016-2056,0.0,0.77016,"xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the adduser_name argument in (1) web/useradm.c or (2) web/chpasswd.c.",2016-04-13 16:59:06.550,Metasploit
CVE-2016-2098,0.0,0.94666,"Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.",2016-04-07 23:59:06.643,Metasploit
CVE-2016-2107,5.9,0.96737,"The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.",2016-05-05 01:59:03.200,EPSS
CVE-2016-2203,0.0,0.00099,The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to discover an encrypted AD password by leveraging certain read privileges.,2016-04-22 18:59:05.223,Metasploit
CVE-2016-2296,0.0,0.38966,"Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited does not require authentication for ""post-admin"" login pages, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors.",2016-05-14 16:59:02.227,Metasploit
CVE-2016-2298,0.0,0.00536,"Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to obtain sensitive cleartext information via unspecified vectors.",2016-05-14 16:59:04.243,Metasploit
CVE-2016-2386,9.8,0.3317,"SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2101079.",2016-02-16 15:59:00.133,CISA
CVE-2016-2388,5.3,0.01258,"The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request, aka SAP Security Note 2256846.",2016-02-16 15:59:02.103,CISA
CVE-2016-2389,0.0,0.22139,"Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the Path parameter to /Catalog, aka SAP Security Note 2230978.",2016-02-16 15:59:03.023,Nuclei
CVE-2016-2555,0.0,0.81979,SQL injection vulnerability in include/lib/mysql_connect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbitrary SQL commands via the searchFriends function to friends.inc.php.,2017-04-13 14:59:01.637,Metasploit
CVE-2016-2569,0.0,0.95672,"Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header.",2016-02-27 05:59:03.843,EPSS
CVE-2016-2776,0.0,0.97182,"buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.",2016-09-28 10:59:00.157,EPSS/Metasploit
CVE-2016-3081,0.0,0.97524,"Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions.",2016-04-26 14:59:02.207,EPSS/Metasploit/Nuclei
CVE-2016-3082,0.0,0.95903,"XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1 allows remote attackers to execute arbitrary code via the stylesheet location parameter.",2016-04-26 14:59:03.190,EPSS
CVE-2016-3087,0.0,0.46493,"Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin.",2016-06-07 18:59:02.713,Metasploit
CVE-2016-3088,0.0,0.83955,The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request.,2016-06-01 20:59:04.123,CISA/Metasploit/Nuclei
CVE-2016-3213,0.0,0.90962,"The Web Proxy Auto Discovery (WPAD) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold and 1511, and Internet Explorer 9 through 11 has an improper fallback mechanism, which allows remote attackers to gain privileges via NetBIOS name responses, aka ""WPAD Elevation of Privilege Vulnerability.""",2016-06-16 01:59:17.713,Metasploit
CVE-2016-3235,0.0,0.01552,"Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 mishandle library loading, which allows local users to gain privileges via a crafted application, aka ""Microsoft Office OLE DLL Side Loading Vulnerability.""",2016-06-16 01:59:36.983,CISA/Metasploit
CVE-2016-3236,0.0,0.91821,"The Web Proxy Auto Discovery (WPAD) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandles proxy discovery, which allows remote attackers to redirect network traffic via unspecified vectors, aka ""Windows WPAD Proxy Discovery Elevation of Privilege Vulnerability.""",2016-06-16 01:59:37.967,Metasploit
CVE-2016-3247,0.0,0.95224,"Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Microsoft Browser Memory Corruption Vulnerability.""",2016-09-14 10:59:04.463,EPSS
CVE-2016-3298,0.0,0.95607,"Microsoft Internet Explorer 9 through 11 and the Internet Messaging API in Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow remote attackers to determine the existence of arbitrary files via a crafted web site, aka ""Internet Explorer Information Disclosure Vulnerability.""",2016-10-14 02:59:13.893,EPSS/CISA
CVE-2016-3309,0.0,0.00056,"The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka ""Win32k Elevation of Privilege Vulnerability,"" a different vulnerability than CVE-2016-3308, CVE-2016-3310, and CVE-2016-3311.",2016-08-09 21:59:16.113,CISA
CVE-2016-3321,0.0,0.00076,"Microsoft Internet Explorer 10 and 11 load different files for attempts to open a file:// URL depending on whether the file exists, which allows local users to enumerate files via vectors involving a file:// URL and an HTML5 sandbox iframe, aka ""Internet Explorer Information Disclosure Vulnerability.""",2016-08-09 21:59:28.553,Metasploit
CVE-2016-3325,0.0,0.96407,"Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka ""Microsoft Browser Information Disclosure Vulnerability.""",2016-09-14 10:59:15.917,EPSS
CVE-2016-3351,0.0,0.10115,"Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka ""Microsoft Browser Information Disclosure Vulnerability.""",2016-09-14 10:59:24.357,CISA
CVE-2016-3393,0.0,0.45639,"Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via a crafted web site, aka ""Windows Graphics Component RCE Vulnerability.""",2016-10-14 02:59:30.290,CISA
CVE-2016-3427,0.0,0.08293,"Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.",2016-04-21 11:00:21.667,CISA
CVE-2016-3510,0.0,0.03351,"Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS Core Components, a different vulnerability than CVE-2016-3586.",2016-07-21 10:13:03.353,Metasploit/Nuclei
CVE-2016-3643,0.0,0.00123,"SolarWinds Virtualization Manager 6.3.1 and earlier allow local users to gain privileges by leveraging a misconfiguration of sudo, as demonstrated by ""sudo cat /etc/passwd.""",2016-06-17 15:59:02.257,CISA
CVE-2016-3714,0.0,0.96804,"The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka ""ImageTragick.""",2016-05-05 18:59:03.273,EPSS/Metasploit
CVE-2016-3715,0.0,0.97127,The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.,2016-05-05 18:59:04.727,EPSS/CISA
CVE-2016-3718,0.0,0.92903,The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.,2016-05-05 18:59:08.960,CISA
CVE-2016-3976,7.5,0.97405,"Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet, aka SAP Security Note 2234971.",2016-04-07 23:59:10.797,EPSS/CISA
CVE-2016-3978,0.0,0.00257,"The Web User Interface (WebUI) in FortiOS 5.0.x before 5.0.13, 5.2.x before 5.2.3, and 5.4.x before 5.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or cross-site scripting (XSS) attacks via the ""redirect"" parameter to ""login.""",2016-04-08 14:59:07.913,Nuclei
CVE-2016-4010,0.0,0.94851,Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP objection injection attacks and execute arbitrary PHP code via crafted serialized shopping cart data.,2017-01-23 21:59:01.300,Metasploit
CVE-2016-4117,0.0,0.97395,"Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in May 2016.",2016-05-11 01:59:46.137,EPSS/CISA/Metasploit
CVE-2016-4171,9.8,0.15603,"Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in June 2016.",2016-06-16 14:59:51.017,CISA
CVE-2016-4350,0.0,0.96429,"Multiple SQL injection vulnerabilities in the Web Services web server in SolarWinds Storage Resource Monitor (SRM) Profiler (formerly Storage Manager (STM)) before 6.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) ScriptSchedule parameter in the ScriptServlet servlet; the (2) winEventId or (3) winEventLog parameter in the WindowsEventLogsServlet servlet; the (4) processOS parameter in the ProcessesServlet servlet; the (5) group, (6) groupName, or (7) clientName parameter in the BackupExceptionsServlet servlet; the (8) valDB or (9) valFS parameter in the BackupAssociationServlet servlet; the (10) orderBy or (11) orderDir parameter in the HostStorageServlet servlet; the (12) fileName, (13) sortField, or (14) sortDirection parameter in the DuplicateFilesServlet servlet; the (15) orderFld or (16) orderDir parameter in the QuantumMonitorServlet servlet; the (17) exitCode parameter in the NbuErrorMessageServlet servlet; the (18) udfName, (19) displayName, (20) udfDescription, (21) udfDataValue, (22) udfSectionName, or (23) udfId parameter in the UserDefinedFieldConfigServlet servlet; the (24) sortField or (25) sortDirection parameter in the XiotechMonitorServlet servlet; the (26) sortField or (27) sortDirection parameter in the BexDriveUsageSummaryServlet servlet; the (28) state parameter in the ScriptServlet servlet; the (29) assignedNames parameter in the FileActionAssignmentServlet servlet; the (30) winEventSource parameter in the WindowsEventLogsServlet servlet; or the (31) name, (32) ipOne, (33) ipTwo, or (34) ipThree parameter in the XiotechMonitorServlet servlet.",2016-05-09 20:59:04.790,EPSS
CVE-2016-4437,0.0,0.9749,"Apache Shiro before 1.2.5, when a cipher key has not been configured for the ""remember me"" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.",2016-06-07 14:06:13.247,EPSS/CISA/Metasploit/Nuclei
CVE-2016-4465,0.0,0.959,The URLValidator class in Apache Struts 2 2.3.20 through 2.3.28.1 and 2.5.x before 2.5.1 allows remote attackers to cause a denial of service via a null value for a URL field.,2016-07-04 22:59:10.117,EPSS
CVE-2016-4523,0.0,0.27062,The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via unspecified vectors.,2016-06-09 10:59:04.073,CISA
CVE-2016-4557,7.8,0.00088,"The replace_map_fd_with_map_ptr function in kernel/bpf/verifier.c in the Linux kernel before 4.5.5 does not properly maintain an fd data structure, which allows local users to gain privileges or cause a denial of service (use-after-free) via crafted BPF instructions that reference an incorrect file descriptor.",2016-05-23 10:59:03.707,Metasploit
CVE-2016-4655,0.0,0.86873,The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensitive information from memory via a crafted app.,2016-08-25 21:59:00.133,CISA/Metasploit
CVE-2016-4656,0.0,0.00911,The kernel in Apple iOS before 9.3.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.,2016-08-25 21:59:01.087,CISA/Metasploit
CVE-2016-4657,0.0,0.86233,WebKit in Apple iOS before 9.3.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.,2016-08-25 21:59:02.150,CISA/Metasploit
CVE-2016-4669,0.0,0.00042,"An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the ""Kernel"" component. It allows local users to execute arbitrary code in a privileged context or cause a denial of service (MIG code mishandling and system crash) via unspecified vectors.",2017-02-20 08:59:00.510,Metasploit
CVE-2016-4971,8.8,0.95507,GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource.,2016-06-30 17:59:07.893,EPSS
CVE-2016-4975,0.0,0.00399,"Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the ""Location"" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31).",2018-08-14 12:29:00.220,Nuclei
CVE-2016-4977,0.0,0.04558,"When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for response_type.",2017-05-25 17:29:00.707,Nuclei
CVE-2016-4997,7.8,0.00044,The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement.,2016-07-03 21:59:16.057,Metasploit
CVE-2016-4998,0.0,0.00044,The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel before 4.6 allows local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted offset value that leads to crossing a ruleset blob boundary.,2016-07-03 21:59:17.167,Metasploit
CVE-2016-5195,7.8,0.87936,"Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka ""Dirty COW.""",2016-11-10 21:59:00.197,CISA
CVE-2016-5198,0.0,0.03967,"V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumptions, which allowed a remote attacker to perform arbitrary read/write operations, leading to code execution, via a crafted HTML page.",2017-01-19 05:59:00.213,CISA
CVE-2016-5312,0.0,0.96232,Directory traversal vulnerability in the charting component in Symantec Messaging Gateway before 10.6.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the sn parameter to brightmail/servlet/com.ve.kavachart.servlet.ChartStream.,2017-04-14 18:59:00.640,EPSS
CVE-2016-5330,7.8,0.02044,"Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0.5 in VMware ESXi 5.0 through 6.0, VMware Workstation Pro 12.1.x before 12.1.1, VMware Workstation Player 12.1.x before 12.1.1, and VMware Fusion 8.1.x before 8.1.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory.",2016-08-08 01:59:16.463,Metasploit
CVE-2016-5425,7.8,0.00129,"The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.",2016-10-13 14:59:07.517,Metasploit
CVE-2016-5649,0.0,0.17436,"A vulnerability is in the 'BSW_cxttongr.htm' page of the Netgear DGN2200, version DGN2200-V1.0.0.50_7.0.50, and DGND3700, version DGND3700-V1.0.0.17_1.0.17, which can allow a remote attacker to access this page without any authentication. When processed, it exposes the admin password in clear text before it gets redirected to absw_vfysucc.cgia. An attacker can use this password to gain administrator access to the targeted router's web interface.",2018-07-24 15:29:00.280,Nuclei
CVE-2016-5674,0.0,0.95793,"__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter.",2016-08-31 15:59:00.153,EPSS/Metasploit/Nuclei
CVE-2016-5675,0.0,0.38241,"handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the NTPServer parameter.",2016-08-31 15:59:01.653,Metasploit
CVE-2016-5676,0.0,0.09414,"cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator password via a cmd=loaddefconfig action.",2016-08-31 15:59:02.657,Metasploit
CVE-2016-5734,0.0,0.91859,"phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace e (aka eval) modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table search-and-replace implementation.",2016-07-03 01:59:24.753,Metasploit
CVE-2016-5810,0.0,0.00226,upAdminPg.asp in Advantech WebAccess before 8.1_20160519 allows remote authenticated administrators to obtain sensitive password information via unspecified vectors.,2017-05-02 14:59:00.487,Metasploit
CVE-2016-6195,0.0,0.00284,"SQL injection vulnerability in forumrunner/includes/moderation.php in vBulletin before 4.2.2 Patch Level 5 and 4.2.3 before Patch Level 1 allows remote attackers to execute arbitrary SQL commands via the postids parameter to forumrunner/request.php, as exploited in the wild in July 2016.",2016-08-30 19:59:00.127,Nuclei
CVE-2016-6210,0.0,0.10737,"sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.",2017-02-13 17:59:00.153,Metasploit
CVE-2016-6253,0.0,0.0009,"mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to change ownership of or append data to arbitrary files on the target system via a symlink attack on the user mailbox.",2017-01-20 15:59:00.567,Metasploit
CVE-2016-6267,8.8,0.91739,"SnmpUtils in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) spare_Community, (2) spare_AllowGroupIP, or (3) spare_AllowGroupNetmask parameter to admin_notification.php.",2017-01-30 22:59:00.577,Metasploit
CVE-2016-6277,0.0,0.97459,"NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/.",2016-12-14 16:59:00.350,EPSS/CISA/Metasploit/Nuclei
CVE-2016-6366,0.0,0.97432,"Buffer overflow in Cisco Adaptive Security Appliance (ASA) Software through 9.4.2.3 on ASA 5500, ASA 5500-X, ASA Services Module, ASA 1000V, ASAv, Firepower 9300 ASA Security Module, PIX, and FWSM devices allows remote authenticated users to execute arbitrary code via crafted IPv4 SNMP packets, aka Bug ID CSCva92151 or EXTRABACON.",2016-08-18 18:59:00.117,EPSS/CISA/Metasploit
CVE-2016-6367,0.0,0.97507,"Cisco Adaptive Security Appliance (ASA) Software before 8.4(1) on ASA 5500, ASA 5500-X, PIX, and FWSM devices allows local users to gain privileges via invalid CLI commands, aka Bug ID CSCtu74257 or EPICBANANA.",2016-08-18 18:59:01.463,EPSS/CISA
CVE-2016-6415,7.5,0.97286,"The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.6, IOS XE through 3.18S, IOS XR 4.3.x and 5.0.x through 5.2.x, and PIX before 7.0 allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request, aka Bug IDs CSCvb29204 and CSCvb36055 or BENIGNCERTAIN.",2016-09-19 01:59:06.167,EPSS/CISA/Metasploit
CVE-2016-6433,8.8,0.22633,"The Threat Management Console in Cisco Firepower Management Center 5.2.0 through 6.0.1 allows remote authenticated users to execute arbitrary commands via crafted web-application parameters, aka Bug ID CSCva30872.",2016-10-06 10:59:14.337,Metasploit
CVE-2016-6435,0.0,0.84922,"The web console in Cisco Firepower Management Center 6.0.1 allows remote authenticated users to read arbitrary files via crafted parameters, aka Bug ID CSCva30376.",2016-10-06 10:59:16.460,Metasploit
CVE-2016-6563,0.0,0.96689,"Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L.",2018-07-13 20:29:01.003,EPSS/Metasploit
CVE-2016-6600,0.0,0.97488,Directory traversal vulnerability in the file upload functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to upload and execute arbitrary JSP files via a .. (dot dot) in the fileName parameter to servlets/FileUploadServlet.,2017-01-23 21:59:02.173,EPSS/Metasploit
CVE-2016-6601,0.0,0.97496,Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile.,2017-01-23 21:59:02.220,EPSS/Nuclei
CVE-2016-6602,0.0,0.03611,"ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm to store passwords, which allows context-dependent attackers to obtain cleartext passwords by leveraging access to WEB-INF/conf/securitydbData.xml.  NOTE: this issue can be combined with CVE-2016-6601 for a remote exploit.",2017-01-23 21:59:02.267,Metasploit
CVE-2016-6603,0.0,0.95202,ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to bypass authentication and impersonate arbitrary users via the UserName HTTP header.,2017-01-23 21:59:02.313,EPSS
CVE-2016-6883,0.0,0.00264,MatrixSSL before 3.8.3 configured with RSA Cipher Suites allows remote attackers to obtain sensitive information via a Bleichenbacher variant attack.,2017-03-03 16:59:00.310,Metasploit
CVE-2016-6897,0.0,0.00332,"Cross-site request forgery (CSRF) vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 allows remote attackers to hijack the authentication of subscribers for /dev/random read operations by leveraging a late call to the check_ajax_referer function, a related issue to CVE-2016-6896.",2017-01-18 21:59:00.307,Metasploit
CVE-2016-6909,0.0,0.9619,"Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9 and FortiSwitch before 3.4.3 allows remote attackers to execute arbitrary code via a crafted HTTP request, aka EGREGIOUSBLUNDER.",2016-08-24 16:30:00.137,EPSS
CVE-2016-7190,0.0,0.9593,"The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Scripting Engine Memory Corruption Vulnerability,"" a different vulnerability than CVE-2016-3386, CVE-2016-3389, and CVE-2016-7194.",2016-10-14 02:59:37.060,EPSS
CVE-2016-7193,0.0,0.74575,"Microsoft Word 2007 SP2, Office 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted RTF document, aka ""Microsoft Office Memory Corruption Vulnerability.""",2016-10-14 02:59:38.013,CISA
CVE-2016-7194,0.0,0.95152,"The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Scripting Engine Memory Corruption Vulnerability,"" a different vulnerability than CVE-2016-3386, CVE-2016-3389, and CVE-2016-7190.",2016-10-14 02:59:39.200,EPSS
CVE-2016-7200,0.0,0.97163,"The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Scripting Engine Memory Corruption Vulnerability,"" a different vulnerability than CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.",2016-11-10 06:59:15.733,EPSS/CISA
CVE-2016-7201,0.0,0.97163,"The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Scripting Engine Memory Corruption Vulnerability,"" a different vulnerability than CVE-2016-7200, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.",2016-11-10 06:59:16.810,EPSS/CISA
CVE-2016-7255,0.0,0.00711,"The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka ""Win32k Elevation of Privilege Vulnerability.""",2016-11-10 07:00:09.460,CISA
CVE-2016-7256,0.0,0.44761,"atmfd.dll in the Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka ""Open Type Font Remote Code Execution Vulnerability.""",2016-11-10 07:00:10.537,CISA
CVE-2016-7262,0.0,0.94132,"Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow user-assisted remote attackers to execute arbitrary commands via a crafted cell that is mishandled upon a click, aka ""Microsoft Office Security Feature Bypass Vulnerability.""",2016-12-20 06:59:00.373,CISA
CVE-2016-7434,7.5,0.96455,The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query.,2017-01-13 16:59:00.557,EPSS
CVE-2016-7456,0.0,0.0834,"VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which makes it easier for remote attackers to obtain login access via an SSH session.",2016-12-29 09:59:00.540,Metasploit
CVE-2016-7547,0.0,0.11087,A command execution flaw on the Trend Micro Threat Discovery Appliance 2.6.1062r1 exists with the timezone parameter in the admin_sys_time.cgi interface.,2017-04-12 10:59:00.183,Metasploit
CVE-2016-7552,0.0,0.96711,"On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS.",2017-04-12 10:59:00.230,EPSS/Metasploit/Nuclei
CVE-2016-7834,0.0,0.00186,"SONY SNC-CH115, SNC-CH120, SNC-CH160, SNC-CH220, SNC-CH260, SNC-DH120, SNC-DH120T, SNC-DH160, SNC-DH220, SNC-DH220T, SNC-DH260, SNC-EB520, SNC-EM520, SNC-EM521, SNC-ZB550, SNC-ZM550, SNC-ZM551, SNC-EP550, SNC-EP580, SNC-ER550, SNC-ER550C, SNC-ER580, SNC-ER585, SNC-ER585H, SNC-ZP550, SNC-ZR550, SNC-EP520, SNC-EP521, SNC-ER520, SNC-ER521, SNC-ER521C network cameras with firmware before Ver.1.86.00 and SONY SNC-CX600, SNC-CX600W, SNC-EB600, SNC-EB600B, SNC-EB602R, SNC-EB630, SNC-EB630B, SNC-EB632R, SNC-EM600, SNC-EM601, SNC-EM602R, SNC-EM602RC, SNC-EM630, SNC-EM631, SNC-EM632R, SNC-EM632RC, SNC-VB600, SNC-VB600B, SNC-VB600B5, SNC-VB630, SNC-VB6305, SNC-VB6307, SNC-VB632D, SNC-VB635, SNC-VM600, SNC-VM600B, SNC-VM600B5, SNC-VM601, SNC-VM601B, SNC-VM602R, SNC-VM630, SNC-VM6305, SNC-VM6307, SNC-VM631, SNC-VM632R, SNC-WR600, SNC-WR602, SNC-WR602C, SNC-WR630, SNC-WR632, SNC-WR632C, SNC-XM631, SNC-XM632, SNC-XM636, SNC-XM637, SNC-VB600L, SNC-VM600L, SNC-XM631L, SNC-WR602CL network cameras with firmware before Ver.2.7.2 are prone to sensitive information disclosure. This may allow an attacker on the same local network segment to login to the device with administrative privileges and perform operations on the device.",2017-04-13 17:59:00.653,Nuclei
CVE-2016-7855,0.0,0.11069,"Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016.",2016-11-01 22:59:00.167,CISA
CVE-2016-7892,8.8,0.03636,"Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the TextField class. Successful exploitation could lead to arbitrary code execution.",2016-12-15 06:59:56.313,CISA
CVE-2016-7976,0.0,0.03578,The PS Interpreter in Ghostscript 9.18 and 9.20 allows remote attackers to execute arbitrary code via crafted userparams.,2017-08-07 20:29:01.090,Metasploit
CVE-2016-7981,0.0,0.00258,Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action.,2017-01-18 17:59:00.873,Nuclei
CVE-2016-8207,0.0,0.95678,A Directory Traversal vulnerability in CliMonitorReportServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to read arbitrary files including files with sensitive user information.,2017-01-14 19:59:00.307,EPSS
CVE-2016-8527,0.0,0.00117,"Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to a reflected cross-site scripting (XSS). The vulnerability is present in the VisualRF component of AirWave. By exploiting this vulnerability, an attacker who can trick a logged-in AirWave administrative user into clicking a link could obtain sensitive information, such as session cookies or passwords. The vulnerability requires that an administrative users click on the malicious link while currently logged into AirWave in the same browser.",2018-08-06 20:29:00.850,Nuclei
CVE-2016-8562,0.0,0.00809,"A vulnerability has been identified in SIMATIC CP 1543-1 (All versions < V2.0.28), SIPLUS NET CP 1543-1 (All versions < V2.0.28). Under special conditions it was possible to write SNMP variables on port 161/udp which should be read-only and should only be configured with TIA-Portal. A write to these variables could reduce the availability or cause a denial-of-service.",2016-11-18 21:59:02.033,CISA
CVE-2016-8581,0.0,0.00489,A persistent XSS vulnerability exists in the User-Agent header of the login process of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to steal session IDs of logged in users when the current sessions are viewed by an administrator.,2016-10-28 15:59:05.047,Metasploit
CVE-2016-8582,0.0,0.96284,A vulnerability exists in gauge.php of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to execute an arbitrary SQL query and retrieve database information or read local system files via MySQL's LOAD_FILE.,2016-10-28 15:59:06.407,EPSS/Metasploit
CVE-2016-8655,7.8,0.00043,"Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockopt functions.",2016-12-08 08:59:00.177,Metasploit
CVE-2016-8735,0.0,0.25115,"Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types.",2017-04-06 21:59:00.243,CISA
CVE-2016-8864,7.5,0.9507,"named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c.",2016-11-02 17:59:00.187,EPSS
CVE-2016-8869,0.0,0.92929,The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use of unfiltered data when registering on a site.,2016-11-04 21:59:07.553,Metasploit
CVE-2016-8870,0.0,0.91424,"The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting.",2016-11-04 21:59:08.677,Metasploit
CVE-2016-9079,0.0,0.95868,"A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1.",2018-06-11 21:29:01.797,EPSS/CISA/Metasploit
CVE-2016-9244,0.0,0.95735,A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. A remote attacker may exploit this vulnerability to obtain Secure Sockets Layer (SSL) session IDs from other sessions. It is possible that other data from uninitialized memory may be returned as well.,2017-02-09 15:59:01.300,EPSS
CVE-2016-9299,0.0,0.6329,"The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server.",2017-01-12 23:59:00.527,Metasploit
CVE-2016-9563,6.5,0.91883,"BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via the sap.com~tc~bpem~him~uwlconn~provider~web/bpemuwlconn URI, aka SAP Security Note 2296909.",2016-11-23 02:59:06.370,CISA
CVE-2016-9722,0.0,0.0007,IBM QRadar 7.2 and 7.3 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 119737.,2018-01-10 17:29:00.420,Metasploit
CVE-2017-0001,0.0,0.00085,"The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application, aka ""Windows GDI Elevation of Privilege Vulnerability."" This vulnerability is different from those described in CVE-2017-0005, CVE-2017-0025, and CVE-2017-0047.",2017-03-17 00:59:00.167,CISA
CVE-2017-0004,0.0,0.95523,"The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to cause a denial of service (reboot) via a crafted authentication request, aka ""Local Security Authority Subsystem Service Denial of Service Vulnerability.""",2017-01-10 21:59:00.197,EPSS
CVE-2017-0005,0.0,0.00122,"The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application, aka ""Windows GDI Elevation of Privilege Vulnerability."" This vulnerability is different from those described in CVE-2017-0001, CVE-2017-0025, and CVE-2017-0047.",2017-03-17 00:59:00.197,CISA
CVE-2017-0022,0.0,0.96787,"Microsoft XML Core Services (MSXML) in Windows 10 Gold, 1511, and 1607; Windows 7 SP1; Windows 8.1; Windows RT 8.1; Windows Server 2008 SP2 and R2 SP1; Windows Server 2012 Gold and R2; Windows Server 2016; and Windows Vista SP2 improperly handles objects in memory, allowing attackers to test for files on disk via a crafted web site, aka ""Microsoft XML Information Disclosure Vulnerability.""",2017-03-17 00:59:00.680,EPSS/CISA
CVE-2017-0037,0.0,0.97275,"Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheets (CSS) token sequence and crafted JavaScript code that operates on a TH element.",2017-02-26 23:59:00.150,EPSS/CISA
CVE-2017-0038,0.0,0.97106,"gdi32.dll in Graphics Device Interface (GDI) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process heap memory via a crafted EMF file, as demonstrated by an EMR_SETDIBITSTODEVICE record with modified Device Independent Bitmap (DIB) dimensions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-3216, CVE-2016-3219, and/or CVE-2016-3220.",2017-02-20 16:59:00.143,EPSS
CVE-2017-0059,0.0,0.97421,"Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka ""Internet Explorer Information Disclosure Vulnerability."" This vulnerability is different from those described in CVE-2017-0008 and CVE-2017-0009.",2017-03-17 00:59:01.523,EPSS/CISA
CVE-2017-0101,0.0,0.00148,"The kernel-mode drivers in Transaction Manager in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allow local users to gain privileges via a crafted application, aka ""Windows Elevation of Privilege Vulnerability.""",2017-03-17 00:59:02.743,CISA
CVE-2017-0143,0.0,0.97344,"The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka ""Windows SMB Remote Code Execution Vulnerability."" This vulnerability is different from those described in CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.",2017-03-17 00:59:03.977,EPSS/CISA
CVE-2017-0144,0.0,0.97418,"The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka ""Windows SMB Remote Code Execution Vulnerability."" This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.",2017-03-17 00:59:04.010,EPSS/CISA
CVE-2017-0145,0.0,0.97331,"The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka ""Windows SMB Remote Code Execution Vulnerability."" This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0146, and CVE-2017-0148.",2017-03-17 00:59:04.040,EPSS/CISA
CVE-2017-0146,0.0,0.97193,"The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka ""Windows SMB Remote Code Execution Vulnerability."" This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, and CVE-2017-0148.",2017-03-17 00:59:04.070,EPSS/CISA
CVE-2017-0147,0.0,0.97059,"The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted packets, aka ""Windows SMB Information Disclosure Vulnerability.""",2017-03-17 00:59:04.087,EPSS/CISA
CVE-2017-0148,0.0,0.97221,"The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka ""Windows SMB Remote Code Execution Vulnerability."" This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, and CVE-2017-0146.",2017-03-17 00:59:04.150,EPSS/CISA
CVE-2017-0149,0.0,0.09474,"Microsoft Internet Explorer 9 through 11 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka ""Internet Explorer Memory Corruption Vulnerability."" This vulnerability is different from those described in CVE-2017-0018 and CVE-2017-0037.",2017-03-17 00:59:04.180,CISA
CVE-2017-0199,0.0,0.97449,"Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka ""Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API.""",2017-04-12 14:59:01.157,EPSS/CISA/Metasploit
CVE-2017-0210,0.0,0.00397,"An elevation of privilege vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain, aka ""Internet Explorer Elevation of Privilege Vulnerability.""",2017-04-12 14:59:01.420,CISA
CVE-2017-0213,0.0,0.0102,"Windows COM Aggregate Marshaler in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation privilege vulnerability when an attacker runs a specially crafted application, aka ""Windows COM Elevation of Privilege Vulnerability"". This CVE ID is unique from CVE-2017-0214.",2017-05-12 14:29:01.393,CISA
CVE-2017-0222,0.0,0.2022,"A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka ""Internet Explorer Memory Corruption Vulnerability."" This CVE ID is unique from CVE-2017-0226.",2017-05-12 14:29:02.143,CISA
CVE-2017-0261,0.0,0.95407,"Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka ""Office Remote Code Execution Vulnerability"". This CVE ID is unique from CVE-2017-0262 and CVE-2017-0281.",2017-05-12 14:29:04.987,EPSS/CISA
CVE-2017-0262,0.0,0.42171,"Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka ""Office Remote Code Execution Vulnerability"". This CVE ID is unique from CVE-2017-0261 and CVE-2017-0281.",2017-05-12 14:29:05.037,CISA
CVE-2017-0263,0.0,0.01703,"The kernel-mode drivers in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka ""Win32k Elevation of Privilege Vulnerability.""",2017-05-12 14:29:05.097,CISA
CVE-2017-0358,0.0,0.00126,"Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege escalation.",2018-04-13 15:29:00.397,Metasploit
CVE-2017-0372,0.0,0.83537,"Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities.",2018-04-13 16:29:00.940,Metasploit
CVE-2017-0929,0.0,0.00753,DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources.,2018-07-03 21:29:00.370,Nuclei
CVE-2017-1000028,0.0,0.97516,"Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request.",2017-07-17 13:18:16.813,EPSS/Metasploit/Nuclei
CVE-2017-1000029,0.0,0.00384,"Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Local File Inclusion vulnerability, that makes it possible to include arbitrary files on the server, this vulnerability can be exploited without any prior authentication.",2017-07-17 13:18:16.860,Nuclei
CVE-2017-1000083,0.0,0.22226,"backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a ""--"" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.",2017-09-05 06:29:00.180,Metasploit
CVE-2017-1000112,7.0,0.00089,"Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. When building a UFO packet with MSG_MORE __ip_append_data() calls ip_ufo_append_data() to append. However in between two send() calls, the append path can be switched from UFO to non-UFO one, which leads to a memory corruption. In case UFO packet lengths exceeds MTU, copy = maxfraglen - skb->len becomes negative on the non-UFO path and the branch to allocate new skb is taken. This triggers fragmentation and computation of fraggap = skb_prev->len - maxfraglen. Fraggap can exceed MTU, causing copy = datalen - transhdrlen - fraggap to become negative. Subsequently skb_copy_and_csum_bits() writes out-of-bounds. A similar issue is present in IPv6 code. The bug was introduced in e89e9cf539a2 (""[IPv4/IPv6]: UFO Scatter-gather approach"") on Oct 18 2005.",2017-10-05 01:29:04.477,Metasploit
CVE-2017-1000117,0.0,0.5518,"A malicious third-party can give a crafted ""ssh://..."" URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running ""git clone --recurse-submodules"" to trigger the vulnerability.",2017-10-05 01:29:04.650,Metasploit
CVE-2017-1000119,0.0,0.78716,October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise and possibly other applications on the server.,2017-10-05 01:29:04.727,Metasploit
CVE-2017-1000163,0.0,0.00139,"The Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 through 1.1.6, 1.2.0, 1.2.2 and 1.3.0-rc.0 are vulnerable to unvalidated URL redirection, which may result in phishing or social engineering attacks.",2017-11-17 21:29:00.230,Nuclei
CVE-2017-1000170,7.5,0.70305,jqueryFileTree 2.1.5 and older Directory Traversal,2017-11-17 18:29:00.297,Nuclei
CVE-2017-1000353,9.8,0.97037,"Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java `SignedObject` object to the Jenkins CLI, that would be deserialized using a new `ObjectInputStream`, bypassing the existing blacklist-based protection mechanism. We're fixing this issue by adding `SignedObject` to the blacklist. We're also backporting the new HTTP CLI protocol from Jenkins 2.54 to LTS 2.46.2, and deprecating the remoting-based (i.e. Java serialization) CLI protocol, disabling it by default.",2018-01-29 17:29:00.193,EPSS/Metasploit
CVE-2017-1000364,0.0,0.00241,"An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be ""jumped"" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010).",2017-06-19 16:29:00.233,Metasploit
CVE-2017-1000385,0.0,0.00277,The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key (this is a variation of the Bleichenbacher attack).,2017-12-12 21:29:00.213,Metasploit
CVE-2017-1000479,0.0,0.01151,"pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resulting in privileged execution of arbitrary code, because the error detection occurs before an X-Frame-Options header is set. This is fixed in 2.4.2-RELEASE. OPNsense, a 2015 fork of pfSense, was not vulnerable since version 16.1.16 released on June 06, 2016. The unprotected web form was removed from the code during an internal security audit under ""possibly insecure"" suspicions.",2018-01-03 18:29:00.323,Metasploit
CVE-2017-1000486,0.0,0.97013,Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution,2018-01-03 20:29:00.643,EPSS/CISA/Nuclei
CVE-2017-1001000,0.0,0.45568,"The register_routes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in the REST API in WordPress 4.7.x before 4.7.2 does not require an integer identifier, which allows remote attackers to modify arbitrary pages via a request for wp-json/wp/v2/posts followed by a numeric value and a non-numeric value, as demonstrated by the wp-json/wp/v2/posts/123?id=123helloworld URI.",2017-04-03 01:59:00.227,Metasploit
CVE-2017-10075,0.0,0.00451,"Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). Supported versions that are affected are 11.1.1.9.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Content, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Content accessible data as well as unauthorized update, insert or delete access to some of Oracle WebCenter Content accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",2017-08-08 15:29:02.367,Nuclei
CVE-2017-10271,0.0,0.97384,"Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",2017-10-19 17:29:01.747,EPSS/CISA/Metasploit/Nuclei
CVE-2017-1092,0.0,0.96625,"IBM Informix Open Admin Tool 11.5, 11.7, and 12.1 could allow an unauthorized user to execute arbitrary code as system admin on Windows servers. IBM X-Force ID: 120390.",2017-05-22 20:29:00.203,EPSS/Metasploit
CVE-2017-10974,0.0,0.96161,Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: this CVE is only about use of an initial /%5C sequence to defeat traversal protection mechanisms; the initial /%5C sequence was apparently not discussed in earlier research on this product.,2017-07-07 11:29:00.230,EPSS/Nuclei
CVE-2017-11165,0.0,0.94336,dataTaker DT80 dEX 1.50.012 allows remote attackers to obtain sensitive credential and configuration information via a direct request for the /services/getFile.cmd?userfile=config.xml URI.,2017-07-12 12:29:00.190,Nuclei
CVE-2017-1129,0.0,0.90554,"IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it could cause the Notes client to hang and have to be restarted. IBM X-Force ID: 121370.",2017-09-05 21:29:00.253,Metasploit
CVE-2017-11292,8.8,0.04389,"Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code execution.",2017-10-22 19:29:00.237,CISA
CVE-2017-1130,0.0,0.8881,"IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it would open up many file select dialog boxes which would cause the client hang and have to be restarted. IBM X-Force ID: 121371.",2017-09-05 21:29:00.283,Metasploit
CVE-2017-11317,0.0,0.15702,"Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.",2017-08-23 17:29:00.177,CISA/Metasploit
CVE-2017-11357,0.0,0.9516,"Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to RadAsyncUpload, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.",2017-08-23 17:29:00.227,EPSS/CISA
CVE-2017-11394,0.0,0.64708,Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the T parameter within Proxy.php. Formerly ZDI-CAN-4544.,2017-08-03 15:29:00.437,Metasploit
CVE-2017-11444,0.0,0.01662,Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in /front/search.php via the $_GET array.,2017-07-19 07:29:00.377,Nuclei
CVE-2017-11467,0.0,0.32803,"OrientDB through 2.2.22 does not enforce privilege requirements during ""where"" or ""fetchplan"" or ""order by"" use, which allows remote attackers to execute arbitrary OS commands via a crafted request.",2017-07-20 00:29:00.433,Metasploit
CVE-2017-11512,0.0,0.97175,The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the name parameter for the download-snapshot URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files.,2017-11-08 22:29:00.403,EPSS/Nuclei
CVE-2017-11517,0.0,0.86132,Stack-based buffer overflow in GCoreServer.exe in the server in Geutebrueck Gcore 1.3.8.42 and 1.4.2.37 allows remote attackers to execute arbitrary code via a long URI in a GET request.,2017-07-21 20:29:00.177,Metasploit
CVE-2017-11586,0.0,0.00121,"dayrui FineCms 5.0.9 has URL Redirector Abuse via the url parameter in a sync action, related to controllers/Weixin.php.",2017-07-24 00:29:00.540,Nuclei
CVE-2017-11610,0.0,0.97476,"The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups.",2017-08-23 14:29:00.237,EPSS/Metasploit/Nuclei
CVE-2017-11629,0.0,0.001,dayrui FineCms through 5.0.10 has Cross Site Scripting (XSS) in controllers/api.php via the function parameter in a c=api&m=data2 request.,2017-07-26 08:29:00.243,Nuclei
CVE-2017-11774,0.0,0.8605,"Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an attacker to execute arbitrary commands, due to how Microsoft Office handles objects in memory, aka ""Microsoft Outlook Security Feature Bypass Vulnerability.""",2017-10-13 13:29:00.427,CISA
CVE-2017-11826,0.0,0.95521,"Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word Viewer, Word 2007, 2010, 2013 and 2016, Word Automation Services, and Office Online Server allow remote code execution when the software fails to properly handle objects in memory.",2017-10-13 13:29:02.067,EPSS/CISA
CVE-2017-11882,7.8,0.97437,"Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka ""Microsoft Office Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-11884.",2017-11-15 03:29:01.890,EPSS/CISA/Metasploit
CVE-2017-12138,0.0,0.00062,XOOPS Core 2.5.8 has a stored URL redirect bypass vulnerability in /modules/profile/index.php because of the URL filter.,2017-08-02 05:29:00.177,Nuclei
CVE-2017-12149,0.0,0.9719,"In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization and thus allowing an attacker to execute arbitrary code via crafted serialized data.",2017-10-04 21:01:00.180,EPSS/CISA/Metasploit/Nuclei
CVE-2017-12231,0.0,0.0036,"A vulnerability in the implementation of Network Address Translation (NAT) functionality in Cisco IOS 12.4 through 15.6 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the improper translation of H.323 messages that use the Registration, Admission, and Status (RAS) protocol and are sent to an affected device via IPv4 packets. An attacker could exploit this vulnerability by sending a crafted H.323 RAS packet through an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition. This vulnerability affects Cisco devices that are configured to use an application layer gateway with NAT (NAT ALG) for H.323 RAS messages. By default, a NAT ALG is enabled for H.323 RAS messages. Cisco Bug IDs: CSCvc57217.",2017-09-29 01:34:48.747,CISA
CVE-2017-12232,0.0,0.0019,"A vulnerability in the implementation of a protocol in Cisco Integrated Services Routers Generation 2 (ISR G2) Routers running Cisco IOS 15.0 through 15.6 could allow an unauthenticated, adjacent attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to a misclassification of Ethernet frames. An attacker could exploit this vulnerability by sending a crafted Ethernet frame to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvc03809.",2017-09-29 01:34:48.780,CISA
CVE-2017-12233,0.0,0.0036,"Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS 12.4 through 15.6 could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to the improper parsing of crafted CIP packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted CIP packets to be processed by an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCuz95334.",2017-09-29 01:34:48.827,CISA
CVE-2017-12234,0.0,0.0036,"Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS 12.4 through 15.6 could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to the improper parsing of crafted CIP packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted CIP packets to be processed by an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvc43709.",2017-09-29 01:34:48.857,CISA
CVE-2017-12235,0.0,0.0036,"A vulnerability in the implementation of the PROFINET Discovery and Configuration Protocol (PN-DCP) for Cisco IOS 12.2 through 15.6 could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper parsing of ingress PN-DCP Identify Request packets destined to an affected device. An attacker could exploit this vulnerability by sending a crafted PN-DCP Identify Request packet to an affected device and then continuing to send normal PN-DCP Identify Request packets to the device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. This vulnerability affects Cisco devices that are configured to process PROFINET messages. Beginning with Cisco IOS Software Release 12.2(52)SE, PROFINET is enabled by default on all the base switch module and expansion-unit Ethernet ports. Cisco Bug IDs: CSCuz47179.",2017-09-29 01:34:48.890,CISA
CVE-2017-12237,0.0,0.0036,"A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS 15.0 through 15.6 and Cisco IOS XE 3.5 through 16.5 could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to how an affected device processes certain IKEv2 packets. An attacker could exploit this vulnerability by sending specific IKEv2 packets to an affected device to be processed. A successful exploit could allow the attacker to cause high CPU utilization, traceback messages, or a reload of the affected device that leads to a DoS condition. This vulnerability affects Cisco devices that have the Internet Security Association and Key Management Protocol (ISAKMP) enabled. Although only IKEv2 packets can be used to trigger this vulnerability, devices that are running Cisco IOS Software or Cisco IOS XE Software are vulnerable when ISAKMP is enabled. A device does not need to be configured with any IKEv2-specific features to be vulnerable. Many features use IKEv2, including different types of VPNs such as the following: LAN-to-LAN VPN; Remote-access VPN, excluding SSL VPN; Dynamic Multipoint VPN (DMVPN); and FlexVPN. Cisco Bug IDs: CSCvc41277.",2017-09-29 01:34:48.967,CISA
CVE-2017-12238,0.0,0.0019,"A vulnerability in the Virtual Private LAN Service (VPLS) code of Cisco IOS 15.0 through 15.4 for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, adjacent attacker to cause a C6800-16P10G or C6800-16P10G-XL type line card to crash, resulting in a denial of service (DoS) condition. The vulnerability is due to a memory management issue in the affected software. An attacker could exploit this vulnerability by creating a large number of VPLS-generated MAC entries in the MAC address table of an affected device. A successful exploit could allow the attacker to cause a C6800-16P10G or C6800-16P10G-XL type line card to crash, resulting in a DoS condition. This vulnerability affects Cisco Catalyst 6800 Series Switches that are running a vulnerable release of Cisco IOS Software and have a Cisco C6800-16P10G or C6800-16P10G-XL line card in use with Supervisor Engine 6T. To be vulnerable, the device must also be configured with VPLS and the C6800-16P10G or C6800-16P10G-XL line card needs to be the core-facing MPLS interfaces. Cisco Bug IDs: CSCva61927.",2017-09-29 01:34:48.997,CISA
CVE-2017-12240,0.0,0.05178,"The DHCP relay subsystem of Cisco IOS 12.2 through 15.6 and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to a buffer overflow condition in the DHCP relay subsystem of the affected software. An attacker could exploit this vulnerability by sending a crafted DHCP Version 4 (DHCPv4) packet to an affected system. A successful exploit could allow the attacker to execute arbitrary code and gain full control of the affected system or cause the affected system to reload, resulting in a DoS condition. Cisco Bug IDs: CSCsm45390, CSCuw77959.",2017-09-29 01:34:49.077,CISA
CVE-2017-12243,0.0,0.95613,"A vulnerability in the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to obtain root shell privileges on the device, aka Command Injection. The vulnerability is due to improper validation of string input in the shell application. An attacker could exploit this vulnerability through the use of malicious commands. A successful exploit could allow the attacker to obtain root shell privileges on the device. Cisco Bug IDs: CSCvf20741, CSCvf60078.",2017-11-02 16:29:00.193,EPSS
CVE-2017-12285,0.0,0.96722,"A vulnerability in the web interface of Cisco Network Analysis Module Software could allow an unauthenticated, remote attacker to delete arbitrary files from an affected system, aka Directory Traversal. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests that it receives and the software does not apply role-based access controls (RBACs) to requested HTTP URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to delete arbitrary files from the affected system. Cisco Bug IDs: CSCvf41365.",2017-10-19 08:29:00.467,EPSS
CVE-2017-12319,0.0,0.00163,"A vulnerability in the Border Gateway Protocol (BGP) over an Ethernet Virtual Private Network (EVPN) for Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of service (DoS) condition, or potentially corrupt the BGP routing table, which could result in network instability. The vulnerability exists due to changes in the implementation of the BGP MPLS-Based Ethernet VPN RFC (RFC 7432) draft between IOS XE software releases. When the BGP Inclusive Multicast Ethernet Tag Route or BGP EVPN MAC/IP Advertisement Route update packet is received, it could be possible that the IP address length field is miscalculated. An attacker could exploit this vulnerability by sending a crafted BGP packet to an affected device after the BGP session was established. An exploit could allow the attacker to cause the affected device to reload or corrupt the BGP routing table; either outcome would result in a DoS. The vulnerability may be triggered when the router receives a crafted BGP message from a peer on an existing BGP session. This vulnerability affects all releases of Cisco IOS XE Software prior to software release 16.3 that support BGP EVPN configurations. If the device is not configured for EVPN, it is not vulnerable. Cisco Bug IDs: CSCui67191, CSCvg52875.",2018-03-27 09:29:00.280,CISA
CVE-2017-12373,0.0,0.00149,"A vulnerability in the TLS protocol implementation of legacy Cisco ASA 5500 Series (ASA 5505, 5510, 5520, 5540, and 5550) devices could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat (ROBOT) attack. An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions. Cisco Bug IDs: CSCvg97652.",2017-12-15 20:29:00.207,Metasploit
CVE-2017-12477,9.8,0.59621,"It was discovered that the bpserverd proprietary protocol in Unitrends Backup (UB) before 10.0.0, as invoked through xinetd, has an issue in which its authentication can be bypassed. A remote attacker could use this issue to execute arbitrary commands with root privilege on the target system.",2017-08-07 15:29:00.207,Metasploit
CVE-2017-12478,9.8,0.05288,It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an issue in which one of its input parameters was not validated. A remote attacker could use this flaw to bypass authentication and execute arbitrary commands with root privilege on the target system.,2017-08-07 15:29:00.237,Metasploit
CVE-2017-12542,0.0,0.97236,A authentication bypass and execution of code vulnerability in HPE Integrated Lights-out 4 (iLO 4) version prior to 2.53 was found.,2018-02-15 22:29:04.263,EPSS/Metasploit/Nuclei
CVE-2017-12544,0.0,0.96723,A cross-site scripting vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.,2018-02-15 22:29:04.373,EPSS/Nuclei
CVE-2017-12557,0.0,0.92326,A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found.,2018-02-15 22:29:04.997,Metasploit
CVE-2017-12583,0.0,0.00088,DokuWiki through 2017-02-19b has XSS in the at parameter (aka the DATE_AT variable) to doku.php.,2017-08-06 03:29:00.213,Nuclei
CVE-2017-12611,0.0,0.973,"In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.",2017-09-20 17:29:00.400,EPSS/Nuclei
CVE-2017-12615,0.0,0.96728,When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.,2017-09-19 13:29:00.190,EPSS/CISA/Nuclei
CVE-2017-12617,0.0,0.97501,"When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.",2017-10-04 01:29:02.120,EPSS/CISA/Metasploit/Nuclei
CVE-2017-12629,9.8,0.97427,"Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected versions of Solr.",2017-10-14 23:29:00.260,EPSS/Nuclei
CVE-2017-12635,0.0,0.97374,"Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keys for 'roles' used for access control within the database, including the special case '_admin' role, that denotes administrative users. In combination with CVE-2017-12636 (Remote Code Execution), this can be used to give non-admin users access to arbitrary shell commands on the server as the database system user. The JSON parser differences result in behaviour that if two 'roles' keys are available in the JSON, the second one will be used for authorising the document write, but the first 'roles' key is used for subsequent authorization for the newly created user. By design, users can not assign themselves roles. The vulnerability allows non-admin users to give themselves admin privileges.",2017-11-14 20:29:00.200,EPSS/Nuclei
CVE-2017-12636,0.0,0.03129,"CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet.",2017-11-14 20:29:00.247,Metasploit
CVE-2017-12637,7.5,0.0082,"Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in August 2017, aka SAP Security Note 2486657.",2017-08-07 20:29:01.120,Nuclei
CVE-2017-12794,0.0,0.00219,"In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with ""DEBUG = True"" (which makes this page accessible) in your production settings.",2017-09-07 13:29:00.467,Nuclei
CVE-2017-13067,0.0,0.01575,QNAP has patched a remote code execution vulnerability affecting the QTS Media Library in all versions prior to QTS 4.2.6 build 20170905 and QTS 4.3.3.0299 build 20170901. This particular vulnerability allows a remote attacker to execute commands on a QNAP NAS using a transcoding service on port 9251. A remote user does not require any privileges to successfully execute an attack.,2017-09-14 15:29:00.263,Metasploit
CVE-2017-13098,0.0,0.00558,"BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable application. This vulnerability is referred to as ""ROBOT.""",2017-12-13 01:29:00.280,Metasploit
CVE-2017-13099,0.0,0.00573,"wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL application. This vulnerability is referred to as ""ROBOT.""",2017-12-13 01:29:00.343,Metasploit
CVE-2017-13156,0.0,0.00098,"An elevation of privilege vulnerability in the Android system (art). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-64211847.",2017-12-06 14:29:01.003,Metasploit
CVE-2017-13696,0.0,0.96283,"A buffer overflow vulnerability lies in the web server component of Dup Scout Enterprise 9.9.14, Disk Savvy Enterprise 9.9.14, Sync Breeze Enterprise 9.9.16, and Disk Pulse Enterprise 9.9.16 where an attacker can craft a malicious GET request and exploit the web server component. Successful exploitation of the software will allow an attacker to gain complete access to the system with NT AUTHORITY / SYSTEM level privileges. The vulnerability lies due to improper handling and sanitization of the incoming request.",2018-01-24 15:29:01.057,EPSS
CVE-2017-13861,0.0,0.00255,"An issue was discovered in certain Apple products. iOS before 11.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the ""IOSurface"" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",2017-12-25 21:29:14.137,Metasploit
CVE-2017-14016,0.0,0.16675,"A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. The application lacks proper validation of the length of user-supplied data prior to copying it to a stack-based buffer, which could allow an attacker to execute arbitrary code under the context of the process.",2017-11-06 22:29:00.240,Metasploit
CVE-2017-14100,0.0,0.96119,"In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized command execution is possible. The app_minivm module has an ""externnotify"" program configuration option that is executed by the MinivmNotify dialplan application. The application uses the caller-id name and number as part of a built string passed to the OS shell for interpretation and execution. Since the caller-id name and number can come from an untrusted source, a crafted caller-id name or number allows an arbitrary shell command injection.",2017-09-02 16:29:00.333,EPSS
CVE-2017-14117,0.0,0.0304,"The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures an unauthenticated proxy service on WAN TCP port 49152, which allows remote attackers to establish arbitrary TCP connections to intranet hosts by sending \x2a\xce\x01 followed by other predictable values.",2017-09-03 19:29:00.330,Metasploit
CVE-2017-14135,0.0,0.96679,enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py in the webadmin plugin for opendreambox 2.0.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the command parameter to the /script URI.,2017-09-04 23:29:00.173,EPSS/Nuclei
CVE-2017-14143,0.0,0.75904,"The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcoded cookie secret to validate cookie signatures, which allows remote attackers to bypass an intended protection mechanism and consequently conduct PHP object injection attacks and execute arbitrary PHP code via a crafted userzone cookie.",2017-09-19 15:29:01.053,Metasploit
CVE-2017-14186,0.0,0.02948,"A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4 and below versions under SSL VPN web portal allows a remote user to inject arbitrary web script or HTML in the context of the victim's browser via the login redir parameter. An URL Redirection attack may also be feasible by injecting an external URL via the affected parameter.",2017-11-29 19:29:00.273,Nuclei
CVE-2017-14524,0.0,0.00258,Multiple open redirect vulnerabilities in OpenText Documentum Administrator 7.2.0180.0055 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in the startat parameter to xda/help/en/default.htm or (2) /%09/ (slash encoded horizontal tab slash) followed by a domain in the redirectUrl parameter to xda/component/virtuallinkconnect.,2017-09-28 01:29:01.480,Nuclei
CVE-2017-14535,8.8,0.04456,trixbox 2.8.0.4 has OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php.,2018-02-16 04:29:00.213,Nuclei
CVE-2017-14537,6.5,0.01002,trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php.,2018-02-16 04:29:00.337,Nuclei
CVE-2017-14622,0.0,0.00135,Multiple cross-site scripting (XSS) vulnerabilities in the 2kb Amazon Affiliates Store plugin before 2.1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter or (2) kbAction parameter in the kbAmz page to wp-admin/admin.php.,2017-09-28 01:29:01.653,Nuclei
CVE-2017-14627,0.0,0.56254,"Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow remote attackers to execute arbitrary code via the (1) author (inside the INFORMATION tag), (2) name (inside the INFORMATION tag), (3) artist (inside the TRACK tag), or (4) default (inside the TEXT tag) parameter in an lpp project file.",2017-09-23 20:29:00.187,Metasploit
CVE-2017-14651,4.8,0.00144,WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter.,2017-09-21 18:29:00.167,Nuclei
CVE-2017-14706,0.0,0.75192,"DenyAll WAF before 6.4.1 allows unauthenticated remote attackers to obtain authentication information by making a typeOf=debug request to /webservices/download/index.php, and then reading the iToken field in the reply. This affects DenyAll i-Suite LTS 5.5.0 through 5.5.12, i-Suite 5.6, Web Application Firewall 5.7, and Web Application Firewall 6.x before 6.4.1, with On Premises or AWS/Azure cloud deployments.",2017-09-22 18:29:00.250,Metasploit
CVE-2017-14849,0.0,0.96684,"Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to "".."" handling was incompatible with the pathname validation used by unspecified community modules.",2017-09-28 01:29:02.543,EPSS/Nuclei
CVE-2017-14937,0.0,0.00061,"The airbag detonation algorithm allows injury to passenger-car occupants via predictable Security Access (SA) data to the internal CAN bus (or the OBD connector). This affects the airbag control units (aka pyrotechnical control units or PCUs) of unspecified passenger vehicles manufactured in 2014 or later, when the ignition is on and the speed is less than 6 km/h. Specifically, there are only 256 possible key pairs, and authentication attempts have no rate limit. In addition, at least one manufacturer's interpretation of the ISO 26021 standard is that it must be possible to calculate the key directly (i.e., the other 255 key pairs must not be used). Exploitation would typically involve an attacker who has already gained access to the CAN bus, and sends a crafted Unified Diagnostic Service (UDS) message to detonate the pyrotechnical charges, resulting in the same passenger-injury risks as in any airbag deployment.",2017-10-20 14:29:00.193,Metasploit
CVE-2017-14980,0.0,0.08987,Buffer overflow in Sync Breeze Enterprise 10.0.28 allows remote attackers to have unspecified impact via a long username parameter to /login.,2017-10-10 01:30:22.033,Metasploit
CVE-2017-15222,9.8,0.58893,Buffer Overflow vulnerability in Ayukov NFTPD 2.0 and earlier allows remote attackers to execute arbitrary code.,2017-10-24 17:29:00.433,Metasploit
CVE-2017-15287,0.0,0.00129,"There is XSS in the BouquetEditor WebPlugin for Dream Multimedia Dreambox devices, as demonstrated by the ""Name des Bouquets"" field, or the file parameter to the /file URI.",2017-10-12 15:29:00.373,Nuclei
CVE-2017-15363,7.5,0.04393,"Directory traversal vulnerability in public/examples/resources/getsource.php in Luracast Restler through 3.0.0, as used in the restler extension before 1.7.1 for TYPO3, allows remote attackers to read arbitrary files via the file parameter.",2017-10-15 19:29:00.217,Nuclei
CVE-2017-15647,0.0,0.01752,"On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value.",2017-10-19 22:29:00.357,Nuclei
CVE-2017-15715,0.0,0.96093,"In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename.",2018-03-26 15:29:00.287,EPSS/Nuclei
CVE-2017-15889,0.0,0.11909,Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) before 5.2-5967-5 allows remote authenticated users to execute arbitrary commands via disk field.,2017-12-04 19:29:00.297,Metasploit
CVE-2017-15908,7.5,0.95505,"In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the 'systemd-resolved' service and cause a DoS of the affected service.",2017-10-26 14:29:00.207,EPSS
CVE-2017-15944,0.0,0.97346,"Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to execute arbitrary code via vectors involving the management interface.",2017-12-11 17:29:00.490,EPSS/CISA/Metasploit/Nuclei
CVE-2017-16086,0.0,0.00907,ua-parser is a port of Browserscope's user agent parser. ua-parser is vulnerable to a ReDoS (Regular Expression Denial of Service) attack when given a specially crafted UserAgent header.,2018-06-07 02:29:01.597,Metasploit
CVE-2017-16249,0.0,0.04168,"The Debut embedded http server contains a remotely exploitable denial of service where a single malformed HTTP POST request can cause the server to hang until eventually replying (~300 seconds) with an HTTP 500 error. While the server is hung, print jobs over the network are blocked and the web interface is inaccessible. An attacker can continuously send this malformed request to keep the device inaccessible to legitimate traffic.",2017-11-10 02:29:18.607,Metasploit
CVE-2017-16524,0.0,0.50832,"Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'network_ssl_upload.php' allows remote authenticated attackers to upload and execute arbitrary PHP code via a filename with a .php extension, which is then accessed via a direct request to the file in the upload/ directory. To authenticate for this attack, one can obtain web-interface credentials in cleartext by leveraging the existing Local File Read Vulnerability referenced as CVE-2015-8279, which allows remote attackers to read the web-interface credentials via a request for the cslog_export.php?path=/root/php_modules/lighttpd/sbin/userpw URI.",2017-11-06 08:29:00.220,Metasploit
CVE-2017-16651,7.8,0.01484,"Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target system with a valid username/password as the attack requires an active session. The issue is related to file-based attachment plugins and _task=settings&_action=upload-display&_from=timezone requests.",2017-11-09 14:29:00.267,CISA/Metasploit
CVE-2017-16666,0.0,0.43682,Xplico before 1.2.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the name of an uploaded PCAP file.  NOTE: this issue can be exploited without authentication by leveraging the user registration feature.,2018-01-05 16:29:00.417,Metasploit
CVE-2017-16709,0.0,0.7161,Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote authenticated administrators to execute arbitrary code via unspecified vectors.,2018-07-11 16:29:00.487,Metasploit
CVE-2017-16806,0.0,0.07105,The Process function in RemoteTaskServer/WebServer/HttpServer.cs in Ulterius before 1.9.5.0 allows HTTP server directory traversal.,2017-11-13 21:29:00.283,Metasploit/Nuclei
CVE-2017-16877,0.0,0.00337,"ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information.",2017-11-17 17:29:00.337,Nuclei
CVE-2017-16894,0.0,0.11608,"In Laravel framework through 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwords) via a direct request for the /.env URI. NOTE: this CVE is only about Laravel framework's writeNewEnvironmentFileWith function in src/Illuminate/Foundation/Console/KeyGenerateCommand.php, which uses file_put_contents without restricting the .env permissions. The .env filename is not used exclusively by Laravel framework.",2017-11-20 01:29:00.227,Metasploit/Nuclei
CVE-2017-16995,7.8,0.00048,The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4.4 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect sign extension.,2017-12-27 17:08:17.670,Metasploit
CVE-2017-17043,0.0,0.00245,"The Emag Marketplace Connector plugin 1.0.0 for WordPress has reflected XSS because the parameter ""post"" to /wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php is not filtered correctly.",2017-11-28 22:29:00.233,Nuclei
CVE-2017-17059,0.0,0.00242,XSS exists in the amtyThumb amty-thumb-recent-post (aka amtyThumb posts or wp-thumb-post) plugin 8.1.3 for WordPress via the query string to amtyThumbPostsAdminPg.php.,2017-11-29 17:29:00.277,Nuclei
CVE-2017-17105,0.0,0.86968,"Zivif PR115-204-P-RS V2.3.4.2103 and V4.7.4.2121 (and possibly in-between versions) web cameras are vulnerable to unauthenticated, blind remote command injection via CGI scripts used as part of the web interface, as demonstrated by a cgi-bin/iptest.cgi?cmd=iptest.cgi&-time=""1504225666237""&-url=$(reboot) request.",2017-12-19 02:29:41.550,Metasploit
CVE-2017-17382,0.0,0.00304,"Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.",2017-12-13 16:29:00.253,Metasploit
CVE-2017-17411,0.0,0.97373,This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management portal. The issue lies in the lack of proper validation of user data before executing a system call. An attacker could leverage this vulnerability to execute code with root privileges. Was ZDI-CAN-4892.,2017-12-21 14:29:00.520,EPSS/Metasploit
CVE-2017-17427,0.0,0.00259,"Radware Alteon devices with a firmware version between 31.0.0.0-31.0.3.0 are vulnerable to an adaptive-chosen ciphertext attack (""Bleichenbacher attack""). This allows an attacker to decrypt observed traffic that has been encrypted with the RSA cipher and to perform other private key operations.",2017-12-13 16:29:00.317,Metasploit
CVE-2017-17428,0.0,0.00298,"Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits (SDKs) allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.",2018-03-05 18:29:00.237,Metasploit
CVE-2017-17451,0.0,0.00178,The WP Mailster plugin before 1.5.5 for WordPress has XSS in the unsubscribe handler via the mes parameter to view/subscription/unsubscribe2.php.,2017-12-07 00:29:00.443,Nuclei
CVE-2017-17560,0.0,0.97244,"An issue was discovered on Western Digital MyCloud PR4100 2.30.172 devices. The web administration component, /web/jquery/uploader/multi_uploadify.php, provides multipart upload functionality that is accessible without authentication and can be used to place a file anywhere on the device's file system. This allows an attacker the ability to upload a PHP shell onto the device and obtain arbitrary code execution as root.",2017-12-12 18:29:00.230,EPSS/Metasploit
CVE-2017-17562,0.0,0.97455,"Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters in the cgiHandler function in cgi.c. When combined with the glibc dynamic linker, this behaviour can be abused for remote code execution using special parameter names such as LD_PRELOAD. An attacker can POST their shared object payload in the body of the request, and reference it using /proc/self/fd/0.",2017-12-12 19:29:00.207,EPSS/CISA/Metasploit/Nuclei
CVE-2017-17692,0.0,0.93267,Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that redirects to a child tab and rewrites the innerHTML property.,2017-12-21 19:29:00.233,Metasploit
CVE-2017-17731,0.0,0.0581,DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php.,2017-12-18 05:29:00.367,Nuclei
CVE-2017-17736,0.0,0.1483,Kentico 9.0 before 9.0.51 and 10.0 before 10.0.48 allows remote attackers to obtain Global Administrator access by visiting CMSInstall/install.aspx and then navigating to the CMS Administration Dashboard.,2018-03-23 15:29:00.223,Nuclei
CVE-2017-17932,0.0,0.33418,A buffer overflow vulnerability exists in MediaServer.exe in ALLPlayer ALLMediaServer 0.95 and earlier that could allow remote attackers to execute arbitrary code and/or cause denial of service on the victim machine/computer via a long string to TCP port 888.,2017-12-28 06:29:00.207,Metasploit
CVE-2017-17968,0.0,0.01398,A buffer overflow vulnerability in NetTransport.exe in NetTransport Download Manager 2.96L and earlier could allow remote HTTP servers to execute arbitrary code on NAS devices via a long HTTP response.,2017-12-29 15:29:00.657,Metasploit
CVE-2017-18017,9.8,0.95385,"The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.",2018-01-03 06:29:00.517,EPSS
CVE-2017-18024,0.0,0.00074,"AvantFAX 3.3.3 has XSS via an arbitrary parameter name to the default URI, as demonstrated by a parameter whose name contains a SCRIPT element and whose value is 1.",2018-01-10 18:29:01.337,Nuclei
CVE-2017-18044,0.0,0.0643,"A Command Injection issue was discovered in ContentStore/Base/CVDataPipe.dll in Commvault before v11 SP6. A certain message parsing function inside the Commvault service does not properly validate the input of an incoming string before passing it to CreateProcess. As a result, a specially crafted message can inject commands that will be executed on the target operating system. Exploitation of this vulnerability does not require authentication and can lead to SYSTEM level privilege on any system running the cvd daemon. This is a different vulnerability than CVE-2017-3195.",2018-01-19 17:29:00.413,Metasploit
CVE-2017-18047,0.0,0.0484,Buffer Overflow in the FTP client in LabF nfsAxe 3.7 allows remote FTP servers to execute arbitrary code via a long reply.,2018-01-22 04:29:00.267,Metasploit
CVE-2017-18048,0.0,0.91164,"Monstra CMS 3.0.4 allows users to upload arbitrary files, which leads to remote command execution on the server, for example because .php (lowercase) is blocked but .PHP (uppercase) is not.",2018-01-23 06:29:00.213,Metasploit
CVE-2017-18357,0.0,0.33256,"Shopware before 5.3.4 has a PHP Object Instantiation issue via the sort parameter to the loadPreviewAction() method of the Shopware_Controllers_Backend_ProductStream controller, with resultant XXE via instantiation of a SimpleXMLElement object.",2019-01-15 16:29:00.320,Metasploit
CVE-2017-18362,0.0,0.04496,"ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database. In February 2019, attackers have actively exploited this in the wild to download and execute ransomware payloads on all endpoints managed by the VSA server. If the ManagedIT.asmx page is available via the Kaseya VSA web interface, anyone with access to the page is able to run arbitrary SQL queries, both read and write, without authentication.",2019-02-05 06:29:00.233,CISA
CVE-2017-18368,0.0,0.97518,"The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. The vulnerability is in the ViewLog.asp page and can be exploited through the remote_host parameter.",2019-05-02 17:29:00.287,EPSS/CISA/Metasploit
CVE-2017-18369,0.0,0.93698,"The Billion 5200W-T 1.02b.rc5.dt49 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. The vulnerability is in the adv_remotelog.asp page and can be exploited through the syslogServerAddr parameter.",2019-05-02 17:29:00.647,Metasploit
CVE-2017-18370,0.0,0.78168,"The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is only accessible by an authenticated user. The vulnerability is in the logSet.asp page and can be exploited through the ServerIP parameter. Authentication can be achieved by exploiting CVE-2017-18371.",2019-05-02 17:29:00.880,Metasploit
CVE-2017-18371,0.0,0.02698,"The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by TrueOnline has three user accounts with default passwords, including two hardcoded service accounts: one with the username true and password true, and another with the username supervisor and password zyad1234. These accounts can be used to login to the web interface, exploit authenticated command injections, and change router settings for malicious purposes.",2019-05-02 17:29:01.067,Metasploit
CVE-2017-18372,0.0,0.22109,"The Billion 5200W-T TCLinux Fw $7.3.8.0 v008 130603 router distributed by TrueOnline has a command injection vulnerability in the Time Setting function, which is only accessible by an authenticated user. The vulnerability is in the tools_time.asp page and can be exploited through the uiViewSNTPServer parameter. Authentication can be achieved by exploiting CVE-2017-18373.",2019-05-02 17:29:01.257,Metasploit
CVE-2017-18487,0.0,0.00088,The adsense-plugin (aka Google AdSense) plugin before 1.44 for WordPress has multiple XSS issues.,2019-08-13 18:15:11.790,Nuclei
CVE-2017-18490,0.0,0.00088,The contact-form-multi plugin before 1.2.1 for WordPress has multiple XSS issues.,2019-08-13 17:15:13.157,Nuclei
CVE-2017-18491,0.0,0.00088,The contact-form-plugin plugin before 4.0.6 for WordPress has multiple XSS issues.,2019-08-13 17:15:13.220,Nuclei
CVE-2017-18492,0.0,0.00088,The contact-form-to-db plugin before 1.5.7 for WordPress has multiple XSS issues.,2019-08-13 17:15:13.297,Nuclei
CVE-2017-18493,0.0,0.00088,The custom-admin-page plugin before 0.1.2 for WordPress has multiple XSS issues.,2019-08-13 17:15:13.360,Nuclei
CVE-2017-18494,0.0,0.00088,The custom-search-plugin plugin before 1.36 for WordPress has multiple XSS issues.,2019-08-13 17:15:13.423,Nuclei
CVE-2017-18496,0.0,0.00088,The htaccess plugin before 1.7.6 for WordPress has multiple XSS issues.,2019-08-13 17:15:13.577,Nuclei
CVE-2017-18500,0.0,0.00231,The social-buttons-pack plugin before 1.1.1 for WordPress has multiple XSS issues.,2019-08-12 16:15:13.040,Nuclei
CVE-2017-18501,0.0,0.00231,The social-login-bws plugin before 0.2 for WordPress has multiple XSS issues.,2019-08-12 16:15:13.117,Nuclei
CVE-2017-18502,0.0,0.00231,The subscriber plugin before 1.3.5 for WordPress has multiple XSS issues.,2019-08-12 16:15:13.213,Nuclei
CVE-2017-18505,0.0,0.00163,The twitter-plugin plugin before 2.55 for WordPress has XSS.,2019-08-12 16:15:13.477,Nuclei
CVE-2017-18516,0.0,0.00088,The bws-linkedin plugin before 1.0.5 for WordPress has multiple XSS issues.,2019-08-21 19:15:12.467,Nuclei
CVE-2017-18517,0.0,0.00088,The bws-pinterest plugin before 1.0.5 for WordPress has multiple XSS issues.,2019-08-20 15:15:11.870,Nuclei
CVE-2017-18518,0.0,0.00088,The bws-smtp plugin before 1.1.0 for WordPress has multiple XSS issues.,2019-08-20 16:15:11.407,Nuclei
CVE-2017-18527,0.0,0.00088,The pagination plugin before 1.0.7 for WordPress has multiple XSS issues.,2019-08-20 16:15:12.110,Nuclei
CVE-2017-18528,0.0,0.00088,The pdf-print plugin before 1.9.4 for WordPress has multiple XSS issues.,2019-08-20 16:15:12.220,Nuclei
CVE-2017-18529,0.0,0.00088,The promobar plugin before 1.1.1 for WordPress has multiple XSS issues.,2019-08-20 16:15:12.283,Nuclei
CVE-2017-18530,0.0,0.00088,The rating-bws plugin before 0.2 for WordPress has multiple XSS issues.,2019-08-20 16:15:12.377,Nuclei
CVE-2017-18532,0.0,0.00088,The realty plugin before 1.1.0 for WordPress has multiple XSS issues.,2019-08-20 16:15:12.533,Nuclei
CVE-2017-18536,0.0,0.00088,The stop-user-enumeration plugin before 1.3.8 for WordPress has XSS.,2019-08-21 12:15:10.887,Nuclei
CVE-2017-18537,0.0,0.00088,The visitors-online plugin before 1.0.0 for WordPress has multiple XSS issues.,2019-08-21 12:15:10.947,Nuclei
CVE-2017-18542,0.0,0.00221,The zendesk-help-center plugin before 1.0.5 for WordPress has multiple XSS issues.,2019-08-16 21:15:10.690,Nuclei
CVE-2017-18556,0.0,0.00088,The bws-google-analytics plugin before 1.7.1 for WordPress has multiple XSS issues.,2019-08-21 13:15:11.860,Nuclei
CVE-2017-18557,0.0,0.00088,The bws-google-maps plugin before 1.3.6 for WordPress has multiple XSS issues.,2019-08-21 13:15:11.923,Nuclei
CVE-2017-18558,0.0,0.00088,The bws-testimonials plugin before 0.1.9 for WordPress has multiple XSS issues.,2019-08-21 13:15:11.987,Nuclei
CVE-2017-18562,0.0,0.00088,The error-log-viewer plugin before 1.0.6 for WordPress has multiple XSS issues.,2019-08-21 19:15:12.827,Nuclei
CVE-2017-18564,0.0,0.00088,The sender plugin before 1.2.1 for WordPress has multiple XSS issues.,2019-08-21 18:15:11.117,Nuclei
CVE-2017-18565,0.0,0.00088,The updater plugin before 1.35 for WordPress has multiple XSS issues.,2019-08-21 13:15:12.127,Nuclei
CVE-2017-18566,0.0,0.00088,The user-role plugin before 1.5.6 for WordPress has multiple XSS issues.,2019-08-20 16:15:13.157,Nuclei
CVE-2017-18598,6.1,0.00094,The Qards plugin through 2017-10-11 for WordPress has XSS via a remote document specified in the url parameter to html2canvasproxy.php.,2019-09-10 11:15:10.987,Nuclei
CVE-2017-18638,7.5,0.00827,"send_email in graphite-web/webapp/graphite/composer/views.py in Graphite through 1.1.5 is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and then sent to an e-mail address that can be supplied by the attacker. Thus, an attacker can exfiltrate any information.",2019-10-11 23:15:10.447,Nuclei
CVE-2017-2741,0.0,0.96168,"A potential security vulnerability has been identified with HP PageWide Printers, HP OfficeJet Pro Printers, with firmware before 1708D. This vulnerability could potentially be exploited to execute arbitrary code.",2018-01-23 16:29:00.787,EPSS/Metasploit
CVE-2017-2930,8.8,0.95478,Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability due to a concurrency error when manipulating a display list. Successful exploitation could lead to arbitrary code execution.,2017-01-11 04:59:00.383,EPSS
CVE-2017-3248,0.0,0.97105,"Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0 and 12.2.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS v3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts).",2017-01-27 22:59:02.553,EPSS/Metasploit
CVE-2017-3506,7.4,0.8686,"Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data as well as unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).",2017-04-24 19:59:03.037,CISA/Nuclei
CVE-2017-3528,0.0,0.00865,"Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Popup windows (lists of values, datepicker, etc.)). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).",2017-04-24 19:59:03.770,Nuclei
CVE-2017-3599,0.0,0.95748,"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue is an integer overflow in sql/auth/sql_authentication.cc which allows remote attackers to cause a denial of service via a crafted authentication packet.",2017-04-24 19:59:05.973,EPSS
CVE-2017-3622,0.0,0.00104,"Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Common Desktop Environment (CDE)). The supported version that is affected is 10. Easily ""exploitable"" vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in takeover of Solaris. Note: CVE-2017-3622 is assigned for the ""Extremeparr"". CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).",2017-04-24 19:59:06.770,Metasploit
CVE-2017-3629,0.0,0.00067,"Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in takeover of Solaris. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).",2017-06-22 13:29:00.203,Metasploit
CVE-2017-3630,0.0,0.00047,"Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data as well as unauthorized read access to a subset of Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).",2017-06-22 13:29:00.237,Metasploit
CVE-2017-3631,0.0,0.00047,"Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data as well as unauthorized read access to a subset of Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).",2017-06-22 13:29:00.267,Metasploit
CVE-2017-3730,0.0,0.95419,"In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack.",2017-05-04 19:29:00.320,EPSS
CVE-2017-3823,0.0,0.87888,"An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plugin before 10031.6.2017.0126 on Internet Explorer, and the Download Manager ActiveX control plugin before 2.1.0.10 on Internet Explorer. A vulnerability in these Cisco WebEx browser extensions could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server and Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center) when they are running on Microsoft Windows. The vulnerability is a design defect in an application programing interface (API) response parser within the extension. An attacker that can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser.",2017-02-01 11:59:00.133,Metasploit
CVE-2017-3881,9.8,0.97481,"A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges. The Cluster Management Protocol utilizes Telnet internally as a signaling and command protocol between cluster members. The vulnerability is due to the combination of two factors: (1) the failure to restrict the use of CMP-specific Telnet options only to internal, local communications between cluster members and instead accept and process such options over any Telnet connection to an affected device; and (2) the incorrect processing of malformed CMP-specific Telnet options. An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device. This affects Catalyst switches, Embedded Service 2020 switches, Enhanced Layer 2 EtherSwitch Service Module, Enhanced Layer 2/3 EtherSwitch Service Module, Gigabit Ethernet Switch Module (CGESM) for HP, IE Industrial Ethernet switches, ME 4924-10GE switch, RF Gateway 10, and SM-X Layer 2/3 EtherSwitch Service Module. Cisco Bug IDs: CSCvd48893.",2017-03-17 22:59:00.640,EPSS/CISA/Metasploit/Nuclei
CVE-2017-4011,0.0,0.00142,Embedding Script (XSS) in HTTP Headers vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to get session/cookie information via modification of the HTTP request.,2017-05-17 21:29:00.210,Nuclei
CVE-2017-4915,0.0,0.00107,VMware Workstation Pro/Player contains an insecure library loading vulnerability via ALSA sound driver configuration files. Successful exploitation of this issue may allow unprivileged host users to escalate their privileges to root in a Linux host machine.,2017-05-22 14:29:00.183,Metasploit
CVE-2017-5030,8.8,0.62243,"Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.2987.108 for Android allowed a remote attacker to execute arbitrary code via a crafted HTML page.",2017-04-24 23:59:00.190,CISA
CVE-2017-5070,8.8,0.22646,"Type confusion in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.",2017-10-27 05:29:00.847,CISA
CVE-2017-5146,0.0,0.00688,"An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. Sensitive information is stored in clear-text.",2017-02-13 21:59:02.580,Metasploit
CVE-2017-5162,0.0,0.01552,An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Lack of authentication for remote service gives access to application set up and configuration.,2017-02-13 21:59:02.860,Metasploit
CVE-2017-5173,9.8,0.96226,"An Improper Neutralization of Special Elements (in an OS command) issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An improper neutralization of special elements vulnerability has been identified. If special elements are not properly neutralized, an attacker can call multiple parameters that can allow access to the root level operating system which could allow remote code execution.",2017-05-19 03:29:00.183,EPSS
CVE-2017-5223,0.0,0.95092,"An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to convert relative image URLs into attachments using a script-provided base directory. If no base directory is provided, it resolves to /, meaning that relative image URLs get treated as absolute local file paths and added as attachments. To form a remote vulnerability, the msgHTML method must be called, passed an unfiltered, user-supplied HTML document, and must not set a base directory.",2017-01-16 06:59:00.197,EPSS
CVE-2017-5254,0.0,0.90298,"In version 3.5 and prior of Cambium Networks ePMP firmware, the non-administrative users 'installer' and 'home' have the capability of changing passwords for other accounts, including admin, after disabling a client-side protection mechanism.",2017-12-20 22:29:00.307,Metasploit
CVE-2017-5259,0.0,0.02736,"In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path https://<device-ip-or-hostname>/adm/syscmd.asp.",2017-12-20 22:29:00.510,Metasploit
CVE-2017-5260,0.0,0.00792,"In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, although the option to access the configuration file is not available in the normal web administrative console for the 'user' account, the configuration file is accessible via direct object reference (DRO) at http://<device-ip-or-hostname>/goform/down_cfg_file by this otherwise low privilege 'user' account.",2017-12-20 22:29:00.557,Metasploit
CVE-2017-5261,0.0,0.02032,"In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the 'ping' and 'traceroute' functions of the web administrative console expose a file path traversal vulnerability, accessible to all authenticated users.",2017-12-20 22:29:00.603,Metasploit
CVE-2017-5262,0.0,0.0015,"In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the SNMP read-only (RO) community string has access to sensitive information by OID reference.",2017-12-20 22:29:00.637,Metasploit
CVE-2017-5521,0.0,0.97402,"An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices. They are prone to password disclosure via simple crafted requests to the web management server. The bug is exploitable remotely if the remote management option is set, and can also be exploited given access to the router over LAN or WLAN. When trying to access the web panel, a user is asked to authenticate; if the authentication is canceled and password recovery is not enabled, the user is redirected to a page that exposes a password recovery token. If a user supplies the correct token to the page /passwordrecovered.cgi?id=TOKEN (and password recovery is not enabled), they will receive the admin password for the router. If password recovery is set the exploit will fail, as it will ask the user for the recovery questions that were previously set when enabling that feature. This is persistent (even after disabling the recovery option, the exploit will fail) because the router will ask for the security questions.",2017-01-17 09:59:00.333,EPSS/CISA/Metasploit/Nuclei
CVE-2017-5631,0.0,0.00286,"An issue was discovered in KMCIS CaseAware. Reflected cross site scripting is present in the user parameter (i.e., ""usr"") that is transmitted in the login.php query string.",2017-05-01 14:59:00.147,Nuclei
CVE-2017-5638,0.0,0.97546,"The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.",2017-03-11 02:59:00.150,EPSS/CISA/Metasploit/Nuclei
CVE-2017-5645,9.8,0.87384,"In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.",2017-04-17 21:59:00.373,Nuclei
CVE-2017-5689,9.8,0.97395,"An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT).",2017-05-02 14:59:00.520,EPSS/CISA/Metasploit/Nuclei
CVE-2017-5715,5.6,0.97515,Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.,2018-01-04 13:29:00.227,EPSS
CVE-2017-5753,5.6,0.97551,Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.,2018-01-04 13:29:00.257,EPSS
CVE-2017-5754,0.0,0.97384,Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.,2018-01-04 13:29:00.303,EPSS
CVE-2017-5816,0.0,0.96591,A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.,2018-02-15 22:29:06.933,EPSS/Metasploit
CVE-2017-5817,0.0,0.93077,A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.,2018-02-15 22:29:06.980,Metasploit
CVE-2017-5930,2.7,0.00474,"The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check.",2017-03-20 16:59:02.127,Metasploit
CVE-2017-5982,0.0,0.05175,"Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files via a %2E%2E%252e (encoded dot dot slash) in the image path, as demonstrated by image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd.",2017-02-28 18:59:00.500,Metasploit/Nuclei
CVE-2017-6048,0.0,0.00255,"A Command Injection issue was discovered in Satel Iberia SenNet Data Logger and Electricity Meters: SenNet Optimal DataLogger V5.37c-1.43c and prior, SenNet Solar Datalogger V5.03-1.56a and prior, and SenNet Multitask Meter V5.21a-1.18b and prior. Successful exploitation of this vulnerability could result in the attacker breaking out of the jailed shell and gaining full access to the system.",2017-05-19 03:29:00.543,Metasploit
CVE-2017-6077,0.0,0.96692,ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping_IPAddr field of an HTTP POST request.,2017-02-22 23:59:00.190,EPSS/CISA
CVE-2017-6090,0.0,0.97204,"Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in logos_clients/.",2017-10-03 01:29:03.187,EPSS/Metasploit/Nuclei
CVE-2017-6168,0.0,0.0026,"On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1), 12.0.0-12.1.2 HF1 (fixed in 12.1.2 HF2), or 13.0.0-13.0.0 HF2 (fixed in 13.0.0 HF3) a virtual server configured with a Client SSL profile may be vulnerable to an Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) against RSA, which when exploited, may result in plaintext recovery of encrypted messages and/or a Man-in-the-middle (MiTM) attack, despite the attacker not having gained access to the server's private key itself, aka a ROBOT attack.",2017-11-17 19:29:00.217,Metasploit
CVE-2017-6187,0.0,0.37263,Buffer overflow in the built-in web server in DiskSavvy Enterprise 9.4.18 allows remote attackers to execute arbitrary code via a long URI in a GET request.,2017-02-22 23:59:00.220,Metasploit
CVE-2017-6316,0.0,0.96168,"Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as root via a CGISESSID cookie. On CloudBridge (the former name of NetScaler SD-WAN) devices, the cookie name was CAKEPHP rather than CGISESSID.",2017-07-20 04:29:00.423,EPSS/CISA
CVE-2017-6326,0.0,0.34038,"The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process.",2017-06-26 21:29:00.267,Metasploit
CVE-2017-6327,0.0,0.3799,"The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process. In this type of occurrence, after gaining access to the system, the attacker may attempt to elevate their privileges.",2017-08-11 20:29:00.207,CISA
CVE-2017-6334,0.0,0.96297,"dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the host_name field of an HTTP POST request, a different vulnerability than CVE-2017-6077.",2017-03-06 02:59:00.433,EPSS/CISA/Metasploit
CVE-2017-6361,0.0,0.9591,QNAP QTS before 4.2.4 Build 20170313 allows attackers to execute arbitrary commands via unspecified vectors.,2017-03-23 16:59:00.747,EPSS
CVE-2017-6398,0.0,0.11157,"An issue was discovered in Trend Micro InterScan Messaging Security (Virtual Appliance) 9.1-1600. An authenticated user can execute a terminal command in the context of the web server user (which is root). Besides, the default installation of IMSVA comes with default administrator credentials. The saveCert.imss endpoint takes several user inputs and performs blacklisting. After that, it uses them as arguments to a predefined operating-system command without proper sanitization. However, because of an improper blacklisting rule, it's possible to inject arbitrary commands into it.",2017-03-14 09:59:00.363,Metasploit
CVE-2017-6416,0.0,0.02322,"An issue was discovered in SysGauge 1.5.18. A buffer overflow vulnerability in SMTP connection verification leads to arbitrary code execution. The attack vector is a crafted SMTP daemon that sends a long 220 (aka ""Service ready"") string.",2017-03-06 02:59:00.493,Metasploit
CVE-2017-6510,0.0,0.02115,Easy File Sharing FTP Server version 3.6 is vulnerable to a directory traversal vulnerability which allows an attacker to list and download any file from any folder outside the FTP root Directory.,2017-03-16 14:59:00.330,Metasploit
CVE-2017-6516,0.0,0.00076,A Local Privilege Escalation Vulnerability in MagniComp's Sysinfo before 10-H64 for Linux and UNIX platforms could allow a local attacker to gain elevated privileges. Parts of SysInfo require setuid-to-root access in order to access restricted system files and make restricted kernel calls. This access could be exploited by a local attacker to gain a root shell prompt using the right combination of environment variables and command line arguments.,2017-03-14 17:59:00.230,Metasploit
CVE-2017-6526,0.0,0.86443,An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to unauthenticated command execution through an improperly protected administrative web shell (cgi-bin/dna/sysAdmin.cgi POST requests).,2017-03-09 19:59:00.143,Metasploit
CVE-2017-6527,0.0,0.80993,An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to a NUL-terminated directory traversal attack allowing an unauthenticated attacker to access system files readable by the web server user (by using the viewAppletFsa.cgi seqID parameter).,2017-03-09 19:59:00.190,Metasploit
CVE-2017-6553,0.0,0.59858,Buffer Overflow in Quest One Identity Privilege Manager for Unix before 6.0.0.061 allows remote attackers to obtain full access to the policy server via an ACT_ALERT_EVENT request that causes memory corruption in the pmmasterd daemon.,2017-04-29 16:59:00.170,Metasploit
CVE-2017-6627,7.5,0.0036,"A vulnerability in the UDP processing code of Cisco IOS 15.1, 15.2, and 15.4 and IOS XE 3.14 through 3.18 could allow an unauthenticated, remote attacker to cause the input queue of an affected system to hold UDP packets, causing an interface queue wedge and a denial of service (DoS) condition. The vulnerability is due to Cisco IOS Software application changes that create UDP sockets and leave the sockets idle without closing them. An attacker could exploit this vulnerability by sending UDP packets with a destination port of 0 to an affected device. A successful exploit could allow the attacker to cause UDP packets to be held in the input interfaces queue, resulting in a DoS condition. The input interface queue will stop holding UDP packets when it receives 250 packets. Cisco Bug IDs: CSCup10024, CSCva55744, CSCva95506.",2017-09-07 21:29:00.660,CISA
CVE-2017-6663,6.5,0.0019,"A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause autonomic nodes of an affected system to reload, resulting in a denial of service (DoS) condition. More Information: CSCvd88936. Known Affected Releases: Denali-16.2.1 Denali-16.3.1.",2017-08-07 06:29:00.230,CISA
CVE-2017-6736,0.0,0.01303,"The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve57697.",2017-07-17 21:29:00.213,CISA
CVE-2017-6737,0.0,0.01589,"The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve60402.",2017-07-17 21:29:00.243,CISA
CVE-2017-6738,0.0,0.01589,"The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve89865, CSCsy56638.",2017-07-17 21:29:00.290,CISA
CVE-2017-6739,0.0,0.01589,"The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve66540.",2017-07-17 21:29:00.337,CISA
CVE-2017-6740,0.0,0.01589,"The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve66601.",2017-07-17 21:29:00.370,CISA
CVE-2017-6742,0.0,0.01227,"The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve54313.",2017-07-17 21:29:00.447,CISA
CVE-2017-6743,8.8,0.01589,"The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve60376, CSCve78027.",2017-07-17 21:29:00.477,CISA
CVE-2017-6744,0.0,0.03402,"The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities.

 The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP - Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. A successful exploit could allow the attacker to execute arbitrary code and obtain full control of the affected system or cause the affected system to reload. Customers are advised to apply the workaround as contained in the Workarounds section below. Fixed software information is available via the Cisco IOS Software Checker. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable.

   There are workarounds that address these vulnerabilities.",2017-07-17 21:29:00.510,CISA
CVE-2017-6862,0.0,0.19417,"NETGEAR WNR2000v3 devices before 1.1.2.14, WNR2000v4 devices before 1.0.0.66, and WNR2000v5 devices before 1.0.0.42 allow authentication bypass and remote code execution via a buffer overflow that uses a parameter in the administration webapp. The NETGEAR ID is PSV-2016-0261.",2017-05-26 20:29:00.177,CISA
CVE-2017-6884,0.0,0.97378,"A command injection vulnerability was discovered on the Zyxel EMG2926 home router with firmware V1.00(AAQT.4)b8. The vulnerability is located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute arbitrary commands on the router, such as the ping_ip parameter to the expert/maintenance/diagnostic/nslookup URI.",2017-04-06 17:59:00.163,EPSS/CISA
CVE-2017-7230,0.0,0.64573,A buffer overflow vulnerability in Disk Sorter Enterprise 9.5.12 and earlier allows remote attackers to execute arbitrary code via a GET request.,2017-03-22 18:59:00.147,Metasploit
CVE-2017-7269,0.0,0.97121,"Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with ""If: <http://"" in a PROPFIND request, as exploited in the wild in July or August 2016.",2017-03-27 02:59:00.453,EPSS/CISA/Metasploit/Nuclei
CVE-2017-7308,7.8,0.00088,"The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or gain privileges (if the CAP_NET_RAW capability is held), via crafted system calls.",2017-03-29 20:59:00.373,Metasploit
CVE-2017-7391,0.0,0.00195,A Cross-Site Scripting (XSS) was discovered in 'Magmi 0.7.22'. The vulnerability exists due to insufficient filtration of user-supplied data (prefix) passed to the 'magmi-git-master/magmi/web/ajax_gettime.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.,2017-04-01 02:59:00.240,Nuclei
CVE-2017-7411,0.0,0.69105,"An issue was discovered in Enalean Tuleap 9.6 and prior versions. The vulnerability exists because the User::getRecentElements() method is using the unserialize() function with a preference value that can be arbitrarily manipulated by malicious users through the REST API interface, and this can be exploited to inject arbitrary PHP objects into the application scope, allowing an attacker to perform a variety of attacks (including but not limited to Remote Code Execution).",2017-10-30 14:29:00.877,Metasploit
CVE-2017-7442,0.0,0.95992,Nitro Pro 11.0.3.173 allows remote attackers to execute arbitrary code via saveAs and launchURL calls with directory traversal sequences.,2017-08-03 08:29:00.307,EPSS/Metasploit
CVE-2017-7494,9.8,0.97264,"Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.",2017-05-30 18:29:00.190,EPSS/CISA/Metasploit
CVE-2017-7529,7.5,0.96283,Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.,2017-07-13 13:29:00.220,EPSS
CVE-2017-7581,0.0,0.93006,SQL injection vulnerability in NewsController.php in the News module 5.3.2 and earlier for TYPO3 allows unauthenticated users to execute arbitrary SQL commands via vectors involving overwriteDemand for order and OrderByAllowed.,2017-04-07 19:59:00.200,Metasploit
CVE-2017-7615,8.8,0.97404,MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php.,2017-04-16 14:59:00.147,EPSS/Metasploit/Nuclei
CVE-2017-7722,0.0,0.01111,"In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with ""cmc"" and ""password"" (the default username and password). By exploiting a vulnerability in the restrictssh feature of the menuing script, an attacker can escape from the restricted shell.",2017-04-12 16:59:00.180,Metasploit
CVE-2017-7855,0.0,0.00091,"In the webmail component in IceWarp Server 11.3.1.5, there was an XSS vulnerability discovered in the ""language"" parameter.",2017-08-31 21:29:00.233,Nuclei
CVE-2017-7918,0.0,0.00097,"An Improper Access Control issue was discovered in Cambium Networks ePMP. After a valid user has used SNMP configuration export, an attacker is able to remotely trigger device configuration backups using specific MIBs. These backups lack proper access control and may allow access to sensitive information and possibly allow for configuration changes.",2017-06-21 19:29:00.400,Metasploit
CVE-2017-7921,0.0,0.01361,"An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information.",2017-05-06 00:29:00.350,Nuclei
CVE-2017-7922,0.0,0.00097,"An Improper Privilege Management issue was discovered in Cambium Networks ePMP. The privileges for SNMP community strings are not properly restricted, which may allow an attacker to gain access to sensitive information and possibly allow for configuration changes.",2017-06-21 19:29:00.433,Metasploit
CVE-2017-7924,0.0,0.00205,"An Improper Input Validation issue was discovered in Rockwell Automation MicroLogix 1100 controllers 1763-L16BWA, 1763-L16AWA, 1763-L16BBB, and 1763-L16DWD. A remote, unauthenticated attacker could send a single, specially crafted Programmable Controller Communication Commands (PCCC) packet to the controller that could potentially cause the controller to enter a DoS condition.",2017-09-20 16:29:00.863,Metasploit
CVE-2017-7925,0.0,0.35992,"A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. The password in configuration file vulnerability was identified, which could lead to a malicious user assuming the identity of a privileged user and gaining access to sensitive information.",2017-05-06 00:29:00.427,Nuclei
CVE-2017-8229,0.0,0.93383,"Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices allow an unauthenticated attacker to download the administrative credentials. If the firmware version V2.420.AC00.16.R 9/9/2016 is dissected using binwalk tool, one obtains a _user-x.squashfs.img.extracted archive which contains the filesystem set up on the device that many of the binaries in the /usr folder. The binary ""sonia"" is the one that has the vulnerable function that sets up the default credentials on the device. If one opens this binary in IDA-pro one will notice that this follows a ARM little endian format. The function sub_436D6 in IDA pro is identified to be setting up the configuration for the device. If one scrolls to the address 0x000437C2 then one can see that /current_config is being set as an ALIAS for /mnt/mtd/Config folder on the device. If one TELNETs into the device and navigates to /mnt/mtd/Config folder, one can observe that it contains various files such as Account1, Account2, SHAACcount1, etc. This means that if one navigates to http://[IPofcamera]/current_config/Sha1Account1 then one should be able to view the content of the files. The security researchers assumed that this was only possible only after authentication to the device. However, when unauthenticated access tests were performed for the same URL as provided above, it was observed that the device file could be downloaded without any authentication.",2019-07-03 20:15:10.633,Nuclei
CVE-2017-8291,0.0,0.25459,"Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a ""/OutputFile (%pipe%"" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.",2017-04-27 01:59:02.057,CISA/Metasploit
CVE-2017-8461,7.8,0.30038,"Windows RPC with Routing and Remote Access enabled in Windows XP and Windows Server 2003 allows an attacker to execute code on a targeted RPC server which has Routing and Remote Access enabled via a specially crafted application, aka ""Windows RPC Remote Code Execution Vulnerability.""",2017-06-15 20:29:00.237,Metasploit
CVE-2017-8464,0.0,0.97464,"Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows local users or remote attackers to execute arbitrary code via a crafted .LNK file, which is not properly handled during icon display in Windows Explorer or any other application that parses the icon of the shortcut. aka ""LNK Remote Code Execution Vulnerability.""",2017-06-15 01:29:02.727,EPSS/CISA
CVE-2017-8540,0.0,0.94875,"The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka ""Microsoft Malware Protection Engine Remote Code Execution Vulnerability"", a different vulnerability than CVE-2017-8538 and CVE-2017-8541.",2017-05-26 20:29:00.427,CISA
CVE-2017-8543,0.0,0.39628,"Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to take control of the affected system when Windows Search fails to handle objects in memory, aka ""Windows Search Remote Code Execution Vulnerability"".",2017-06-15 01:29:04.490,CISA
CVE-2017-8570,0.0,0.97339,"Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka ""Microsoft Office Remote Code Execution Vulnerability"". This CVE ID is unique from CVE-2017-0243.",2017-07-11 21:29:01.267,EPSS/CISA
CVE-2017-8641,0.0,0.95463,"Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render when handling objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.",2017-08-08 21:29:01.157,EPSS
CVE-2017-8759,0.0,0.9716,"Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka "".NET Framework Remote Code Execution Vulnerability.""",2017-09-13 01:29:12.193,EPSS/CISA
CVE-2017-8779,0.0,0.551,"rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb.",2017-05-04 14:29:00.230,Metasploit
CVE-2017-8835,0.0,0.01394,"SQL injection exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. An attack vector is the bauth cookie to cgi-bin/MANGA/admin.cgi. One impact is enumeration of user accounts by observing whether a session ID can be retrieved from the sessions database.",2017-06-05 14:29:00.420,Metasploit
CVE-2017-8869,0.0,0.18057,Buffer overflow in MediaCoder 0.8.48.5888 allows remote attackers to execute arbitrary code via a crafted .m3u file.,2017-07-27 13:29:00.173,Metasploit
CVE-2017-8870,0.0,0.17787,Buffer overflow in AudioCoder 0.8.46 allows remote attackers to execute arbitrary code via a crafted .m3u file.,2017-07-27 18:29:00.213,Metasploit
CVE-2017-8895,0.0,0.3079,"In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a use-after-free vulnerability in multiple agents that can lead to a denial of service or remote code execution. An unauthenticated attacker can use this vulnerability to crash the agent or potentially take control of the agent process and then the system it is running on.",2017-05-10 21:29:00.177,Metasploit
CVE-2017-8917,0.0,0.97555,SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors.,2017-05-17 23:29:00.163,EPSS/Metasploit/Nuclei
CVE-2017-9080,0.0,0.88862,PlaySMS 1.4 allows remote code execution because PHP code in the name of an uploaded .php file is executed. sendfromfile.php has a combination of Unrestricted File Upload and Code Injection.,2017-05-19 15:29:00.337,Metasploit
CVE-2017-9101,0.0,0.8868,import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows remote code execution via vectors involving the User-Agent HTTP header and PHP code in the name of a file.,2017-05-21 18:29:00.220,Metasploit
CVE-2017-9140,0.0,0.00191,Cross-site scripting (XSS) vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 (11.0.17.406) allows remote attackers to inject arbitrary web script or HTML via the bgColor parameter to Telerik.ReportViewer.axd.,2017-05-22 05:29:03.583,Nuclei
CVE-2017-9232,0.0,0.24377,"Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root.",2017-05-28 00:29:00.453,Metasploit
CVE-2017-9248,0.0,0.17894,"Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote attackers to defeat cryptographic protection mechanisms, leading to a MachineKey leak, arbitrary file uploads or downloads, XSS, or ASP.NET ViewState compromise.",2017-07-03 19:29:00.270,CISA
CVE-2017-9288,0.0,0.00168,The Raygun4WP plugin 1.8.0 for WordPress is vulnerable to a reflected XSS in sendtesterror.php (backurl parameter).,2017-05-29 16:29:00.303,Nuclei
CVE-2017-9416,0.0,0.01187,"Directory traversal vulnerability in tools.file_open in Odoo 8.0, 9.0, and 10.0 allows remote authenticated users to read arbitrary local files readable by the Odoo service.",2017-06-04 21:29:00.420,Nuclei
CVE-2017-9462,8.8,0.02997,"In Mercurial before 4.1.3, ""hg serve --stdio"" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name.",2017-06-06 21:29:00.393,Metasploit
CVE-2017-9506,0.0,0.00575,The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).,2017-08-23 19:29:00.197,Nuclei
CVE-2017-9554,0.0,0.02945,An information exposure vulnerability in forget_passwd.cgi in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to enumerate valid usernames via unspecified vectors.,2017-07-24 20:29:00.263,Metasploit
CVE-2017-9757,0.0,0.79357,"IPFire 2.19 has a Remote Command Injection vulnerability in ids.cgi via the OINKCODE parameter, which is mishandled by a shell. This can be exploited directly by authenticated users, or through CSRF.",2017-06-19 13:29:00.193,Metasploit
CVE-2017-9769,9.8,0.2321,A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse 2.20.15.1104 that is forwarded to ZwOpenProcess allowing a handle to be opened to an arbitrary process.,2017-08-02 19:29:01.100,Metasploit
CVE-2017-9791,9.8,0.97448,The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.,2017-07-10 16:29:00.277,EPSS/CISA/Metasploit/Nuclei
CVE-2017-9798,7.5,0.97353,"Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.",2017-09-18 15:29:00.307,EPSS/Metasploit
CVE-2017-9805,0.0,0.97541,"The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.",2017-09-15 19:29:00.237,EPSS/CISA/Metasploit/Nuclei
CVE-2017-9822,8.8,0.96989,"DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka ""2017-08 (Critical) Possible remote code execution on DNN sites.""",2017-07-20 12:29:00.233,EPSS/CISA/Metasploit/Nuclei
CVE-2017-9833,7.5,0.7354,"/cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of ""../.."" using the FILECAMERA variable (sent by GET) to read files with root privileges. NOTE: multiple third parties report that this is a system-integrator issue (e.g., a vulnerability on one type of camera) because Boa does not include any wapopen program or any code to read a FILECAMERA variable.",2017-06-24 02:29:00.207,Nuclei
CVE-2017-9841,9.8,0.97487,"Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a ""<?php "" substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI.",2017-06-27 17:29:00.177,EPSS/CISA/Nuclei
CVE-2018-0125,0.0,0.37559,"A vulnerability in the web interface of the Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to an incomplete input validation on user-controlled input in an HTTP request to the targeted device. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to execute arbitrary code as the root user and gain full control of the affected system or cause it to reload, resulting in a DoS condition. This vulnerability is fixed in firmware version 1.0.1.11 for the following Cisco products: RV132W ADSL2+ Wireless-N VPN Router and RV134W VDSL2 Wireless-AC VPN Router. Cisco Bug IDs: CSCvg92737, CSCvh60170.",2018-02-08 07:29:00.570,CISA
CVE-2018-0127,9.8,0.09982,"A vulnerability in the web interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to view configuration parameters for an affected device, which could lead to the disclosure of confidential information. The vulnerability is due to the absence of user authentication requirements for certain pages that are part of the web interface and contain confidential information for an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device and examining the HTTP response to the request. A successful exploit could allow the attacker to view configuration parameters, including the administrator password, for the affected device. Cisco Bug IDs: CSCvg92739, CSCvh60172.",2018-02-08 07:29:00.633,Nuclei
CVE-2018-0147,9.8,0.02321,"A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) prior to release 5.8 patch 9 could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a crafted serialized Java object. An exploit could allow the attacker to execute arbitrary commands on the device with root privileges. Cisco Bug IDs: CSCvh25988.",2018-03-08 07:29:00.377,CISA
CVE-2018-0151,9.8,0.03537,"A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges. The vulnerability is due to incorrect bounds checking of certain values in packets that are destined for UDP port 18999 of an affected device. An attacker could exploit this vulnerability by sending malicious packets to an affected device. When the packets are processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code on the affected device with elevated privileges. The attacker could also leverage this vulnerability to cause the device to reload, causing a temporary DoS condition while the device is reloading. The malicious packets must be destined to and processed by an affected device. Traffic transiting a device will not trigger the vulnerability. Cisco Bug IDs: CSCvf73881.",2018-03-28 22:29:00.297,CISA
CVE-2018-0154,0.0,0.00303,"A vulnerability in the crypto engine of the Cisco Integrated Services Module for VPN (ISM-VPN) running Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient handling of VPN traffic by the affected device. An attacker could exploit this vulnerability by sending crafted VPN traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to hang or crash, resulting in a DoS condition. Cisco Bug IDs: CSCvd39267.",2018-03-28 22:29:00.373,CISA
CVE-2018-0155,8.6,0.00438,"A vulnerability in the Bidirectional Forwarding Detection (BFD) offload implementation of Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches could allow an unauthenticated, remote attacker to cause a crash of the iosd process, causing a denial of service (DoS) condition. The vulnerability is due to insufficient error handling when the BFD header in a BFD packet is incomplete. An attacker could exploit this vulnerability by sending a crafted BFD message to or across an affected switch. A successful exploit could allow the attacker to trigger a reload of the system. This vulnerability affects Catalyst 4500 Supervisor Engine 6-E (K5), Catalyst 4500 Supervisor Engine 6L-E (K10), Catalyst 4500 Supervisor Engine 7-E (K10), Catalyst 4500 Supervisor Engine 7L-E (K10), Catalyst 4500E Supervisor Engine 8-E (K10), Catalyst 4500E Supervisor Engine 8L-E (K10), Catalyst 4500E Supervisor Engine 9-E (K10), Catalyst 4500-X Series Switches (K10), Catalyst 4900M Switch (K5), Catalyst 4948E Ethernet Switch (K5). Cisco Bug IDs: CSCvc40729.",2018-03-28 22:29:00.420,CISA
CVE-2018-0156,7.5,0.0051,"A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted packet to an affected device on TCP port 4786. Only Smart Install client switches are affected. Cisco devices that are configured as a Smart Install director are not affected by this vulnerability. Cisco Bug IDs: CSCvd40673.",2018-03-28 22:29:00.467,CISA
CVE-2018-0158,0.0,0.00979,"A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain IKEv2 packets. An attacker could exploit this vulnerability by sending crafted IKEv2 packets to an affected device to be processed. A successful exploit could cause an affected device to continuously consume memory and eventually reload, resulting in a DoS condition. Cisco Bug IDs: CSCvf22394.",2018-03-28 22:29:00.547,CISA
CVE-2018-0159,0.0,0.00303,"A vulnerability in the implementation of Internet Key Exchange Version 1 (IKEv1) functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of specific IKEv1 packets. An attacker could exploit this vulnerability by sending crafted IKEv1 packets to an affected device during an IKE negotiation. A successful exploit could allow the attacker to cause an affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCuj73916.",2018-03-28 22:29:00.593,CISA
CVE-2018-0161,0.0,0.00245,"A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software running on certain models of Cisco Catalyst Switches could allow an authenticated, remote attacker to cause a denial of service (DoS) condition, aka a GET MIB Object ID Denial of Service Vulnerability. The vulnerability is due to a condition that could occur when the affected software processes an SNMP read request that contains a request for the ciscoFlashMIB object ID (OID). An attacker could trigger this vulnerability by issuing an SNMP GET request for the ciscoFlashMIB OID on an affected device. A successful exploit could cause the affected device to restart due to a SYS-3-CPUHOG. This vulnerability affects the following Cisco devices if they are running a vulnerable release of Cisco IOS Software and are configured to use SNMP Version 2 (SNMPv2) or SNMP Version 3 (SNMPv3): Cisco Catalyst 2960-L Series Switches, Cisco Catalyst Digital Building Series Switches 8P, Cisco Catalyst Digital Building Series Switches 8U. Cisco Bug IDs: CSCvd89541.",2018-03-28 22:29:00.703,CISA
CVE-2018-0167,0.0,0.00502,"Multiple Buffer Overflow vulnerabilities in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. Cisco Bug IDs: CSCuo17183, CSCvd73487.",2018-03-28 22:29:00.907,CISA
CVE-2018-0171,9.8,0.85075,"A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or to execute arbitrary code on an affected device. The vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted Smart Install message to an affected device on TCP port 4786. A successful exploit could allow the attacker to cause a buffer overflow on the affected device, which could have the following impacts: Triggering a reload of the device, Allowing the attacker to execute arbitrary code on the device, Causing an indefinite loop on the affected device that triggers a watchdog crash. Cisco Bug IDs: CSCvg76186.",2018-03-28 22:29:01.063,CISA
CVE-2018-0172,8.6,0.01096,"A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software performs incomplete input validation of option 82 information that it receives in DHCP Version 4 (DHCPv4) packets from DHCP relay agents. An attacker could exploit this vulnerability by sending a crafted DHCPv4 packet to an affected device. A successful exploit could allow the attacker to cause a heap overflow condition on the affected device, which will cause the device to reload and result in a DoS condition. Cisco Bug IDs: CSCvg62730.",2018-03-28 22:29:01.110,CISA
CVE-2018-0173,0.0,0.00936,"A vulnerability in the Cisco IOS Software and Cisco IOS XE Software function that restores encapsulated option 82 information in DHCP Version 4 (DHCPv4) packets could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a Relay Reply denial of service (DoS) condition. The vulnerability exists because the affected software performs incomplete input validation of encapsulated option 82 information that it receives in DHCPOFFER messages from DHCPv4 servers. An attacker could exploit this vulnerability by sending a crafted DHCPv4 packet to an affected device, which the device would then forward to a DHCPv4 server. When the affected software processes the option 82 information that is encapsulated in the response from the server, an error could occur. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvg62754.",2018-03-28 22:29:01.170,CISA
CVE-2018-0174,0.0,0.00936,"A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software performs incomplete input validation of option 82 information that it receives in DHCP Version 4 (DHCPv4) packets from DHCP relay agents. An attacker could exploit this vulnerability by sending a crafted DHCPv4 packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCuh91645.",2018-03-28 22:29:01.233,CISA
CVE-2018-0175,0.0,0.00397,"Format String vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. Cisco Bug IDs: CSCvd73664.",2018-03-28 22:29:01.280,CISA
CVE-2018-0179,0.0,0.00163,"Multiple vulnerabilities in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in a denial of service (DoS) condition. These vulnerabilities affect Cisco devices that are running Cisco IOS Software Release 15.4(2)T, 15.4(3)M, or 15.4(2)CG and later. Cisco Bug IDs: CSCuy32360, CSCuz60599.",2018-03-28 22:29:01.467,CISA
CVE-2018-0180,0.0,0.00163,"Multiple vulnerabilities in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in a denial of service (DoS) condition. These vulnerabilities affect Cisco devices that are running Cisco IOS Software Release 15.4(2)T, 15.4(3)M, or 15.4(2)CG and later. Cisco Bug IDs: CSCuy32360, CSCuz60599.",2018-03-28 22:29:01.547,CISA
CVE-2018-0296,7.5,0.97432,"A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software releases that the ASA will not reload, but an attacker could view sensitive system information without authentication by using directory traversal techniques. The vulnerability is due to lack of proper input validation of the HTTP URL. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to cause a DoS condition or unauthenticated disclosure of information. This vulnerability applies to IPv4 and IPv6 HTTP traffic. This vulnerability affects Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software that is running on the following Cisco products: 3000 Series Industrial Security Appliance (ISA), ASA 1000V Cloud Firewall, ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4100 Series Security Appliance, Firepower 9300 ASA Security Module, FTD Virtual (FTDv). Cisco Bug IDs: CSCvi16029.",2018-06-07 12:29:00.403,EPSS/CISA/Metasploit/Nuclei
CVE-2018-0706,0.0,0.01413,Exposure of Private Information in QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to access sensitive information.,2018-07-17 01:29:02.983,Metasploit
CVE-2018-0707,0.0,0.04822,Command injection vulnerability in change password of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.,2018-07-17 01:29:03.060,Metasploit
CVE-2018-0767,0.0,0.96253,"Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2018-0780 and CVE-2018-0800.",2018-01-04 14:29:00.893,EPSS
CVE-2018-0769,0.0,0.9514,"Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.",2018-01-04 14:29:00.973,EPSS
CVE-2018-0770,0.0,0.9514,"Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.",2018-01-04 14:29:01.003,EPSS
CVE-2018-0774,0.0,0.9514,"Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.",2018-01-04 14:29:01.127,EPSS
CVE-2018-0775,0.0,0.9514,"Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.",2018-01-04 14:29:01.177,EPSS
CVE-2018-0776,0.0,0.9514,"Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.",2018-01-04 14:29:01.207,EPSS
CVE-2018-0777,0.0,0.9514,"Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0778, and CVE-2018-0781.",2018-01-04 14:29:01.253,EPSS
CVE-2018-0780,0.0,0.95947,"Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Information Disclosure Vulnerability"". This CVE ID is unique from CVE-2018-0767 and CVE-2018-0800.",2018-01-04 14:29:01.330,EPSS
CVE-2018-0798,0.0,0.91318,"Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka ""Microsoft Office Memory Corruption Vulnerability"".",2018-01-10 01:29:00.713,CISA
CVE-2018-0802,0.0,0.97085,"Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka ""Microsoft Office Memory Corruption Vulnerability"". This CVE is unique from CVE-2018-0797 and CVE-2018-0812.",2018-01-10 01:29:00.820,EPSS/CISA
CVE-2018-0824,0.0,0.39102,"A remote code execution vulnerability exists in ""Microsoft COM for Windows"" when it fails to properly handle serialized objects, aka ""Microsoft COM for Windows Remote Code Execution Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.",2018-05-09 19:29:00.370,Metasploit
CVE-2018-0835,0.0,0.9529,"Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2018-0834, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.",2018-02-15 02:29:02.467,EPSS
CVE-2018-0837,0.0,0.9529,"Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.",2018-02-15 02:29:02.560,EPSS
CVE-2018-0838,0.0,0.9529,"Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.",2018-02-15 02:29:02.623,EPSS
CVE-2018-0860,0.0,0.9529,"Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0861, and CVE-2018-0866.",2018-02-15 02:29:03.483,EPSS
CVE-2018-0934,0.0,0.9513,"ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka ""Chakra Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0936, and CVE-2018-0937.",2018-03-14 17:29:03.560,EPSS
CVE-2018-0935,0.0,0.95017,"Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability"". This CVE ID is unique from CVE-2018-0876, CVE-2018-0889, CVE-2018-0893, and CVE-2018-0925.",2018-03-14 17:29:03.620,EPSS
CVE-2018-0946,0.0,0.95003,"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka ""Scripting Engine Memory Corruption Vulnerability."" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.",2018-05-09 19:29:00.573,EPSS
CVE-2018-0953,0.0,0.95919,"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka ""Scripting Engine Memory Corruption Vulnerability."" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.",2018-05-09 19:29:00.683,EPSS
CVE-2018-0980,0.0,0.95449,"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ""Chakra Scripting Engine Memory Corruption Vulnerability."" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0979, CVE-2018-0990, CVE-2018-0993, CVE-2018-0994, CVE-2018-0995, CVE-2018-1019.",2018-04-12 01:29:07.627,EPSS
CVE-2018-0986,8.8,0.95505,"A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption, aka ""Microsoft Malware Protection Engine Remote Code Execution Vulnerability."" This affects Windows Defender, Windows Intune Endpoint Protection, Microsoft Security Essentials, Microsoft System Center Endpoint Protection, Microsoft Exchange Server, Microsoft System Center, Microsoft Forefront Endpoint Protection.",2018-04-04 17:29:01.583,EPSS
CVE-2018-1000001,0.0,0.00525,In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.,2018-01-31 14:29:00.607,Metasploit
CVE-2018-1000006,0.0,0.96917,"GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, 1.6.15 and earlier has a vulnerability in the protocol handler, specifically Electron apps running on Windows 10, 7 or 2008 that register custom protocol handlers can be tricked in arbitrary command execution if the user clicks on a specially crafted URL. This has been fixed in versions 1.8.2-beta.4, 1.7.11, and 1.6.16.",2018-01-24 23:29:00.497,EPSS/Metasploit
CVE-2018-1000049,0.0,0.65259,Nanopool Claymore Dual Miner version 7.3 and earlier contains a remote code execution vulnerability by abusing the miner API. The flaw can be exploited only if the software is executed with read/write mode enabled.,2018-02-09 23:29:01.683,Metasploit
CVE-2018-1000094,0.0,0.77281,CMS Made Simple version 2.2.5 contains a Remote Code Execution vulnerability in File Manager that can result in Allows an authenticated admin that has access to the file manager to execute code on the server. This attack appear to be exploitable via File upload -> copy to any extension.,2018-03-13 01:29:00.810,Metasploit
CVE-2018-1000115,0.0,0.96394,"Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported by reliable sources). This attack appear to be exploitable via network connectivity to port 11211 UDP. This vulnerability appears to have been fixed in 1.5.6 due to the disabling of the UDP protocol by default.",2018-03-05 14:29:00.203,EPSS/Metasploit
CVE-2018-1000129,0.0,0.00257,An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser.,2018-03-14 13:29:00.237,Nuclei
CVE-2018-1000130,0.0,0.89191,A JNDI Injection vulnerability exists in Jolokia agent version 1.3.7 in the proxy mode that allows a remote attacker to run arbitrary Java code on the server.,2018-03-14 13:29:00.300,Nuclei
CVE-2018-1000226,0.0,0.01309,"Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API (/cobbler_api) that can result in Privilege escalation, data manipulation or exfiltration, LDAP credential harvesting. This attack appear to be exploitable via ""network connectivity"". Taking advantage of improper validation of security tokens in API endpoints. Please note this is a different issue than CVE-2018-10931.",2018-08-20 20:29:01.847,Nuclei
CVE-2018-1000533,9.8,0.97242,klaussilveira GitList version <= 0.6 contains a Passing incorrectly sanitized input to system function vulnerability in `searchTree` function that can result in Execute any code as PHP user. This attack appear to be exploitable via Send POST request using search form. This vulnerability appears to have been fixed in 0.7 after commit 87b8c26b023c3fc37f0796b14bb13710f397b322.,2018-06-26 16:29:01.883,EPSS/Metasploit/Nuclei
CVE-2018-1000600,0.0,0.94257,"A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.1 and earlier in GitHubTokenCredentialsCreator.java that allows attackers to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.",2018-06-26 17:29:00.257,Nuclei
CVE-2018-1000671,0.0,0.00304,"sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in The ""referer"" parameter of the wwsympa.fcgi login action. that can result in Open redirection and reflected XSS via data URIs. This attack appear to be exploitable via Victim's browser must follow a URL supplied by the attacker. This vulnerability appears to have been fixed in none available.",2018-09-06 18:29:00.270,Nuclei
CVE-2018-1000856,0.0,0.00069,DomainMOD version 4.09.03 and above. Also verified in the latest version 4.11.01 contains a Cross Site Scripting (XSS) vulnerability in Segment Name field in the segments page that can result in Arbitrary script can be executed on all users browsers who visit the affected page. This attack appear to be exploitable via Victim must visit the vulnerable page. This vulnerability appears to have been fixed in No fix yet.,2018-12-20 17:29:00.377,Nuclei
CVE-2018-1000859,0.0,0.00201,Rejected reason: DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2018-19518.  Reason: This candidate is a reservation duplicate of CVE-2018-19518.  Notes: All CVE users should reference CVE-2018-19518 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage,2018-12-06 17:15:08.473,Metasploit
CVE-2018-1000861,9.8,0.97316,"A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not intended to be invoked this way.",2018-12-10 14:29:01.417,EPSS/CISA/Metasploit/Nuclei
CVE-2018-10093,0.0,0.06215,AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow Remote Code Execution.,2019-03-21 16:00:06.780,Nuclei
CVE-2018-10094,0.0,0.90349,SQL injection vulnerability in Dolibarr before 7.0.2 allows remote attackers to execute arbitrary SQL commands via vectors involving integer parameters without quotes.,2018-05-22 20:29:01.180,Metasploit
CVE-2018-10095,0.0,0.95296,Cross-site scripting (XSS) vulnerability in Dolibarr before 7.0.2 allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php.,2018-05-22 20:29:01.227,EPSS/Nuclei
CVE-2018-10141,0.0,0.00126,GlobalProtect Portal Login page in Palo Alto Networks PAN-OS before 8.1.4 allows an unauthenticated attacker to inject arbitrary JavaScript or HTML.,2018-10-12 22:29:00.623,Nuclei
CVE-2018-10201,0.0,0.03584,"An issue was discovered in NcMonitorServer.exe in NC Monitor Server in NComputing vSpace Pro 10 and 11. It is possible to read arbitrary files outside the root directory of the web server. This vulnerability could be exploited remotely by a crafted URL without credentials, with .../ or ...\ or ..../ or ....\ as a directory-traversal pattern to TCP port 8667.",2018-04-20 08:29:00.240,Nuclei
CVE-2018-10230,0.0,0.00106,"Zend Debugger in Zend Server before 9.1.3 has XSS, aka ZSR-2455.",2018-04-19 16:29:00.243,Nuclei
CVE-2018-1038,0.0,0.97124,"The Windows kernel in Windows 7 SP1 and Windows Server 2008 R2 SP1 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka ""Windows Kernel Elevation of Privilege Vulnerability.""",2018-04-02 13:29:00.217,EPSS
CVE-2018-10561,0.0,0.97083,"An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending ""?images"" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI. One can then manage the device.",2018-05-04 03:29:00.227,EPSS/CISA
CVE-2018-10562,0.0,0.97423,"An issue was discovered on Dasan GPON home routers. Command Injection can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html, it's quite simple to execute commands and retrieve their output.",2018-05-04 03:29:00.287,EPSS/CISA/Nuclei
CVE-2018-10583,0.0,0.18987,"An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document.",2018-05-01 16:29:00.383,Metasploit
CVE-2018-10594,0.0,0.62303,"Delta Industrial Automation COMMGR from Delta Electronics versions 1.08 and prior with accompanying PLC Simulators (DVPSimulator EH2, EH3, ES2, SE, SS2 and AHSIM_5x0, AHSIM_5x1) utilize a fixed-length stack buffer where an unverified length value can be read from the network packets via a specific network port, causing the buffer to be overwritten. This may allow remote code execution, cause the application to crash, or result in a denial-of-service condition in the application server.",2018-06-26 20:29:00.227,Metasploit
CVE-2018-10660,0.0,0.09171,An issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection.,2018-06-26 18:29:00.340,Metasploit
CVE-2018-10661,0.0,0.1054,An issue was discovered in multiple models of Axis IP Cameras. There is a bypass of access control.,2018-06-26 18:29:00.387,Metasploit
CVE-2018-10662,0.0,0.08987,An issue was discovered in multiple models of Axis IP Cameras. There is an Exposed Insecure Interface.,2018-06-26 18:29:00.447,Metasploit
CVE-2018-10735,0.0,0.0366,A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/commandline.php cname parameter.,2018-05-16 13:29:00.297,Nuclei
CVE-2018-10736,0.0,0.0366,A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/info.php key1 parameter.,2018-05-16 13:29:00.343,Nuclei
CVE-2018-10737,0.0,0.0366,A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter.,2018-05-16 13:29:00.373,Nuclei
CVE-2018-10738,0.0,0.0366,A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/menuaccess.php chbKey1 parameter.,2018-05-16 13:29:00.420,Nuclei
CVE-2018-10822,7.5,0.06883,"Directory traversal vulnerability in the web interface on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices allows remote attackers to read arbitrary files via a /.. or // after ""GET /uir"" in an HTTP request.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-6190.",2018-10-17 14:29:00.663,Nuclei
CVE-2018-10823,8.8,0.96698,"An issue was discovered on D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. An authenticated attacker may execute arbitrary code by injecting the shell command into the chkisg.htm page Sip parameter. This allows for full control over the device internals.",2018-10-17 14:29:00.787,EPSS/Nuclei
CVE-2018-10900,7.8,0.00364,"Network Manager VPNC plugin (aka networkmanager-vpnc) before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into the configuration data passed to VPNC, allowing an attacker to execute arbitrary commands as root.",2018-07-26 15:29:00.450,Metasploit
CVE-2018-10933,0.0,0.1371,"A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.",2018-10-17 12:29:00.650,Metasploit
CVE-2018-10942,0.0,0.2011,modules/attributewizardpro/file_upload.php in the Attribute Wizard addon 1.6.9 for PrestaShop 1.4.0.1 through 1.6.1.18 allows remote attackers to execute arbitrary code by uploading a .phtml file.,2018-05-10 03:29:00.277,Nuclei
CVE-2018-10956,0.0,0.54195,IPConfigure Orchid Core VMS 2.0.5 allows Directory Traversal.,2018-06-25 15:29:00.253,Nuclei
CVE-2018-1111,0.0,0.97294,"DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.",2018-05-17 16:29:00.217,EPSS/Metasploit
CVE-2018-11138,0.0,0.92283,The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by anonymous users and can be abused to execute arbitrary commands on the system.,2018-05-31 18:29:00.557,CISA/Metasploit
CVE-2018-11227,0.0,0.01327,Monstra CMS 3.0.4 and earlier has XSS via index.php.,2019-07-03 16:15:09.943,Nuclei
CVE-2018-11231,0.0,0.018,"In the Divido plugin for OpenCart, there is SQL injection. Attackers can use SQL injection to get some confidential information.",2018-05-23 16:29:00.583,Nuclei
CVE-2018-11409,0.0,0.83856,"Splunk through 7.0.1 allows information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering a license key.",2018-06-08 12:29:00.260,Metasploit/Nuclei
CVE-2018-11473,0.0,0.001,"Monstra CMS 3.0.4 has XSS in the registration Form (i.e., the login parameter to users/registration).",2018-05-25 19:29:00.337,Nuclei
CVE-2018-11479,0.0,0.00175,"The VPN component in Windscribe 1.81 uses the OpenVPN client for connections. Also, it creates a WindScribeService.exe system process that establishes a \\.\pipe\WindscribeService named pipe endpoint that allows the Windscribe VPN process to connect and execute an OpenVPN process or other processes (like taskkill, etc.). There is no validation of the program name before constructing the lpCommandLine argument for a CreateProcess call. An attacker can run any malicious process with SYSTEM privileges through this named pipe.",2018-05-25 19:29:00.477,Metasploit
CVE-2018-11529,0.0,0.84976,VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions.,2018-07-11 16:29:00.627,Metasploit
CVE-2018-11615,0.0,0.96458,This vulnerability allows remote attackers to deny service on vulnerable installations of npm mosca 2.8.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of topics. A crafted regular expression can cause the broker to crash. An attacker can leverage this vulnerability to deny access to the target system. Was ZDI-CAN-6306.,2018-08-30 12:29:00.437,EPSS
CVE-2018-11646,0.0,0.82268,"webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as used in WebKitGTK+ through 2.21.3, mishandle an unset pageURL, leading to an application crash.",2018-06-01 13:29:00.220,Metasploit
CVE-2018-11709,0.0,0.00183,wpforo_get_request_uri in wpf-includes/functions.php in the wpForo Forum plugin before 1.4.12 for WordPress allows Unauthenticated Reflected Cross-Site Scripting (XSS) via the URI.,2018-06-04 13:29:00.483,Nuclei
CVE-2018-11759,0.0,0.96114,"The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It was also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical.",2018-10-31 20:29:00.293,EPSS/Nuclei
CVE-2018-11770,4.2,0.96968,"From version 1.3.0 onward, Apache Spark's standalone master exposes a REST API for job submission, in addition to the submission mechanism used by spark-submit. In standalone, the config property 'spark.authenticate.secret' establishes a shared secret for authenticating requests to submit jobs via spark-submit. However, the REST API does not use this or any other authentication mechanism, and this is not adequately documented. In this case, a user would be able to run a driver program without authenticating, but not launch executors, using the REST API. This REST API is also used by Mesos, when set up to run in cluster mode (i.e., when also running MesosClusterDispatcher), for job submission. Future versions of Spark will improve documentation on these points, and prohibit setting 'spark.authenticate.secret' when running the REST APIs, to make this clear. Future versions will also disable the REST API by default in the standalone master by changing the default value of 'spark.master.rest.enabled' to 'false'.",2018-08-13 16:29:00.650,EPSS/Metasploit
CVE-2018-11776,0.0,0.97533,"Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace.",2018-08-22 13:29:00.753,EPSS/CISA/Metasploit/Nuclei
CVE-2018-11784,0.0,0.79069,"When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.",2018-10-04 13:29:00.330,Nuclei
CVE-2018-12031,0.0,0.02973,Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via server/node_upgrade_srv.js directory traversal with the firmware parameter in a downloadFirmware action.,2018-06-07 16:29:00.520,Nuclei
CVE-2018-12054,0.0,0.32403,"Arbitrary File Read exists in PHP Scripts Mall Schools Alert Management Script via the f parameter in img.php, aka absolute path traversal.",2018-06-08 11:29:00.950,Nuclei
CVE-2018-1207,0.0,0.01875,"Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which could be used to execute remote code. A remote unauthenticated attacker may potentially be able to use CGI variables to execute remote code.",2018-03-23 14:29:00.277,Nuclei
CVE-2018-12095,0.0,0.00317,A Reflected Cross-Site Scripting web vulnerability has been discovered in the OEcms v3.1 web-application. The vulnerability is located in the mod parameter of info.php.,2018-06-11 11:29:00.367,Nuclei
CVE-2018-12296,0.0,0.01442,Insufficient access control in /api/external/7.0/system.System.get_infos in Seagate NAS OS version 4.3.15.1 allows attackers to obtain information about the NAS without authentication via empty POST requests.,2019-05-13 13:29:00.337,Nuclei
CVE-2018-12300,0.0,0.00118,Arbitrary Redirect in echo-server.html in Seagate NAS OS version 4.3.15.1 allows attackers to disclose information in the Referer header via the 'state' URL parameter.,2019-05-13 13:29:00.620,Nuclei
CVE-2018-12464,0.0,0.06877,A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create an administrative account and used in conjunction with CVE-2018-12465 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that use the GWAVA product name (i.e. GWAVA 6.5).,2018-06-29 16:29:00.277,Metasploit
CVE-2018-12465,0.0,0.04392,An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway (SMG) allows a remote attacker authenticated as a privileged user to execute arbitrary OS commands on the SMG server. This can be exploited in conjunction with CVE-2018-12464 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that used GWAVA product name (i.e. GWAVA 6.5).,2018-06-29 16:29:00.337,Metasploit
CVE-2018-12613,8.8,0.97306,"An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An attacker must be authenticated, except in the ""$cfg['AllowArbitraryServer'] = true"" case (where an attacker can specify any host he/she is already in control of, and execute arbitrary code on phpMyAdmin) and the ""$cfg['ServerDefault'] = 0"" case (which bypasses the login requirement and runs the vulnerable code without any authentication).",2018-06-21 20:29:00.327,EPSS/Metasploit/Nuclei
CVE-2018-12634,9.8,0.94448,CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI.,2018-06-22 00:29:00.330,Nuclei
CVE-2018-12675,0.0,0.00118,The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) does not perform origin checks on URLs that the camera's web interface redirects a user to. This can be leveraged to send a user to an unexpected endpoint.,2018-10-19 22:29:01.100,Nuclei
CVE-2018-1271,5.9,0.00371,"Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.",2018-04-06 13:29:00.500,Nuclei
CVE-2018-1273,0.0,0.97468,"Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack.",2018-04-11 13:29:00.290,EPSS/CISA/Nuclei
CVE-2018-12909,0.0,0.0056,"Webgrind 1.5 relies on user input to display a file, which lets anyone view files from the local filesystem (that the webserver user has access to) via an index.php?op=fileviewer&file= URI. NOTE: the vendor indicates that the product is not intended for a ""publicly accessible environment.",2018-06-27 16:29:00.300,Nuclei
CVE-2018-12998,6.1,0.96752,"A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote attackers to inject arbitrary web script or HTML via the parameter 'operation' to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet.",2018-06-29 12:29:00.500,EPSS/Nuclei
CVE-2018-1303,0.0,0.96172,"A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache. The vulnerability is considered as low risk since mod_cache_socache is not widely used, mod_cache_disk is not concerned by this vulnerability.",2018-03-26 15:29:00.523,EPSS
CVE-2018-13330,0.0,0.96942,"System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands during group creation via the ""groupname"" parameter.",2018-11-27 21:29:00.290,EPSS
CVE-2018-13336,0.0,0.95207,"System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the ""pwd"" parameter during user creation.",2018-11-27 21:29:00.510,EPSS
CVE-2018-13338,0.0,0.95207,"System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the ""username"" parameter during user creation.",2018-11-27 21:29:00.570,EPSS
CVE-2018-1335,0.0,0.96831,"From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients. The mitigation is to upgrade to Tika 1.18.",2018-04-25 21:29:00.297,EPSS/Metasploit/Nuclei
CVE-2018-13354,0.0,0.95207,"System command injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the ""Event"" parameter.",2018-11-27 21:29:00.820,EPSS
CVE-2018-13374,4.3,0.00582,"A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows attacker to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test request to a rogue LDAP server instead of the configured one.",2019-01-22 14:29:00.220,CISA
CVE-2018-13379,9.8,0.97295,"An Improper Limitation of a Pathname to a Restricted Directory (""Path Traversal"") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.",2019-06-04 21:29:00.233,EPSS/CISA/Metasploit/Nuclei
CVE-2018-13380,6.1,0.00122,"A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below and Fortinet FortiProxy 2.0.0, 1.2.8 and below under SSL VPN web portal allows attacker to execute unauthorized malicious script code via the error or message handling parameters.",2019-06-04 21:29:00.267,Nuclei
CVE-2018-13382,9.1,0.89131,"An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to modify the password of an SSL VPN web portal user via specially crafted HTTP requests",2019-06-04 21:29:00.373,CISA
CVE-2018-13383,6.5,0.00817,"A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle javascript href data when proxying webpages.",2019-05-29 18:29:00.693,CISA
CVE-2018-13980,5.5,0.00128,"The websites that were built from Zeta Producer Desktop CMS before 14.2.1 are vulnerable to unauthenticated file disclosure if the plugin ""filebrowser"" is installed, because of assets/php/filebrowser/filebrowser.main.php?file=../ directory traversal.",2018-07-16 14:29:00.483,Nuclei
CVE-2018-14013,0.0,0.0065,Synacor Zimbra Collaboration Suite Collaboration before 8.8.11 has XSS in the AJAX and html web clients.,2019-05-29 22:29:00.883,Nuclei
CVE-2018-14058,0.0,0.00741,Pimcore before 5.3.0 allows SQL Injection via the REST web service API.,2018-08-17 18:29:00.617,Metasploit
CVE-2018-14064,0.0,0.15741,"The uc-http service 1.0.0 on VelotiSmart WiFi B-380 camera devices allows Directory Traversal, as demonstrated by /../../etc/passwd on TCP port 80.",2018-07-15 15:29:00.313,Nuclei
CVE-2018-1418,0.0,0.10135,IBM Security QRadar SIEM 7.2 and 7.3 could allow a user to bypass authentication which could lead to code execution. IBM X-Force ID: 138824.,2018-04-26 14:29:00.577,Metasploit
CVE-2018-14474,0.0,0.00063,views/auth.go in Orange Forum 1.4.0 allows Open Redirection via the next parameter to /login or /signup.,2018-07-20 18:29:00.277,Nuclei
CVE-2018-14558,0.0,0.93619,"An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted goform/setUsbUnload request. This occurs because the ""formsetUsbUnload"" function executes a dosystemCmd function with untrusted input.",2018-10-30 18:29:00.580,CISA
CVE-2018-14574,0.0,0.00628,django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect.,2018-08-03 17:29:00.250,Nuclei
CVE-2018-14667,9.8,0.70756,"The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData.",2018-11-06 22:29:00.193,CISA
CVE-2018-14699,0.0,0.95067,"System command injection in the /DroboAccess/enable_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to execute system commands via the ""username"" URL parameter.",2018-12-03 22:29:00.387,EPSS
CVE-2018-14701,0.0,0.9525,"System command injection in the /DroboAccess/delete_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to execute system commands via the ""username"" URL parameter.",2018-12-03 22:29:00.467,EPSS
CVE-2018-14706,0.0,0.95067,System command injection in the /DroboPix/api/drobopix/demo endpoint on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to execute system commands via the payload in a POST request.,2018-12-03 22:29:00.637,EPSS
CVE-2018-14728,0.0,0.96228,upload.php in Responsive FileManager 9.13.1 allows SSRF via the url parameter.,2018-08-03 18:29:00.657,EPSS/Nuclei
CVE-2018-14839,0.0,0.08567,LG N1A1 NAS 3718.510 is affected by: Remote Command Execution. The impact is: execute arbitrary code (remote). The attack vector is: HTTP POST with parameters.,2019-05-14 21:29:00.247,CISA
CVE-2018-14847,0.0,0.9746,MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.,2018-08-02 07:29:00.280,EPSS/CISA/Metasploit
CVE-2018-14912,0.0,0.96275,"cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request.",2018-08-03 19:29:00.793,EPSS/Metasploit/Nuclei
CVE-2018-14916,0.0,0.00738,LOYTEC LGATE-902 6.3.2 devices allow Arbitrary file deletion.,2019-06-28 18:15:10.660,Nuclei
CVE-2018-14918,0.0,0.41229,LOYTEC LGATE-902 6.3.2 devices allow Directory Traversal.,2019-06-28 18:15:10.707,Nuclei
CVE-2018-14931,0.0,0.00118,An issue was discovered in the Core and Portal modules in Polaris FT Intellect Core Banking 9.7.1. An open redirect exists via a /IntellectMain.jsp?IntellectSystem= URI.,2019-04-30 19:29:02.250,Nuclei
CVE-2018-14933,0.0,0.38769,upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command.,2018-08-04 19:29:00.263,Metasploit
CVE-2018-15133,8.1,0.96898,"In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in gadgetchains/Laravel/RCE/3/chain.php in phpggc. The attacker must know the application key, which normally would never occur, but could happen if the attacker previously had privileged access or successfully accomplished a previous attack.",2018-08-09 19:29:00.333,EPSS/CISA/Metasploit
CVE-2018-15138,0.0,0.21114,Ericsson-LG iPECS NMS 30M allows directory traversal via ipecs-cm/download?filename=../ URIs.,2018-08-15 17:29:00.830,Nuclei
CVE-2018-15379,0.0,0.96463,"A vulnerability in which the HTTP web server for Cisco Prime Infrastructure (PI) has unrestricted directory permissions could allow an unauthenticated, remote attacker to upload an arbitrary file. This file could allow the attacker to execute commands at the privilege level of the user prime. This user does not have administrative or root privileges. The vulnerability is due to an incorrect permission setting for important system directories. An attacker could exploit this vulnerability by uploading a malicious file by using TFTP, which can be accessed via the web-interface GUI. A successful exploit could allow the attacker to run commands on the targeted application without authentication.",2018-10-05 14:29:07.013,EPSS/Metasploit
CVE-2018-15473,5.3,0.02081,"OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.",2018-08-17 19:29:00.223,Metasploit
CVE-2018-15517,0.0,0.00725,"The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, leading to SSRF, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ URI.",2019-01-31 19:29:00.387,Nuclei
CVE-2018-15535,0.0,0.96909,"/filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize get_file sequences such as "".."" that can resolve to a location that is outside of that directory, aka Directory Traversal.",2018-08-24 19:29:01.860,EPSS/Nuclei
CVE-2018-15708,0.0,0.42334,Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request.,2018-11-14 18:29:00.213,Metasploit
CVE-2018-15710,0.0,0.0583,Nagios XI 5.5.6 allows local authenticated attackers to escalate privileges to root via Autodiscover_new.php.,2018-11-14 18:29:00.277,Metasploit
CVE-2018-15727,0.0,0.01421,"Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid ""remember me"" cookie knowing only a username of an LDAP or OAuth user.",2018-08-29 15:29:00.240,Metasploit
CVE-2018-15745,0.0,0.9041,"Argus Surveillance DVR 4.0.0.0 devices allow Unauthenticated Directory Traversal, leading to File Disclosure via a ..%2F in the WEBACCOUNT.CGI RESULTPAGE parameter.",2018-08-30 17:29:01.737,Nuclei
CVE-2018-15811,7.5,0.04325,DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters.,2019-07-03 17:15:10.110,CISA/Metasploit
CVE-2018-15812,7.5,0.00187,"DNN (aka DotNetNuke) 9.2 through 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected entropy.",2019-07-03 17:15:10.190,Metasploit
CVE-2018-15877,8.8,0.96654,The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerable to OS command injection via shell metacharacters in the ip parameter of a wp-admin/admin.php?page=plainview_activity_monitor&tab=activity_tools request.,2018-08-26 07:29:00.370,EPSS/Metasploit
CVE-2018-15917,0.0,0.03687,Persistent cross-site scripting (XSS) issues in Jorani 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the language parameter to session/language.,2018-09-05 21:29:02.217,Nuclei
CVE-2018-15961,0.0,0.97436,"Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution.",2018-09-25 13:29:01.567,EPSS/CISA/Metasploit/Nuclei
CVE-2018-15982,0.0,0.97376,"Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.",2019-01-18 17:29:01.573,EPSS/CISA
CVE-2018-16059,0.0,0.2282,Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow Directory Traversal via the fcgi-bin/wgsetcgi filename parameter.,2018-09-07 22:29:01.743,Nuclei
CVE-2018-1612,0.0,0.01164,"IBM QRadar Incident Forensics (IBM QRadar SIEM 7.2, and 7.3) could allow a remote attacker to bypass authentication and obtain sensitive information. IBM X-Force ID: 144164.",2018-07-17 16:29:00.347,Metasploit
CVE-2018-16133,0.0,0.03629,Cybrotech CyBroHttpServer 1.0.3 allows Directory Traversal via a ../ in the URI.,2018-08-29 22:29:00.463,Nuclei
CVE-2018-16139,0.0,0.00135,Cross-site scripting (XSS) vulnerability in BIBLIOsoft BIBLIOpac 2008 allows remote attackers to inject arbitrary web script or HTML via the db or action parameter to to bin/wxis.exe/bibliopac/.,2019-05-13 20:29:00.227,Nuclei
CVE-2018-16158,0.0,0.01968,"Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4.0.10 have a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins (to uid 0) via the PubkeyAuthentication option.",2018-08-30 05:29:00.443,Metasploit
CVE-2018-16159,0.0,0.01033,The Gift Vouchers plugin through 2.0.1 for WordPress allows SQL Injection via the template_id parameter in a wp-admin/admin-ajax.php wpgv_doajax_front_template request.,2018-08-30 15:29:00.230,Nuclei
CVE-2018-16167,0.0,0.28165,LogonTracer 1.2.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.,2019-01-09 23:29:03.183,Nuclei
CVE-2018-16283,0.0,0.25721,The Wechat Broadcast plugin 1.2.0 and earlier for WordPress allows Directory Traversal via the Image.php url parameter.,2018-09-24 22:29:00.957,Nuclei
CVE-2018-16288,0.0,0.12055,LG SuperSign CMS allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs.,2018-09-14 21:29:04.207,Nuclei
CVE-2018-16299,0.0,0.02272,The Localize My Post plugin 1.0 for WordPress allows Directory Traversal via the ajax/include.php file parameter.,2018-09-24 22:29:01.143,Nuclei
CVE-2018-16509,0.0,0.97333,"An issue was discovered in Artifex Ghostscript before 9.24. Incorrect ""restoration of privilege"" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the ""pipe"" instruction.",2018-09-05 06:29:00.483,EPSS/Metasploit
CVE-2018-16668,5.3,0.00189,An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is internal installation path disclosure due to the lack of authentication for /html/repository.,2018-09-18 20:29:00.937,Nuclei
CVE-2018-16670,0.0,0.001,An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is PLC status disclosure due to lack of authentication for /html/devstat.html.,2018-09-18 20:29:01.123,Nuclei
CVE-2018-16671,0.0,0.00189,An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is system software information disclosure due to lack of authentication for /html/device-id.,2018-09-18 20:29:01.217,Nuclei
CVE-2018-16716,0.0,0.0045,"A path traversal vulnerability exists in viewcgi.c in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox, which may result in reading of arbitrary files (i.e., significant information disclosure) or file deletion via the nph-viewgif.cgi query string.",2019-05-02 20:29:00.307,Nuclei
CVE-2018-16761,0.0,0.00071,Eventum before 3.4.0 has an open redirect vulnerability.,2018-09-09 21:29:00.367,Nuclei
CVE-2018-16763,9.8,0.77709,FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution.,2018-09-09 21:29:00.713,Nuclei
CVE-2018-16836,9.8,0.26631,"Rubedo through 3.4.0 contains a Directory Traversal vulnerability in the theme component, allowing unauthenticated attackers to read and execute arbitrary files outside of the service root path, as demonstrated by a /theme/default/img/%2e%2e/..//etc/passwd URI.",2018-09-11 16:29:00.387,Nuclei
CVE-2018-16858,0.0,0.96384,"It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location.",2019-03-25 18:29:00.463,EPSS/Metasploit
CVE-2018-16979,0.0,0.00106,"Monstra CMS V3.0.4 allows HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter, a related issue to CVE-2012-2943.",2018-09-12 23:29:00.527,Nuclei
CVE-2018-17153,0.0,0.59445,"It was discovered that the Western Digital My Cloud device before 2.30.196 is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a password, thereby gaining full control of the device. (Whenever an admin logs into My Cloud, a server-side session is created that is bound to the user's IP address. After the session is created, it is possible to call authenticated CGI modules by sending the cookie username=admin in the HTTP request. The invoked CGI will check if a valid session is present and bound to the user's IP address.) It was found that it is possible for an unauthenticated attacker to create a valid session without a login. The network_mgr.cgi CGI module contains a command called ""cgi_get_ipv6"" that starts an admin session -- tied to the IP address of the user making the request -- if the additional parameter ""flag"" with the value ""1"" is provided. Subsequent invocation of commands that would normally require admin privileges now succeed if an attacker sets the username=admin cookie.",2018-09-18 15:29:00.307,Metasploit/Nuclei
CVE-2018-17179,0.0,0.00995,An issue was discovered in OpenEMR before 5.0.1 Patch 7. There is SQL Injection in the make_task function in /interface/forms/eye_mag/php/taskman_functions.php via /interface/forms/eye_mag/taskman.php.,2019-05-17 16:29:00.250,Metasploit
CVE-2018-17207,9.8,0.82979,"An issue was discovered in Snap Creek Duplicator before 1.2.42. By accessing leftover installer files (installer.php and installer-backup.php), an attacker can inject PHP code into wp-config.php during the database setup step, achieving arbitrary code execution.",2018-09-19 16:29:01.223,Metasploit
CVE-2018-17246,0.0,0.9637,Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.,2018-12-20 22:29:00.367,EPSS/Nuclei
CVE-2018-17254,9.8,0.81623,The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter.,2018-09-20 14:29:00.280,Nuclei
CVE-2018-17408,0.0,0.44329,Stack-based buffer overflows in Zahir Accounting Enterprise Plus 6 through build 10b allow remote attackers to execute arbitrary code via a crafted CSV file that is accessed through the Import CSV File menu.,2018-10-03 20:29:07.957,Metasploit
CVE-2018-17422,0.0,0.00118,dotCMS before 5.0.2 has open redirects via the html/common/forward_js.jsp FORWARD_URL parameter or the html/portlet/ext/common/page_preview_popup.jsp hostname parameter.,2019-03-07 23:29:01.000,Nuclei
CVE-2018-17431,9.8,0.13246,Web Console in Comodo UTM Firewall before 2.7.0 allows remote attackers to execute arbitrary code without authentication via a crafted URL.,2019-01-30 15:29:04.490,Nuclei
CVE-2018-17456,0.0,0.17048,"Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive ""git clone"" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.",2018-10-06 14:29:00.300,Metasploit
CVE-2018-17463,0.0,0.97424,Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.,2018-11-14 15:29:00.297,EPSS/CISA/Metasploit
CVE-2018-17480,0.0,0.06792,Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.,2018-12-11 16:29:00.623,CISA
CVE-2018-17552,0.0,0.1171,SQL Injection in login.php in Naviwebs Navigate CMS 2.8 allows remote attackers to bypass authentication via the navigate-user cookie.,2018-10-03 20:29:13.507,Metasploit
CVE-2018-17553,0.0,0.88443,"An ""Unrestricted Upload of File with Dangerous Type"" issue with directory traversal in navigate_upload.php in Naviwebs Navigate CMS 2.8 allows authenticated attackers to achieve remote code execution via a POST request with engine=picnik and id=../../../navigate_info.php.",2018-10-03 20:29:15.130,Metasploit
CVE-2018-17888,0.0,0.0292,"NUUO CMS all versions 3.1 and prior, The application uses a session identification mechanism that could allow attackers to obtain the active session ID, which could allow arbitrary remote code execution.",2018-10-12 14:29:00.257,Metasploit
CVE-2018-17934,0.0,0.15947,"NUUO CMS All versions 3.3 and prior the application allows external input to construct a pathname that is able to be resolved outside the intended directory. This could allow an attacker to impersonate a legitimate user, obtain restricted information, or execute arbitrary code.",2018-11-27 20:29:00.860,Metasploit
CVE-2018-17936,0.0,0.04589,"NUUO CMS All versions 3.3 and prior the application allows the upload of arbitrary files that can modify or overwrite configuration files to the server, which could allow remote code execution.",2018-11-27 20:29:00.893,Metasploit
CVE-2018-18069,0.0,0.00092,process_forms in the WPML (aka sitepress-multilingual-cms) plugin through 3.6.3 for WordPress has XSS via any locale_file_name_ parameter (such as locale_file_name_en) in an authenticated theme-localization.php request to wp-admin/admin.php.,2018-10-08 22:29:00.623,Nuclei
CVE-2018-18264,0.0,0.93873,Kubernetes Dashboard before 1.10.1 allows attackers to bypass authentication and use Dashboard's Service Account for reading secrets within the cluster.,2019-01-03 01:29:00.270,Nuclei
CVE-2018-18323,0.0,0.94893,CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Local File Inclusion via directory traversal with an admin/index.php?module=file_editor&file=/../ URI.,2018-10-15 07:29:00.797,Nuclei
CVE-2018-18325,7.5,0.04325,DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811.,2019-07-03 17:15:10.250,CISA/Metasploit
CVE-2018-18326,7.5,0.01605,"DNN (aka DotNetNuke) 9.2 through 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15812.",2019-07-03 17:15:10.330,Metasploit
CVE-2018-18556,9.9,0.02536,A privilege escalation issue was discovered in VyOS 1.1.8. The default configuration also allows operator users to execute the pppd binary with elevated (sudo) permissions. Certain input parameters are not properly validated. A malicious operator user can run the binary with elevated permissions and leverage its improper input validation condition to spawn an attacker-controlled shell with root privileges.,2018-12-17 19:29:00.627,Metasploit
CVE-2018-18570,0.0,0.00098,Planon before Live Build 41 has XSS.,2019-07-29 23:15:11.373,Nuclei
CVE-2018-18608,0.0,0.001,"DedeCMS 5.7 SP2 allows XSS via the function named GetPageList defined in the include/datalistcp.class.php file that is used to display the page numbers list at the bottom of some templates, as demonstrated by the PATH_INFO to /member/index.php, /member/pm.php, /member/content_list.php, or /plus/feedback.php.",2018-10-23 18:29:00.253,Nuclei
CVE-2018-18775,0.0,0.00099,"Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the Login.asp Msg parameter.  NOTE: this is a deprecated product.",2018-11-01 17:29:00.813,Nuclei
CVE-2018-18777,0.0,0.00158,"Directory traversal vulnerability in Microstrategy Web, version 7, in ""/WebMstr7/servlet/mstrWeb"" (in the parameter subpage) allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application.  NOTE: this is a deprecated product.",2018-11-01 17:29:00.873,Nuclei
CVE-2018-18778,0.0,0.3934,ACME mini_httpd before 1.30 lets remote users read arbitrary files.,2018-10-29 12:29:10.460,Nuclei
CVE-2018-18809,6.5,0.50316,"The default server implementation of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a directory-traversal vulnerability that may theoretically allow web server users to access contents of the host system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Library: versions up to and including 6.3.4; 6.4.1; 6.4.2; 6.4.21; 7.1.0; 7.2.0, TIBCO JasperReports Library Community Edition: versions up to and including 6.7.0, TIBCO JasperReports Library for ActiveMatrix BPM: versions up to and including 6.4.21, TIBCO JasperReports Server: versions up to and including 6.3.4; 6.4.0; 6.4.1; 6.4.2; 6.4.3; 7.1.0, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.3; 7.1.0, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 7.1.0, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 7.1.0.",2019-03-07 22:29:00.323,CISA/Nuclei
CVE-2018-18925,0.0,0.09791,"Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a "".."" session-file forgery in the file session provider in file.go. This is related to session ID handling in the go-macaron/session code for Macaron.",2018-11-04 05:29:00.397,Nuclei
CVE-2018-18955,0.0,0.00109,"In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resources outside the namespace, as demonstrated by reading /etc/shadow. This occurs because an ID transformation takes place properly for the namespaced-to-kernel direction but not for the kernel-to-namespaced direction.",2018-11-16 20:29:00.233,Metasploit
CVE-2018-18982,0.0,0.09988,"NUUO CMS All versions 3.3 and prior the web server application allows injection of arbitrary SQL characters, which can be used to inject SQL into an executing statement and allow arbitrary code execution.",2018-11-27 20:29:00.923,Metasploit
CVE-2018-19136,0.0,0.00146,DomainMOD through 4.11.01 has XSS via the assets/edit/registrar-account.php raid parameter.,2018-11-09 19:29:00.457,Nuclei
CVE-2018-19137,0.0,0.00072,DomainMOD through 4.11.01 has XSS via the assets/edit/ip-address.php ipid parameter.,2018-11-09 19:29:00.487,Nuclei
CVE-2018-19207,0.0,0.97274,"The Van Ons WP GDPR Compliance (aka wp-gdpr-compliance) plugin before 1.4.3 for WordPress allows remote attackers to execute arbitrary code because $wpdb->prepare() input is mishandled, as exploited in the wild in November 2018.",2018-11-12 17:29:00.333,EPSS/Metasploit
CVE-2018-19276,9.8,0.96336,OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary commands on the targeted system via crafted XML data in a request body.,2019-03-21 16:00:30.390,EPSS/Metasploit
CVE-2018-19287,0.0,0.29054,"XSS in the Ninja Forms plugin before 3.3.18 for WordPress allows Remote Attackers to execute JavaScript via the includes/Admin/Menus/Submissions.php (aka submissions page) begin_date, end_date, or form_id parameter.",2018-11-15 06:29:00.310,Nuclei
CVE-2018-19320,0.0,0.00236,"The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes ring0 memcpy-like functionality that could allow a local attacker to take complete control of the affected system.",2018-12-21 23:29:00.493,CISA
CVE-2018-19321,0.0,0.0016,"The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges.",2018-12-21 23:29:00.573,CISA
CVE-2018-19322,0.0,0.00405,"The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges.",2018-12-21 23:29:00.650,CISA
CVE-2018-19323,0.0,0.06914,"The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes functionality to read and write Machine Specific Registers (MSRs).",2018-12-21 23:29:00.730,CISA
CVE-2018-19326,0.0,0.00913,"Zyxel VMG1312-B10D devices before 5.13(AAXA.8)C0 allow ../ Directory Traversal, as demonstrated by reading /etc/passwd.",2018-11-17 14:29:00.193,Nuclei
CVE-2018-19365,9.1,0.01354,"The REST API in Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request.",2019-03-21 16:00:30.750,Nuclei
CVE-2018-19386,0.0,0.00177,"SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI.",2019-08-14 20:15:11.463,Nuclei
CVE-2018-19422,7.2,0.84517,"/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these.",2018-11-21 21:29:00.313,Metasploit
CVE-2018-19439,0.0,0.0038,"XSS exists in the Administration Console in Oracle Secure Global Desktop 4.4 20080807152602 (but was fixed in later versions including 5.4). helpwindow.jsp has reflected XSS via all parameters, as demonstrated by the sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp windowTitle parameter.",2018-12-13 19:29:00.620,Nuclei
CVE-2018-19458,0.0,0.03301,"In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246.",2018-11-22 20:29:00.300,Nuclei
CVE-2018-19518,7.5,0.9687,"University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics. For example, if rsh is a link to ssh (as seen on Debian and Ubuntu systems), then the attack can use an IMAP server name containing a ""-oProxyCommand"" argument.",2018-11-25 10:29:00.250,EPSS/Metasploit
CVE-2018-19749,0.0,0.00078,DomainMOD through 4.11.01 has XSS via the assets/add/account-owner.php Owner name field.,2018-11-29 22:29:00.550,Nuclei
CVE-2018-19751,0.0,0.00078,DomainMOD through 4.11.01 has XSS via the admin/ssl-fields/add.php notes field for Custom SSL Fields.,2018-11-29 22:29:00.630,Nuclei
CVE-2018-19752,0.0,0.00078,DomainMOD through 4.11.01 has XSS via the assets/add/registrar.php notes field for the Registrar.,2018-11-29 22:29:00.677,Nuclei
CVE-2018-19753,0.0,0.0066,Tarantella Enterprise before 3.11 allows Directory Traversal.,2018-12-05 22:29:00.630,Nuclei
CVE-2018-19877,0.0,0.00204,login.php in Adiscon LogAnalyzer before 4.1.7 has XSS via the Login Button Referer field.,2018-12-05 21:29:00.513,Nuclei
CVE-2018-19892,0.0,0.00101,"DomainMOD through 4.11.01 has XSS via the admin/dw/add-server.php DisplayName, HostName, or UserName field.",2018-12-06 03:29:00.240,Nuclei
CVE-2018-19914,0.0,0.00126,DomainMOD through 4.11.01 has XSS via the assets/add/dns.php Profile Name or notes field.,2018-12-06 19:29:00.307,Nuclei
CVE-2018-19915,0.0,0.00126,DomainMOD through 4.11.01 has XSS via the assets/edit/host.php Web Host Name or Web Host URL field.,2018-12-06 19:29:00.357,Nuclei
CVE-2018-19943,5.4,0.00176,"If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed these issues in the following QTS versions. QTS 4.4.2.1270 build 20200410 and later QTS 4.4.1.1261 build 20200330 and later QTS 4.3.6.1263 build 20200330 and later QTS 4.3.4.1282 build 20200408 and later QTS 4.3.3.1252 build 20200409 and later QTS 4.2.6 build 20200421 and later",2020-10-28 18:15:12.520,CISA
CVE-2018-19949,9.8,0.00672,"If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build 20200130; QTS 4.3.6.1218 on build 20200214; QTS 4.3.4.1190 on build 20200107; QTS 4.3.3.1161 on build 20200109; QTS 4.2.6 on build 20200109.",2020-10-28 18:15:12.647,CISA
CVE-2018-19953,6.1,0.00379,"If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build 20200130; QTS 4.3.6.1218 on build 20200214; QTS 4.3.4.1190 on build 20200107; QTS 4.3.3.1161 on build 20200109; QTS 4.2.6 on build 20200109.",2020-10-28 18:15:12.740,CISA
CVE-2018-20009,0.0,0.00126,DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider.php SSL Provider Name or SSL Provider URL field.,2018-12-10 09:29:00.340,Nuclei
CVE-2018-20010,0.0,0.00126,DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider-account.php username field.,2018-12-10 09:29:00.387,Nuclei
CVE-2018-20011,0.0,0.00126,DomainMOD 4.11.01 has XSS via the assets/add/category.php Category Name or Stakeholder field.,2018-12-10 09:29:00.450,Nuclei
CVE-2018-20062,0.0,0.96678,"An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php allows remote attackers to execute arbitrary PHP code via crafted use of the filter parameter, as demonstrated by the s=index/\think\Request/input&filter=phpinfo&data=1 query string.",2018-12-11 18:29:00.197,EPSS/CISA/Metasploit
CVE-2018-20250,0.0,0.97342,"In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path.",2019-02-05 20:29:00.243,EPSS/CISA/Metasploit
CVE-2018-20323,0.0,0.34108,www/soap/application/MCSoap/Logs.php in MailCleaner Community Edition 2018.08 allows remote attackers to execute arbitrary OS commands.,2019-03-21 16:00:35.920,Metasploit
CVE-2018-20434,0.0,0.96859,"LibreNMS 1.46 allows remote attackers to execute arbitrary OS commands by using the $_POST['community'] parameter to html/pages/addhost.inc.php during creation of a new device, and then making a /ajax_output.php?id=capture&format=text&type=snmpwalk&hostname=localhost request that triggers html/includes/output/capture.inc.php command mishandling.",2019-04-24 21:29:00.400,EPSS/Metasploit
CVE-2018-20462,0.0,0.00245,An issue was discovered in the JSmol2WP plugin 1.07 for WordPress. A cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the jsmol.php data parameter.,2018-12-25 21:29:00.247,Nuclei
CVE-2018-20463,0.0,0.03436,An issue was discovered in the JSmol2WP plugin 1.07 for WordPress. There is an arbitrary file read vulnerability via ../ directory traversal in query=php://filter/resource= in the jsmol.php query string. This can also be used for SSRF.,2018-12-25 21:29:00.293,Nuclei
CVE-2018-20470,7.5,0.14894,An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A directory traversal (arbitrary file access) vulnerability exists in the web reports module. This allows an outside attacker to view contents of sensitive files.,2019-06-17 14:15:10.593,Nuclei
CVE-2018-20526,0.0,0.00666,Roxy Fileman 1.4.5 allows unrestricted file upload in upload.php.,2019-03-21 16:00:36.140,Nuclei
CVE-2018-20608,0.0,0.01406,imcat 4.4 allows remote attackers to read phpinfo output via the root/tools/adbug/binfo.php?phpinfo1 URI.,2018-12-30 21:29:00.770,Nuclei
CVE-2018-20735,0.0,0.07953,"An issue was discovered in BMC PATROL Agent through 11.3.01. It was found that the PatrolCli application can allow for lateral movement and escalation of privilege inside a Windows Active Directory environment. It was found that by default the PatrolCli / PATROL Agent application only verifies if the password provided for the given username is correct; it does not verify the permissions of the user on the network. This means if you have PATROL Agent installed on a high value target (domain controller), you can use a low privileged domain user to authenticate with PatrolCli and then connect to the domain controller and run commands as SYSTEM. This means any user on a domain can escalate to domain admin through PATROL Agent. NOTE: the vendor disputes this because they believe it is adequate to prevent this escalation by means of a custom, non-default configuration",2019-01-17 20:29:00.167,Metasploit
CVE-2018-20753,0.0,0.10259,"Kaseya VSA RMM before R9.3 9.3.0.35, R9.4 before 9.4.0.36, and R9.5 before 9.5.0.5 allows unprivileged remote attackers to execute PowerShell payloads on all managed devices. In January 2018, attackers actively exploited this vulnerability in the wild.",2019-02-05 06:29:00.593,CISA
CVE-2018-20781,7.8,0.00047,"In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext.",2019-02-12 17:29:00.243,Metasploit
CVE-2018-20824,0.0,0.00203,The WallboardServlet resource in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the cyclePeriod parameter.,2019-05-03 20:29:00.310,Nuclei
CVE-2018-20985,0.0,0.01061,"The wp-payeezy-pay plugin before 2.98 for WordPress has local file inclusion in pay.php, donate.php, donate-rec, and pay-rec.",2019-08-22 14:15:12.553,Nuclei
CVE-2018-2380,0.0,0.02333,"SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing ""traverse to parent directory"" are passed through to the file APIs.",2018-03-01 17:29:00.413,CISA
CVE-2018-2392,0.0,0.00278,"Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server (IGS) to become unavailable.",2018-02-14 12:29:01.453,Metasploit/Nuclei
CVE-2018-2393,0.0,0.00118,"Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server (IGS) to become unavailable.",2018-02-14 12:29:01.530,Metasploit
CVE-2018-2628,0.0,0.9751,"Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",2018-04-19 02:29:00.457,EPSS/CISA/Metasploit/Nuclei
CVE-2018-2791,0.0,0.02132,"Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions that are affected are 11.1.1.8.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data as well as unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).",2018-04-19 02:29:03.457,Nuclei
CVE-2018-2893,0.0,0.97327,"Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",2018-07-18 13:29:00.617,EPSS/Nuclei
CVE-2018-2894,0.0,0.97327,"Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported versions that are affected are 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",2018-07-18 13:29:00.663,EPSS/Nuclei
CVE-2018-3167,0.0,0.00519,"Vulnerability in the Application Management Pack for Oracle E-Business Suite component of Oracle E-Business Suite (subcomponent: User Monitoring). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Application Management Pack for Oracle E-Business Suite. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Application Management Pack for Oracle E-Business Suite accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",2018-10-17 01:31:19.197,Nuclei
CVE-2018-3238,0.0,0.00337,"Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). The supported version that is affected is 11.1.1.8.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data as well as unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data. CVSS 3.0 Base Score 6.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N).",2018-10-17 01:31:25.573,Nuclei
CVE-2018-3714,6.5,0.00182,"node-srv node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path.",2018-06-07 02:29:07.973,Nuclei
CVE-2018-3760,0.0,0.02274,"There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server is used in production. All users running an affected release should either upgrade or use one of the work arounds immediately.",2018-06-26 19:29:00.343,Nuclei
CVE-2018-3810,0.0,0.77324,"Authentication Bypass vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to insert arbitrary JavaScript or HTML code (via the sgcgoogleanalytic parameter) that runs on all pages served by WordPress. The saveGoogleCode() function in smartgooglecode.php does not check if the current request is made by an authorized user, thus allowing any unauthenticated user to successfully update the inserted code.",2018-01-01 06:29:00.217,Nuclei
CVE-2018-4162,0.0,0.00514,"An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the ""WebKit"" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",2018-04-03 06:29:07.467,Metasploit
CVE-2018-4237,0.0,0.00787,"An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the ""libxpc"" component. It allows attackers to gain privileges via a crafted app that leverages a logic error.",2018-06-08 18:29:02.227,Metasploit
CVE-2018-4344,0.0,0.00703,"A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.",2019-04-03 18:29:09.173,CISA
CVE-2018-4404,0.0,0.00123,"In iOS before 11.4 and macOS High Sierra before 10.13.5, a memory corruption issue exists and was addressed with improved memory handling.",2019-01-11 18:29:03.140,Metasploit
CVE-2018-4878,9.8,0.9721,A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018.,2018-02-06 21:29:00.347,EPSS/CISA
CVE-2018-4936,6.5,0.95178,Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Heap Overflow vulnerability. Successful exploitation could lead to information disclosure.,2018-05-19 17:29:01.337,EPSS
CVE-2018-4939,9.8,0.96914,"Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Deserialization of Untrusted Data vulnerability. Successful exploitation could lead to arbitrary code execution.",2018-05-19 17:29:01.480,EPSS/CISA
CVE-2018-4990,0.0,0.03016,"Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Double Free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",2018-07-09 19:29:03.327,CISA
CVE-2018-4993,0.0,0.96643,"Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an NTLM SSO hash theft vulnerability. Successful exploitation could lead to information disclosure.",2018-07-09 19:29:03.373,EPSS/Metasploit
CVE-2018-5002,0.0,0.03104,Adobe Flash Player versions 29.0.0.171 and earlier have a Stack-based buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.,2018-07-09 19:29:03.750,CISA
CVE-2018-5230,0.0,0.00153,"The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the error message of custom fields when an invalid value is specified.",2018-05-14 13:29:03.507,Nuclei
CVE-2018-5233,0.0,0.00294,Cross-site scripting (XSS) vulnerability in system/src/Grav/Common/Twig/Twig.php in Grav CMS before 1.3.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/tools.,2018-03-19 21:29:00.940,Nuclei
CVE-2018-5316,0.0,0.00194,"The ""SagePay Server Gateway for WooCommerce"" plugin before 1.0.9 for WordPress has XSS via the includes/pages/redirect.php page parameter.",2018-01-09 22:29:00.257,Nuclei
CVE-2018-5333,0.0,0.00064,"In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference.",2018-01-11 07:29:00.263,Metasploit
CVE-2018-5430,0.0,0.17572,"The Spring web flows of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contain a vulnerability which may allow any authenticated user read-only access to the contents of the web application, including key configuration files. Affected releases include TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3;6.4.0; 6.4.2, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.2, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 6.4.2, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 6.4.2.",2018-04-17 18:29:00.293,CISA
CVE-2018-5715,0.0,0.00129,phprint.php in SugarCRM 3.5.1 has XSS via a parameter name in the query string (aka a $key variable).,2018-01-16 20:29:00.277,Nuclei
CVE-2018-5955,0.0,0.96364,"An issue was discovered in GitStack through 2.3.10. User controlled input is not sufficiently filtered, allowing an unauthenticated attacker to add a user to the server via the username and password fields to the rest/user/ URI.",2018-01-21 22:29:00.320,EPSS
CVE-2018-5999,0.0,0.2536,"An issue was discovered in AsusWRT before 3.0.0.4.384_10007. In the handle_request function in router/httpd/httpd.c, processing of POST requests continues even if authentication fails.",2018-01-22 20:29:00.227,Metasploit
CVE-2018-6000,0.0,0.08998,"An issue was discovered in AsusWRT before 3.0.0.4.384_10007. The do_vpnupload_post function in router/httpd/web.c in vpnupload.cgi provides functionality for setting NVRAM configuration values, which allows attackers to set the admin password and launch an SSH daemon (or enable infosvr command mode), and consequently obtain remote administrative access, via a crafted request. This is available to unauthenticated attackers in conjunction with CVE-2018-5999.",2018-01-22 20:29:00.290,Metasploit
CVE-2018-6008,0.0,0.3768,Arbitrary File Download exists in the Jtag Members Directory 5.3.7 component for Joomla! via the download_file parameter.,2018-01-29 05:29:00.447,Nuclei
CVE-2018-6065,0.0,0.9092,Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,2018-11-14 15:29:01.250,CISA
CVE-2018-6184,0.0,0.00396,ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next request namespace.,2018-01-24 10:29:01.020,Nuclei
CVE-2018-6200,0.0,0.00106,vBulletin 3.x.x and 4.2.x through 4.2.5 has an open redirect via the redirector.php url parameter.,2018-01-25 04:29:00.240,Nuclei
CVE-2018-6317,0.0,0.17594,"The remote management interface in Claymore Dual Miner 10.5 and earlier is vulnerable to an unauthenticated format string vulnerability, allowing remote attackers to read memory or cause a denial of service.",2018-02-02 21:29:00.853,Metasploit
CVE-2018-6328,0.0,0.02079,"It was discovered that the Unitrends Backup (UB) before 10.1.0 user interface was exposed to an authentication bypass, which then could allow an unauthenticated user to inject arbitrary commands into its /api/hosts parameters using backquotes.",2018-03-14 19:29:00.597,Metasploit
CVE-2018-6329,0.0,0.0299,"It was discovered that the Unitrends Backup (UB) before 10.1.0 libbpext.so authentication could be bypassed with a SQL injection, allowing a remote attacker to place a privilege escalation exploit on the target system and subsequently execute arbitrary commands.",2018-03-14 19:29:00.657,Metasploit
CVE-2018-6530,9.8,0.93644,"OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter.",2018-03-06 20:29:00.987,CISA/Nuclei
CVE-2018-6605,0.0,0.00754,"SQL Injection exists in the Zh BaiduMap 3.0.0.1 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request.",2018-02-05 21:29:00.393,Nuclei
CVE-2018-6789,0.0,0.96791,"An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.",2018-02-08 23:29:01.170,EPSS/CISA
CVE-2018-6849,0.0,0.94285,"In the WebRTC component in DuckDuckGo 4.2.0, after visiting a web site that attempts to gather complete client information (such as https://ip.voidsec.com), the browser can disclose a private IP address in a STUN request.",2018-04-01 18:29:00.227,Metasploit
CVE-2018-6882,0.0,0.00749,Cross-site scripting (XSS) vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite (ZCS) before 8.7 Patch 1 and 8.8.x before 8.8.7 might allow remote attackers to inject arbitrary web script or HTML via a Content-Location header in an email attachment.,2018-03-27 16:29:00.530,CISA
CVE-2018-6892,0.0,0.97089,"An issue was discovered in CloudMe before 1.11.0. An unauthenticated remote attacker that can connect to the ""CloudMe Sync"" client application listening on port 8888 can send a malicious payload causing a buffer overflow condition. This will result in an attacker controlling the program's execution flow and allowing arbitrary code execution.",2018-02-11 18:29:00.290,EPSS/Metasploit
CVE-2018-6910,7.5,0.02422,DedeCMS 5.7 allows remote attackers to discover the full path via a direct request for include/downmix.inc.php or inc/inc_archives_functions.php.,2018-02-13 21:29:00.267,Nuclei
CVE-2018-6961,0.0,0.29688,VMware NSX SD-WAN Edge by VeloCloud prior to version 3.1.0 contains a command injection vulnerability in the local web UI component. This component is disabled by default and should not be enabled on untrusted networks. VeloCloud by VMware will be removing this service from the product in future releases. Successful exploitation of this issue could result in remote code execution.,2018-06-11 22:29:00.230,CISA
CVE-2018-7251,0.0,0.06473,"An issue was discovered in config/error.php in Anchor 0.12.3. The error log is exposed at an errors.log URI, and contains MySQL credentials if a MySQL error (such as ""Too many connections"") has occurred.",2018-02-19 22:29:00.220,Nuclei
CVE-2018-7282,9.8,0.10996,The username parameter of the TITool PrintMonitor solution during the login request is vulnerable to and/or time-based blind SQLi.,2019-12-06 17:15:11.300,Nuclei
CVE-2018-7314,0.0,0.00754,"SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! via the sessionid parameter, a different vulnerability than CVE-2008-6429.",2018-02-22 19:29:07.453,Nuclei
CVE-2018-7422,0.0,0.94711,"A Local File Inclusion vulnerability in the Site Editor plugin through 1.1.1 for WordPress allows remote attackers to retrieve arbitrary files via the ajax_path parameter to editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php, aka absolute path traversal.",2018-03-19 14:29:00.363,Nuclei
CVE-2018-7445,0.0,0.85476,"A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes place, so it is possible for an unauthenticated remote attacker to exploit it. All architectures and all devices running RouterOS before versions 6.41.3/6.42rc27 are vulnerable.",2018-03-19 21:29:01.083,CISA
CVE-2018-7467,0.0,0.00396,AxxonSoft Axxon Next has Directory Traversal via an initial /css//..%2f substring in a URI.,2018-02-27 21:29:00.313,Nuclei
CVE-2018-7490,0.0,0.94858,"uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, allowing directory traversal.",2018-02-26 22:29:00.697,Nuclei
CVE-2018-7573,0.0,0.88712,"An issue was discovered in FTPShell Client 6.7. A remote FTP server can send 400 characters of 'F' in conjunction with the FTP 220 response code to crash the application; after this overflow, one can run arbitrary code on the victim machine. This is similar to CVE-2009-3364 and CVE-2017-6465.",2018-03-01 17:29:00.587,Metasploit
CVE-2018-7600,0.0,0.97566,"Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.",2018-03-29 07:29:00.260,EPSS/CISA/Metasploit/Nuclei
CVE-2018-7602,9.8,0.97356,"A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild.",2018-07-19 17:29:00.373,EPSS/CISA/Nuclei
CVE-2018-7653,0.0,0.00797,"In YzmCMS 3.6, index.php has XSS via the a, c, or m parameter.",2018-03-04 19:29:00.213,Nuclei
CVE-2018-7662,0.0,0.003,Couch through 2.0 allows remote attackers to discover the full path via a direct request to includes/mysql2i/mysql2i.func.php or addons/phpmailer/phpmailer.php.,2018-03-04 23:29:00.220,Nuclei
CVE-2018-7665,0.0,0.96314,"An issue was discovered in ClipBucket before 4.0.0 Release 4902. A malicious file can be uploaded via the name parameter to actions/beats_uploader.php or actions/photo_uploader.php, or the coverPhoto parameter to edit_account.php.",2018-03-05 07:29:00.383,EPSS/Metasploit
CVE-2018-7700,0.0,0.50599,"DedeCMS 5.7 has CSRF with an impact of arbitrary code execution, because the partcode parameter in a tag_test_action.php request can specify a runphp field in conjunction with PHP code.",2018-03-27 18:29:00.243,Nuclei
CVE-2018-7719,0.0,0.09221,Acrolinx Server before 5.2.5 on Windows allows Directory Traversal.,2018-03-25 16:29:00.203,Nuclei
CVE-2018-7841,0.0,0.01227,A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unwanted code execution when an improper set of characters is entered.,2019-05-22 20:29:01.480,CISA
CVE-2018-7890,0.0,0.97217,"A remote code execution issue was discovered in Zoho ManageEngine Applications Manager before 13.6 (build 13640). The publicly accessible testCredential.do endpoint takes multiple user inputs and validates supplied credentials by accessing a specified system. This endpoint calls several internal classes, and then executes a PowerShell script. If the specified system is OfficeSharePointServer, then the username and password parameters to this script are not validated, leading to Command Injection.",2018-03-08 22:29:00.233,EPSS/Metasploit
CVE-2018-8006,6.1,0.34776,An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. The root cause of this issue is improper data filtering of the QueueFilter parameter.,2018-10-10 14:29:00.497,Nuclei
CVE-2018-8021,0.0,0.96003,Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Note Superset 0.23 was released prior to any Superset release under the Apache Software Foundation.,2018-11-07 14:29:00.947,EPSS
CVE-2018-8033,0.0,0.04526,"In Apache OFBiz 16.11.01 to 16.11.04, the OFBiz HTTP engine (org.apache.ofbiz.service.engine.HttpEngine.java) handles requests for HTTP services via the /webtools/control/httpService endpoint. Both POST and GET requests to the httpService endpoint may contain three parameters: serviceName, serviceMode, and serviceContext. The exploitation occurs by having DOCTYPEs pointing to external references that trigger a payload that returns secret information from the host.",2018-12-13 14:29:00.387,Nuclei
CVE-2018-8065,0.0,0.76439,An issue was discovered in the web server in Flexense SyncBreeze Enterprise 10.6.24. There is a user mode write access violation on the syncbrs.exe memory region that can be triggered by rapidly sending a variety of HTTP requests with long HTTP header values or long URIs.,2018-03-12 04:29:00.367,Metasploit
CVE-2018-8120,0.0,0.97431,"An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka ""Win32k Elevation of Privilege Vulnerability."" This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8124, CVE-2018-8164, CVE-2018-8166.",2018-05-09 19:29:01.277,EPSS/CISA/Metasploit
CVE-2018-8133,0.0,0.95719,"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ""Chakra Scripting Engine Memory Corruption Vulnerability."" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0943, CVE-2018-8130, CVE-2018-8145, CVE-2018-8177.",2018-05-09 19:29:01.747,EPSS
CVE-2018-8139,0.0,0.95577,"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka ""Scripting Engine Memory Corruption Vulnerability."" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137.",2018-05-09 19:29:01.917,EPSS
CVE-2018-8174,0.0,0.97453,"A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka ""Windows VBScript Engine Remote Code Execution Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.",2018-05-09 19:29:02.917,EPSS/CISA
CVE-2018-8229,0.0,0.95816,"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ""Chakra Scripting Engine Memory Corruption Vulnerability."" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8227.",2018-06-14 12:29:01.883,EPSS
CVE-2018-8279,0.0,0.96241,"A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka ""Microsoft Edge Memory Corruption Vulnerability."" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8125, CVE-2018-8262, CVE-2018-8274, CVE-2018-8275, CVE-2018-8301.",2018-07-11 00:29:00.993,EPSS
CVE-2018-8298,0.0,0.77775,"A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka ""Scripting Engine Memory Corruption Vulnerability."" This affects ChakraCore. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8291, CVE-2018-8296.",2018-07-11 00:29:01.663,CISA
CVE-2018-8355,0.0,0.96381,"A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka ""Scripting Engine Memory Corruption Vulnerability."" This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-8353, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390.",2018-08-15 17:29:05.737,EPSS
CVE-2018-8373,0.0,0.92164,"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka ""Scripting Engine Memory Corruption Vulnerability."" This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390.",2018-08-15 17:29:06.673,CISA
CVE-2018-8405,0.0,0.00117,"An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka ""DirectX Graphics Kernel Elevation of Privilege Vulnerability."" This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8400, CVE-2018-8401, CVE-2018-8406.",2018-08-15 17:29:10.050,CISA
CVE-2018-8406,0.0,0.00117,"An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka ""DirectX Graphics Kernel Elevation of Privilege Vulnerability."" This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8400, CVE-2018-8401, CVE-2018-8405.",2018-08-15 17:29:10.157,CISA
CVE-2018-8414,0.0,0.82646,"A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths, aka ""Windows Shell Remote Code Execution Vulnerability."" This affects Windows 10 Servers, Windows 10.",2018-08-15 17:29:10.393,CISA
CVE-2018-8440,0.0,0.97098,"An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka ""Windows ALPC Elevation of Privilege Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.",2018-09-13 00:29:04.333,EPSS/CISA/Metasploit
CVE-2018-8453,0.0,0.93905,"An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka ""Win32k Elevation of Privilege Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.",2018-10-10 13:29:02.557,CISA/Metasploit
CVE-2018-8466,0.0,0.96293,"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ""Chakra Scripting Engine Memory Corruption Vulnerability."" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8367, CVE-2018-8465, CVE-2018-8467.",2018-09-13 00:29:06.507,EPSS
CVE-2018-8467,0.0,0.96293,"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ""Chakra Scripting Engine Memory Corruption Vulnerability."" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8367, CVE-2018-8465, CVE-2018-8466.",2018-09-13 00:29:06.613,EPSS
CVE-2018-8581,7.4,0.0287,"An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka ""Microsoft Exchange Server Elevation of Privilege Vulnerability."" This affects Microsoft Exchange Server.",2018-11-14 01:29:01.927,CISA
CVE-2018-8589,0.0,0.00101,"An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys, aka ""Windows Win32k Elevation of Privilege Vulnerability."" This affects Windows Server 2008, Windows 7, Windows Server 2008 R2.",2018-11-14 01:29:02.067,CISA
CVE-2018-8611,0.0,0.00061,"An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka ""Windows Kernel Elevation of Privilege Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.",2018-12-12 00:29:00.933,CISA
CVE-2018-8617,0.0,0.96781,"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ""Chakra Scripting Engine Memory Corruption Vulnerability."" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8583, CVE-2018-8618, CVE-2018-8624, CVE-2018-8629.",2018-12-12 00:29:01.043,EPSS
CVE-2018-8625,0.0,0.96125,"A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka ""Windows VBScript Engine Remote Code Execution Vulnerability."" This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10.",2018-12-12 00:29:01.327,EPSS
CVE-2018-8631,0.0,0.9676,"A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka ""Internet Explorer Memory Corruption Vulnerability."" This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10.",2018-12-12 00:29:01.543,EPSS
CVE-2018-8653,0.0,0.0473,"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka ""Scripting Engine Memory Corruption Vulnerability."" This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8643.",2018-12-20 13:29:00.327,CISA
CVE-2018-8715,0.0,0.00927,"The Embedthis HTTP library, and Appweb versions before 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login types.",2018-03-15 01:29:04.447,Nuclei
CVE-2018-8719,0.0,0.03177,"An issue was discovered in the WP Security Audit Log plugin 3.1.1 for WordPress. Access to wp-content/uploads/wp-security-audit-log/* files is not restricted. For example, these files are indexed by Google and allows for attackers to possibly find sensitive information.",2018-04-04 19:29:00.220,Nuclei
CVE-2018-8727,0.0,0.01105,Path Traversal in Gateway in Mirasys DVMS Workstation 5.12.6 and earlier allows an attacker to traverse the file system to access files or directories via the Web Client webserver.,2018-06-19 19:29:00.470,Nuclei
CVE-2018-8733,0.0,0.38746,Authentication bypass vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an unauthenticated attacker to make configuration changes and leverage an authenticated SQL injection vulnerability.,2018-04-18 00:29:00.317,Metasploit
CVE-2018-8734,0.0,0.35058,SQL injection vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary SQL commands via the selInfoKey1 parameter.,2018-04-18 00:29:00.380,Metasploit
CVE-2018-8735,0.0,0.85826,"Remote command execution (RCE) vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary commands on the target system, aka OS command injection.",2018-04-18 00:29:00.440,Metasploit
CVE-2018-8736,0.0,0.51028,A privilege escalation vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to leverage an RCE vulnerability escalating to root.,2018-04-18 00:29:00.487,Metasploit
CVE-2018-8770,5.3,0.00196,"Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via generate.php, controllers/getConfigTest.php, controllers/getUpdateTest.php, controllers/postclientdataTest.php, controllers/posterrorTest.php, controllers/posteventTest.php, controllers/posttagTest.php, controllers/postusinglogTest.php, fixtures/Controller_fixt.php, fixtures/Controller_fixt2.php, fixtures/view_fixt2.php, libs/ipTest.php, or models/commonDbfix.php in tests/.",2018-03-18 06:29:00.613,Nuclei
CVE-2018-8823,0.0,0.24062,modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal+Vertical+Dropdown) Pro module 1.0.32 for PrestaShop 1.5.5.0 through 1.7.2.5 allows remote attackers to execute arbitrary PHP code via the code parameter.,2018-03-28 02:29:00.227,Nuclei
CVE-2018-8897,0.0,0.00072,"A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs.",2018-05-08 18:29:00.547,Metasploit
CVE-2018-9118,0.0,0.07018,exports/download.php in the 99 Robots WP Background Takeover Advertisements plugin before 4.1.5 for WordPress has Directory Traversal via a .. in the filename parameter.,2018-04-12 15:29:00.600,Nuclei
CVE-2018-9126,0.0,0.96529,"The DNNArticle module 11 for DNN (formerly DotNetNuke) allows remote attackers to read the web.config file, and consequently discover database credentials, via the /GetCSS.ashx/?CP=%2fweb.config URI.",2018-04-04 19:29:00.517,EPSS
CVE-2018-9160,0.0,0.62404,SickRage before v2018.03.09-1 includes cleartext credentials in HTTP responses.,2018-03-31 21:29:00.453,Metasploit
CVE-2018-9161,0.0,0.13148,Prisma Industriale Checkweigher PrismaWEB 1.21 allows remote attackers to discover the hardcoded prisma password for the prismaweb account by reading user/scripts/login_par.js.,2018-03-31 22:29:00.353,Nuclei
CVE-2018-9205,0.0,0.02175,"Vulnerability in avatar_uploader v7.x-1.0-beta8 , The code in view.php doesn't verify users or sanitize the file path.",2018-04-04 15:29:00.410,Nuclei
CVE-2018-9206,9.8,0.96689,Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0,2018-10-11 15:29:00.640,EPSS/Metasploit
CVE-2018-9276,7.2,0.48617,An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administrator web console with administrative privileges can exploit an OS command injection vulnerability (both on the server and on devices) by sending malformed parameters in sensor or notification management scenarios.,2018-07-02 16:29:00.600,Metasploit
CVE-2018-9845,0.0,0.01393,Etherpad Lite before 1.6.4 is exploitable for admin access.,2018-04-29 18:29:00.223,Nuclei
CVE-2018-9948,0.0,0.71942,This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of typed arrays. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5380.,2018-05-17 15:29:02.473,Metasploit
CVE-2018-9958,0.0,0.81501,"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Text Annotations. When setting the point attribute, the process does not properly validate the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5620.",2018-05-17 15:29:02.957,Metasploit
CVE-2018-9995,0.0,0.91511,"TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass authentication via a ""Cookie: uid=admin"" header, as demonstrated by a device.rsp?opt=user&cmd=list request that provides credentials within JSON data in a response.",2018-04-10 22:29:00.290,Nuclei
CVE-2019-0192,0.0,0.95537,"In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trigger remote code execution on the Solr side.",2019-03-07 21:29:00.203,EPSS
CVE-2019-0193,0.0,0.9591,"In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's ""dataConfig"" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property ""enable.dih.dataConfigParam"" to true.",2019-08-01 14:15:13.113,EPSS/CISA/Nuclei
CVE-2019-0211,0.0,0.97397,"In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.",2019-04-08 22:29:00.387,EPSS/CISA
CVE-2019-0221,0.0,0.01096,"The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.",2019-05-28 22:29:00.563,Nuclei
CVE-2019-0230,9.8,0.95346,"Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.",2020-09-14 17:15:09.933,EPSS/Metasploit/Nuclei
CVE-2019-0232,0.0,0.97352,"When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by default. The CGI option enableCmdLineArguments is disable by default in Tomcat 9.0.x (and will be disabled by default in all versions in response to this vulnerability). For a detailed explanation of the JRE behaviour, see Markus Wulftange's blog (https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html) and this archived MSDN blog (https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/).",2019-04-15 15:29:00.420,EPSS/Metasploit
CVE-2019-0307,0.0,0.00333,"Diagnostics Agent in Solution Manager, version 7.2, stores several credentials such as SLD user connection as well as Solman user communication in the SAP Secure Storage file which is not encrypted by default. By decoding these credentials, an attacker with admin privileges could gain access to the entire configuration, but no system sensitive information can be gained.",2019-06-12 15:29:00.377,Metasploit
CVE-2019-0539,0.0,0.96474,"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ""Chakra Scripting Engine Memory Corruption Vulnerability."" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2019-0567, CVE-2019-0568.",2019-01-08 21:29:00.410,EPSS
CVE-2019-0541,0.0,0.97334,"A remote code execution vulnerability exists in the way that the MSHTML engine inproperly validates input, aka ""MSHTML Engine Remote Code Execution Vulnerability."" This affects Microsoft Office, Microsoft Office Word Viewer, Internet Explorer 9, Internet Explorer 11, Microsoft Excel Viewer, Internet Explorer 10, Office 365 ProPlus.",2019-01-08 21:29:00.470,EPSS/CISA
CVE-2019-0543,0.0,0.00235,"An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka ""Microsoft Windows Elevation of Privilege Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.",2019-01-08 21:29:00.517,CISA
CVE-2019-0568,0.0,0.96625,"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ""Chakra Scripting Engine Memory Corruption Vulnerability."" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2019-0539, CVE-2019-0567.",2019-01-08 21:29:01.457,EPSS
CVE-2019-0604,9.8,0.97398,"A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0594.",2019-03-05 23:29:00.757,EPSS/CISA
CVE-2019-0676,0.0,0.01989,"An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.An attacker who successfully exploited this vulnerability could test for the presence of files on disk, aka 'Internet Explorer Information Disclosure Vulnerability'.",2019-03-05 23:29:02.613,CISA
CVE-2019-0703,0.0,0.00207,"An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, aka 'Windows SMB Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0704, CVE-2019-0821.",2019-04-09 00:29:00.887,CISA
CVE-2019-0708,0.0,0.97499,"A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.",2019-05-16 19:29:00.427,EPSS/CISA
CVE-2019-0724,8.1,0.07547,"An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0686.",2019-03-05 23:29:02.677,Metasploit
CVE-2019-0726,0.0,0.95329,"A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka 'Windows DHCP Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0697, CVE-2019-0698.",2019-04-09 00:29:00.980,EPSS
CVE-2019-0752,7.5,0.95487,"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0739, CVE-2019-0753, CVE-2019-0862.",2019-04-09 21:29:00.567,EPSS/CISA
CVE-2019-0768,0.0,0.96814,"A security feature bypass vulnerability exists when Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions, and to allow requests that should otherwise be ignored, aka 'Internet Explorer Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0761.",2019-04-09 02:29:00.927,EPSS
CVE-2019-0797,0.0,0.00042,"An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0808.",2019-04-09 03:29:00.763,CISA
CVE-2019-0803,7.8,0.00615,"An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0685, CVE-2019-0859.",2019-04-09 21:29:01.037,CISA
CVE-2019-0808,0.0,0.00051,"An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0797.",2019-04-09 03:29:00.873,CISA/Metasploit
CVE-2019-0841,7.8,0.86552,"An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836.",2019-04-09 21:29:01.990,CISA/Metasploit
CVE-2019-0859,0.0,0.00042,"An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0685, CVE-2019-0803.",2019-04-09 21:29:02.520,CISA
CVE-2019-0863,7.8,0.00231,"An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'.",2019-05-16 19:29:00.927,CISA
CVE-2019-0880,0.0,0.00042,"A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls, aka 'Microsoft splwow64 Elevation of Privilege Vulnerability'.",2019-07-15 19:15:15.687,CISA
CVE-2019-0903,0.0,0.04151,"A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.",2019-05-16 19:29:02.303,CISA
CVE-2019-1003000,8.8,0.68648,A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM.,2019-01-22 14:29:00.267,Metasploit
CVE-2019-1003001,8.8,0.6273,"A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition.java, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShellFactory.java that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.",2019-01-22 14:29:00.330,Metasploit
CVE-2019-1003002,8.8,0.6273,A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/Converter.groovy that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.,2019-01-22 14:29:00.390,Metasploit
CVE-2019-1003005,8.8,0.00474,A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.50 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.,2019-02-06 16:29:00.250,Metasploit
CVE-2019-1003029,9.9,0.00941,"A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM.",2019-03-08 21:29:00.297,CISA/Metasploit
CVE-2019-1003030,9.9,0.00569,"A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java that allows attackers able to control pipeline scripts to execute arbitrary code on the Jenkins master JVM.",2019-03-08 21:29:00.343,CISA
CVE-2019-10068,0.0,0.97344,"An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions. Due to a failure to validate security headers, it was possible for a specially crafted request to the staging service to bypass the initial authentication and proceed to deserialize user-controlled .NET object input. This deserialization then led to unauthenticated remote code execution on the server where the Kentico instance was hosted.",2019-03-26 18:29:00.403,EPSS/CISA/Metasploit/Nuclei
CVE-2019-10092,6.1,0.07116,"In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.",2019-09-26 16:15:10.613,Nuclei
CVE-2019-10098,6.1,0.14386,"In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL.",2019-09-25 17:15:10.353,Nuclei
CVE-2019-1010287,0.0,0.00129,"Timesheet Next Gen 1.5.3 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via a ""redirect"" parameter. The component is: Web login form: login.php, lines 40 and 54. The attack vector is: reflected XSS, victim may click the malicious url.",2019-07-17 21:15:11.093,Nuclei
CVE-2019-1010290,0.0,0.00215,"Babel: Multilingual site Babel All is affected by: Open Redirection. The impact is: Redirection to any URL, which is supplied to redirect.php in a ""newurl"" parameter. The component is: redirect.php. The attack vector is: The victim must open a link created by an attacker. Attacker may use any legitimate site using Babel to redirect user to a URL of his/her choosing.",2019-07-16 14:15:11.903,Nuclei
CVE-2019-10123,0.0,0.32718,SQL Injection in Advanced InfoData Systems (AIS) ESEL-Server 67 (which is the backend for the AIS logistics mobile app) allows an anonymous attacker to execute arbitrary code in the context of the user of the MSSQL database. The default user for the database is the 'sa' user.,2019-05-31 22:29:01.223,Metasploit
CVE-2019-10149,9.8,0.97368,A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.,2019-06-05 14:29:11.293,EPSS/CISA/Metasploit
CVE-2019-10232,0.0,0.12149,"Teclib GLPI through 9.3.3 has SQL injection via the ""cycle"" parameter in /scripts/unlock_tasks.php.",2019-03-27 17:29:02.370,Nuclei
CVE-2019-10267,0.0,0.6708,"An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.1.0.50. It is possible to upload a file into any directory of the server. One can insert a JSP shell into the web server's directory and execute it. This leads to full access to the system, as the configured user (e.g., Administrator).",2019-07-26 21:15:11.640,Metasploit
CVE-2019-10405,5.4,0.00572,"Jenkins 2.196 and earlier, LTS 2.176.3 and earlier printed the value of the ""Cookie"" HTTP request header on the /whoAmI/ URL, allowing attackers exploiting another XSS vulnerability to obtain the HTTP session cookie despite it being marked HttpOnly.",2019-09-25 16:15:10.697,Nuclei
CVE-2019-10475,6.1,0.97319,A reflected cross-site scripting vulnerability in Jenkins build-metrics Plugin allows attackers to inject arbitrary HTML and JavaScript into web pages provided by this plugin.,2019-10-23 13:15:11.487,EPSS/Nuclei
CVE-2019-1064,0.0,0.8793,"An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'.",2019-06-12 14:29:04.273,CISA
CVE-2019-10655,9.8,0.91894,"Grandstream GAC2500 1.0.3.35, GXP2200 1.0.3.27, GVC3202 1.0.3.51, GXV3275 before 1.0.3.219 Beta, and GXV3240 before 1.0.3.219 Beta devices allow unauthenticated remote code execution via shell metacharacters in a /manager?action=getlogcat priority field, in conjunction with a buffer overflow (via the phonecookie cookie) to overwrite a data structure and consequently bypass authentication. This can be exploited remotely or via CSRF because the cookie can be placed in an Accept HTTP header in an XMLHttpRequest call to lighttpd.",2019-03-30 17:29:00.353,Metasploit
CVE-2019-10669,7.2,0.89665,"An issue was discovered in LibreNMS through 1.47. There is a command injection vulnerability in html/includes/graphs/device/collectd.inc.php where user supplied parameters are filtered with the mysqli_escape_real_string function. This function is not the appropriate function to sanitize command arguments as it does not escape a number of command line syntax characters such as ` (backtick), allowing an attacker to inject commands into the variable $rrd_cmd, which gets executed via passthru().",2019-09-09 13:15:11.543,Metasploit
CVE-2019-1069,0.0,0.00417,"An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations, aka 'Task Scheduler Elevation of Privilege Vulnerability'.",2019-06-12 14:29:04.337,CISA
CVE-2019-10692,9.8,0.97291,"In the wp-google-maps plugin before 7.11.18 for WordPress, includes/class.rest-api.php in the REST API does not sanitize field names before a SELECT statement.",2019-04-02 18:30:20.927,EPSS/Metasploit/Nuclei
CVE-2019-10717,0.0,0.00351,BlogEngine.NET 3.3.7.0 allows /api/filemanager Directory Traversal via the path parameter.,2019-07-03 16:15:10.770,Nuclei
CVE-2019-10758,9.9,0.97459,mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method. A misuse of the `vm` dependency to perform `exec` commands in a non-safe environment.,2019-12-24 22:15:11.183,EPSS/CISA/Nuclei
CVE-2019-10867,0.0,0.90914,"An issue was discovered in Pimcore before 5.7.1. An attacker with classes permission can send a POST request to /admin/class/bulk-commit, which will make it possible to exploit the unserialize function when passing untrusted values in the data parameter to bundles/AdminBundle/Controller/Admin/DataObject/ClassController.php.",2019-04-04 18:29:00.713,Metasploit
CVE-2019-11013,0.0,0.0175,Nimble Streamer 3.0.2-2 through 3.5.4-9 has a ../ directory traversal vulnerability. Successful exploitation could allow an attacker to traverse the file system to access files or directories that are outside of the restricted directory on the remote server.,2019-08-22 15:15:12.093,Nuclei
CVE-2019-11043,9.8,0.97472,"In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.",2019-10-28 15:15:13.863,EPSS/CISA/Metasploit
CVE-2019-11231,0.0,0.49206,"An issue was discovered in GetSimple CMS through 3.3.15. insufficient input sanitation in the theme-edit.php file allows upload of files with arbitrary content (PHP code, for example). This vulnerability is triggered by an authenticated user; however, authentication can be bypassed. According to the official documentation for installation step 10, an admin is required to upload all the files, including the .htaccess files, and run a health check. However, what is overlooked is that the Apache HTTP Server by default no longer enables the AllowOverride directive, leading to data/users/admin.xml password exposure. The passwords are hashed but this can be bypassed by starting with the data/other/authorization.xml API key. This allows one to target the session state, since they decided to roll their own implementation. The cookie_name is crafted information that can be leaked from the frontend (site name and version). If a someone leaks the API key and the admin username, then they can bypass authentication. To do so, they need to supply a cookie based on an SHA-1 computation of this known information. The vulnerability exists in the admin/theme-edit.php file. This file checks for forms submissions via POST requests, and for the csrf nonce. If the nonce sent is correct, then the file provided by the user is uploaded. There is a path traversal allowing write access outside the jailed themes directory root. Exploiting the traversal is not necessary because the .htaccess file is ignored. A contributing factor is that there isn't another check on the extension before saving the file, with the assumption that the parameter content is safe. This allows the creation of web accessible and executable files with arbitrary content.",2019-05-22 18:29:00.490,Metasploit
CVE-2019-11248,8.2,0.60131,"The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. The go pprof endpoint is exposed over the Kubelet's healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for limited denial of service. Versions prior to 1.15.0, 1.14.4, 1.13.8, and 1.12.10 are affected. The issue is of medium severity, but not exposed by the default configuration.",2019-08-29 01:15:11.367,Nuclei
CVE-2019-1129,0.0,0.87735,"An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1130.",2019-07-15 19:15:20.967,CISA
CVE-2019-1130,0.0,0.87735,"An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1129.",2019-07-15 19:15:21.047,CISA
CVE-2019-1132,0.0,0.00042,"An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.",2019-07-15 19:15:21.107,CISA
CVE-2019-11370,0.0,0.17043,"Stored XSS was discovered in Carel pCOWeb prior to B1.2.4, as demonstrated by the config/pw_snmp.html ""System contact"" field.",2019-06-03 20:29:00.453,Nuclei
CVE-2019-11409,8.8,0.92741,app/operator_panel/exec.php in the Operator Panel module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation that allows authenticated non-administrative attackers to execute commands on the host. This can further lead to remote code execution when combined with an XSS vulnerability also present in the FusionPBX Operator Panel module.,2019-06-17 19:15:11.327,Metasploit
CVE-2019-11477,7.5,0.97179,"Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff.",2019-06-19 00:15:12.640,EPSS
CVE-2019-11478,0.0,0.966,"Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e.",2019-06-19 00:15:12.687,EPSS
CVE-2019-11479,7.5,0.97393,"Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363.",2019-06-19 00:15:12.767,EPSS
CVE-2019-11510,10.0,0.97406,"In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .",2019-05-08 17:29:00.630,EPSS/CISA/Metasploit/Nuclei
CVE-2019-11539,7.2,0.97155,"In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin web interface allows an authenticated attacker to inject and execute commands.",2019-04-26 02:29:00.300,EPSS/CISA/Metasploit
CVE-2019-11580,9.8,0.97431,"Atlassian Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permits remote code execution on systems running a vulnerable version of Crowd or Crowd Data Center. All versions of Crowd from version 2.1.0 before 3.0.5 (the fixed version for 3.0.x), from version 3.1.0 before 3.1.6 (the fixed version for 3.1.x), from version 3.2.0 before 3.2.8 (the fixed version for 3.2.x), from version 3.3.0 before 3.3.5 (the fixed version for 3.3.x), and from version 3.4.0 before 3.4.4 (the fixed version for 3.4.x) are affected by this vulnerability.",2019-06-03 14:29:00.217,EPSS/CISA/Metasploit/Nuclei
CVE-2019-11581,0.0,0.97256,"There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions of Jira Server and Data Center from 4.4.0 before 7.6.14, from 7.7.0 before 7.13.5, from 8.0.0 before 8.0.3, from 8.1.0 before 8.1.2, and from 8.2.0 before 8.2.3 are affected by this vulnerability.",2019-08-09 20:15:11.270,EPSS/CISA/Nuclei
CVE-2019-11600,0.0,0.95287,A SQL injection vulnerability in the activities API in OpenProject before 8.3.2 allows a remote attacker to execute arbitrary SQL commands via the id parameter. The attack can be performed unauthenticated if OpenProject is configured not to require authentication for API access.,2019-05-13 20:29:02.697,EPSS
CVE-2019-11631,0.0,0.53975,Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none,2019-05-01 03:29:00.310,Metasploit
CVE-2019-11634,0.0,0.02353,Citrix Workspace App before 1904 for Windows has Incorrect Access Control.,2019-05-22 17:29:00.227,CISA
CVE-2019-11660,7.8,0.00411,"Privileges manipulation in Micro Focus Data Protector, versions 10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30, 10.40. This vulnerability could be exploited by a low-privileged user to execute a custom binary with higher privileges.",2019-09-13 18:15:10.987,Metasploit
CVE-2019-11707,8.8,0.7517,"A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2.",2019-07-23 14:15:15.233,CISA
CVE-2019-11708,0.0,0.00822,"Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer. This vulnerability affects Firefox ESR < 60.7.2, Firefox < 67.0.4, and Thunderbird < 60.7.2.",2019-07-23 14:15:15.327,CISA
CVE-2019-11869,0.0,0.0018,"The Yuzo Related Posts plugin 5.12.94 for WordPress has XSS because it mistakenly expects that is_admin() verifies that the request comes from an admin user (it actually only verifies that the request is for an admin page). An unauthenticated attacker can inject a payload into the plugin settings, such as the yuzo_related_post_css_and_style setting.",2019-05-09 23:29:00.247,Nuclei
CVE-2019-1214,7.8,0.00095,"An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'.",2019-09-11 22:15:14.523,CISA
CVE-2019-1215,7.8,0.00043,"An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1253, CVE-2019-1278, CVE-2019-1303.",2019-09-11 22:15:14.587,CISA
CVE-2019-12169,8.8,0.78353,"ATutor 2.2.4 allows Arbitrary File Upload and Directory Traversal, resulting in remote code execution via a "".."" pathname in a ZIP archive to the mods/_core/languages/language_import.php (aka Import New Language) or mods/_standard/patcher/index_admin.php (aka Patcher) component.",2019-06-03 20:29:00.703,Metasploit
CVE-2019-12181,8.8,0.07807,A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux.,2019-06-17 16:15:12.153,Metasploit
CVE-2019-12258,7.5,0.07849,Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP component. This is a IPNET security vulnerability: DoS of TCP connection via malformed TCP options.,2019-08-09 20:15:11.410,Metasploit
CVE-2019-12276,0.0,0.95395,"A Path Traversal vulnerability in Controllers/LetsEncryptController.cs in LetsEncryptController in GrandNode 4.40 allows remote, unauthenticated attackers to retrieve arbitrary files on the web server via specially crafted LetsEncrypt/Index?fileName= HTTP requests. A patch for this issue was made on 2019-05-30 in GrandNode 4.40.",2019-06-05 18:29:01.090,EPSS/Nuclei
CVE-2019-12314,0.0,0.1225,"Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute path traversal in the WS.macx1.W_MCS/ PATH_INFO, as demonstrated by a cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS/etc/passwd URI.",2019-05-24 14:29:00.387,Nuclei
CVE-2019-12461,0.0,0.0035,Web Port 1.19.1 allows XSS via the /log type parameter.,2019-05-30 14:29:02.297,Nuclei
CVE-2019-12477,0.0,0.91091,"Supra Smart Cloud TV allows remote file inclusion in the openLiveURL function, which allows a local attacker to broadcast fake video without any authentication via a /remote/media_control?action=setUri&uri= URI.",2019-06-07 15:29:01.480,Metasploit
CVE-2019-12518,9.8,0.65037,Anviz CrossChex access control management software 4.3.8.0 and 4.3.12 is vulnerable to a buffer overflow vulnerability.,2019-12-02 17:15:12.203,Metasploit
CVE-2019-1253,7.8,0.00056,"An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1215, CVE-2019-1278, CVE-2019-1303.",2019-09-11 22:15:16.337,CISA
CVE-2019-12581,0.0,0.0035,"A reflective Cross-site scripting (XSS) vulnerability in the free_time_failed.cgi CGI program in selected Zyxel ZyWall, USG, and UAG devices allows remote attackers to inject arbitrary web script or HTML via the err_msg parameter.",2019-06-27 15:15:09.170,Nuclei
CVE-2019-12583,0.0,0.00481,"Missing Access Control in the ""Free Time"" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator. This can lead to unauthorised network access or Denial of Service.",2019-06-27 14:15:10.393,Nuclei
CVE-2019-12593,0.0,0.05976,IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal.,2019-06-03 17:29:01.430,Nuclei
CVE-2019-12725,0.0,0.96325,"Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters.",2019-07-19 23:15:10.967,EPSS/Nuclei
CVE-2019-12799,8.8,0.00323,"In createInstanceFromNamedArguments in Shopware through 5.6.x, a crafted web request can trigger a PHP object instantiation vulnerability, which can result in an arbitrary deserialization if the right class is instantiated. An attacker can leverage this deserialization to achieve remote code execution. NOTE: this issue is a bypass for a CVE-2017-18357 whitelist patch.",2019-06-13 20:29:00.173,Metasploit
CVE-2019-12840,0.0,0.12536,"In Webmin through 1.910, any user authorized to the ""Package Updates"" module can execute arbitrary commands with root privileges via the data parameter to update.cgi.",2019-06-15 20:29:00.287,Metasploit
CVE-2019-12962,6.1,0.15911,LiveZilla Server before 8.0.1.1 is vulnerable to XSS in mobile/index.php via the Accept-Language HTTP header.,2019-06-25 13:15:09.450,Nuclei
CVE-2019-1297,8.8,0.04151,"A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.",2019-09-11 22:15:18.773,CISA
CVE-2019-12985,0.0,0.97219,Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 1 of 6).,2019-07-16 18:15:12.477,EPSS/Nuclei
CVE-2019-12986,0.0,0.97219,Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 2 of 6).,2019-07-16 18:15:12.570,EPSS/Nuclei
CVE-2019-12987,0.0,0.97219,Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 3 of 6).,2019-07-16 18:15:12.680,EPSS/Nuclei
CVE-2019-12988,0.0,0.97219,Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 4 of 6).,2019-07-16 18:15:12.787,EPSS/Nuclei
CVE-2019-12989,9.8,0.05583,Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow SQL Injection.,2019-07-16 18:15:12.930,CISA
CVE-2019-12990,0.0,0.90781,Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow Directory Traversal.,2019-07-16 18:15:13.023,Nuclei
CVE-2019-12991,0.0,0.12179,Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6).,2019-07-16 18:15:13.117,CISA
CVE-2019-13101,9.8,0.064,"An issue was discovered on D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify the data fields of the page.",2019-08-08 13:15:12.407,Nuclei
CVE-2019-1315,7.8,0.88076,"An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1339, CVE-2019-1342.",2019-10-10 14:15:15.737,CISA
CVE-2019-1322,7.8,0.00101,"An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1320, CVE-2019-1340.",2019-10-10 14:15:16.190,CISA/Metasploit
CVE-2019-13272,7.8,0.00052,"In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.",2019-07-17 13:15:10.687,CISA/Metasploit
CVE-2019-13372,9.8,0.96303,"/web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie's username field allows eval injection, and an empty password bypasses authentication.",2019-07-06 23:15:10.310,EPSS/Metasploit
CVE-2019-13373,0.0,0.55265,An issue was discovered in the D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6. Input does not get validated and arbitrary SQL statements can be executed in the database via the /web/Public/Conn.php parameter dbSQL.,2019-07-06 23:15:10.373,Metasploit
CVE-2019-13392,6.1,0.00127,"A reflected Cross-Site Scripting (XSS) vulnerability in MindPalette NateMail 3.0.15 allows an attacker to execute remote JavaScript in a victim's browser via a specially crafted POST request. The application will reflect the recipient value if it is not in the NateMail recipient array. Note that this array is keyed via integers by default, so any string input will be invalid.",2019-10-16 00:15:10.587,Nuclei
CVE-2019-13396,0.0,0.04842,FlightPath 4.x and 5.0-x allows directory traversal and Local File Inclusion through the form_include parameter in an index.php?q=system-handle-form-submit POST request because of an include_once in system_handle_form_submit in modules/system/system.module.,2019-07-10 14:15:11.887,Nuclei
CVE-2019-13462,0.0,0.31463,Lansweeper before 7.1.117.4 allows unauthenticated SQL injection.,2019-08-12 17:15:11.047,Nuclei
CVE-2019-13608,0.0,0.00625,"Citrix StoreFront Server before 1903, 7.15 LTSR before CU4 (3.12.4000), and 7.6 LTSR before CU8 (3.0.8000) allows XXE attacks.",2019-08-29 19:15:13.227,CISA
CVE-2019-1367,7.5,0.87214,"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1221.",2019-09-23 20:15:13.447,CISA
CVE-2019-13720,8.8,0.9742,Use after free in WebAudio in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,2019-11-25 15:15:33.887,EPSS/CISA
CVE-2019-1385,7.8,0.00281,"An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate privileges.The security update addresses the vulnerability by correcting how AppX Deployment Extensions manages privileges., aka 'Windows AppX Deployment Extensions Elevation of Privilege Vulnerability'.",2019-11-12 19:15:12.503,CISA
CVE-2019-1388,7.8,0.09549,"An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges, aka 'Windows Certificate Dialog Elevation of Privilege Vulnerability'.",2019-11-12 19:15:12.583,CISA
CVE-2019-1405,7.8,0.00106,"An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'.",2019-11-12 19:15:13.410,CISA/Metasploit
CVE-2019-14205,7.5,0.06233,A Local File Inclusion vulnerability in the Nevma Adaptive Images plugin before 0.6.67 for WordPress allows remote attackers to retrieve arbitrary files via the $REQUEST['adaptive-images-settings']['source_file'] parameter in adaptive-images-script.php.,2019-07-21 18:15:11.037,Nuclei
CVE-2019-14223,6.1,0.00205,"An issue was discovered in Alfresco Community Edition versions below 5.2.6, 6.0.N and 6.1.N. The Alfresco Share application is vulnerable to an Open Redirect attack via a crafted POST request. By manipulating the POST parameters, an attacker can redirect a victim to a malicious website over any protocol the attacker desires (e.g.,http, https, ftp, smb, etc.).",2019-09-06 17:15:11.463,Nuclei
CVE-2019-14251,7.5,0.01661,"An issue was discovered in T24 in TEMENOS Channels R15.01. The login page presents JavaScript functions to access a document on the server once successfully authenticated. However, an attacker can leverage downloadDocServer() to traverse the file system and access files or directories that are outside of the restricted directory because WealthT24/GetImage is used with the docDownloadPath and uploadLocation parameters.",2019-12-09 17:15:11.850,Nuclei
CVE-2019-1429,7.5,0.97139,"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1426, CVE-2019-1427, CVE-2019-1428.",2019-11-12 19:15:14.770,EPSS/CISA
CVE-2019-14312,0.0,0.02466,Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulnerability in the wikilite source code viewer. This vulnerability allows a remote attacker to read internal files on the server via a tools/sourceViewer/index.html?filename=../ URI.,2019-08-09 13:15:11.870,Nuclei
CVE-2019-14322,7.5,0.56359,"In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames.",2019-07-28 13:15:10.597,Nuclei
CVE-2019-14470,0.0,0.75122,"cosenary Instagram-PHP-API (aka Instagram PHP API V2), as used in the UserPro plugin through 4.9.32 for WordPress, has XSS via the example/success.php error_description parameter.",2019-09-04 20:15:10.763,Nuclei
CVE-2019-14530,8.8,0.79556,"An issue was discovered in custom/ajax_download.php in OpenEMR before 5.0.2 via the fileName parameter. An attacker can download any file (that is readable by the user www-data) from server storage. If the requested file is writable for the www-data user and the directory /var/www/openemr/sites/default/documents/cqm_qrda/ exists, it will be deleted from server.",2019-08-13 14:15:12.850,Nuclei
CVE-2019-1458,7.8,0.97201,"An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.",2019-12-10 22:15:16.103,EPSS/CISA/Metasploit
CVE-2019-14696,0.0,0.00436,"Open-School 3.0, and Community Edition 2.3, allows XSS via the osv/index.php?r=students/guardians/create id parameter.",2019-08-06 16:15:11.640,Nuclei
CVE-2019-14750,0.0,0.04425,An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. Stored XSS exists in setup/install.php. It was observed that no input sanitization was provided in the firstname and lastname fields of the application. The insertion of malicious queries in those fields leads to the execution of those queries. This can further lead to cookie stealing or other malicious actions.,2019-08-07 17:15:12.557,Nuclei
CVE-2019-14789,0.0,0.00125,The Custom 404 Pro plugin 3.2.8 for WordPress has XSS via the wp-admin/admin.php?page=c4p-main page parameter.,2019-08-15 16:15:12.257,Nuclei
CVE-2019-14974,0.0,0.00173,SugarCRM Enterprise 9.0.0 allows mobile/error-not-supported-platform.html?desktop_url= XSS.,2019-08-14 16:15:12.707,Nuclei
CVE-2019-15043,0.0,0.28071,"In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana.",2019-09-03 12:15:10.933,Nuclei
CVE-2019-15107,9.8,0.97507,An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.,2019-08-16 03:15:11.387,EPSS/CISA/Metasploit/Nuclei
CVE-2019-15271,8.8,0.00424,"A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The attacker must have either a valid credential or an active session token. The vulnerability is due to lack of input validation of the HTTP payload. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web-based management interface of the targeted device. A successful exploit could allow the attacker to execute commands with root privileges.",2019-11-26 03:15:11.050,CISA
CVE-2019-15501,0.0,0.00303,Reflected cross site scripting (XSS) in L-Soft LISTSERV before 16.5-2018a exists via the /scripts/wa.exe OK parameter.,2019-08-26 14:15:10.907,Nuclei
CVE-2019-15642,0.0,0.34404,"rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval call. NOTE: the Webmin_Servers_Index documentation states ""RPC can be used to run any command or modify any file on a server, which is why access to it must not be granted to un-trusted Webmin users.""",2019-08-26 18:15:12.983,Nuclei
CVE-2019-15713,0.0,0.00101,The my-calendar plugin before 3.1.10 for WordPress has XSS.,2019-08-28 12:15:12.810,Nuclei
CVE-2019-15742,7.8,0.00168,A local privilege-escalation vulnerability exists in the Poly Plantronics Hub before 3.14 for Windows client application. A local attacker can exploit this issue to gain elevated privileges.,2020-01-17 00:15:12.010,Metasploit
CVE-2019-15752,0.0,0.00633,"Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low-privilege user, and then waiting for an admin or service user to authenticate with Docker, restart Docker, or run 'docker login' to force the command.",2019-08-28 21:15:10.880,CISA/Metasploit
CVE-2019-1579,0.0,0.96676,"Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and PAN-OS 8.1.2 and earlier with GlobalProtect Portal or GlobalProtect Gateway Interface enabled may allow an unauthenticated remote attacker to execute arbitrary code.",2019-07-19 22:15:11.557,EPSS/CISA
CVE-2019-15811,0.0,0.00269,"In DomainMOD through 4.13, the parameter daterange in the file reporting/domains/cost-by-month.php has XSS.",2019-08-29 19:15:13.913,Nuclei
CVE-2019-15829,0.0,0.00146,The photoblocks-grid-gallery plugin before 1.1.33 for WordPress has wp-admin/admin.php?page=photoblocks-edit&id= XSS.,2019-08-30 14:15:10.787,Nuclei
CVE-2019-15858,8.8,0.02804,"admin/includes/class.import.snippet.php in the ""Woody ad snippets"" plugin before 2.2.5 for WordPress allows unauthenticated options import, as demonstrated by storing an XSS payload for remote code execution.",2019-09-03 07:15:10.600,Nuclei
CVE-2019-15859,9.8,0.12379,Password disclosure in the web interface on socomec DIRIS A-40 devices before 48250501 allows a remote attacker to get full access to a device via the /password.jsn URI.,2019-10-09 16:15:14.843,Nuclei
CVE-2019-15889,0.0,0.03259,"The download-manager plugin before 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter.",2019-09-03 18:15:12.670,Nuclei
CVE-2019-15949,8.8,0.44232,"Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios user, or access as the admin user via the web interface. The getprofile.sh script, invoked by downloading a system profile (profile.php?cmd=download), is executed as root via a passwordless sudo entry; the script executes check_plugin, which is owned by the nagios user. A user logged into Nagios XI with permissions to modify plugins, or the nagios user on the server, can modify the check_plugin executable and insert malicious commands to execute as root.",2019-09-05 17:15:12.327,CISA
CVE-2019-15954,9.9,0.35425,"An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote Command Execution (RCE) on the remote server by creating a malicious widget with a special tag containing JavaScript code that will be evaluated server side. In the process of evaluating the tag by the back-end, it is possible to escape the sandbox object by using the following payload: <script total>global.process.mainModule.require(child_process).exec(RCE);</script>",2019-09-05 19:16:32.037,Metasploit
CVE-2019-15975,9.8,0.49595,"Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",2020-01-06 08:15:10.723,Metasploit
CVE-2019-15976,9.8,0.96661,"Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",2020-01-06 08:15:10.800,EPSS
CVE-2019-15977,7.5,0.96652,"Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",2020-01-06 08:15:10.893,EPSS
CVE-2019-16057,9.8,0.97561,The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection.,2019-09-16 12:15:10.910,EPSS/CISA/Nuclei
CVE-2019-16097,6.5,0.96492,"core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API, when Harbor is setup with DB as authentication backend and allow user to do self-registration. Fixed version: v1.7.6 v1.8.3. v.1.9.0. Workaround without applying the fix: configure Harbor to use non-DB authentication backend such as LDAP.",2019-09-08 16:15:11.820,EPSS/Nuclei
CVE-2019-16113,8.8,0.93579,"Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname.",2019-09-08 21:15:10.617,Metasploit
CVE-2019-16119,9.8,0.95592,SQL injection in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via the admin/controllers/Albumsgalleries.php album_id parameter.,2019-09-08 23:15:10.203,EPSS
CVE-2019-16123,7.5,0.64992,"In Kartatopia PilusCart 1.4.1, the parameter filename in the file catalog.php is mishandled, leading to ../ Local File Disclosure.",2019-09-09 02:15:10.267,Nuclei
CVE-2019-1620,9.8,0.52852,"A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to upload arbitrary files on an affected device. The vulnerability is due to incorrect permission settings in affected DCNM software. An attacker could exploit this vulnerability by uploading specially crafted data to the affected device. A successful exploit could allow the attacker to write arbitrary files on the filesystem and execute code with root privileges on the affected device.",2019-06-27 03:15:09.480,Metasploit
CVE-2019-1621,7.5,0.01678,"A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to gain access to sensitive files on an affected device. The vulnerability is due to incorrect permissions settings on affected DCNM software. An attacker could exploit this vulnerability by connecting to the web-based management interface of an affected device and requesting specific URLs. A successful exploit could allow the attacker to download arbitrary files from the underlying filesystem of the affected device.",2019-06-27 03:15:09.510,Metasploit
CVE-2019-1622,5.3,0.68322,"A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. The vulnerability is due to improper access controls for certain URLs on affected DCNM software. An attacker could exploit this vulnerability by connecting to the web-based management interface of an affected device and requesting specific URLs. A successful exploit could allow the attacker to download log files and diagnostic information from the affected device.",2019-06-27 03:15:09.557,Metasploit
CVE-2019-16256,9.8,0.04417,"Some Samsung devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or execute certain commands, via SIM Toolkit (STK) instructions in an SMS message, aka Simjacker.",2019-09-12 13:15:10.327,CISA
CVE-2019-16278,9.8,0.97411,Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via a crafted HTTP request.,2019-10-14 17:15:09.427,EPSS/Metasploit/Nuclei
CVE-2019-16313,7.5,0.02354,ifw8 Router ROM v4.31 allows credential disclosure by reading the action/usermanager.htm HTML source code.,2019-09-14 16:15:10.930,Nuclei
CVE-2019-16328,7.5,0.62998,"In RPyC 4.1.x through 4.1.1, a remote attacker can dynamically modify object attributes to construct a remote procedure call that executes code for an RPyC service with default configuration settings.",2019-10-03 20:15:10.260,Metasploit
CVE-2019-16332,6.1,0.00303,"In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS.",2019-09-15 22:15:10.370,Nuclei
CVE-2019-16469,7.5,0.19113,"Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an expression language injection vulnerability. Successful exploitation could lead to sensitive information disclosure.",2020-01-15 17:15:14.113,Nuclei
CVE-2019-1652,7.2,0.97437,"A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious HTTP POST requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux shell as root. Cisco has released firmware updates that address this vulnerability.",2019-01-24 15:29:00.953,EPSS/CISA/Metasploit
CVE-2019-16525,6.1,0.00323,"An XSS issue was discovered in the checklist plugin before 1.1.9 for WordPress. The fill parameter is not correctly filtered in the checklist-icon.php file, and it is possible to inject JavaScript code.",2019-09-19 20:15:11.227,Nuclei
CVE-2019-1653,7.5,0.97566,"A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to retrieve sensitive information. The vulnerability is due to improper access controls for URLs. An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and requesting specific URLs. A successful exploit could allow the attacker to download the router configuration or detailed diagnostic information. Cisco has released firmware updates that address this vulnerability.",2019-01-24 16:29:00.317,EPSS/CISA/Nuclei
CVE-2019-1663,9.8,0.97219,"A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user. RV110W Wireless-N VPN Firewall versions prior to 1.2.2.1 are affected. RV130W Wireless-N Multifunction VPN Router versions prior to 1.0.3.45 are affected. RV215W Wireless-N VPN Router versions prior to 1.3.1.1 are affected.",2019-02-28 18:29:02.040,EPSS/Metasploit
CVE-2019-16662,9.8,0.97518,"An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution.",2019-10-28 12:15:10.377,EPSS/Metasploit/Nuclei
CVE-2019-16663,8.8,0.96762,"An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to search.crud.php because the catCommand parameter is passed to the exec function without filtering, which can lead to command execution.",2019-10-28 12:15:10.487,EPSS
CVE-2019-16724,9.8,0.7911,"File Sharing Wizard 1.5.0 allows a remote attacker to obtain arbitrary code execution by exploiting a Structured Exception Handler (SEH) based buffer overflow in an HTTP POST parameter, a similar issue to CVE-2010-2330 and CVE-2010-2331.",2019-09-24 21:15:10.317,Metasploit
CVE-2019-16759,9.8,0.97513,vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.,2019-09-24 22:15:13.183,EPSS/CISA/Metasploit/Nuclei
CVE-2019-16920,9.8,0.96307,"Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a ""PingTest"" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these are also affected: DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825.",2019-09-27 12:15:10.017,EPSS/CISA/Nuclei
CVE-2019-16928,9.8,0.91466,"Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command.",2019-09-27 21:15:10.017,CISA
CVE-2019-16931,6.1,0.0016,"A stored XSS vulnerability in the Visualizer plugin 3.3.0 for WordPress allows an unauthenticated attacker to execute arbitrary JavaScript when an admin or other privileged user edits the chart via the admin dashboard. This occurs because classes/Visualizer/Gutenberg/Block.php registers wp-json/visualizer/v1/update-chart with no access control, and classes/Visualizer/Render/Page/Data.php lacks output sanitization.",2019-10-03 19:15:09.770,Nuclei
CVE-2019-16932,10.0,0.28674,A blind SSRF vulnerability exists in the Visualizer plugin before 3.3.1 for WordPress via wp-json/visualizer/v1/upload-data.,2019-09-30 16:15:11.290,Nuclei
CVE-2019-16996,7.2,0.18886,"In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/product/admin/product_admin.class.php via the admin/?n=product&c=product_admin&a=dopara&app_type=shop id parameter.",2019-09-30 13:15:11.167,Nuclei
CVE-2019-16997,7.2,0.18886,"In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/language/admin/language_general.class.php via the admin/?n=language&c=language_general&a=doExportPack appno parameter.",2019-09-30 13:15:11.230,Nuclei
CVE-2019-17026,8.8,0.53359,"Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox < 72.0.1.",2020-03-02 05:15:12.010,CISA
CVE-2019-17270,9.8,0.924,"Yachtcontrol through 2019-10-06: It's possible to perform direct Operating System commands as an unauthenticated user via the ""/pages/systemcall.php?command={COMMAND}"" page and parameter, where {COMMAND} will be executed and returning the results to the client. Affects Yachtcontrol webservers disclosed via Dutch GPRS/4G mobile IP-ranges. IP addresses vary due to DHCP client leasing of telco's.",2019-12-10 21:15:15.597,Nuclei
CVE-2019-17382,9.1,0.2657,"An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All created elements (Dashboard/Report/Screen/Map) are accessible by other users and by an admin.",2019-10-09 14:15:12.817,Nuclei
CVE-2019-17418,7.2,0.36786,"An issue was discovered in MetInfo 7.0. There is SQL injection via the admin/?n=language&c=language_general&a=doSearchParameter appno parameter, a different issue than CVE-2019-16997.",2019-10-10 01:06:09.437,Nuclei
CVE-2019-17444,9.8,0.05344,"Jfrog Artifactory uses default passwords (such as ""password"") for administrative accounts and does not require users to change them. This may allow unauthorized network-based attackers to completely compromise of Jfrog Artifactory. This issue affects Jfrog Artifactory versions prior to 6.17.0.",2020-10-12 22:15:15.457,Nuclei
CVE-2019-17503,5.3,0.00472,"An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5. An unauthenticated user can access /osm/REGISTER.cmd (aka /osm_tiles/REGISTER.cmd) directly: it contains sensitive information about the database through the SQL queries within this batch file. This file exposes SQL database information such as database version, table name, column name, etc.",2019-10-11 17:15:09.977,Nuclei
CVE-2019-17506,9.8,0.87148,There are some web interfaces without authentication requirements on D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers. An attacker can get the router's username and password (and other information) via a DEVICE.ACCOUNT value for SERVICES in conjunction with AUTHORIZED_GROUP=1%0a to getcfg.php. This could be used to control the router remotely.,2019-10-11 20:15:17.003,Nuclei
CVE-2019-17538,7.5,0.00742,Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for file reading via the web/polygon/problem/viewfile?id=1&name=../ substring.,2019-10-13 19:15:09.683,Nuclei
CVE-2019-17558,7.5,0.97511,"Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/` directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting `params.resource.loader.enabled` by defining a response writer with that setting set to `true`. Defining a response writer requires configuration API access. Solr 8.4 removed the params resource loader entirely, and only enables the configset-provided template rendering when the configset is `trusted` (has been uploaded by an authenticated user).",2019-12-30 17:15:19.780,EPSS/CISA/Metasploit/Nuclei
CVE-2019-17574,9.1,0.06202,"An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the do_action function to invoke certain popmake_ or pum_ methods, as demonstrated by controlling content and delivery of popmake-system-info.txt (aka the ""support debug text file"").",2019-10-14 14:15:10.197,Nuclei
CVE-2019-17621,9.8,0.97112,"The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.",2019-12-30 17:15:19.857,EPSS/CISA/Metasploit
CVE-2019-17662,9.8,0.68805,"ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exists even when authentication is turned on during the deployment of the VNC server. The password for authentication is stored in cleartext in a file that can be read via a ../../ThinVnc.ini directory traversal attack vector.",2019-10-16 18:15:25.513,Metasploit/Nuclei
CVE-2019-18187,7.5,0.11307,"Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific folder on the OfficeScan server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to a web service account, which depending on the web platform used may have restricted permissions. An attempted attack requires user authentication.",2019-10-28 20:15:11.003,CISA
CVE-2019-1821,0.0,0.96792,"A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-level privileges on the underlying operating system.",2019-05-16 01:29:00.483,EPSS/Metasploit/Nuclei
CVE-2019-18371,7.5,0.02994,"An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. There is a directory traversal vulnerability to read arbitrary files via a misconfigured NGINX alias, as demonstrated by api-third-party/download/extdisks../etc/config/account. With this vulnerability, the attacker can bypass authentication.",2019-10-23 21:15:10.823,Nuclei
CVE-2019-18393,5.3,0.00161,"PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability.",2019-10-24 11:15:10.513,Nuclei
CVE-2019-18394,9.8,0.60692,A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests.,2019-10-24 11:15:10.590,Nuclei
CVE-2019-18426,8.2,0.00936,A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site scripting and local file reading. Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message.,2020-01-21 21:15:16.147,CISA
CVE-2019-18665,7.5,0.08173,The Log module in SECUDOS DOMOS before 5.6 allows local file inclusion.,2019-11-02 15:15:10.803,Nuclei
CVE-2019-18818,9.8,0.8901,strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js.,2019-11-07 22:15:10.570,Nuclei
CVE-2019-18922,7.5,0.18112,A Directory Traversal in the Web interface of the Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 [1.00.047] allows unauthenticated attackers to read arbitrary system files via a GET request. NOTE: This is an End-of-Life product.,2019-11-29 19:15:11.980,Nuclei
CVE-2019-18935,9.8,0.9178,"Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution. (As of 2020.1.114, a default setting prevents the exploit. In 2019.3.1023, but not earlier versions, a non-default setting can prevent exploitation.)",2019-12-11 13:15:11.767,CISA/Metasploit
CVE-2019-18957,6.1,0.00375,Microstrategy Library in MicroStrategy before 2019 before 11.1.3 has reflected XSS.,2019-11-14 14:15:11.803,Nuclei
CVE-2019-1898,5.3,0.09085,"A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to access the syslog file on an affected device. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing the URL for the syslog file. A successful exploit could allow the attacker to access the information contained in the file.",2019-06-20 03:15:12.433,Nuclei
CVE-2019-18988,7.0,0.00358,"TeamViewer Desktop through 14.7.1965 allows a bypass of remote-login access control because the same key is used for different customers' installations. It used a shared AES key for all installations since at least as far back as v7.0.43148, and used it for at least OptionsPasswordAES in the current version of the product. If an attacker were to know this key, they could decrypt protect information stored in the registry or configuration files of TeamViewer. With versions before v9.x , this allowed for attackers to decrypt the Unattended Access password to the system (which allows for remote login to the system as well as headless file browsing). The latest version still uses the same key for OptionPasswordAES but appears to have changed how the Unattended Access password is stored. While in most cases an attacker requires an existing session on a system, if the registry/configuration keys were stored off of the machine (such as in a file share or online), an attacker could then decrypt the required password to login to the system.",2020-02-07 16:15:10.033,CISA/Metasploit
CVE-2019-19134,6.1,0.00203,The Hero Maps Premium plugin 2.2.1 and prior for WordPress is prone to unauthenticated XSS via the views/dashboard/index.php p parameter because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to inject HTML or arbitrary JavaScript within the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based tokens or to launch other attacks.,2020-02-26 15:15:11.617,Nuclei
CVE-2019-1935,9.8,0.94545,"A vulnerability in Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to log in to the CLI of an affected system by using the SCP User account (scpuser), which has default user credentials. The vulnerability is due to the presence of a documented default account with an undocumented default password and incorrect permission settings for that account. Changing the default password for this account is not enforced during the installation of the product. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the scpuser account. This includes full read and write access to the system's database.",2019-08-21 19:15:15.277,Metasploit
CVE-2019-19356,7.5,0.95969,"Netis WF2419 is vulnerable to authenticated Remote Code Execution (RCE) as root through the router Web management page. The vulnerability has been found in firmware version V1.2.31805 and V2.2.36123. After one is connected to this page, it is possible to execute system commands as root through the tracert diagnostic tool because of lack of user input sanitizing.",2020-02-07 23:15:10.013,EPSS/CISA
CVE-2019-1936,7.2,0.02611,"A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an authenticated, remote attacker to execute arbitrary commands on the underlying Linux shell as the root user. Exploitation of this vulnerability requires privileged access to an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by logging in to the web-based management interface with administrator privileges and then sending a malicious request to a certain part of the interface.",2019-08-21 19:15:15.357,Metasploit
CVE-2019-19363,7.8,0.0007,An issue was discovered in Ricoh (including Savin and Lanier) Windows printer drivers prior to 2020 that allows attackers local privilege escalation. Affected drivers and versions are: PCL6 Driver for Universal Print - Version 4.0 or later PS Driver for Universal Print - Version 4.0 or later PC FAX Generic Driver - All versions Generic PCL5 Driver - All versions RPCS Driver - All versions PostScript3 Driver - All versions PCL6 (PCL XL) Driver - All versions RPCS Raster Driver - All version,2020-01-24 18:15:12.567,Metasploit
CVE-2019-19368,6.1,0.00624,A Reflected Cross Site Scripting was discovered in the Login page of Rumpus FTP Web File Manager 8.2.9.1. An attacker can exploit it by sending a crafted link to end users and can execute arbitrary Javascripts,2019-12-16 16:15:11.737,Nuclei
CVE-2019-1937,0.0,0.40644,"A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to acquire a valid session token with administrator privileges, bypassing user authentication. The vulnerability is due to insufficient request header validation during the authentication process. An attacker could exploit this vulnerability by sending a series of malicious requests to an affected device. An exploit could allow the attacker to use the acquired session token to gain full administrator access to the affected device.",2019-08-21 19:15:15.403,Metasploit
CVE-2019-1943,0.0,0.05334,"A vulnerability in the web interface of Cisco Small Business 200, 300, and 500 Series Switches software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by intercepting a user's HTTP request and modifying it into a request that causes the web interface to redirect the user to a specific malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites.",2019-07-17 21:15:12.453,Nuclei
CVE-2019-19494,8.8,0.15168,"Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote attacker to execute arbitrary code at the kernel level via JavaScript run in a victim's browser. Examples of affected products include Sagemcom F@st 3890 prior to 50.10.21_T4, Sagemcom F@st 3890 prior to 05.76.6.3f, Sagemcom F@st 3686 3.428.0, Sagemcom F@st 3686 4.83.0, NETGEAR CG3700EMR 2.01.05, NETGEAR CG3700EMR 2.01.03, NETGEAR C6250EMR 2.01.05, NETGEAR C6250EMR 2.01.03, Technicolor TC7230 STEB 01.25, COMPAL 7284E 5.510.5.11, and COMPAL 7486E 5.510.5.11.",2020-01-09 13:15:10.993,Metasploit
CVE-2019-19509,8.8,0.9636,"An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a GET request to ajaxArchiveFiles.php because the path parameter is passed to the exec function without filtering, which can lead to command execution.",2020-01-06 20:15:12.350,EPSS/Metasploit
CVE-2019-19726,7.8,0.00056,"OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be defeated by setting a very small RLIMIT_DATA resource limit. When executing chpass or passwd (which are setuid root), _dl_setup_env in ld.so tries to strip LD_LIBRARY_PATH from the environment, but fails when it cannot allocate memory. Thus, the attacker is able to execute their own library code as root.",2019-12-12 01:15:10.823,Metasploit
CVE-2019-19781,9.8,0.97537,"An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.",2019-12-27 14:15:12.070,EPSS/CISA/Nuclei
CVE-2019-19824,8.8,0.96142,"On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI (syscmd.htm) is not available. This allows for full control over the device's internals. This affects A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0.",2020-01-27 18:15:12.960,EPSS/Nuclei
CVE-2019-19833,6.5,0.97025,"In Tautulli 2.1.9, CSRF in the /shutdown URI allows an attacker to shut down the remote media server. (Also, anonymous access can be achieved in applications that do not have a user login area).",2019-12-18 18:15:20.147,EPSS/Metasploit
CVE-2019-19908,6.1,0.00673,"phpMyChat-Plus 1.98 is vulnerable to reflected XSS via JavaScript injection into the password reset URL. In the URL, the pmc_username parameter to pass_reset.php is vulnerable.",2019-12-20 13:15:11.957,Nuclei
CVE-2019-19985,5.3,0.43274,"The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed unauthenticated file download with user information disclosure.",2019-12-26 03:15:11.783,Nuclei
CVE-2019-20085,7.5,0.69009,TVT NVMS-1000 devices allow GET /.. Directory Traversal,2019-12-30 03:15:10.663,CISA/Metasploit/Nuclei
CVE-2019-20141,6.1,0.00125,An XSS issue was discovered in the Laborator Neon theme 2.0 for WordPress via the data/autosuggest-remote.php q parameter.,2019-12-30 18:15:16.857,Nuclei
CVE-2019-20183,7.2,0.03815,uploadimage.php in Employee Records System 1.0 allows upload and execution of arbitrary PHP code because file-extension validation is only on the client side. The attacker can modify global.js to allow the .php extension.,2020-01-09 22:15:13.223,Nuclei
CVE-2019-20210,6.1,0.00938,"The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Reflected XSS via a search query.",2020-01-13 18:15:14.140,Nuclei
CVE-2019-20224,8.8,0.14105,netflow_get_stats in functions_netflow.php in Pandora FMS 7.0NG allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ip_src parameter in an index.php?operation/netflow/nf_live_view request. This issue has been fixed in Pandora FMS 7.0 NG 742.,2020-01-09 16:15:10.660,Nuclei
CVE-2019-20361,9.8,0.27665,"There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed SQL statements to be passed to the database in the hash parameter (a blind SQL injection vulnerability).",2020-01-08 06:15:12.243,Metasploit
CVE-2019-20499,7.8,0.96319,"D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Restore Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_restore configRestore or configServerip parameter.",2020-03-05 15:15:11.160,EPSS/Metasploit
CVE-2019-20500,7.8,0.01149,"D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_save configBackup or downloadServerip parameter.",2020-03-05 15:15:11.253,CISA
CVE-2019-20933,9.8,0.04237,InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret).,2020-11-19 02:15:11.913,Nuclei
CVE-2019-2215,7.8,0.003,"A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095",2019-10-11 19:15:10.947,CISA/Metasploit
CVE-2019-2557,0.0,0.0036,"Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite (subcomponent: Load Testing for Web Apps). The supported version that is affected is 13.3.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Testing Suite accessible data as well as unauthorized read access to a subset of Oracle Application Testing Suite accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Application Testing Suite. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).",2019-04-23 19:32:48.333,Metasploit
CVE-2019-2578,0.0,0.00623,"Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. While the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data. CVSS 3.0 Base Score 8.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).",2019-04-23 19:32:49.257,Nuclei
CVE-2019-2579,0.0,0.00493,Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebCenter Sites accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).,2019-04-23 19:32:49.317,Nuclei
CVE-2019-2588,0.0,0.18137,"Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise BI Publisher (formerly XML Publisher). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all BI Publisher (formerly XML Publisher) accessible data. CVSS 3.0 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).",2019-04-23 19:32:49.913,Nuclei
CVE-2019-2616,0.0,0.94493,"Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher (formerly XML Publisher). While the vulnerability is in BI Publisher (formerly XML Publisher), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of BI Publisher (formerly XML Publisher) accessible data as well as unauthorized read access to a subset of BI Publisher (formerly XML Publisher) accessible data. CVSS 3.0 Base Score 7.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N).",2019-04-23 19:32:51.537,CISA/Nuclei
CVE-2019-2725,9.8,0.97553,"Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",2019-04-26 19:29:00.463,EPSS/CISA/Metasploit/Nuclei
CVE-2019-2729,9.8,0.96944,"Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",2019-06-19 23:15:10.003,EPSS/Nuclei
CVE-2019-2767,0.0,0.14972,"Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). The supported version that is affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher (formerly XML Publisher). While the vulnerability is in BI Publisher (formerly XML Publisher), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of BI Publisher (formerly XML Publisher) accessible data as well as unauthorized read access to a subset of BI Publisher (formerly XML Publisher) accessible data. CVSS 3.0 Base Score 7.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N).",2019-07-23 23:15:40.163,Nuclei
CVE-2019-3010,8.8,0.00336,"Vulnerability in the Oracle Solaris product of Oracle Systems (component: XScreenSaver). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).",2019-10-16 18:15:34.293,CISA/Metasploit
CVE-2019-3396,9.8,0.97472,"The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection.",2019-03-25 19:29:01.647,EPSS/CISA/Metasploit/Nuclei
CVE-2019-3398,8.8,0.9707,"Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has 'Admin' permissions for a space can exploit this path traversal vulnerability to write files to arbitrary locations which can lead to remote code execution on systems that run a vulnerable version of Confluence Server or Data Center. All versions of Confluence Server from 2.0.0 before 6.6.13 (the fixed version for 6.6.x), from 6.7.0 before 6.12.4 (the fixed version for 6.12.x), from 6.13.0 before 6.13.4 (the fixed version for 6.13.x), from 6.14.0 before 6.14.3 (the fixed version for 6.14.x), and from 6.15.0 before 6.15.2 are affected by this vulnerability.",2019-04-18 18:29:00.970,EPSS/CISA/Nuclei
CVE-2019-3401,5.3,0.0055,The ManageFilters.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.,2019-05-22 18:29:00.740,Nuclei
CVE-2019-3402,0.0,0.00238,The ConfigurePortalPages.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter.,2019-05-22 18:29:00.787,Nuclei
CVE-2019-3403,5.3,0.00379,"The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.",2019-05-22 18:29:00.833,Nuclei
CVE-2019-3568,0.0,0.02813,"A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.",2019-05-14 20:29:03.187,CISA
CVE-2019-3799,6.5,0.02567,"Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack.",2019-05-06 16:29:01.567,Metasploit/Nuclei
CVE-2019-3911,6.1,0.00195,Reflected cross-site scripting (XSS) vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 allows an unauthenticated remote attacker to inject arbitrary javascript via the onerror parameter in the /__r2/query endpoints.,2019-01-30 20:29:00.367,Nuclei
CVE-2019-3912,6.1,0.0016,An open redirect vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 via the /__r1/ returnURL parameter allows an unauthenticated remote attacker to redirect users to arbitrary web sites.,2019-01-30 20:29:00.400,Nuclei
CVE-2019-3929,9.8,0.97364,"The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.",2019-04-30 21:29:00.713,EPSS/CISA/Metasploit/Nuclei
CVE-2019-3999,7.8,0.00164,"Improper neutralization of special elements used in an OS command in Druva inSync Windows Client 6.5.0 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges.",2020-02-25 19:15:11.693,Metasploit
CVE-2019-4061,5.3,0.00617,IBM BigFix Platform 9.2 and 9.5 could allow an attacker to query the relay remotely and gather information about the updates and fixlets deployed to the associated sites due to not enabling authenticated access. IBM X-Force ID: 156869.,2019-02-27 22:29:01.443,Metasploit
CVE-2019-4279,9.8,0.17605,IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 160445.,2019-05-17 16:29:03.470,Metasploit
CVE-2019-4716,9.8,0.07048,"IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated user to login as ""admin"", and then execute code as root or SYSTEM via TM1 scripting. IBM X-Force ID: 172094.",2019-12-18 17:16:43.863,CISA/Metasploit
CVE-2019-5127,9.8,0.97409,A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The parameter base64Url in /objects/getImage.php is vulnerable to a command injection attack.,2019-10-25 18:15:11.740,EPSS/Nuclei
CVE-2019-5418,7.5,0.9747,"There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.",2019-03-27 14:29:01.533,EPSS/Metasploit/Nuclei
CVE-2019-5420,9.8,0.96725,"A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit.",2019-03-27 14:29:01.720,EPSS/Metasploit
CVE-2019-5434,0.0,0.28148,"An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize() call on the ""what"" parameter in the ""openads.spc"" RPC method. Such vulnerability could be used to perform various types of attacks, e.g. exploit serialize-related PHP vulnerabilities or PHP object injection. It is possible, although unconfirmed, that the vulnerability has been used by some attackers in order to gain access to some Revive Adserver instances and deliver malware through them to third party websites. This vulnerability was addressed in version 4.2.0.",2019-05-06 17:29:00.730,Nuclei
CVE-2019-5544,9.8,0.03272,OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.,2019-12-06 16:15:11.467,CISA
CVE-2019-5591,6.5,0.00234,A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server.,2020-08-14 16:15:16.070,CISA
CVE-2019-5620,9.8,0.28818,ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function.,2020-04-29 23:15:13.033,Metasploit
CVE-2019-5645,7.5,0.96561,"By sending a specially crafted HTTP GET request to a listening Rapid7 Metasploit HTTP handler, an attacker can register an arbitrary regular expression. When evaluated, this malicious handler can either prevent new HTTP handler sessions from being established, or cause a resource exhaustion on the Metasploit server.",2020-09-01 15:15:11.983,EPSS/Metasploit
CVE-2019-5736,8.6,0.00395,"runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.",2019-02-11 19:29:00.297,Metasploit
CVE-2019-5786,6.5,0.97223,Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.,2019-06-27 17:15:13.770,EPSS/CISA/Metasploit
CVE-2019-5825,6.5,0.68549,Out of bounds write in JavaScript in Google Chrome prior to 73.0.3683.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,2019-11-25 20:15:11.483,CISA/Metasploit
CVE-2019-6112,6.1,0.00126,A Cross-site scripting (XSS) vulnerability in /inc/class-search.php in the Sell Media plugin v2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the keyword parameter (aka $search_term or the Search field).,2020-08-14 14:15:12.287,Nuclei
CVE-2019-6223,0.0,0.00678,"A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved state management. This issue is fixed in iOS 12.1.4, macOS Mojave 10.14.3 Supplemental Update. The initiator of a Group FaceTime call may be able to cause the recipient to answer.",2019-03-05 16:29:02.060,CISA
CVE-2019-6340,0.0,0.97481,"Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core RESTful Web Services (rest) module enabled and allows PATCH or POST requests, or the site has another web services module enabled, like JSON:API in Drupal 8, or Services or RESTful Web Services in Drupal 7. (Note: The Drupal 7 Services module itself does not require an update at this time, but you should apply other contributed updates associated with this advisory if Services is in use.)",2019-02-21 21:29:00.343,EPSS/CISA/Metasploit/Nuclei
CVE-2019-6447,8.1,0.5783,"The ES File Explorer File Manager application through 4.1.9.7.4 for Android allows remote attackers to read arbitrary files or execute applications via TCP port 59777 requests on the local Wi-Fi network. This TCP port remains open after the ES application has been launched once, and responds to unauthenticated application/json data over HTTP.",2019-01-16 14:29:00.327,Metasploit
CVE-2019-6715,7.5,0.3388,pub/sns.php in the W3 Total Cache plugin before 0.9.4 for WordPress allows remote attackers to read arbitrary files via the SubscribeURL field in SubscriptionConfirmation JSON data.,2019-04-01 20:29:00.847,Nuclei
CVE-2019-6799,0.0,0.15204,"An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allow_local_infile PHP configuration, and the inadvertent ignoring of ""options(MYSQLI_OPT_LOCAL_INFILE"" calls.",2019-01-26 17:29:00.450,Nuclei
CVE-2019-6802,0.0,0.00113,CRLF Injection in pypiserver 1.2.5 and below allows attackers to set arbitrary HTTP headers and possibly conduct XSS attacks via a %0d%0a in a URI.,2019-01-25 04:29:00.240,Nuclei
CVE-2019-6814,9.8,0.29674,"A CWE-287: Improper Authentication vulnerability exists in the NET55XX Encoder with firmware prior to version 2.1.9.7 which could cause impact to confidentiality, integrity, and availability when a remote attacker crafts a malicious request to the encoder webUI.",2019-05-22 20:29:01.963,Metasploit
CVE-2019-7139,0.0,0.09912,"An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensitive data leakage. This issue is fixed in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.",2019-04-10 18:29:01.247,Nuclei
CVE-2019-7192,9.8,0.96341,"This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions.",2019-12-05 17:15:12.950,EPSS/CISA/Metasploit/Nuclei
CVE-2019-7193,9.8,0.12427,"This improper input validation vulnerability allows remote attackers to inject arbitrary code to the system. To fix the vulnerability, QNAP recommend updating QTS to their latest versions.",2019-12-05 17:15:13.027,CISA
CVE-2019-7194,9.8,0.9707,"This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions.",2019-12-05 17:15:13.107,EPSS/CISA/Metasploit
CVE-2019-7195,9.8,0.9707,"This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions.",2019-12-05 17:15:13.183,EPSS/CISA/Metasploit
CVE-2019-7214,0.0,0.80998,SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker could run commands on the server when port 17001 was remotely accessible. This port is not accessible remotely by default after applying the Build 6985 patch.,2019-04-24 15:29:02.107,Metasploit
CVE-2019-7219,0.0,0.00113,"Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa Webapp 2.0.1.47791 and earlier. NOTE: this is a discontinued product. The issue was fixed in later Zarafa Webapp versions; however, some former Zarafa Webapp customers use the related Kopano product instead.",2019-04-11 19:29:01.380,Nuclei
CVE-2019-7238,0.0,0.974,Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control.,2019-03-21 17:29:01.180,EPSS/CISA/Nuclei
CVE-2019-7254,7.5,0.80769,Linear eMerge E3-Series devices allow File Inclusion.,2019-07-02 19:15:11.007,Nuclei
CVE-2019-7255,6.1,0.0113,Linear eMerge E3-Series devices allow XSS.,2019-07-02 19:15:11.087,Nuclei
CVE-2019-7256,10.0,0.97426,Linear eMerge E3-Series devices allow Command Injections.,2019-07-02 19:15:11.147,EPSS/CISA/Metasploit/Nuclei
CVE-2019-7275,6.1,0.00398,Optergy Proton/Enterprise devices allow Open Redirect.,2019-07-01 20:15:11.917,Nuclei
CVE-2019-7276,0.0,0.9454,Optergy Proton/Enterprise devices allow Remote Root Code Execution via a Backdoor Console.,2019-07-01 20:15:12.007,Metasploit
CVE-2019-7286,7.8,0.00339,"A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.4, macOS Mojave 10.14.3 Supplemental Update. An application may be able to gain elevated privileges.",2019-12-18 18:15:22.067,CISA
CVE-2019-7287,7.8,0.00125,A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.4. An application may be able to execute arbitrary code with kernel privileges.,2019-12-18 18:15:22.130,CISA
CVE-2019-7315,0.0,0.0143,"Genie Access WIP3BVAF WISH IP 3MP IR Auto Focus Bullet Camera devices through 3.x are vulnerable to directory traversal via the web interface, as demonstrated by reading /etc/shadow. NOTE: this product is discontinued, and its final firmware version has this vulnerability (4.x versions exist only for other Genie Access products).",2019-06-17 19:15:11.720,Nuclei
CVE-2019-7481,7.5,0.93107,Vulnerability in SonicWall SMA100 allow unauthenticated user to gain read-only access to unauthorized resources. This vulnerablity impacted SMA100 version 9.0.0.3 and earlier.,2019-12-17 23:15:14.923,CISA/Nuclei
CVE-2019-7483,7.5,0.00999,"In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server.",2019-12-19 01:15:10.803,CISA
CVE-2019-7543,0.0,0.00102,"In KindEditor 4.1.11, the php/demo.php content1 parameter has a reflected Cross-site Scripting (XSS) vulnerability.",2019-02-06 21:29:00.847,Nuclei
CVE-2019-7609,10.0,0.96991,Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.,2019-03-25 19:29:02.147,EPSS/CISA/Metasploit/Nuclei
CVE-2019-8086,7.5,0.10314,"Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Successful exploitation could lead to sensitive information disclosure.",2019-10-25 16:15:11.193,Nuclei
CVE-2019-8390,0.0,0.01911,qdPM 9.1 suffers from Cross-site Scripting (XSS) in the search[keywords] parameter.,2019-05-14 15:29:00.727,Nuclei
CVE-2019-8394,0.0,0.9685,Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization.,2019-02-17 04:29:00.330,EPSS/CISA
CVE-2019-8442,7.5,0.97131,"The CachingResourceDownloadRewriteRule class in Jira before version 7.13.4, and from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to access files in the Jira webroot under the META-INF directory via a lax path access check.",2019-05-22 18:29:02.067,EPSS/Nuclei
CVE-2019-8446,5.3,0.15691,The /rest/issueNav/1/issueTable resource in Jira before version 8.3.2 allows remote attackers to enumerate usernames via an incorrect authorisation check.,2019-08-23 14:15:11.937,Nuclei
CVE-2019-8449,5.3,0.29471,The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability.,2019-09-11 14:15:12.257,Nuclei
CVE-2019-8451,6.5,0.97115,The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class.,2019-09-11 14:15:12.430,EPSS/Nuclei
CVE-2019-8506,8.8,0.06777,"A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.",2019-12-18 18:15:22.880,CISA
CVE-2019-8513,7.8,0.00062,This issue was addressed with improved checks. This issue is fixed in macOS Mojave 10.14.4. A local user may be able to execute arbitrary shell commands.,2019-12-18 18:15:23.333,Metasploit
CVE-2019-8526,7.8,0.00137,A use after free issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.4. An application may be able to gain elevated privileges.,2019-12-18 18:15:24.223,CISA
CVE-2019-8565,7.0,0.00193,"A race condition was addressed with additional validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4. A malicious application may be able to gain root privileges.",2019-12-18 18:15:26.553,Metasploit
CVE-2019-8605,7.8,0.00132,"A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A malicious application may be able to execute arbitrary code with system privileges.",2019-12-18 18:15:28.833,CISA
CVE-2019-8672,8.8,0.96068,"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.",2019-12-18 18:15:32.630,EPSS
CVE-2019-8689,8.8,0.96068,"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.",2019-12-18 18:15:34.677,EPSS
CVE-2019-8720,8.8,0.00706,A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues.,2023-03-06 23:15:10.287,CISA
CVE-2019-8903,0.0,0.01284,index.js in Total.js Platform before 3.2.3 allows path traversal.,2019-02-18 16:29:00.870,Metasploit/Nuclei
CVE-2019-8937,0.0,0.00477,"HotelDruid 2.3.0 has XSS affecting the nsextt, cambia1, mese_fine, origine, and anno parameters in creaprezzi.php, tabella3.php, personalizza.php, and visualizza_tabelle.php.",2019-05-17 15:29:00.710,Nuclei
CVE-2019-8942,0.0,0.95561,"WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image containing PHP code in the Exif metadata. Exploitation can leverage CVE-2019-8943.",2019-02-20 03:29:00.250,EPSS/Metasploit
CVE-2019-8943,6.5,0.94919,"WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring.",2019-02-20 03:29:00.297,Metasploit
CVE-2019-8982,0.0,0.0146,"com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent&inUrl= value, leading to disclosure of local files and SSRF.",2019-02-21 14:29:00.423,Nuclei
CVE-2019-9041,0.0,0.02416,"An issue was discovered in ZZZCMS zzzphp V1.6.1. In the inc/zzz_template.php file, the parserIfLabel() function's filtering is not strict, resulting in PHP code execution, as demonstrated by the if:assert substring.",2019-02-23 18:29:00.300,Nuclei
CVE-2019-9055,0.0,0.0175,"An issue was discovered in CMS Made Simple 2.2.8. In the module DesignManager (in the files action.admin_bulk_css.php and action.admin_bulk_template.php), with an unprivileged user with Designer permission, it is possible reach an unserialize call with a crafted value in the m1_allparms parameter, and achieve object injection.",2019-03-26 17:29:01.467,Metasploit
CVE-2019-9082,8.8,0.97455,"ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command.",2019-02-24 18:29:00.207,EPSS/CISA/Metasploit
CVE-2019-9193,0.0,0.97463,"In PostgreSQL 9.3 through 11.2, the ""COPY TO/FROM PROGRAM"" function allows superusers and users in the 'pg_execute_server_program' group to execute arbitrary code in the context of the database's operating system user. This functionality is enabled by default and can be abused to run arbitrary operating system commands on Windows, Linux, and macOS. NOTE: Third parties claim/state this is not an issue because PostgreSQL functionality for ‘COPY TO/FROM PROGRAM’ is acting as intended. References state that in PostgreSQL, a superuser can execute commands as the server user without using the ‘COPY FROM PROGRAM’.",2019-04-01 21:30:45.110,EPSS/Metasploit
CVE-2019-9194,0.0,0.9653,elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.,2019-02-26 19:29:00.283,EPSS/Metasploit
CVE-2019-9213,5.5,0.00081,"In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task.",2019-03-05 22:29:00.240,Metasploit
CVE-2019-9618,0.0,0.03376,"The GraceMedia Media Player plugin 1.0 for WordPress allows Local File Inclusion via the ""cfg"" parameter.",2019-05-13 22:29:01.327,Nuclei
CVE-2019-9621,0.0,0.93145,"Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3 allows SSRF via the ProxyServlet component.",2019-04-30 18:29:08.633,Metasploit
CVE-2019-9624,0.0,0.61732,"Webmin 1.900 allows remote attackers to execute arbitrary code by leveraging the ""Java file manager"" and ""Upload and Download"" privileges to upload a crafted .cgi file via the /updown/upload.cgi URI.",2019-03-07 05:29:01.410,Metasploit
CVE-2019-9632,0.0,0.05368,ESAFENET CDG V3 and V5 has an arbitrary file download vulnerability via the fileName parameter in download.jsp because the InstallationPack parameter is mishandled in a /CDGServer3/ClientAjax request.,2019-03-08 07:29:00.233,Nuclei
CVE-2019-9670,0.0,0.97471,"mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability, as demonstrated by Autodiscover/Autodiscover.xml.",2019-05-29 22:29:01.507,EPSS/CISA/Metasploit/Nuclei
CVE-2019-9692,0.0,0.74831,"class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard image file extension (GIF, JPG, JPEG, or PNG).",2019-03-11 18:29:00.257,Metasploit
CVE-2019-9701,0.0,0.95374,"DLP 15.5 MP1 and all prior versions may be susceptible to a cross-site scripting (XSS) vulnerability, a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.",2019-06-19 16:15:11.313,EPSS
CVE-2019-9726,0.0,0.03616,Directory Traversal / Arbitrary File Read in eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to read arbitrary files of the device's filesystem. This vulnerability can be exploited by unauthenticated attackers with access to the web interface.,2019-05-13 17:29:03.987,Nuclei
CVE-2019-9733,0.0,0.85254,"An issue was discovered in JFrog Artifactory 6.7.3. By default, the access-admin account is used to reset the password of the admin account in case an administrator gets locked out from the Artifactory console. This is only allowable from a connection directly from localhost, but providing a X-Forwarded-For HTTP header to the request allows an unauthenticated user to login with the default credentials of the access-admin account while bypassing the whitelist of allowed IP addresses. The access-admin account can use Artifactory's API to request authentication tokens for all users including the admin account and, in turn, assume full control of all artifacts and repositories managed by Artifactory.",2019-04-11 19:29:01.440,Nuclei
CVE-2019-9810,8.8,0.95155,"Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1.",2019-04-26 17:29:04.007,EPSS
CVE-2019-9851,9.8,0.97068,"LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from document event script handers, e.g. mouse over. However LibreOffice also has a separate feature where documents can specify that pre-installed scripts can be executed on various global script events such as document-open, etc. In the fixed versions, global script event handlers are validated equivalently to document script event handlers. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6.",2019-08-15 22:15:22.290,EPSS/Metasploit
CVE-2019-9858,8.8,0.95,"Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contains a vulnerable class that handles image upload in forms. When the Horde_Form_Type_image method onSubmit() is called on uploads, it invokes the functions getImage() and _getUpload(), which uses unsanitized user input as a path to save the image. The unsanitized POST parameter object[photo][img][file] is saved in the $upload[img][file] PHP variable, allowing an attacker to manipulate the $tmp_file passed to move_uploaded_file() to save the uploaded file. By setting the parameter to (for example) ../usr/share/horde/static/bd.php, one can write a PHP backdoor inside the web root. The static/ destination folder is a good candidate to drop the backdoor because it is always writable in Horde installations. (The unsanitized POST parameter went probably unnoticed because it's never submitted by the forms, which default to securely using a random path.)",2019-05-29 17:29:00.633,Metasploit
CVE-2019-9915,0.0,0.00123,GetSimpleCMS 3.3.13 has an Open Redirect via the admin/index.php redirect parameter.,2019-03-22 00:29:00.627,Nuclei
CVE-2019-9922,7.5,0.00972,An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Directory Traversal allows read access to arbitrary files.,2019-03-29 15:29:00.963,Nuclei
CVE-2019-9955,0.0,0.04051,"On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, ZyWALL 1100 devices, the security firewall login page is vulnerable to Reflected XSS via the unsanitized 'mp_idx' parameter.",2019-04-22 20:29:00.447,Nuclei
CVE-2019-9960,0.0,0.00276,The downloadZip function in application/controllers/admin/export.php in LimeSurvey through 3.16.1+190225 allows a relative path.,2019-03-24 01:29:00.213,Metasploit
CVE-2019-9978,0.0,0.97149,"The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, as exploited in the wild in March 2019. This affects Social Warfare and Social Warfare Pro.",2019-03-24 15:29:00.243,EPSS/CISA/Nuclei
CVE-2020-0041,7.8,0.00081,"In binder_transaction of binder.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-145988638References: Upstream kernel",2020-03-10 20:15:21.383,CISA
CVE-2020-0069,7.8,0.00145,"In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing SELinux restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147882143References: M-ALPS04356754",2020-03-10 20:15:21.947,CISA
CVE-2020-0601,8.1,0.9689,"A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'.",2020-01-14 23:15:30.207,EPSS/CISA
CVE-2020-0618,8.8,0.9741,"A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability'.",2020-02-11 22:15:13.400,EPSS/Metasploit/Nuclei
CVE-2020-0638,7.8,0.00069,"An elevation of privilege vulnerability exists in the way the Update Notification Manager handles files.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Update Notification Manager Elevation of Privilege Vulnerability'.",2020-01-14 23:15:32.503,CISA
CVE-2020-0646,9.8,0.97476,"A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka '.NET Framework Remote Code Execution Injection Vulnerability'.",2020-01-14 23:15:33.143,EPSS/CISA/Metasploit
CVE-2020-0668,7.8,0.0063,"An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0669, CVE-2020-0670, CVE-2020-0671, CVE-2020-0672.",2020-02-11 22:15:14.430,Metasploit
CVE-2020-0674,7.5,0.97251,"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767.",2020-02-11 22:15:14.883,EPSS/CISA
CVE-2020-0683,7.8,0.00043,"An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0686.",2020-02-11 22:15:15.650,CISA
CVE-2020-0688,8.8,0.97265,"A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'.",2020-02-11 22:15:15.900,EPSS/CISA/Metasploit
CVE-2020-0787,7.8,0.0109,"An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'.",2020-03-12 16:15:15.203,CISA/Metasploit
CVE-2020-0796,10.0,0.97481,"A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.",2020-03-12 16:15:15.627,EPSS/CISA
CVE-2020-0878,4.2,0.03055,"<p>A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p>
<p>An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft browsers, and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically via an enticement in email or instant message, or by getting them to open an email attachment.</p>
<p>The security update addresses the vulnerability by modifying how Microsoft browsers handle objects in memory.</p>
",2020-09-11 17:15:14.370,CISA
CVE-2020-0938,7.8,0.95411,"A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Adobe Font Manager Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1020.",2020-04-15 15:15:16.573,EPSS/CISA
CVE-2020-0968,7.5,0.38946,"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0970.",2020-04-15 15:15:18.107,CISA
CVE-2020-0986,7.8,0.00076,"An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316.",2020-06-09 20:15:12.177,CISA
CVE-2020-10148,9.8,0.97253,"The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected.",2020-12-29 22:15:12.327,EPSS/CISA/Nuclei
CVE-2020-10181,9.8,0.45988,"goform/formEMR30 in Sumavision Enhanced Multimedia Router (EMR) 3.0.4.27 allows creation of arbitrary users with elevated privileges (administrator) on a device, as demonstrated by a setString=new_user<*1*>administrator<*1*>123456 request.",2020-03-11 16:15:12.007,CISA
CVE-2020-10189,9.8,0.97206,Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class. This is related to the CewolfServlet and MDMLogUploaderServlet servlets.,2020-03-06 17:15:12.383,EPSS/CISA/Metasploit
CVE-2020-10199,8.8,0.97322,Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2).,2020-04-01 19:15:14.393,EPSS/CISA/Metasploit/Nuclei
CVE-2020-1020,8.8,0.9494,"A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Adobe Font Manager Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0938.",2020-04-15 15:15:20.857,CISA
CVE-2020-10220,9.8,0.03051,An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parameter.,2020-03-07 23:15:11.333,Metasploit/Nuclei
CVE-2020-10221,8.8,0.96709,lib/ajaxHandlers/ajaxAddTemplate.php in rConfig through 3.94 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the fileName POST parameter.,2020-03-08 22:15:11.120,EPSS/CISA
CVE-2020-1027,7.8,0.00072,"An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0913, CVE-2020-1000, CVE-2020-1003.",2020-04-15 15:15:21.010,CISA
CVE-2020-1040,9.0,0.00324,"A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1032, CVE-2020-1036, CVE-2020-1041, CVE-2020-1042, CVE-2020-1043.",2020-07-14 23:15:11.683,CISA
CVE-2020-1048,7.8,0.00496,"An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka 'Windows Print Spooler Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1070.",2020-05-21 23:15:11.930,Metasploit
CVE-2020-1054,7.8,0.00427,"An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1143.",2020-05-21 23:15:12.070,CISA/Metasploit
CVE-2020-10546,9.8,0.38355,"rConfig 3.9.4 and previous versions has unauthenticated compliancepolicies.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.",2020-06-04 04:15:12.663,Nuclei
CVE-2020-10547,9.8,0.38355,"rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.",2020-06-04 04:15:12.977,Nuclei
CVE-2020-10548,9.8,0.38355,"rConfig 3.9.4 and previous versions has unauthenticated devices.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.",2020-06-04 04:15:13.087,Nuclei
CVE-2020-10549,9.8,0.38355,"rConfig 3.9.4 and previous versions has unauthenticated snippets.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.",2020-06-04 04:15:13.163,Nuclei
CVE-2020-10644,7.5,0.82932,"The affected product lacks proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information.",2020-06-09 18:15:10.590,Metasploit
CVE-2020-10770,5.3,0.15214,"A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack.",2020-12-15 20:15:14.853,Nuclei
CVE-2020-10808,8.8,0.97063,"Vesta Control Panel (VestaCP) through 0.9.8-26 allows Command Injection via the schedule/backup Backup Listing Endpoint. The attacker must be able to create a crafted filename on the server, as demonstrated by an FTP session that renames .bash_logout to a .bash_logout' substring followed by shell metacharacters.",2020-03-22 17:15:11.017,EPSS/Metasploit
CVE-2020-10879,9.8,0.96126,rConfig before 3.9.5 allows command injection by sending a crafted GET request to lib/crud/search.crud.php since the nodeId parameter is passed directly to the exec function without being escaped.,2020-03-23 22:15:12.737,EPSS
CVE-2020-10882,8.8,0.00195,"This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tdpServer service, which listens on UDP port 20002 by default. When parsing the slave_mac parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the root user. Was ZDI-CAN-9650.",2020-03-25 21:15:11.917,Metasploit
CVE-2020-10883,7.8,0.00047,This vulnerability allows local attackers to escalate privileges on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the file system. The issue lies in the lack of proper permissions set on the file system. An attacker can leverage this vulnerability to escalate privileges. Was ZDI-CAN-9651.,2020-03-25 21:15:12.010,Metasploit
CVE-2020-10884,8.8,0.00099,"This vulnerability allows network-adjacent attackers execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tdpServer service, which listens on UDP port 20002 by default. This issue results from the use of hard-coded encryption key. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-9652.",2020-03-25 21:15:12.107,Metasploit
CVE-2020-10914,9.8,0.67307,"This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587. Authentication is not required to exploit this vulnerability. The specific flaw exists within the PerformHandshake method. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-10400.",2020-04-22 21:15:13.950,Metasploit
CVE-2020-10915,9.8,0.67307,"This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HandshakeResult method. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-10401.",2020-04-22 21:15:14.013,Metasploit
CVE-2020-10923,8.8,0.00076,"This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service, which listens on TCP port 5000. A crafted UPnP message can be used to bypass authentication. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-9642.",2020-07-28 18:15:13.597,Metasploit
CVE-2020-10924,8.8,0.00405,"This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the UPnP service, which listens on TCP port 5000 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9643.",2020-07-28 18:15:13.677,Metasploit
CVE-2020-10973,7.5,0.02524,"An issue was discovered in Wavlink WN530HG4, Wavlink WN531G3, Wavlink WN533A8, and Wavlink WN551K1 affecting /cgi-bin/ExportAllSettings.sh where a crafted POST request returns the current configuration of the device, including the administrator password. No authentication is required. The attacker must perform a decryption step, but all decryption information is readily available.",2020-05-07 18:15:11.287,Nuclei
CVE-2020-10977,5.5,0.00155,GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when moving an issue between projects.,2020-04-08 19:15:12.977,Metasploit
CVE-2020-10987,9.8,0.96377,The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter.,2020-07-13 19:15:12.207,EPSS/CISA
CVE-2020-11034,6.1,0.00493,"In GLPI before version 9.4.6, there is a vulnerability that allows bypassing the open redirect protection based which is based on a regexp. This is fixed in version 9.4.6.",2020-05-05 22:15:12.760,Nuclei
CVE-2020-11108,8.8,0.96243,"The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abused for Remote Code Execution by writing to a PHP file in the web directory. (Also, it can be used in conjunction with the sudo rule for the www-data user to escalate privileges to root.) The code error is in gravity_DownloadBlocklistFromUrl in gravity.sh.",2020-05-11 15:15:11.353,EPSS/Metasploit
CVE-2020-11110,5.4,0.00512,"Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.",2020-07-27 13:15:11.293,Nuclei
CVE-2020-11261,7.8,0.00167,"Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables",2021-06-09 05:15:07.643,CISA
CVE-2020-11450,7.5,0.66624,"Microstrategy Web 10.4 exposes the JVM configuration, CPU architecture, installation folder, and other information through the URL /MicroStrategyWS/happyaxis.jsp. An attacker could use this vulnerability to learn more about the environment the application is running in. This issue has been mitigated in all versions of the product 11.0 and higher.",2020-04-02 15:15:17.547,Nuclei
CVE-2020-11455,9.8,0.87577,LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php.,2020-04-01 16:15:27.420,Metasploit/Nuclei
CVE-2020-1147,7.8,0.86776,"A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.",2020-07-14 23:15:12.057,CISA/Metasploit
CVE-2020-11529,6.1,0.00452,Common/Grav.php in Grav before 1.7 has an Open Redirect. This is partially fixed in 1.6.23 and still present in 1.6.x.,2020-04-04 19:15:11.537,Nuclei
CVE-2020-11530,9.8,0.81445,"A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter supplied to get_script/index.php, and allows an attacker to execute arbitrary SQL queries in the context of the WP database user.",2020-05-08 20:15:12.233,Metasploit/Nuclei
CVE-2020-11546,9.8,0.9667,SuperWebMailer 7.21.0.01526 is susceptible to a remote code execution vulnerability in the Language parameter of mailingupgrade.php. An unauthenticated remote attacker can exploit this behavior to execute arbitrary PHP code via Code Injection.,2020-07-14 20:15:11.347,EPSS/Nuclei
CVE-2020-11547,5.3,0.0011,"PRTG Network Monitor before 20.1.57.1745 allows remote unauthenticated attackers to obtain information about probes running or the server itself (CPU usage, memory, Windows version, and internal statistics) via an HTTP request, as demonstrated by type=probes to login.htm or index.htm.",2020-04-05 00:15:11.893,Nuclei
CVE-2020-11651,9.8,0.97477,An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions.,2020-04-30 17:15:12.143,EPSS/CISA
CVE-2020-11652,6.5,0.97254,An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.,2020-04-30 17:15:12.190,EPSS/CISA
CVE-2020-11698,9.8,0.90783,An issue was discovered in Titan SpamTitan 7.07. Improper input sanitization of the parameter community on the page snmp-x.php would allow a remote attacker to inject commands into the file snmpd.conf that would allow executing commands on the target server.,2020-09-17 17:15:14.757,Metasploit
CVE-2020-11710,9.8,0.02642,"An issue was discovered in docker-kong (for Kong) through 2.0.3. The admin API port may be accessible on interfaces other than 127.0.0.1. NOTE: The vendor argue that this CVE is not a vulnerability because it has an inaccurate bug scope and patch links. “1) Inaccurate Bug Scope - The issue scope was on Kong's docker-compose template, and not Kong's docker image itself. In reality, this issue is not associated with any version of the Kong gateway. As such, the description stating ‘An issue was discovered in docker-kong (for Kong) through 2.0.3.’ is incorrect. This issue only occurs if a user decided to spin up Kong via docker-compose without following the security documentation. The docker-compose template is meant for users to quickly get started with Kong, and is meant for development purposes only. 2) Incorrect Patch Links - The CVE currently points to a documentation improvement as a “Patch” link: https://github.com/Kong/docs.konghq.com/commit/d693827c32144943a2f45abc017c1321b33ff611.This link actually points to an improvement Kong Inc made for fool-proofing. However, instructions for how to protect the admin API were already well-documented here: https://docs.konghq.com/2.0.x/secure-admin-api/#network-layer-access-restrictions , which was first published back in 2017 (as shown in this commit: https://github.com/Kong/docs.konghq.com/commit/e99cf875d875dd84fdb751079ac37882c9972949) Lastly, the hyperlink to https://github.com/Kong/kong (an unrelated Github Repo to this issue) on the Hyperlink list does not include any meaningful information on this topic.",2020-04-12 17:15:10.737,Nuclei
CVE-2020-11738,7.5,0.97449,The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traversal via ../ in the file parameter to duplicator_download or duplicator_init.,2020-04-13 22:15:10.660,EPSS/CISA/Metasploit/Nuclei
CVE-2020-11798,5.3,0.80666,"A Directory Traversal vulnerability in the web conference component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an attacker to access arbitrary files from restricted directories of the server via a crafted URL, due to insufficient access validation. A successful exploit could allow an attacker to access sensitive information from the restricted directories.",2020-06-10 18:15:10.610,Nuclei
CVE-2020-11853,8.8,0.83699,"Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9.51, 9.50 and 9.40 with uCMDB 10.33 CUP 3 3.) Data Center Automation affected version 2019.11 4.) Operations Bridge (containerized) affecting versions: 2019.11, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05, 2018.02, 2017.11 5.) Universal CMDB affecting version: 2020.05, 2019.11, 2019.05, 2019.02, 2018.11, 2018.08, 2018.05, 11, 10.33, 10.32, 10.31, 10.30 6.) Hybrid Cloud Management affecting version 2020.05 7.) Service Management Automation affecting version 2020.5 and 2020.02. The vulnerability could allow to execute arbitrary code.",2020-10-22 21:15:12.747,Nuclei
CVE-2020-11854,9.8,0.23333,"Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) vulnerability in Micro Focus products products Operation Bridge Manager, Operation Bridge (containerized) and Application Performance Management. The vulneravility affects: 1.) Operation Bridge Manager versions 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions. 2.) Operations Bridge (containerized) 2020.05, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05. 2018.02 and 2017.11. 3.) Application Performance Management versions 9,51, 9.50 and 9.40 with uCMDB 10.33 CUP 3. The vulnerability could allow Arbitrary code execution.",2020-10-27 17:15:12.130,Metasploit/Nuclei
CVE-2020-11855,7.8,0.00045,"An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow local attackers on the OBR host to execute code with escalated privileges.",2020-09-22 14:15:12.097,Metasploit
CVE-2020-11857,9.8,0.0333,"An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to access the OBR host as a non-admin user",2020-09-22 14:15:12.157,Metasploit
CVE-2020-11858,7.8,0.00352,"Code execution with escalated privileges vulnerability in Micro Focus products Operation Bridge Manager and Operation Bridge (containerized). The vulneravility affects: 1.) Operation Bridge Manager versions: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions. 2.) Operations Bridge (containerized) versions: 2020.05, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05. 2018.02 and 2017.11. The vulnerability could allow local attackers to execute code with escalated privileges.",2020-10-27 17:15:12.273,Metasploit
CVE-2020-11899,5.4,0.00314,The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.,2020-06-17 11:15:10.210,CISA
CVE-2020-11930,6.1,0.00303,The GTranslate plugin before 2.8.52 for WordPress has Reflected XSS via a crafted link. This requires use of the hreflang tags feature within a sub-domain or sub-directory paid option.,2020-04-20 01:15:11.107,Nuclei
CVE-2020-11978,8.8,0.97444,An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler (depending on the executor in use). If you already have examples disabled by setting load_examples=False in the config then you are not vulnerable.,2020-07-17 00:15:10.337,EPSS/CISA/Metasploit/Nuclei
CVE-2020-11981,9.8,0.93514,"An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker (Redis, RabbitMQ) directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands.",2020-07-17 00:15:10.400,Nuclei
CVE-2020-11991,7.5,0.81306,"When using the StreamGenerator, the code parse a user-provided XML. A specially crafted XML, including external system entities, could be used to access any file on the server system.",2020-09-11 14:15:11.160,Nuclei
CVE-2020-12004,7.5,0.84471,"The affected product lacks proper authentication required to query the server on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information.",2020-06-09 18:15:11.137,Metasploit
CVE-2020-12027,4.3,0.05491,"All versions of FactoryTalk View SE disclose the hostnames and file paths for certain files within the system. A remote, authenticated attacker may be able to leverage this information for reconnaissance efforts. Rockwell Automation recommends enabling built in security features found within FactoryTalk View SE. Users should follow guidance found in knowledge base articles 109056 and 1126943 to set up IPSec and/or HTTPs.",2020-07-20 16:15:12.087,Metasploit
CVE-2020-12028,8.1,0.0414,"In all versions of FactoryTalk View SEA remote, an authenticated attacker may be able to utilize certain handlers to interact with the data on the remote endpoint since those handlers do not enforce appropriate permissions. Rockwell Automation recommends enabling built in security features found within FactoryTalk View SE. Users should follow guidance found in knowledge base articles 109056 and 1126943 to set up IPSec and/or HTTPs.",2020-07-20 16:15:12.163,Metasploit
CVE-2020-12029,7.8,0.04499,"All versions of FactoryTalk View SE do not properly validate input of filenames within a project directory. A remote, unauthenticated attacker may be able to execute a crafted file on a remote endpoint that may result in remote code execution (RCE). Rockwell Automation recommends applying patch 1126289. Before installing this patch, the patch rollup dated 06 Apr 2020 or later MUST be applied. 1066644 – Patch Roll-up for CPR9 SRx.",2020-07-20 15:15:11.477,Metasploit
CVE-2020-12054,6.1,0.00129,"The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Reflected XSS via the s parameter (a search query). Also affected are 16 themes (if the plugin is enabled) by the same author: Alchemist and Alchemist PRO, Izabel and Izabel PRO, Chique and Chique PRO, Clean Enterprise and Clean Enterprise PRO, Bold Photography PRO, Intuitive PRO, Devotepress PRO, Clean Blocks PRO, Foodoholic PRO, Catch Mag PRO, Catch Wedding PRO, and Higher Education PRO.",2020-04-23 15:15:14.280,Nuclei
CVE-2020-12109,8.8,0.97269,"Certain TP-Link devices allow Command Injection. This affects NC200 2.1.9 build 200225, NC210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304.",2020-05-04 16:15:12.087,EPSS/Metasploit
CVE-2020-12116,7.5,0.97282,Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a crafted request.,2020-05-07 20:15:12.297,EPSS/Nuclei
CVE-2020-12124,9.8,0.94551,A remote command-line injection vulnerability in the /cgi-bin/live_api.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication.,2020-10-02 09:15:13.087,Nuclei
CVE-2020-12127,7.5,0.05251,"An information disclosure vulnerability in the /cgi-bin/ExportAllSettings.sh endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to leak router settings, including cleartext login details, DNS settings, and other sensitive information without authentication.",2020-10-02 09:15:13.257,Nuclei
CVE-2020-12256,5.4,0.17512,rConfig 3.9.4 is vulnerable to reflected XSS. The devicemgmnt.php file improperly validates user input. An attacker can exploit this by crafting arbitrary JavaScript in the deviceId GET parameter to devicemgmnt.php.,2020-05-18 15:15:10.943,Nuclei
CVE-2020-12259,5.4,0.16256,rConfig 3.9.4 is vulnerable to reflected XSS. The configDevice.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the rid GET parameter of devicemgmnt.php.,2020-05-18 13:15:10.893,Nuclei
CVE-2020-12271,9.8,0.01655,"A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in April 2020. This affected devices configured with either the administration (HTTPS) service or the User Portal exposed on the WAN zone. A successful attack may have caused remote code execution that exfiltrated usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access (but not external Active Directory or LDAP passwords)",2020-04-27 04:15:10.553,CISA
CVE-2020-12447,7.5,0.02897,"A Local File Inclusion (LFI) issue on Onkyo TX-NR585 1000-0000-000-0008-0000 devices allows remote unauthenticated users on the network to read sensitive files via %2e%2e%2f directory traversal, as demonstrated by reading /etc/shadow.",2020-04-29 03:15:17.207,Nuclei
CVE-2020-12478,7.5,0.01338,TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root. This may include backups or LDAP debug files.,2020-04-29 22:15:12.717,Nuclei
CVE-2020-12641,9.8,0.12311,rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path.,2020-05-04 15:15:14.417,CISA
CVE-2020-12720,9.8,0.83294,"vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control.",2020-05-08 00:15:12.080,Nuclei
CVE-2020-12800,9.8,0.97451,The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unrestricted File Upload and remote code execution by setting supported_type to php% and uploading a .php% file.,2020-06-08 17:15:10.033,EPSS/Metasploit/Nuclei
CVE-2020-12812,9.8,0.02923,"An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username.",2020-07-24 23:15:12.003,CISA
CVE-2020-13117,9.8,0.16368,Wavlink WN575A4 and WN579X3 devices through 2020-05-15 allow unauthenticated remote users to inject commands via the key parameter in a login request.,2021-02-09 19:15:13.460,Nuclei
CVE-2020-13121,6.1,0.00235,Submitty through 20.04.01 has an open redirect via authentication/login?old= during an invalid login attempt.,2020-05-16 20:15:12.000,Nuclei
CVE-2020-1313,7.8,0.00934,"An elevation of privilege vulnerability exists when the Windows Update Orchestrator Service improperly handles file operations, aka 'Windows Update Orchestrator Service Elevation of Privilege Vulnerability'.",2020-06-09 20:15:20.727,Metasploit
CVE-2020-13151,9.8,0.84498,"Aerospike Community Edition 4.9.0.5 allows for unauthenticated submission and execution of user-defined functions (UDFs), written in Lua, as part of a database query. It attempts to restrict code execution by disabling os.execute() calls, but this is insufficient. Anyone with network access can use a crafted UDF to execute arbitrary OS commands on all nodes of the cluster at the permission level of the user running the Aerospike service.",2020-08-05 13:15:10.603,Metasploit
CVE-2020-13158,7.5,0.969,Artica Proxy before 4.30.000000 Community Edition allows Directory Traversal via the fw.progrss.details.php popup parameter.,2020-06-22 18:15:11.277,EPSS/Nuclei
CVE-2020-13160,9.8,0.87389,AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution.,2020-06-09 17:15:10.283,Metasploit
CVE-2020-13166,9.8,0.64771,"The management tool in MyLittleAdmin 3.8 allows remote attackers to execute arbitrary code because machineKey is hardcoded (the same for all customers' installations) in web.config, and can be used to send serialized ASP code.",2020-05-19 20:15:10.087,Metasploit
CVE-2020-13167,9.8,0.97432,"Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php (with certain Referer headers) launches a command line with client-supplied parameters, and allows injection of shell metacharacters.",2020-05-19 20:15:10.147,EPSS/Metasploit/Nuclei
CVE-2020-13258,6.1,0.00464,"Contentful through 2020-05-21 for Python allows reflected XSS, as demonstrated by the api parameter to the-example-app.py.",2020-05-21 17:15:10.353,Nuclei
CVE-2020-1337,7.8,0.00644,"An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted script or application.
The update addresses the vulnerability by correcting how the Windows Print Spooler Component writes to the file system.
",2020-08-17 19:15:14.210,Metasploit
CVE-2020-13379,8.2,0.71681,"The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on. Furthermore, passing invalid URL objects could be used for DOS'ing Grafana via SegFault.",2020-06-03 19:15:10.737,Nuclei
CVE-2020-13381,9.8,0.0741,openSIS through 7.4 allows SQL Injection.,2020-07-01 15:15:13.127,Metasploit
CVE-2020-13382,9.1,0.33686,openSIS through 7.4 has Incorrect Access Control.,2020-07-01 15:15:13.203,Metasploit
CVE-2020-13383,7.5,0.27359,openSIS through 7.4 allows Directory Traversal.,2020-07-01 15:15:13.267,Metasploit
CVE-2020-13405,7.5,0.01002,userfiles/modules/users/controller/controller.php in Microweber before 1.1.20 allows an unauthenticated user to disclose the users database via a /modules/ POST request.,2020-07-16 19:15:12.000,Nuclei
CVE-2020-13483,6.1,0.00113,The Web Application Firewall in Bitrix24 through 20.0.0 allows XSS via the items[ITEMS][ID] parameter to the components/bitrix/mobileapp.list/ajax.php/ URI.,2020-06-24 15:15:11.727,Nuclei
CVE-2020-1350,10.0,0.94441,"A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka 'Windows DNS Server Remote Code Execution Vulnerability'.",2020-07-14 23:15:13.087,CISA
CVE-2020-13638,9.8,0.3523,"lib/crud/userprocess.php in rConfig 3.9.x before 3.9.7 has an authentication bypass, leading to administrator account creation. This issue has been fixed in 3.9.7.",2020-11-13 20:15:16.083,Nuclei
CVE-2020-13671,8.8,0.01243,"Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. This issue affects: Drupal Drupal Core 9.0 versions prior to 9.0.8, 8.9 versions prior to 8.9.9, 8.8 versions prior to 8.8.11, and 7 versions prior to 7.74.",2020-11-20 16:15:15.433,CISA
CVE-2020-13699,8.8,0.19227,"TeamViewer Desktop for Windows before 15.8.3 does not properly quote its custom URI handlers. A malicious website could launch TeamViewer with arbitrary parameters, as demonstrated by a teamviewer10: --play URL. An attacker could force a victim to send an NTLM authentication request and either relay the request or capture the hash for offline password cracking. This affects teamviewer10, teamviewer8, teamviewerapi, tvchat1, tvcontrol1, tvfiletransfer1, tvjoinv8, tvpresent1, tvsendfile1, tvsqcustomer1, tvsqsupport1, tvvideocall1, and tvvpn1. The issue is fixed in 8.0.258861, 9.0.258860, 10.0.258873, 11.0.258870, 12.0.258869, 13.2.36220, 14.2.56676, 14.7.48350, and 15.8.3.",2020-07-29 16:15:12.080,Metasploit
CVE-2020-13700,7.5,0.01831,"An issue was discovered in the acf-to-rest-api plugin through 3.1.0 for WordPress. It allows an insecure direct object reference via permalinks manipulation, as demonstrated by a wp-json/acf/v3/options/ request that reads sensitive information in the wp_options table, such as the login and pass values.",2020-06-24 15:15:11.853,Nuclei
CVE-2020-1380,7.8,0.314,"A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked &quot;safe for initialization&quot; in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.
The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.
",2020-08-17 19:15:14.553,CISA
CVE-2020-13820,6.1,0.00289,Extreme Management Center 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET request.,2020-08-03 17:15:11.573,Nuclei
CVE-2020-13851,8.8,0.96994,Artica Pandora FMS 7.44 allows remote command execution via the events feature.,2020-06-11 03:15:10.047,EPSS/Metasploit/Nuclei
CVE-2020-13927,9.8,0.96826,"The previous default setting for Airflow's Experimental API was to allow all API requests without authentication, but this poses security risks to users who miss this fact. From Airflow 1.10.11 the default has been changed to deny all requests by default and is documented at https://airflow.apache.org/docs/1.10.11/security.html#api-authentication. Note this change fixes it for new installs but existing users need to change their config to default `[api]auth_backend = airflow.api.auth.backend.deny_all` as mentioned in the Updating Guide: https://github.com/apache/airflow/blob/1.10.11/UPDATING.md#experimental-api-will-deny-all-request-by-default",2020-11-10 16:15:11.807,EPSS/CISA/Metasploit/Nuclei
CVE-2020-13937,5.3,0.97414,"Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 4.0.0-alpha has one restful api which exposed Kylin's configuration information without any authentication, so it is dangerous because some confidential information entries will be disclosed to everyone.",2020-10-19 21:15:12.623,EPSS/Nuclei
CVE-2020-13942,9.8,0.97263,It is possible to inject malicious OGNL or MVEL scripts into the /context.json public endpoint. This was partially fixed in 1.5.1 but a new attack vector was found. In Apache Unomi version 1.5.2 scripts are now completely filtered from the input. It is highly recommended to upgrade to the latest available version of the 1.5.x release to fix this problem.,2020-11-24 18:15:11.910,EPSS/Nuclei
CVE-2020-13945,6.5,0.00895,"In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data. This affects versions 1.2, 1.3, 1.4, 1.5.",2020-12-07 20:15:12.557,Metasploit/Nuclei
CVE-2020-14092,9.8,0.68008,The CodePeople Payment Form for PayPal Pro plugin before 1.1.65 for WordPress allows SQL Injection.,2020-07-02 16:15:11.873,Nuclei
CVE-2020-14144,7.2,0.97294,"The git hook feature in Gitea 1.1.0 through 1.12.5 might allow for authenticated remote code execution in customer environments where the documentation was not understood (e.g., one viewpoint is that the dangerousness of this feature should be documented immediately above the ENABLE_GIT_HOOKS line in the config file). NOTE: The vendor has indicated this is not a vulnerability and states ""This is a functionality of the software that is limited to a very limited subset of accounts. If you give someone the privilege to execute arbitrary code on your server, they can execute arbitrary code on your server. We provide very clear warnings to users around this functionality and what it provides.",2020-10-16 14:15:11.470,EPSS/Metasploit/Nuclei
CVE-2020-14179,5.3,0.00628,"Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. The affected versions are before version 8.5.8, and from version 8.6.0 before 8.11.1.",2020-09-21 01:15:12.973,Nuclei
CVE-2020-14181,5.3,0.96518,"Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the /ViewUserHover.jspa endpoint. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, and from version 8.6.0 before 8.12.0.",2020-09-17 01:15:11.747,EPSS/Metasploit/Nuclei
CVE-2020-14295,7.2,0.35626,A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries.,2020-06-17 14:15:10.617,Metasploit
CVE-2020-14321,8.8,0.13057,"In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, teachers of a course were able to assign themselves the manager role within that course.",2022-08-16 21:15:09.447,Metasploit
CVE-2020-14408,6.1,0.00113,"An issue was discovered in Agentejo Cockpit 0.10.2. Insufficient sanitization of the to parameter in the /auth/login route allows for injection of arbitrary JavaScript code into a web page's content, creating a Reflected XSS attack vector.",2020-06-17 20:15:10.117,Nuclei
CVE-2020-14413,6.1,0.00095,"NeDi 1.9C is vulnerable to XSS because of an incorrect implementation of sanitize() in inc/libmisc.php. This function attempts to escape the SCRIPT tag from user-controllable values, but can be easily bypassed, as demonstrated by an onerror attribute of an IMG element as a Devices-Config.php?sta= value.",2020-06-29 17:15:11.113,Nuclei
CVE-2020-1464,7.8,0.12072,"A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files.
In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded.
The update addresses the vulnerability by correcting how Windows validates file signatures.
",2020-08-17 19:15:14.867,CISA
CVE-2020-1472,5.5,0.46653,"An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network.
To exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access.
Microsoft is addressing the vulnerability in a phased two-part rollout. These updates address the vulnerability by modifying how Netlogon handles the usage of Netlogon secure channels.
For guidelines on how to manage the changes required for this vulnerability and more information on the phased rollout, see  How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 (updated September 28, 2020).
When the second phase of Windows updates become available in Q1 2021, customers will be notified via a revision to this security vulnerability. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications.
",2020-08-17 19:15:15.117,CISA/Metasploit
CVE-2020-14750,9.8,0.97546,"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",2020-11-02 21:15:24.493,EPSS/CISA/Metasploit/Nuclei
CVE-2020-14825,9.8,0.9566,"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",2020-10-21 15:15:21.657,EPSS
CVE-2020-14864,7.5,0.60612,"Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Installation). Supported versions that are affected are 5.5.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",2020-10-21 15:15:24.107,CISA/Nuclei
CVE-2020-14871,10.0,0.32819,"Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. Note: This CVE is not exploitable for Solaris 11.1 and later releases, and ZFSSA 8.7 and later releases, thus the CVSS Base Score is 0.0. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).",2020-10-21 15:15:24.593,CISA/Metasploit
CVE-2020-14882,9.8,0.97472,"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",2020-10-21 15:15:25.407,EPSS/CISA/Metasploit/Nuclei
CVE-2020-14883,7.2,0.97439,"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).",2020-10-21 15:15:25.483,EPSS/CISA/Metasploit/Nuclei
CVE-2020-15050,7.5,0.55214,An issue was discovered in the Video Extension in Suprema BioStar 2 before 2.8.2. Remote attackers can read arbitrary files from the server via Directory Traversal.,2020-07-13 21:15:14.343,Nuclei
CVE-2020-15129,4.7,0.0111,"In Traefik before versions 1.7.26, 2.2.8, and 2.3.0-rc3, there exists a potential open redirect vulnerability in Traefik's handling of the ""X-Forwarded-Prefix"" header. The Traefik API dashboard component doesn't validate that the value of the header ""X-Forwarded-Prefix"" is a site relative path and will redirect to any header provided URI. Successful exploitation of an open redirect can be used to entice victims to disclose sensitive information. Active Exploitation of this issue is unlikely as it would require active header injection, however the Traefik team addressed this issue nonetheless to prevent abuse in e.g. cache poisoning scenarios.",2020-07-30 16:15:11.537,Nuclei
CVE-2020-15148,10.0,0.02717,Yii 2 (yiisoft/yii2) before version 2.0.38 is vulnerable to remote code execution if the application calls `unserialize()` on arbitrary user input. This is fixed in version 2.0.38. A possible workaround without upgrading is available in the linked advisory.,2020-09-15 19:15:12.963,Nuclei
CVE-2020-15227,9.8,0.97004,"Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 are vulnerable to an code injection attack by passing specially formed parameters to URL that may possibly leading to RCE. Nette is a PHP/Composer MVC Framework.",2020-10-01 19:15:12.797,EPSS/Nuclei
CVE-2020-15500,6.1,0.00382,"An issue was discovered in server.js in TileServer GL through 3.0.0. The content of the key GET parameter is reflected unsanitized in an HTTP response for the application's main page, causing reflected XSS.",2020-07-01 23:15:10.333,Nuclei
CVE-2020-15505,9.8,0.9753,"A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0; and Sentry versions 9.7.2 and earlier, and 9.8.0; and Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier that allows remote attackers to execute arbitrary code via unspecified vectors.",2020-07-07 02:15:10.613,EPSS/CISA/Metasploit/Nuclei
CVE-2020-15568,9.8,0.96582,"TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that leads to code injection as root. This is a dynamic class method invocation vulnerability in include/exportUser.php, in which an attacker can trigger a call to the exec method with (for example) OS commands in the opt parameter.",2021-01-30 05:15:12.493,EPSS/Nuclei
CVE-2020-15867,7.2,0.96604,"The git hook feature in Gogs 0.5.5 through 0.12.2 allows for authenticated remote code execution. There can be a privilege escalation if access to this hook feature is granted to a user who does not have administrative privileges. NOTE: because this is mentioned in the documentation but not in the UI, it could be considered a ""Product UI does not Warn User of Unsafe Actions"" issue.",2020-10-16 14:15:11.627,EPSS/Metasploit/Nuclei
CVE-2020-15893,9.8,0.00399,An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover packet.,2020-07-22 19:15:12.553,Metasploit
CVE-2020-15895,6.1,0.00187,"An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. In the file webinc/js/info.php, no output filtration is applied to the RESULT parameter, before it's printed on the webpage.",2020-07-22 19:15:12.833,Nuclei
CVE-2020-15920,9.8,0.9725,There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. No authentication is required.,2020-07-24 01:15:11.940,EPSS/Metasploit/Nuclei
CVE-2020-15999,6.5,0.02551,Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,2020-11-03 03:15:14.853,CISA
CVE-2020-16009,8.8,0.80539,Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,2020-11-03 03:15:15.527,CISA
CVE-2020-16010,8.8,0.00322,Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.,2020-11-03 03:15:15.603,CISA
CVE-2020-16013,8.8,0.00374,Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,2021-01-08 19:15:12.460,CISA
CVE-2020-16017,9.6,0.00229,Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.,2021-01-08 19:15:12.727,CISA
CVE-2020-16040,6.5,0.22134,Insufficient data validation in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,2021-01-08 19:15:14.083,Metasploit
CVE-2020-16137,9.8,0.11655,"A privilege escalation issue in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers to reset the credentials for the SSH administrative console to arbitrary values. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being assigned to better serve our customers and ensure all who are still running this product understand that the product is end of life and should be removed or upgraded. For more information on this, and how to upgrade, refer to the CVE’s reference information",2020-08-12 21:15:12.000,Metasploit
CVE-2020-16138,7.5,0.0709,"A denial-of-service issue in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers to remotely disable the device until it is power cycled. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being assigned to better serve our customers and ensure all who are still running this product understand that the product is end of life and should be removed or upgraded. For more information on this, and how to upgrade, refer to the CVE’s reference information",2020-08-12 21:15:12.063,Metasploit
CVE-2020-16139,7.5,0.07281,"A denial-of-service in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers restart the device remotely through sending specially crafted packets. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being assigned to better serve our customers and ensure all who are still running this product understand that the product is end of life and should be removed or upgraded. For more information on this, and how to upgrade, refer to the CVE’s reference information",2020-08-12 21:15:12.140,Metasploit/Nuclei
CVE-2020-16152,9.8,0.83571,The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine through 10.0r8a allows attackers to execute PHP code as the root user via remote HTTP requests that insert this code into a log file and then traverse to that file.,2021-11-14 21:15:07.680,Metasploit
CVE-2020-16205,7.2,0.19502,"Using a specially crafted URL command, a remote authenticated user can execute commands as root on the G-Cam and G-Code (Firmware Versions 1.12.0.25 and prior as well as the limited Versions 1.12.13.2 and 1.12.14.5).",2020-08-14 14:15:12.487,Metasploit
CVE-2020-1631,9.8,0.00529,"A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP) allows an unauthenticated attacker to perform local file inclusion (LFI) or path traversal. Using this vulnerability, an attacker may be able to inject commands into the httpd.log, read files with 'world' readable permission file or obtain J-Web session tokens. In the case of command injection, as the HTTP service runs as user 'nobody', the impact of this command injection is limited. (CVSS score 5.3, vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) In the case of reading files with 'world' readable permission, in Junos OS 19.3R1 and above, the unauthenticated attacker would be able to read the configuration file. (CVSS score 5.9, vector CVSS:3.1/ AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) If J-Web is enabled, the attacker could gain the same level of access of anyone actively logged into J-Web. If an administrator is logged in, the attacker could gain administrator access to J-Web. (CVSS score 8.8, vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) This issue only affects Juniper Networks Junos OS devices with HTTP/HTTPS services enabled. Junos OS devices with HTTP/HTTPS services disabled are not affected. If HTTP/HTTPS services are enabled, the following command will show the httpd processes: user@device> show system processes | match http 5260 - S 0:00.13 /usr/sbin/httpd-gk -N 5797 - I 0:00.10 /usr/sbin/httpd --config /jail/var/etc/httpd.conf To summarize: If HTTP/HTTPS services are disabled, there is no impact from this vulnerability. If HTTP/HTTPS services are enabled and J-Web is not in use, this vulnerability has a CVSS score of 5.9 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). If J-Web is enabled, this vulnerability has a CVSS score of 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). Juniper SIRT has received a single report of this vulnerability being exploited in the wild. Out of an abundance of caution, we are notifying customers so they can take appropriate actions. Indicators of Compromise: The /var/log/httpd.log may have indicators that commands have injected or files being accessed. The device administrator can look for these indicators by searching for the string patterns ""=*;*&"" or ""*%3b*&"" in /var/log/httpd.log, using the following command: user@device> show log httpd.log | match ""=*;*&|=*%3b*&"" If this command returns any output, it might be an indication of malicious attempts or simply scanning activities. Rotated logs should also be reviewed, using the following command: user@device> show log httpd.log.0.gz | match ""=*;*&|=*%3b*&"" user@device> show log httpd.log.1.gz | match ""=*;*&|=*%3b*&"" Note that a skilled attacker would likely remove these entries from the local log file, thus effectively eliminating any reliable signature that the device had been attacked. This issue affects Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S16; 12.3X48 versions prior to 12.3X48-D101, 12.3X48-D105; 14.1X53 versions prior to 14.1X53-D54; 15.1 versions prior to 15.1R7-S7; 15.1X49 versions prior to 15.1X49-D211, 15.1X49-D220; 16.1 versions prior to 16.1R7-S8; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S4; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R1-S7, 18.4R3-S2 ; 18.4 version 18.4R2 and later versions; 19.1 versions prior to 19.1R1-S5, 19.1R3-S1; 19.1 version 19.1R2 and later versions; 19.2 versions prior to 19.2R2; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S2, 19.4R2; 20.1 versions prior to 20.1R1-S1, 20.1R2.",2020-05-04 10:15:10.890,CISA
CVE-2020-16846,9.8,0.97343,"An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.",2020-11-06 08:15:13.283,EPSS/CISA/Metasploit/Nuclei
CVE-2020-16875,8.4,0.42179,"<p>A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments.</p>
<p>An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. Exploitation of the vulnerability requires an authenticated user in a certain Exchange role to be compromised.</p>
<p>The security update addresses the vulnerability by correcting how Microsoft Exchange handles cmdlet arguments.</p>
",2020-09-11 17:15:17.527,Metasploit
CVE-2020-16952,8.6,0.90937,"<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p>
<p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p>
<p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p>
",2020-10-16 23:15:16.320,Metasploit/Nuclei
CVE-2020-17087,7.8,0.36533,Windows Kernel Local Elevation of Privilege Vulnerability,2020-11-11 07:15:18.997,CISA
CVE-2020-17132,9.1,0.03432,Microsoft Exchange Remote Code Execution Vulnerability,2020-12-10 00:15:15.387,Metasploit
CVE-2020-17136,7.8,0.00102,Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability,2020-12-10 00:15:15.637,Metasploit
CVE-2020-17144,8.4,0.27838,Microsoft Exchange Remote Code Execution Vulnerability,2020-12-10 00:15:16.120,CISA
CVE-2020-17362,6.1,0.00101,search.php in the Nova Lite theme before 1.3.9 for WordPress allows Reflected XSS.,2020-08-12 22:15:12.593,Nuclei
CVE-2020-17453,6.1,0.00845,WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter.,2021-04-05 22:15:12.633,Nuclei
CVE-2020-17456,9.8,0.96253,SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution via the ipAddr parameter to the system_log.cgi page.,2020-08-20 01:17:13.993,EPSS/Nuclei
CVE-2020-17463,9.8,0.93988,"FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items.",2020-08-13 13:15:17.357,CISA/Nuclei
CVE-2020-17496,9.8,0.97444,vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759.,2020-08-12 14:15:13.017,EPSS/CISA/Metasploit/Nuclei
CVE-2020-17505,8.8,0.96098,Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via service_cmds_peform.,2020-08-12 17:15:12.257,EPSS/Metasploit/Nuclei
CVE-2020-17506,9.8,0.95092,Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php.,2020-08-12 17:15:12.383,EPSS/Metasploit/Nuclei
CVE-2020-17518,7.5,0.78878,"Apache Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitrary location on the local file system, through a maliciously modified HTTP HEADER. The files can be written to any location accessible by Flink 1.5.1. All users should upgrade to Flink 1.11.3 or 1.12.0 if their Flink instance(s) are exposed. The issue was fixed in commit a5264a6f41524afe8ceadf1d8ddc8c80f323ebc4 from apache/flink:master.",2021-01-05 12:15:12.367,Nuclei
CVE-2020-17519,7.5,0.97227,A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process. Access is restricted to files accessible by the JobManager process. All users should upgrade to Flink 1.11.3 or 1.12.0 if their Flink instance(s) are exposed. The issue was fixed in commit b561010b0ee741543c3953306037f00d7a9f0801 from apache/flink:master.,2021-01-05 12:15:12.680,EPSS/CISA/Metasploit/Nuclei
CVE-2020-17526,7.7,0.11367,"Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site B through the session from Site A. This does not affect users who have changed the default value for `[webserver] secret_key` config.",2020-12-21 17:15:12.507,Nuclei
CVE-2020-17530,9.8,0.97257,"Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25.",2020-12-11 02:15:10.883,EPSS/CISA/Metasploit/Nuclei
CVE-2020-18268,6.1,0.00147,"Open Redirect in Z-BlogPHP v1.5.2 and earlier allows remote attackers to obtain sensitive information via the ""redirect"" parameter in the component ""zb_system/cmd.php.""",2021-06-07 19:15:07.553,Nuclei
CVE-2020-19282,6.1,0.00143,A reflected cross-site scripting (XSS) vulnerability in Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the system error message's text field.,2021-09-09 23:15:09.143,Nuclei
CVE-2020-19283,6.1,0.00143,A reflected cross-site scripting (XSS) vulnerability in the /newVersion component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML.,2021-09-09 23:15:09.203,Nuclei
CVE-2020-19295,6.1,0.00123,A reflected cross-site scripting (XSS) vulnerability in the /weibo/topic component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML.,2021-09-09 23:15:10.083,Nuclei
CVE-2020-19360,7.5,0.04872,"Local file inclusion in FHEM 6.0 allows in fhem/FileLog_logWrapper file parameter can allow an attacker to include a file, which can lead to sensitive information disclosure.",2021-01-20 01:15:13.207,Nuclei
CVE-2020-1938,9.8,0.97384,"When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations.",2020-02-24 22:15:12.057,EPSS/CISA/Metasploit/Nuclei
CVE-2020-1943,6.1,0.5358,"Data sent with contentId to /control/stream is not sanitized, allowing XSS attacks in Apache OFBiz 16.11.01 to 16.11.07.",2020-04-01 19:15:14.563,Nuclei
CVE-2020-19515,6.1,0.00113,qdPM V9.1 is vulnerable to Cross Site Scripting (XSS) via qdPM\install\modules\database_config.php.,2021-09-09 15:15:08.587,Nuclei
CVE-2020-1956,8.8,0.97425,"Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation.",2020-05-22 14:15:11.840,EPSS/CISA/Nuclei
CVE-2020-19625,9.8,0.80386,"Remote Code Execution Vulnerability in tests/support/stores/test_grid_filter.php in oria gridx 1.3, allows remote attackers to execute arbitrary code, via crafted value to the $query parameter.",2021-03-26 15:15:12.130,Nuclei
CVE-2020-2021,10.0,0.00451,"When Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled (unchecked), improper verification of signatures in PAN-OS SAML authentication enables an unauthenticated network-based attacker to access protected resources. The attacker must have network access to the vulnerable server to exploit this vulnerability. This issue affects PAN-OS 9.1 versions earlier than PAN-OS 9.1.3; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9; PAN-OS 8.1 versions earlier than PAN-OS 8.1.15, and all versions of PAN-OS 8.0 (EOL). This issue does not affect PAN-OS 7.1. This issue cannot be exploited if SAML is not used for authentication. This issue cannot be exploited if the 'Validate Identity Provider Certificate' option is enabled (checked) in the SAML Identity Provider Server Profile. Resources that can be protected by SAML-based single sign-on (SSO) authentication are: GlobalProtect Gateway, GlobalProtect Portal, GlobalProtect Clientless VPN, Authentication and Captive Portal, PAN-OS next-generation firewalls (PA-Series, VM-Series) and Panorama web interfaces, Prisma Access In the case of GlobalProtect Gateways, GlobalProtect Portal, Clientless VPN, Captive Portal, and Prisma Access, an unauthenticated attacker with network access to the affected servers can gain access to protected resources if allowed by configured authentication and Security policies. There is no impact on the integrity and availability of the gateway, portal or VPN server. An attacker cannot inspect or tamper with sessions of regular users. In the worst case, this is a critical severity vulnerability with a CVSS Base Score of 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N). In the case of PAN-OS and Panorama web interfaces, this issue allows an unauthenticated attacker with network access to the PAN-OS or Panorama web interfaces to log in as an administrator and perform administrative actions. In the worst-case scenario, this is a critical severity vulnerability with a CVSS Base Score of 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). If the web interfaces are only accessible to a restricted management network, then the issue is lowered to a CVSS Base Score of 9.6 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). Palo Alto Networks is not aware of any malicious attempts to exploit this vulnerability.",2020-06-29 15:15:12.733,CISA
CVE-2020-20285,5.4,0.00182,There is a XSS in the user login page in zzcms 2019. Users can inject js code by the referer header via user/login.php,2020-12-18 19:15:14.157,Nuclei
CVE-2020-20300,9.8,0.17677,SQL injection vulnerability in the wp_where function in WeiPHP 5.0.,2020-12-18 19:15:14.297,Nuclei
CVE-2020-2036,8.8,0.03113,A reflected cross-site scripting (XSS) vulnerability exists in the PAN-OS management web interface. A remote attacker able to convince an administrator with an active authenticated session on the firewall management interface to click on a crafted link to that management web interface could potentially execute arbitrary JavaScript code in the administrator's browser and perform administrative actions. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9.,2020-09-09 17:15:25.587,Nuclei
CVE-2020-2038,7.2,0.91099,An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts: PAN-OS 9.0 versions earlier than 9.0.10; PAN-OS 9.1 versions earlier than 9.1.4; PAN-OS 10.0 versions earlier than 10.0.1.,2020-09-09 17:15:25.760,Metasploit
CVE-2020-2096,6.1,0.96965,"Jenkins Gitlab Hook Plugin 1.4.2 and earlier does not escape project names in the build_now endpoint, resulting in a reflected XSS vulnerability.",2020-01-15 16:15:14.853,EPSS/Nuclei
CVE-2020-20982,9.6,0.02096,"Cross Site Scripting (XSS) vulnerability in shadoweb wdja v1.5.1, allows attackers to execute arbitrary code and gain escalated privileges, via the backurl parameter to /php/passport/index.php.",2021-11-03 17:15:07.977,Nuclei
CVE-2020-20988,5.4,0.0009,"A cross site scripting (XSS) vulnerability in the /domains/cost-by-owner.php component of Domainmod 4.13 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the ""or Expiring Between"" parameter.",2021-08-12 22:15:07.480,Nuclei
CVE-2020-21012,9.8,0.06596,"Sourcecodester Hotel and Lodge Management System 2.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the email parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details.",2021-10-01 19:15:06.820,Nuclei
CVE-2020-2103,5.4,0.00527,"Jenkins 2.218 and earlier, LTS 2.204.1 and earlier exposed session identifiers on a user's detail object in the whoAmI diagnostic page.",2020-01-29 16:15:12.380,Nuclei
CVE-2020-21224,9.8,0.05094,A Remote Code Execution vulnerability has been found in Inspur ClusterEngine V4.0. A remote attacker can send a malicious login packet to the control server,2021-02-22 15:15:12.240,Nuclei
CVE-2020-2140,6.1,0.00181,"Jenkins Audit Trail Plugin 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability.",2020-03-09 16:15:13.157,Nuclei
CVE-2020-22208,9.8,0.1772,SQL Injection in 74cms 3.2.0 via the x parameter to plus/ajax_street.php.,2021-06-16 18:15:07.770,Nuclei
CVE-2020-22209,9.8,0.1772,SQL Injection in 74cms 3.2.0 via the query parameter to plus/ajax_common.php.,2021-06-16 18:15:07.800,Nuclei
CVE-2020-22210,9.8,0.1772,SQL Injection in 74cms 3.2.0 via the x parameter to ajax_officebuilding.php.,2021-06-16 18:15:07.830,Nuclei
CVE-2020-22211,9.8,0.1772,SQL Injection in 74cms 3.2.0 via the key parameter to plus/ajax_street.php.,2021-06-16 18:15:07.860,Nuclei
CVE-2020-22840,6.1,0.00955,Open redirect vulnerability in b2evolution CMS version prior to 6.11.6 allows an attacker to perform malicious open redirects to an attacker controlled resource via redirect_to parameter in email_passthrough.php.,2021-02-09 14:15:14.903,Nuclei
CVE-2020-23015,6.1,0.00179,"An open redirect issue was discovered in OPNsense through 20.1.5. The redirect parameter ""url"" in login page was not filtered and can redirect user to any website.",2021-05-03 22:15:08.533,Nuclei
CVE-2020-23517,6.1,0.00135,"Cross Site Scripting (XSS) vulnerability in Aryanic HighMail (High CMS) versions 2020 and before allows remote attackers to inject arbitrary web script or HTML, via 'user' to LoginForm.",2021-03-26 03:16:40.053,Nuclei
CVE-2020-23575,7.5,0.01818,A directory traversal vulnerability exists in Kyocera Printer d-COPIA253MF plus. Successful exploitation of this vulnerability could allow an attacker to retrieve or view arbitrary files from the affected server.,2021-05-10 23:15:07.350,Nuclei
CVE-2020-23697,5.4,0.0009,Cross Site Scripting vulnerabilty in Monstra CMS 3.0.4 via the page feature in admin/index.php.,2021-07-06 21:15:07.930,Nuclei
CVE-2020-23972,7.5,0.59528,"In Joomla Component GMapFP Version J3.5 and J3.5free, an attacker can access the upload function without authenticating to the application and can also upload files which due to issues of unrestricted file uploads which can be bypassed by changing the content-type and name file too double extensions.",2020-08-27 14:15:09.837,Nuclei
CVE-2020-24148,9.1,0.1917,Server-side request forgery (SSRF) in the Import XML and RSS Feeds (import-xml-feed) plugin 2.0.1 for WordPress via the data parameter in a moove_read_xml action.,2021-07-07 14:15:09.853,Nuclei
CVE-2020-24186,10.0,0.97491,"A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX action.",2020-08-24 14:15:12.143,EPSS/Metasploit/Nuclei
CVE-2020-24223,6.1,0.01247,Mara CMS 7.5 allows cross-site scripting (XSS) in contact.php via the theme or pagetheme parameters.,2020-08-30 18:15:10.753,Nuclei
CVE-2020-24312,7.5,0.01622,"mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to the fm_backups directory with a .htaccess file. This results in the ability for unauthenticated users to browse and download any site backups, which sometimes include full database backups, that the plugin has taken.",2020-08-26 13:15:10.860,Nuclei
CVE-2020-24391,9.8,0.54233,mongo-express before 1.0.0 offers support for certain advanced syntax but implements this in an unsafe way. NOTE: this may overlap CVE-2019-10769.,2021-03-30 21:15:13.890,Nuclei
CVE-2020-24550,6.1,0.00144,"An Open Redirect vulnerability in EpiServer Find before 13.2.7 allows an attacker to redirect users to untrusted websites via the _t_redirect parameter in a crafted URL, such as a /find_v2/_click URL.",2021-03-31 22:15:14.307,Nuclei
CVE-2020-24557,7.8,0.00062,"A vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 on Microsoft Windows may allow an attacker to manipulate a particular product folder to disable the security temporarily, abuse a specific Windows function and attain privilege escalation. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected.",2020-09-01 19:15:11.870,CISA
CVE-2020-24571,7.5,0.09103,NexusQA NexusDB before 4.50.23 allows the reading of files via ../ directory traversal.,2020-08-21 04:15:10.693,Nuclei
CVE-2020-24579,8.8,0.04702,An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. An unauthenticated attacker could bypass authentication to access authenticated pages and functionality.,2020-12-22 19:15:13.253,Nuclei
CVE-2020-24589,9.1,0.64778,The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML External Entity injection (XXE) attacks.,2020-08-21 20:15:10.967,Nuclei
CVE-2020-24701,6.1,0.00816,OX App Suite through 7.10.4 allows XSS via the app loading mechanism (the PATH_INFO to the /appsuite URI).,2021-01-12 08:15:13.463,Nuclei
CVE-2020-24902,6.1,0.00195,"Quixplorer <=2.4.1 is vulnerable to reflected cross-site scripting (XSS) caused by improper validation of user supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.",2021-01-07 13:15:11.420,Nuclei
CVE-2020-24903,6.1,0.00269,"Cute Editor for ASP.NET 6.4 is vulnerable to reflected cross-site scripting (XSS) caused by improper validation of user supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.",2021-01-07 13:15:11.513,Nuclei
CVE-2020-24912,6.1,0.00346,A reflected cross-site scripting (XSS) vulnerability in qcubed (all versions including 3.1.1) in profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of authenticated users.,2021-03-04 13:15:14.957,Nuclei
CVE-2020-24949,8.8,0.93902,Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user (not admin) to send a crafted request to the server and perform remote command execution (RCE).,2020-09-03 14:15:10.713,Nuclei
CVE-2020-25042,7.2,0.68902,"An arbitrary file upload issue exists in Mara CMS 7.5. In order to exploit this, an attacker must have a valid authenticated (admin/manager) session and make a codebase/dir.php?type=filenew request to upload PHP code to codebase/handler.php.",2020-09-03 15:15:11.677,Metasploit
CVE-2020-2506,9.8,0.00732,"The vulnerability have been reported to affect earlier versions of QTS. If exploited, this improper access control vulnerability could allow attackers to compromise the security of the software by gaining privileges, or reading sensitive information. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3.",2021-02-03 16:15:13.807,CISA
CVE-2020-25078,7.5,0.82526,An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticated /config/getuser endpoint allows for remote administrator password disclosure.,2020-09-02 16:15:12.627,Nuclei
CVE-2020-2509,9.8,0.00246,"A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 Build 20210202 and later QTS 4.5.1.1495 Build 20201123 and later QTS 4.3.6.1620 Build 20210322 and later QTS 4.3.4.1632 Build 20210324 and later QTS 4.3.3.1624 Build 20210416 and later QTS 4.2.6 Build 20210327 and later QuTS hero h4.5.1.1491 build 20201119 and later",2021-04-17 04:15:11.327,CISA
CVE-2020-25213,9.8,0.97393,"The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to run the elFinder upload (or mkfile and put) command to write PHP code into the wp-content/plugins/wp-file-manager/lib/files/ directory. This was exploited in the wild in August and September 2020.",2020-09-09 16:15:12.127,EPSS/CISA/Metasploit/Nuclei
CVE-2020-25223,9.8,0.97521,"A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11",2020-09-25 04:23:04.857,EPSS/CISA/Metasploit/Nuclei
CVE-2020-25495,6.1,0.0025,A reflected Cross-site scripting (XSS) vulnerability in Xinuo (formerly SCO) Openserver version 5 and 6 allows remote attackers to inject arbitrary web script or HTML tag via the parameter 'section'.,2020-12-18 15:15:12.453,Nuclei
CVE-2020-25506,9.8,0.97403,"D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the system_mgr.cgi component, which can lead to remote arbitrary code execution.",2021-02-02 13:15:12.570,EPSS/CISA/Nuclei
CVE-2020-2551,9.8,0.97537,"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",2020-01-15 17:15:17.190,EPSS/CISA/Nuclei
CVE-2020-25540,7.5,0.96063,ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on a remote server via GET request encode parameter.,2020-09-14 13:15:10.220,EPSS/Nuclei
CVE-2020-2555,9.8,0.96748,"Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",2020-01-15 17:15:17.347,EPSS/CISA/Metasploit
CVE-2020-25592,9.8,0.40421,"In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH.",2020-11-06 08:15:13.503,Metasploit
CVE-2020-25736,7.8,0.00053,Acronis True Image 2019 update 1 through 2021 update 1 on macOS allows local privilege escalation due to an insecure XPC service configuration.,2021-07-15 15:15:08.270,Metasploit
CVE-2020-25780,7.5,0.0562,"In CommCell in Commvault before 14.68, 15.x before 15.58, 16.x before 16.44, 17.x before 17.29, and 18.x before 18.13, Directory Traversal can occur such that an attempt to view a log file can instead view a file outside of the log-files folder.",2020-10-29 17:15:12.840,Nuclei
CVE-2020-25864,6.1,0.00324,"HashiCorp Consul and Consul Enterprise up to version 1.9.4 key-value (KV) raw mode was vulnerable to cross-site scripting. Fixed in 1.9.5, 1.8.10 and 1.7.14.",2021-04-20 16:15:10.193,Nuclei
CVE-2020-26124,8.8,0.6583,"openmediavault before 4.1.36 and 5.x before 5.5.12 allows authenticated PHP code injection attacks, via the sortfield POST parameter of rpc.php, because json_encode_safe is not used in config/databasebackend.inc. Successful exploitation allows arbitrary command execution on the underlying operating system as root.",2020-10-02 09:15:13.900,Metasploit
CVE-2020-26153,6.1,0.00141,A cross-site scripting (XSS) vulnerability in wp-content/plugins/event-espresso-core-reg/admin_pages/messages/templates/ee_msg_admin_overview.template.php in the Event Espresso Core plugin before 4.10.7.p for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.,2021-07-13 11:15:08.843,Nuclei
CVE-2020-26214,9.8,0.01324,"In Alerta before version 8.1.0, users may be able to bypass LDAP authentication if they provide an empty password when Alerta server is configure to use LDAP as the authorization provider. Only deployments where LDAP servers are configured to allow unauthenticated authentication mechanism for anonymous authorization are affected. A fix has been implemented in version 8.1.0 that returns HTTP 401 Unauthorized response for any authentication attempts where the password field is empty. As a workaround LDAP administrators can disallow unauthenticated bind requests by clients.",2020-11-06 18:15:12.437,Nuclei
CVE-2020-26217,8.8,0.97384,XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14.,2020-11-16 21:15:12.893,EPSS/Nuclei
CVE-2020-26248,8.2,0.01888,"In the PrestaShop module ""productcomments"" before version 4.2.1, an attacker can use a Blind SQL injection to retrieve data or stop the MySQL service. The problem is fixed in 4.2.1 of the module.",2020-12-03 21:15:11.227,Nuclei
CVE-2020-26258,7.7,0.90088,"XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.15. The reported vulnerability does not exist if running Java 15 or higher. No user is affected who followed the recommendation to setup XStream's Security Framework with a whitelist! Anyone relying on XStream's default blacklist can immediately switch to a whilelist for the allowed types to avoid the vulnerability. Users of XStream 1.4.14 or below who still want to use XStream default blacklist can use a workaround described in more detailed in the referenced advisories.",2020-12-16 01:15:12.333,Nuclei
CVE-2020-26413,5.3,0.78637,An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Information disclosure via GraphQL results in user email being unexpectedly visible.,2020-12-11 04:15:11.547,Nuclei
CVE-2020-26876,7.5,0.08867,"The wp-courses plugin through 2.0.27 for WordPress allows remote attackers to bypass the intended payment step (for course videos and materials) by using the /wp-json REST API, as exploited in the wild in September 2020. This occurs because show_in_rest is enabled for custom post types (e.g., /wp-json/wp/v2/course and /wp-json/wp/v2/lesson exist).",2020-10-07 17:15:15.863,Nuclei
CVE-2020-26919,9.8,0.97211,NETGEAR JGS516PE devices before 2.6.0.43 are affected by lack of access control at the function level.,2020-10-09 07:15:17.607,EPSS/CISA/Nuclei
CVE-2020-26948,9.8,0.1449,Emby Server before 4.5.0 allows SSRF via the Items/RemoteSearch/Image ImageURL parameter.,2020-10-10 21:15:12.017,Nuclei
CVE-2020-26950,8.8,0.92391,"In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This vulnerability affects Firefox < 82.0.3, Firefox ESR < 78.4.1, and Thunderbird < 78.4.2.",2020-12-09 01:15:12.503,Metasploit
CVE-2020-27191,7.5,0.02958,"LionWiki before 3.2.12 allows an unauthenticated user to read files as the web server user via crafted string in the index.php f1 variable, aka Local File Inclusion. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.",2020-11-16 16:15:14.837,Nuclei
CVE-2020-2733,9.8,0.19944,"Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Monitoring and Diagnostics). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Tools. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",2020-04-15 14:15:22.843,Nuclei
CVE-2020-27361,7.5,0.01806,An issue exists within Akkadian Provisioning Manager 4.50.02 which allows attackers to view sensitive information within the /pme subdirectories.,2021-07-01 16:15:08.560,Nuclei
CVE-2020-27386,8.8,0.24254,"An unrestricted file upload issue in FlexDotnetCMS before v1.5.9 allows an authenticated remote attacker to upload and execute arbitrary files by using the FileManager to upload malicious code (e.g., ASP code) in the form of a safe file type (e.g., a TXT file), and then using the FileEditor (in v1.5.8 and prior) or the FileManager's rename function (in v1.5.7 and prior) to rename the file to an executable extension (e.g., ASP), and finally executing the file via an HTTP GET request to /<path_to_file>.",2020-11-12 19:15:15.207,Metasploit
CVE-2020-27387,8.8,0.08325,"An unrestricted file upload issue in HorizontCMS through 1.0.0-beta allows an authenticated remote attacker (with access to the FileManager) to upload and execute arbitrary PHP code by uploading a PHP payload, and then using the FileManager's rename function to provide the payload (which will receive a random name on the server) with the PHP extension, and finally executing the PHP file via an HTTP GET request to /storage/<php_file_name>. NOTE: the vendor has patched this while leaving the version number at 1.0.0-beta.",2020-11-05 02:15:12.067,Metasploit
CVE-2020-27467,7.5,0.00856,A Directory Traversal vulnerability exits in Processwire CMS before 2.7.1 via the download parameter to index.php.,2022-02-24 15:15:21.430,Nuclei
CVE-2020-27481,9.8,0.11692,"An unauthenticated SQL Injection vulnerability in Good Layers LMS Plugin <= 2.1.4 exists due to the usage of ""wp_ajax_nopriv"" call in WordPress, which allows any unauthenticated user to get access to the function ""gdlr_lms_cancel_booking"" where POST Parameter ""id"" was sent straight into SQL query without sanitization.",2020-11-12 14:15:23.080,Nuclei
CVE-2020-27615,9.8,0.00612,"The Loginizer plugin before 1.6.4 for WordPress allows SQL injection (with resultant XSS), related to loginizer_login_failed and lz_valid_ip.",2020-10-21 21:15:13.113,Metasploit
CVE-2020-27735,6.1,0.00228,"An XSS issue was discovered in Wing FTP 6.4.4. An arbitrary IFRAME element can be included in the help pages via a crafted link, leading to the execution of (sandboxed) arbitrary HTML and JavaScript in the user's browser.",2021-01-26 18:15:46.457,Nuclei
CVE-2020-27838,6.5,0.11662,A flaw was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threat from this vulnerability is to data confidentiality.,2021-03-08 22:15:13.423,Nuclei
CVE-2020-27866,8.8,0.0045,"This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-11355.",2021-02-12 00:15:12.877,Nuclei
CVE-2020-27930,7.8,0.00192,"A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. Processing a maliciously crafted font may lead to arbitrary code execution.",2020-12-08 21:15:13.827,CISA
CVE-2020-27932,7.8,0.00192,"A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. A malicious application may be able to execute arbitrary code with kernel privileges.",2020-12-08 21:15:13.903,CISA
CVE-2020-27950,5.5,0.00778,"A memory initialization issue was addressed. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. A malicious application may be able to disclose kernel memory.",2020-12-08 21:15:13.967,CISA
CVE-2020-27955,9.8,0.95126,Git LFS 2.12.0 allows Remote Code Execution.,2020-11-05 15:15:36.877,EPSS/Metasploit
CVE-2020-27982,6.1,0.00252,IceWarp 11.4.5.0 allows XSS via the language parameter.,2020-11-02 21:15:29.960,Nuclei
CVE-2020-27986,7.5,0.3688,"SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI. NOTE: reportedly, the vendor's position for SMTP and SVN is ""it is the administrator's responsibility to configure it.",2020-10-28 23:15:12.410,Nuclei
CVE-2020-28185,5.3,0.00659,User Enumeration vulnerability in TerraMaster TOS <= 4.2.06 allows remote unauthenticated attackers to identify valid users within the system via the username parameter to wizard/initialise.php.,2020-12-24 15:15:13.170,Nuclei
CVE-2020-28188,9.8,0.97298,Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= 4.2.06 allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php in Event parameter.,2020-12-24 15:15:13.343,EPSS/Metasploit/Nuclei
CVE-2020-28208,5.3,0.01197,An email address enumeration vulnerability exists in the password reset function of Rocket.Chat through 3.9.1.,2021-01-08 18:15:13.450,Nuclei
CVE-2020-28328,8.8,0.07812,"SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled .php file under the web root.",2020-11-06 19:15:14.143,Metasploit
CVE-2020-28347,9.8,0.04891,tdpServer on TP-Link Archer A7 AC1750 devices before 201029 allows remote attackers to execute arbitrary code via the slave_mac parameter. NOTE: this issue exists because of an incomplete fix for CVE-2020-10882 in which shell quotes are mishandled.,2020-11-08 20:15:11.793,Metasploit
CVE-2020-28351,6.1,0.00359,The conferencing component on Mitel ShoreTel 19.46.1802.0 devices could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack (via the PATH_INFO to index.php) due to insufficient validation for the time_zone object in the HOME_MEETING& page.,2020-11-09 04:15:12.207,Nuclei
CVE-2020-28653,9.8,0.63712,Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet.,2021-02-03 16:15:13.557,Metasploit
CVE-2020-2883,9.8,0.97476,"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",2020-04-15 14:15:33.513,EPSS/Metasploit
CVE-2020-28871,9.8,0.96831,Remote code execution in Monitorr v1.7.6m in upload.php allows an unauthorized person to execute arbitrary code on the server-side via an insecure file upload.,2021-02-10 01:15:14.627,EPSS/Metasploit/Nuclei
CVE-2020-28949,7.8,0.96124,"Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.",2020-11-19 19:15:11.937,EPSS/CISA/Metasploit
CVE-2020-28976,5.3,0.00616,The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/detail.php?subdomain=SSRF.,2020-11-30 14:15:11.160,Nuclei
CVE-2020-29164,6.1,0.00205,PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by cross-site scripting (XSS).,2021-02-03 13:15:13.107,Nuclei
CVE-2020-29227,9.8,0.01244,"An issue was discovered in Car Rental Management System 1.0. An unauthenticated user can perform a file inclusion attack against the /index.php file with a partial filename in the ""page"" parameter, to cause local file inclusion resulting in code execution.",2020-12-14 14:15:10.713,Nuclei
CVE-2020-29284,9.8,0.14147,The file view-chair-list.php in Multi Restaurant Table Reservation System 1.0 does not perform input validation on the table_id parameter which allows unauthenticated SQL Injection. An attacker can send malicious input in the GET request to /dashboard/view-chair-list.php?table_id= to trigger the vulnerability.,2020-12-02 22:15:10.617,Nuclei
CVE-2020-29390,9.8,0.95623,Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that could allow an unauthenticated attacker to execute a system command by using shell metacharacters and the %0a character.,2020-11-30 18:15:11.610,EPSS
CVE-2020-29395,6.1,0.03946,The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field.,2020-11-30 20:15:11.807,Nuclei
CVE-2020-29453,5.3,0.02478,"The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center before version 8.5.11, from 8.6.0 before 8.13.3, and from 8.14.0 before 8.15.0 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.",2021-02-22 21:15:19.553,Nuclei
CVE-2020-29557,9.8,0.0633,An issue was discovered on D-Link DIR-825 R1 devices through 3.0.1 before 2020-11-20. A buffer overflow in the web interface allows attackers to achieve pre-authentication remote code execution.,2021-01-29 20:15:12.933,CISA
CVE-2020-29583,9.8,0.96229,Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges.,2020-12-22 22:15:14.443,EPSS/CISA/Nuclei
CVE-2020-29597,9.8,0.88277,IncomCMS 2.0 has a modules/uploader/showcase/script.php insecure file upload vulnerability. This vulnerability allows unauthenticated attackers to upload files into the server.,2020-12-07 20:15:12.697,Nuclei
CVE-2020-3118,8.8,0.00219,"A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability is due to improper validation of string input from certain fields in Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).",2020-02-05 18:15:10.907,CISA
CVE-2020-3153,6.5,0.00083,"A vulnerability in the installer component of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local attacker to copy user-supplied files to system level directories with system level privileges. The vulnerability is due to the incorrect handling of directory paths. An attacker could exploit this vulnerability by creating a malicious file and copying the file to a system directory. An exploit could allow the attacker to copy malicious files to arbitrary locations with system level privileges. This could include DLL pre-loading, DLL hijacking, and other related attacks. To exploit this vulnerability, the attacker needs valid credentials on the Windows system.",2020-02-19 20:15:15.113,CISA/Metasploit
CVE-2020-3161,9.8,0.0219,"A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition.",2020-04-15 20:15:15.097,CISA
CVE-2020-3187,9.1,0.97297,"A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and obtain read and delete access to sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of the HTTP URL. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences. An exploit could allow the attacker to view or delete arbitrary files on the targeted system. When the device is reloaded after exploitation of this vulnerability, any files that were deleted are restored. The attacker can only view and delete files within the web services file system. This file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability can not be used to obtain access to ASA or FTD system files or underlying operating system (OS) files. Reloading the affected device will restore all files within the web services file system.",2020-05-06 17:15:12.087,EPSS/Nuclei
CVE-2020-3243,9.8,0.96756,"Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",2020-04-15 21:15:35.527,EPSS/Metasploit
CVE-2020-3250,9.8,0.96756,"Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",2020-04-15 21:15:35.777,EPSS/Metasploit
CVE-2020-3259,7.5,0.02709,"A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve memory contents on an affected device, which could lead to the disclosure of confidential information. The vulnerability is due to a buffer tracking issue when the software parses invalid URLs that are requested from the web services interface. An attacker could exploit this vulnerability by sending a crafted GET request to the web services interface. A successful exploit could allow the attacker to retrieve memory contents, which could lead to the disclosure of confidential information. Note: This vulnerability affects only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section.",2020-05-06 17:15:12.777,CISA
CVE-2020-3433,7.8,0.00077,"A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system.",2020-08-17 18:15:12.947,CISA/Metasploit
CVE-2020-3452,7.5,0.97435,"A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of URLs in HTTP requests processed by an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device. The web services file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability cannot be used to obtain access to ASA or FTD system files or underlying operating system (OS) files.",2020-07-22 20:15:11.970,EPSS/CISA/Nuclei
CVE-2020-35234,7.5,0.36584,"The easy-wp-smtp plugin before 1.4.4 for WordPress allows Administrator account takeover, as exploited in the wild in December 2020. If an attacker can list the wp-content/plugins/easy-wp-smtp/ directory, then they can discover a log file (such as #############_debug_log.txt) that contains all password-reset links. The attacker can request a reset of the Administrator password and then use a link found there.",2020-12-14 03:15:13.247,Metasploit/Nuclei
CVE-2020-35338,9.8,0.2493,"The Web Administrative Interface in Mobile Viewpoint Wireless Multiplex Terminal (WMT) Playout Server 20.2.8 and earlier has a default account with a password of ""pokon.""",2020-12-14 18:15:13.777,Nuclei
CVE-2020-35476,9.8,0.96214,A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory. This file is then executed via the mygnuplot.sh shell script. (tsd/GraphHandler.java attempted to prevent command injections by blocking backticks but this is insufficient.),2020-12-16 08:15:13.560,EPSS/Metasploit/Nuclei
CVE-2020-35489,10.0,0.81728,The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters.,2020-12-17 19:15:14.353,Nuclei
CVE-2020-35580,7.5,0.01833,"A local file inclusion vulnerability in the FileServlet in all SearchBlox before 9.2.2 allows remote, unauthenticated users to read arbitrary files from the operating system via a /searchblox/servlet/FileServlet?col=url= request. Additionally, this may be used to read the contents of the SearchBlox configuration file (e.g., searchblox/WEB-INF/config.xml), which contains both the Super Admin's API key and the base64 encoded SHA1 password hashes of other SearchBlox users.",2021-05-20 16:15:07.893,Nuclei
CVE-2020-35598,7.5,0.15793,ACS Advanced Comment System 1.0 is affected by Directory Traversal via an advanced_component_system/index.php?ACS_path=..%2f URI. NOTE: this might be the same as CVE-2009-4623,2020-12-23 19:15:13.507,Nuclei
CVE-2020-3566,7.5,0.00326,"A vulnerability in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust process memory of an affected device. The vulnerability is due to insufficient queue management for Internet Group Management Protocol (IGMP) packets. An attacker could exploit this vulnerability by sending crafted IGMP traffic to an affected device. A successful exploit could allow the attacker to cause memory exhaustion, resulting in instability of other processes. These processes may include, but are not limited to, interior and exterior routing protocols. Cisco will release software updates that address this vulnerability.",2020-08-29 16:15:09.797,CISA
CVE-2020-35665,9.8,0.90585,An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation.,2020-12-23 20:15:12.880,Metasploit
CVE-2020-3569,7.5,0.00326,"Multiple vulnerabilities in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to either immediately crash the Internet Group Management Protocol (IGMP) process or make it consume available memory and eventually crash. The memory consumption may negatively impact other processes that are running on the device. These vulnerabilities are due to the incorrect handling of IGMP packets. An attacker could exploit these vulnerabilities by sending crafted IGMP traffic to an affected device. A successful exploit could allow the attacker to immediately crash the IGMP process or cause memory exhaustion, resulting in other processes becoming unstable. These processes may include, but are not limited to, interior and exterior routing protocols. Cisco will release software updates that address these vulnerabilities.",2020-09-23 01:15:15.503,CISA
CVE-2020-35713,9.8,0.96521,Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell metacharacters to the goform/setSysAdm page.,2020-12-26 01:15:12.260,EPSS/Nuclei
CVE-2020-35729,9.8,0.95235,KLog Server 2.4.1 allows OS command injection via shell metacharacters in the actions/authenticate.php user parameter.,2020-12-27 05:15:11.683,EPSS/Metasploit/Nuclei
CVE-2020-35730,6.1,0.00533,"An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain text e-mail message, with JavaScript in a link reference element that is mishandled by linkref_addindex in rcube_string_replacer.php.",2020-12-28 20:15:13.150,CISA
CVE-2020-35736,7.5,0.01699,GateOne 1.1 allows arbitrary file download without authentication via /downloads/.. directory traversal because os.path.join is misused.,2020-12-27 20:15:12.400,Nuclei
CVE-2020-35749,7.7,0.04646,Directory traversal vulnerability in class-simple_job_board_resume_download_handler.php in the Simple Board Job plugin 2.9.3 and earlier for WordPress allows remote attackers to read arbitrary files via the sjb_file parameter to wp-admin/post.php.,2021-01-15 17:15:13.070,Nuclei
CVE-2020-35774,5.4,0.97204,"server/handler/HistogramQueryHandler.scala in Twitter TwitterServer (aka twitter-server) before 20.12.0, in some configurations, allows XSS via the /histograms endpoint.",2020-12-29 18:15:13.057,EPSS/Nuclei
CVE-2020-3580,6.1,0.97074,"Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information. Note: These vulnerabilities affect only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section.",2020-10-21 19:15:18.607,EPSS/CISA/Nuclei
CVE-2020-35846,9.8,0.85876,Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function.,2020-12-30 01:15:12.497,Metasploit/Nuclei
CVE-2020-35847,9.8,0.79895,Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function.,2020-12-30 01:15:12.543,Metasploit/Nuclei
CVE-2020-35848,9.8,0.81795,Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function.,2020-12-30 01:15:12.607,Nuclei
CVE-2020-35951,9.9,0.00174,"An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It allows users to delete arbitrary files such as wp-config.php file, which could effectively take a site offline and allow an attacker to reinstall with a WordPress instance under their control. This occurred via qsm_remove_file_fd_question, which allowed unauthenticated deletions (even though it was only intended for a person to delete their own quiz-answer files).",2021-01-01 04:15:13.667,Nuclei
CVE-2020-35984,5.4,0.00127,A stored cross site scripting (XSS) vulnerability in the 'Users Alerts' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' parameter.,2021-07-09 22:15:08.180,Nuclei
CVE-2020-35985,5.4,0.00127,"A stored cross site scripting (XSS) vulnerability in the 'Global Lists"" feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter.",2021-07-09 22:15:08.213,Nuclei
CVE-2020-35986,5.4,0.00127,A stored cross site scripting (XSS) vulnerability in the 'Users Access Groups' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter.,2021-07-09 22:15:08.250,Nuclei
CVE-2020-35987,5.4,0.00127,A stored cross site scripting (XSS) vulnerability in the 'Entities List' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter.,2021-07-09 22:15:08.283,Nuclei
CVE-2020-36112,9.8,0.40486,"CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in bookPerPub.php and in cart.php. A successful exploitation of this vulnerability will lead to an attacker dumping the entire database on which the web application is running.",2021-01-04 15:15:16.043,Nuclei
CVE-2020-36193,7.5,0.92368,"Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.",2021-01-18 20:15:12.667,CISA
CVE-2020-36289,5.3,0.96971,"Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version 8.14.0 before 8.15.1.",2021-05-12 04:15:07.267,EPSS/Nuclei
CVE-2020-36365,6.1,0.00259,"Smartstore (aka SmartStoreNET) before 4.1.0 allows CommonController.ClearCache, ClearDatabaseCache, RestartApplication, and ScheduleTaskController.Edit open redirect.",2021-05-19 19:15:08.307,Nuclei
CVE-2020-36510,6.1,0.00106,"The 15Zine WordPress theme before 3.3.0 does not sanitise and escape the cbi parameter before outputing it back in the response via the cb_s_a AJAX action, leading to a Reflected Cross-Site Scripting",2022-02-28 09:15:07.193,Nuclei
CVE-2020-3837,7.8,0.00134,"A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to execute arbitrary code with kernel privileges.",2020-02-27 21:15:16.630,CISA
CVE-2020-3950,7.8,0.00438,"VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC or Horizon Client is installed.",2020-03-17 19:15:12.050,CISA/Metasploit
CVE-2020-3952,9.8,0.74486,"Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls.",2020-04-10 14:15:12.000,CISA
CVE-2020-3992,9.8,0.35629,"OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code execution.",2020-10-20 17:15:12.810,CISA
CVE-2020-4006,9.1,0.47822,"VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability.",2020-11-23 22:15:12.663,CISA
CVE-2020-4427,9.8,0.02468,"IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to bypass the authentication process and gain full administrative access to the system. IBM X-Force ID: 180532.",2020-05-07 20:15:12.627,CISA
CVE-2020-4428,9.1,0.00544,"IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to execute arbitrary commands on the system. IBM X-Force ID: 180533.",2020-05-07 20:15:12.673,CISA/Metasploit
CVE-2020-4430,4.3,0.96062,"IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to download arbitrary files from the system. IBM X-Force ID: 180535.",2020-05-07 20:15:12.783,EPSS/CISA
CVE-2020-4463,8.2,0.72731,IBM Maximo Asset Management 7.6.0.1 and 7.6.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181484.,2020-07-29 14:15:13.020,Nuclei
CVE-2020-5135,9.8,0.02374,"A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall. This vulnerability affected SonicOS Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0.",2020-10-12 11:15:12.747,CISA
CVE-2020-5191,6.1,0.00345,PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple Persistent XSS vulnerabilities.,2020-01-06 01:15:10.840,Nuclei
CVE-2020-5192,8.8,0.38401,"PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple SQL injection vulnerabilities: multiple pages and parameters are not validating user input, and allow for the application's database and information to be fully compromised.",2020-01-06 01:15:10.917,Nuclei
CVE-2020-5284,4.3,0.00213,"Next.js versions before 9.3.2 have a directory traversal vulnerability. Attackers could craft special requests to access files in the dist directory (.next). This does not affect files outside of the dist directory (.next). In general, the dist directory only holds build assets unless your application intentionally stores other assets under this directory. This issue is fixed in version 9.3.2.",2020-03-30 22:15:15.400,Nuclei
CVE-2020-5307,9.8,0.02189,"PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by the username parameter in index.php, the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName and ProductPrice parameters in add-product.php.",2020-01-07 19:15:11.167,Nuclei
CVE-2020-5405,6.5,0.00366,"Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack.",2020-03-05 19:15:11.700,Nuclei
CVE-2020-5410,7.5,0.97211,"Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack.",2020-06-02 17:15:11.690,EPSS/CISA/Metasploit/Nuclei
CVE-2020-5412,6.5,0.05499,"Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. A malicious user, or attacker, can send a request to other servers that should not be exposed publicly.",2020-08-07 21:15:10.630,Nuclei
CVE-2020-5722,9.8,0.97474,The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker can use this vulnerability to execute shell commands as root on versions before 1.0.19.20 or inject HTML in password recovery emails in versions before 1.0.20.17.,2020-03-23 20:15:12.043,EPSS/CISA/Metasploit
CVE-2020-5723,9.8,0.00659,The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database. This could allow an attacker to retrieve all passwords and possibly gain elevated privileges.,2020-03-30 20:15:19.883,Metasploit
CVE-2020-5724,7.5,0.00254,The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords.,2020-03-30 20:15:20.087,Metasploit
CVE-2020-5735,8.8,0.02271,Amcrest cameras and NVR are vulnerable to a stack-based buffer overflow over port 37777. An authenticated remote attacker can abuse this issue to crash the device and possibly execute arbitrary code.,2020-04-08 13:15:13.003,CISA
CVE-2020-5741,7.2,0.71944,"Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code.",2020-05-08 13:15:11.137,CISA/Metasploit
CVE-2020-5752,7.8,0.00101,"Relative path traversal in Druva inSync Windows Client 6.6.3 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges.",2020-05-21 15:15:09.827,Metasploit
CVE-2020-5775,5.8,0.00194,"Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote, unauthenticated attacker to cause the Canvas application to perform HTTP GET requests to arbitrary domains.",2020-08-21 18:15:11.847,Nuclei
CVE-2020-5776,8.8,0.35034,"Currently, all versions of MAGMI are vulnerable to CSRF due to the lack of CSRF tokens. RCE (via phpcli command) is possible in the event that a CSRF is leveraged against an existing admin session for MAGMI.",2020-09-01 21:15:12.583,Nuclei
CVE-2020-5777,9.8,0.05608,"MAGMI versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection failure. A remote attacker can trigger this connection failure if the Mysql setting max_connections (default 151) is lower than Apache (or another web server) setting MaxRequestWorkers (formerly MaxClients) (default 256). This can be done by sending at least 151 simultaneous requests to the Magento website to trigger a ""Too many connections"" error, then use default magmi:magmi basic authentication to remotely bypass authentication.",2020-09-01 21:15:12.660,Nuclei
CVE-2020-5847,9.8,0.97071,Unraid through 6.8.0 allows Remote Code Execution.,2020-03-16 18:15:12.713,EPSS/CISA/Metasploit/Nuclei
CVE-2020-5849,7.5,0.97109,Unraid 6.8.0 allows authentication bypass.,2020-03-16 18:15:12.790,EPSS/CISA/Metasploit
CVE-2020-5902,9.8,0.97563,"In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.",2020-07-01 15:15:15.360,EPSS/CISA/Metasploit/Nuclei
CVE-2020-6010,8.8,0.11829,LearnPress Wordpress plugin version prior and including 3.2.6.7 is vulnerable to SQL Injection,2020-04-30 15:15:12.240,Metasploit
CVE-2020-6171,6.1,0.00135,A cross-site scripting (XSS) vulnerability in the index page of the CLink Office 2.0 management console allows remote attackers to inject arbitrary web script or HTML via the lang parameter.,2020-04-07 13:15:13.917,Nuclei
CVE-2020-6207,9.8,0.97439,"SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication Check does not perform any authentication for a service resulting in complete compromise of all SMDAgents connected to the Solution Manager.",2020-03-10 21:15:14.793,EPSS/CISA/Nuclei
CVE-2020-6287,10.0,0.97506,"SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create an administrative user, and therefore compromising Confidentiality, Integrity and Availability of the system, leading to Missing Authentication Check.",2020-07-14 13:15:13.000,EPSS/CISA/Metasploit/Nuclei
CVE-2020-6308,5.3,0.00568,"SAP BusinessObjects Business Intelligence Platform (Web Services) versions - 410, 420, 430, allows an unauthenticated attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful exploitation, attacker can scan internal network to determine internal infrastructure and gather information for further attacks like remote file inclusion, retrieve server files, bypass firewall and force the vulnerable server to perform malicious requests, resulting in a Server-Side Request Forgery vulnerability.",2020-10-20 14:15:14.133,Nuclei
CVE-2020-6418,8.8,0.97146,Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,2020-02-27 23:15:12.623,EPSS/CISA/Metasploit
CVE-2020-6572,8.8,0.0051,Use after free in Media in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to execute arbitrary code via a crafted HTML page.,2021-01-14 21:15:13.693,CISA
CVE-2020-6637,9.8,0.02428,openSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php.,2020-08-24 19:15:10.620,Nuclei
CVE-2020-6819,8.1,0.03374,"Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1.",2020-04-24 16:15:13.370,CISA
CVE-2020-6820,8.1,0.00891,"Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1.",2020-04-24 16:15:13.463,CISA
CVE-2020-6950,6.5,0.03924,Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter.,2021-06-02 16:15:08.357,Nuclei
CVE-2020-7107,6.1,0.00395,The Ultimate FAQ plugin before 1.8.30 for WordPress allows XSS via Display_FAQ to Shortcodes/DisplayFAQs.php.,2020-01-16 05:15:11.843,Nuclei
CVE-2020-7136,9.8,0.26248,A security vulnerability in HPE Smart Update Manager (SUM) prior to version 8.5.6 could allow remote unauthorized access. Hewlett Packard Enterprise has provided a software update to resolve this vulnerability in HPE Smart Update Manager (SUM) prior to 8.5.6. Please visit the HPE Support Center at https://support.hpe.com/hpesc/public/home to download the latest version of HPE Smart Update Manager (SUM). Download the latest version of HPE Smart Update Manager (SUM) or download the latest Service Pack For ProLiant (SPP).,2020-04-30 20:15:12.590,Nuclei
CVE-2020-7200,9.8,0.69529,A potential security vulnerability has been identified in HPE Systems Insight Manager (SIM) version 7.6. The vulnerability could be exploited to allow remote code execution.,2020-12-18 23:15:13.353,Metasploit
CVE-2020-7209,9.8,0.97227,LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution which is resolved in release 6.0-2.,2020-02-13 00:15:11.777,EPSS/Metasploit/Nuclei
CVE-2020-7246,8.8,0.96982,"A remote code execution (RCE) vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code file via the profile photo functionality, by leveraging a path traversal vulnerability in the users['photop_preview'] delete photo feature, allowing bypass of .htaccess protection. NOTE: this issue exists because of an incomplete fix for CVE-2015-3884.",2020-01-21 14:15:13.733,EPSS/Metasploit
CVE-2020-7247,9.8,0.97495,"smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the ""uncommented"" default configuration. The issue exists because of an incorrect return value upon failure of input validation.",2020-01-29 16:15:12.897,EPSS/CISA/Metasploit
CVE-2020-7318,4.3,0.00065,Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized.,2020-10-14 19:15:14.260,Nuclei
CVE-2020-7350,7.8,0.008,"Rapid7 Metasploit Framework versions before 5.0.85 suffers from an instance of CWE-78: OS Command Injection, wherein the libnotify plugin accepts untrusted user-supplied data via a remote computer's hostname or service name. An attacker can create a specially-crafted hostname or service name to be imported by Metasploit from a variety of sources and trigger a command injection on the operator's terminal. Note, only the Metasploit Framework and products that expose the plugin system is susceptible to this issue -- notably, this does not include Rapid7 Metasploit Pro. Also note, this vulnerability cannot be triggered through a normal scan operation -- the attacker would have to supply a file that is processed with the db_import command.",2020-04-22 22:15:12.450,Metasploit
CVE-2020-7351,8.8,0.91812,"An OS Command Injection vulnerability in the endpoint_devicemap.php component of Fonality Trixbox Community Edition allows an attacker to execute commands on the underlying operating system as the ""asterisk"" user. Note that Trixbox Community Edition has been unsupported by the vendor since 2012. This issue affects: Fonality Trixbox Community Edition, versions 1.2.0 through 2.8.0.4. Versions 1.0 and 1.1 are unaffected.",2020-05-01 16:15:12.840,Metasploit
CVE-2020-7352,8.8,0.00135,"The GalaxyClientService component of GOG Galaxy runs with elevated SYSTEM privileges in a Windows environment. Due to the software shipping with embedded, static RSA private key, an attacker with this key material and local user permissions can effectively send any operating system command to the service for execution in this elevated context. The service listens for such commands on a locally-bound network port, localhost:9978. A Metasploit module has been published which exploits this vulnerability. This issue affects the 2.0.x branch of the software (2.0.12 and earlier) as well as the 1.2.x branch (1.2.64 and earlier). A fix was issued for the 2.0.x branch of the affected software.",2020-08-06 16:15:13.373,Metasploit
CVE-2020-7356,9.8,0.03168,CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter 'wayfinder_seqid' in wayfinder_meeting_input.jsp is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and execute SYSTEM commands.,2020-08-06 16:15:13.577,Metasploit
CVE-2020-7357,9.9,0.95856,"Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the 'NTP_Server_IP' HTTP POST parameter in system.cgi page. This issue affects several branches and versions of the CMS application, including CME-SE, CMS-60, CMS-40, CMS-20, and CMS version 8.2, 8.0, and 7.5.",2020-08-06 16:15:13.670,EPSS/Metasploit
CVE-2020-7361,8.8,0.00741,"The EasyCorp ZenTao Pro application suffers from an OS command injection vulnerability in its '/pro/repo-create.html' component. After authenticating to the ZenTao dashboard, attackers may construct and send arbitrary OS commands via the POST parameter 'path', and those commands will run in an elevated SYSTEM context on the underlying Windows operating system.",2020-08-06 16:15:13.750,Metasploit
CVE-2020-7384,7.8,0.00589,Rapid7's Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and publish a file that would execute arbitrary commands on a victim's machine.,2020-10-29 15:15:12.500,Metasploit
CVE-2020-7387,5.3,0.00105,"Sage X3 Installation Pathname Disclosure. A specially crafted packet can elicit a response from the AdxDSrv.exe component that reveals the installation directory of the product. Note that this vulnerability can be combined with CVE-2020-7388 to achieve full RCE. This issue was fixed in AdxAdmin 93.2.53, which ships with updates for on-premises versions of Sage X3 Version 9 (components shipped with Syracuse 9.22.7.2 and later), Sage X3 HR & Payroll Version 9 (those components that ship with Syracuse 9.24.1.3), Version 11 (components shipped with Syracuse 11.25.2.6 and later), and Version 12 (components shipped with Syracuse 12.10.2.8 and later) of Sage X3. Other on-premises versions of Sage X3 are unsupported by the vendor.",2021-07-22 19:15:08.373,Metasploit
CVE-2020-7388,9.8,0.19597,"Sage X3 Unauthenticated Remote Command Execution (RCE) as SYSTEM in AdxDSrv.exe component. By editing the client side authentication request, an attacker can bypass credential validation. While exploiting this does require knowledge of the installation path, that information can be learned by exploiting CVE-2020-7387. This issue was fixed in AdxAdmin 93.2.53, which ships with updates for on-premises versions of Sage X3 including Version 9 (components shipped with Syracuse 9.22.7.2 and later), Sage X3 HR & Payroll Version 9 (those components that ship with Syracuse 9.24.1.3), Version 11 (components shipped with Syracuse 11.25.2.6 and later), and Version 12 (components shipped with Syracuse 12.10.2.8 and later) of Sage X3. Other on-premises versions of Sage X3 are unsupported by the vendor.",2021-07-22 19:15:08.450,Metasploit
CVE-2020-7457,8.1,0.34644,"In FreeBSD 12.1-STABLE before r359565, 12.1-RELEASE before p7, 11.4-STABLE before r362975, 11.4-RELEASE before p1, and 11.3-RELEASE before p11, missing synchronization in the IPV6_2292PKTOPTIONS socket option set handler contained a race condition allowing a malicious application to modify memory after being freed, possibly resulting in code execution.",2020-07-09 14:15:10.917,Metasploit
CVE-2020-7796,9.8,0.74041,Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled.,2020-02-18 22:15:10.013,Nuclei
CVE-2020-7943,7.5,0.07321,"Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types (which may contain sensitive information) as well as function names and class names. Previously, these endpoints were open to the local network. PE 2018.1.13 & 2019.5.0, Puppet Server 6.9.2 & 5.3.12, and PuppetDB 6.9.1 & 5.2.13 disable trapperkeeper-metrics /v1 metrics API and only allows /v2 access on localhost by default. This affects software versions: Puppet Enterprise 2018.1.x stream prior to 2018.1.13 Puppet Enterprise prior to 2019.5.0 Puppet Server prior to 6.9.2 Puppet Server prior to 5.3.12 PuppetDB prior to 6.9.1 PuppetDB prior to 5.2.13 Resolved in: Puppet Enterprise 2018.1.13 Puppet Enterprise 2019.5.0 Puppet Server 6.9.2 Puppet Server 5.3.12 PuppetDB 6.9.1 PuppetDB 5.2.13",2020-03-11 23:15:11.980,Nuclei
CVE-2020-7961,9.8,0.97467,Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS).,2020-03-20 19:15:12.737,EPSS/CISA/Metasploit/Nuclei
CVE-2020-7980,9.8,0.96876,Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. NOTE: a valid sid cookie for a login to the intellian default account might be needed.,2020-01-25 19:15:12.667,EPSS/Nuclei
CVE-2020-8010,9.8,0.07135,"CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains an improper ACL handling vulnerability in the robot (controller) component. A remote attacker can execute commands, read from, or write to the target system.",2020-02-18 04:15:14.587,Metasploit
CVE-2020-8012,9.8,0.53405,"CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a buffer overflow vulnerability in the robot (controller) component. A remote attacker can execute arbitrary code.",2020-02-18 04:15:14.710,Metasploit
CVE-2020-8115,6.1,0.0187,"A reflected XSS vulnerability has been discovered in the publicly accessible afr.php delivery script of Revive Adserver <= 5.0.3 by Jacopo Tediosi. There are currently no known exploits: the session identifier cannot be accessed as it is stored in an http-only cookie as of v3.2.2. On older versions, however, under specific circumstances, it could be possible to steal the session identifier and gain access to the admin interface. The query string sent to the www/delivery/afr.php script was printed back without proper escaping in a JavaScript context, allowing an attacker to execute arbitrary JS code on the browser of the victim.",2020-02-04 20:15:13.213,Nuclei
CVE-2020-8163,8.8,0.96535,The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE.,2020-07-02 19:15:12.433,EPSS/Nuclei
CVE-2020-8191,6.1,0.0021,"Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows reflected Cross Site Scripting (XSS).",2020-07-10 16:15:12.077,Nuclei
CVE-2020-8193,6.5,0.97463,"Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows unauthenticated access to certain URL endpoints.",2020-07-10 16:15:12.157,EPSS/CISA/Nuclei
CVE-2020-8194,6.5,0.97364,"Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows the modification of a file download.",2020-07-10 16:15:12.247,EPSS/Nuclei
CVE-2020-8195,6.5,0.89151,"Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.",2020-07-10 16:15:12.327,CISA
CVE-2020-8196,4.3,0.00337,"Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.",2020-07-10 16:15:12.407,CISA
CVE-2020-8209,7.5,0.96834,"Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 and leads to the ability to read arbitrary files.",2020-08-17 16:15:13.343,EPSS/Nuclei
CVE-2020-8218,7.2,0.02583,A code injection vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface.,2020-07-30 13:15:11.847,CISA
CVE-2020-8243,7.2,0.00486,A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution.,2020-09-30 18:15:29.070,CISA
CVE-2020-8260,7.2,0.02524,A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction.,2020-10-28 13:15:13.027,CISA/Metasploit
CVE-2020-8467,8.8,0.02721,A migration tool component of Trend Micro Apex One (2019) and OfficeScan XG contains a vulnerability which could allow remote attackers to execute arbitrary code on affected installations (RCE). An attempted attack requires user authentication.,2020-03-18 01:15:11.927,CISA
CVE-2020-8468,8.8,0.00452,"Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication.",2020-03-18 01:15:12.003,CISA
CVE-2020-8497,5.3,0.002,"In Artica Pandora FMS through 7.42, an unauthenticated attacker can read the chat history. The file is in JSON format and it contains user names, user IDs, private messages, and timestamps.",2020-03-23 15:15:14.830,Nuclei
CVE-2020-8512,6.1,0.00692,"In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter.",2020-02-01 00:15:10.773,Nuclei
CVE-2020-8515,9.8,0.97079,"DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI. This issue has been fixed in Vigor3900/2960/300B v1.5.1.",2020-02-01 13:15:12.623,EPSS/CISA/Nuclei
CVE-2020-8518,9.8,0.96492,"Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution.",2020-02-17 15:15:11.853,EPSS/Metasploit
CVE-2020-8539,7.8,0.00122,"Kia Motors Head Unit with Software version: SOP.003.30.18.0703, SOP.005.7.181019, and SOP.007.1.191209 may allow an attacker to inject unauthorized commands, by executing the micomd executable deamon, to trigger unintended functionalities. In addition, this executable may be used by an attacker to inject commands to generate CAN frames that are sent into the M-CAN bus (Multimedia CAN bus) of the vehicle.",2020-12-01 18:15:12.323,Metasploit
CVE-2020-8599,9.8,0.17464,Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login. Authentication is not required to exploit this vulnerability.,2020-03-18 01:15:12.223,CISA
CVE-2020-8604,7.5,0.97229,A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to disclose sensitive informatoin on affected installations.,2020-05-27 23:15:11.227,EPSS/Metasploit
CVE-2020-8605,8.8,0.96244,A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to execute arbitrary code on affected installations. Authentication is required to exploit this vulnerability.,2020-05-27 23:15:11.290,EPSS/Metasploit
CVE-2020-8606,9.8,0.97231,A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to bypass authentication on affected installations of Trend Micro InterScan Web Security Virtual Appliance.,2020-05-27 23:15:11.367,EPSS/Metasploit
CVE-2020-8615,6.5,0.00867,A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves as an instructor and performing other malicious actions (such as blocking legitimate instructors).,2020-02-04 20:15:14.933,Nuclei
CVE-2020-8617,5.9,0.97298,"Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results.",2020-05-19 14:15:11.987,EPSS/Metasploit
CVE-2020-8641,8.8,0.0071,Lotus Core CMS 1.0.1 allows authenticated Local File Inclusion of .php files via directory traversal in the index.php page_slug parameter.,2020-02-05 21:15:11.937,Nuclei
CVE-2020-8644,9.8,0.95796,PlaySMS before 1.4.3 does not sanitize inputs from a malicious string.,2020-02-05 22:15:11.003,EPSS/CISA/Metasploit/Nuclei
CVE-2020-8654,8.8,0.04397,An issue was discovered in EyesOfNetwork 5.3. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the /module/module_frame/index.php autodiscovery.php target field.,2020-02-07 00:15:09.520,Metasploit/Nuclei
CVE-2020-8655,7.8,0.0052,"An issue was discovered in EyesOfNetwork 5.3. The sudoers configuration is prone to a privilege escalation vulnerability, allowing the apache user to run arbitrary commands as root via a crafted NSE script for nmap 7.",2020-02-07 00:15:09.613,CISA/Metasploit
CVE-2020-8656,9.8,0.0724,"An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the username field to getApiKey in include/api_functions.php.",2020-02-07 00:15:09.723,Metasploit
CVE-2020-8657,9.8,0.18236,"An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded as EONAPI_KEY in include/api_functions.php for API version 2.4.2) by default for all installations, hence allowing an attacker to calculate/guess the admin access token.",2020-02-06 18:15:13.963,CISA/Metasploit
CVE-2020-8771,9.8,0.0988,The Time Capsule plugin before 1.21.16 for WordPress has an authentication bypass. Any request containing IWP_JSON_PREFIX causes the client to be logged in as the first account on the list of administrator accounts.,2020-02-06 17:15:14.927,Nuclei
CVE-2020-8772,9.8,0.9677,The InfiniteWP Client plugin before 1.9.4.5 for WordPress has a missing authorization check in iwp_mmb_set_request in init.php. Any attacker who knows the username of an administrator can log in.,2020-02-06 17:15:15.007,EPSS/Nuclei
CVE-2020-8794,9.8,0.94016,"OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce handling.",2020-02-25 17:15:13.197,Metasploit
CVE-2020-8813,8.8,0.92063,"graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.",2020-02-22 02:15:10.553,Nuclei
CVE-2020-8816,7.2,0.95409,Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease.,2020-05-29 19:15:10.983,EPSS/CISA/Metasploit
CVE-2020-8956,3.3,0.00119,Pulse Secure Desktop Client 9.0Rx before 9.0R5 and 9.1Rx before 9.1R4 on Windows reveals users' passwords if Save Settings is enabled.,2020-10-27 05:15:13.363,Metasploit
CVE-2020-8982,7.5,0.80302,"An unauthenticated arbitrary file read issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020. RCE and file access is granted to everything hosted by ShareFile, be it on-premise or inside Citrix Cloud itself (both are internet facing). NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer's product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-7473 and CVE-2020-8983.",2020-05-07 14:15:12.010,Nuclei
CVE-2020-9015,9.8,0.05742,"Arista DCS-7050QX-32S-R 4.20.9M, DCS-7050CX3-32S-R 4.20.11M, and DCS-7280SRAM-48C6-R 4.22.0.1F devices (and possibly other products) allow attackers to bypass intended TACACS+ shell restrictions via a | character. NOTE: the vendor reports that this is a configuration issue relating to an overly permissive regular expression in the TACACS+ server permitted commands",2020-02-20 22:15:12.177,Metasploit
CVE-2020-9036,6.1,0.00113,Jeedom through 4.0.38 allows XSS.,2020-08-05 22:15:12.403,Nuclei
CVE-2020-9043,8.8,0.03768,The wpCentral plugin before 1.5.1 for WordPress allows disclosure of the connection key.,2020-02-17 17:15:15.030,Nuclei
CVE-2020-9047,7.2,0.01335,A vulnerability exists that could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.06.3.0 and prior and exacqVision Enterprise Manager versions 20.06.4.0 and prior. An attacker with administrative privileges could potentially download and run a malicious executable that could allow OS command injection on the system.,2020-06-26 19:15:10.453,Nuclei
CVE-2020-9054,9.8,0.96772,"Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. ZyXEL NAS devices achieve authentication by using the weblogin.cgi CGI executable. This program fails to properly sanitize the username parameter that is passed to it. If the username parameter contains certain characters, it can allow command injection with the privileges of the web server that runs on the ZyXEL device. Although the web server does not run as the root user, ZyXEL devices include a setuid utility that can be leveraged to run any command with root privileges. As such, it should be assumed that exploitation of this vulnerability can lead to remote code execution with root privileges. By sending a specially-crafted HTTP POST or GET request to a vulnerable ZyXEL device, a remote, unauthenticated attacker may be able to execute arbitrary code on the device. This may happen by directly connecting to a device if it is directly exposed to an attacker. However, there are ways to trigger such crafted requests even if an attacker does not have direct connectivity to a vulnerable devices. For example, simply visiting a website can result in the compromise of any ZyXEL device that is reachable from the client system. Affected products include: NAS326 before firmware V5.21(AAZF.7)C0 NAS520 before firmware V5.21(AASZ.3)C0 NAS540 before firmware V5.21(AATB.4)C0 NAS542 before firmware V5.21(ABAG.4)C0 ZyXEL has made firmware updates available for NAS326, NAS520, NAS540, and NAS542 devices. Affected models that are end-of-support: NSA210, NSA220, NSA220+, NSA221, NSA310, NSA310S, NSA320, NSA320S, NSA325 and NSA325v2",2020-03-04 20:15:10.750,EPSS/CISA/Nuclei
CVE-2020-9294,9.8,0.02819,"An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6.2.2 and earlier and FortiVoiceEntreprise 6.0.0 and 6.0.1 may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface.",2020-04-27 17:15:13.593,Metasploit
CVE-2020-9315,7.5,0.97292,"** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Oracle iPlanet Web Server 7.0.x has Incorrect Access Control for admingui/version URIs in the Administration console, as demonstrated by unauthenticated read access to encryption keys. NOTE: a related support policy can be found in the www.oracle.com references attached to this CVE.",2020-05-10 23:15:10.983,EPSS/Nuclei
CVE-2020-9344,6.1,0.00205,Subversion ALM for the enterprise before 8.8.2 allows reflected XSS at multiple locations.,2020-03-20 03:15:13.763,Nuclei
CVE-2020-9376,7.5,0.96966,D-Link DIR-610 devices allow Information Disclosure via SERVICES=DEVICE.ACCOUNT%0AAUTHORIZED_GROUP=1 to getcfg.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer,2020-07-09 13:15:10.590,EPSS/Nuclei
CVE-2020-9377,8.8,0.9711,D-Link DIR-610 devices allow Remote Command Execution via the cmd parameter to command.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer,2020-07-09 13:15:10.653,EPSS/CISA
CVE-2020-9402,8.8,0.14117,"Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was possible to break escaping and inject malicious SQL.",2020-03-05 15:15:12.410,Nuclei
CVE-2020-9425,7.5,0.01449,"An issue was discovered in includes/head.inc.php in rConfig before 3.9.4. An unauthenticated attacker can retrieve saved cleartext credentials via a GET request to settings.php. Because the application was not exiting after a redirect is applied, the rest of the page still executed, resulting in the disclosure of cleartext credentials in the response.",2020-03-20 18:15:14.107,Nuclei
CVE-2020-9465,9.8,0.00164,"An issue was discovered in EyesOfNetwork eonweb 5.1 through 5.3 before 5.3-3. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the user_id field in a cookie.",2020-02-28 20:15:11.787,Metasploit
CVE-2020-9483,7.5,0.05074,"**Resolved** When use H2/MySQL/TiDB as Apache SkyWalking storage, the metadata query through GraphQL protocol, there is a SQL injection vulnerability, which allows to access unpexcted data. Apache SkyWalking 6.0.0 to 6.6.0, 7.0.0 H2/MySQL/TiDB storage implementations don't use the appropriate way to set SQL parameters.",2020-06-30 15:15:10.320,Nuclei
CVE-2020-9484,7.0,0.92247,"When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter=""null"" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed.",2020-05-20 19:15:09.257,Nuclei
CVE-2020-9496,6.1,0.90706,XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03,2020-07-15 16:15:11.660,Metasploit/Nuclei
CVE-2020-9757,9.8,0.96235,The SEOmatic component before 3.3.0 for Craft CMS allows Server-Side Template Injection that leads to RCE via malformed data to the metacontainers controller.,2020-03-04 17:15:12.157,EPSS/Nuclei
CVE-2020-9801,5.3,0.21346,A logic issue was addressed with improved restrictions. This issue is fixed in Safari 13.1.1. A malicious process may cause Safari to launch an application.,2020-06-09 17:15:12.097,Metasploit
CVE-2020-9818,8.8,0.03937,"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, iOS 12.4.7, watchOS 6.2.5. Processing a maliciously crafted mail message may lead to unexpected memory modification or application termination.",2020-06-09 17:15:13.317,CISA
CVE-2020-9819,4.3,0.00585,"A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, iOS 12.4.7, watchOS 6.2.5, watchOS 5.3.7. Processing a maliciously crafted mail message may lead to heap corruption.",2020-06-09 17:15:13.377,CISA
CVE-2020-9839,7.0,0.00191,"A race condition was addressed with improved state handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to gain elevated privileges.",2020-06-09 17:15:14.643,Metasploit
CVE-2020-9850,9.8,0.48232,"A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A remote attacker may be able to cause arbitrary code execution.",2020-06-09 17:15:15.143,Metasploit
CVE-2020-9856,5.3,0.21293,This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.5. An application may be able to gain elevated privileges.,2020-06-09 17:15:15.410,Metasploit
CVE-2020-9859,7.8,0.0007,"A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5.1 and iPadOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, tvOS 13.4.6, watchOS 6.2.6. An application may be able to execute arbitrary code with kernel privileges.",2020-06-05 15:15:11.097,CISA
CVE-2020-9907,7.8,0.00188,"A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8. An application may be able to execute arbitrary code with kernel privileges.",2020-10-16 17:15:16.590,CISA
CVE-2020-9934,5.5,0.00106,"An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A local user may be able to view sensitive user information.",2020-10-16 17:15:17.637,CISA/Metasploit
CVE-2021-0920,6.4,0.00064,"In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References: Upstream kernel",2021-12-15 19:15:11.017,CISA
CVE-2021-1048,7.8,0.00064,"In ep_loop_check_proc of eventpoll.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-204573007References: Upstream kernel",2021-12-15 19:15:14.917,CISA
CVE-2021-1472,9.8,0.97174,"Multiple vulnerabilities exist in the web-based management interface of Cisco Small Business RV Series Routers. A remote attacker could execute arbitrary commands or bypass authentication and upload files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",2021-04-08 04:15:13.687,EPSS/Metasploit/Nuclei
CVE-2021-1473,9.8,0.76615,"Multiple vulnerabilities exist in the web-based management interface of Cisco Small Business RV Series Routers. A remote attacker could execute arbitrary commands or bypass authentication and upload files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",2021-04-08 04:15:13.780,Metasploit
CVE-2021-1497,9.8,0.97537,"Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",2021-05-06 13:15:10.500,EPSS/CISA/Metasploit/Nuclei
CVE-2021-1498,9.8,0.97537,"Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",2021-05-06 13:15:10.537,EPSS/CISA/Metasploit/Nuclei
CVE-2021-1499,5.3,0.96279,"A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to upload files to an affected device. This vulnerability is due to missing authentication for the upload function. An attacker could exploit this vulnerability by sending a specific HTTP request to an affected device. A successful exploit could allow the attacker to upload files to the affected device with the permissions of the tomcat8 user.",2021-05-06 13:15:10.567,EPSS/Metasploit/Nuclei
CVE-2021-1647,7.8,0.09248,Microsoft Defender Remote Code Execution Vulnerability,2021-01-12 20:15:30.727,CISA
CVE-2021-1675,7.8,0.96568,Windows Print Spooler Remote Code Execution Vulnerability,2021-06-08 23:15:08.267,EPSS/CISA/Metasploit
CVE-2021-1732,7.8,0.00296,Windows Win32k Elevation of Privilege Vulnerability,2021-02-25 23:15:13.930,CISA/Metasploit
CVE-2021-1782,7.0,0.00133,"A race condition was addressed with improved locking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited..",2021-04-02 18:15:21.373,CISA
CVE-2021-1789,8.8,0.00821,"A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution.",2021-04-02 18:15:21.747,CISA
CVE-2021-1870,9.8,0.01385,"A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..",2021-04-02 19:15:20.567,CISA
CVE-2021-1871,9.8,0.01293,"A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..",2021-04-02 19:15:20.663,CISA
CVE-2021-1879,6.1,0.00228,"This issue was addressed by improved management of object lifetimes. This issue is fixed in iOS 12.5.2, iOS 14.4.2 and iPadOS 14.4.2, watchOS 7.3.3. Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited..",2021-04-02 19:15:20.770,CISA
CVE-2021-1905,7.8,0.00078,"Possible use after free due to improper handling of memory mapping of multiple processes simultaneously. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables",2021-05-07 09:15:08.243,CISA
CVE-2021-1906,5.5,0.002,"Improper handling of address deregistration on failure can lead to new GPU address allocation failure. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables",2021-05-07 09:15:08.280,CISA
CVE-2021-20016,9.8,0.02628,A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x.,2021-02-04 06:15:13.817,CISA
CVE-2021-20021,9.8,0.0101,A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host.,2021-04-09 18:15:13.380,CISA
CVE-2021-20022,7.2,0.00333,SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host.,2021-04-09 18:15:13.460,CISA
CVE-2021-20023,4.9,0.9256,SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the remote host.,2021-04-20 12:15:12.587,CISA
CVE-2021-20028,9.8,0.02391,"Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products, specifically the SRA appliances running all 8.x firmware and 9.0.0.9-26sv or earlier",2021-08-04 19:15:08.247,CISA
CVE-2021-20031,6.1,0.01452,A Host Header Redirection vulnerability in SonicOS potentially allows a remote attacker to redirect firewall management users to arbitrary web domains.,2021-10-12 23:15:07.727,Nuclei
CVE-2021-20038,9.8,0.94172,"A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier versions.",2021-12-08 10:15:07.750,CISA/Nuclei
CVE-2021-20039,8.8,0.68924,"Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.",2021-12-08 10:15:07.903,Metasploit
CVE-2021-20090,9.8,0.97465,A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthenticated remote attackers to bypass authentication.,2021-04-29 15:15:10.630,EPSS/CISA/Nuclei
CVE-2021-20091,8.8,0.00928,"The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 do not properly sanitize user input. An authenticated remote attacker could leverage this vulnerability to alter device configuration, potentially gaining remote code execution.",2021-04-29 15:15:10.660,Nuclei
CVE-2021-20092,7.5,0.01352,The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 do not properly restrict access to sensitive information from an unauthorized actor.,2021-04-29 15:15:10.693,Nuclei
CVE-2021-20114,7.5,0.00959,"When installed following the default/recommended settings, TCExam <= 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which included sensitive database backup files.",2021-07-30 14:15:14.370,Nuclei
CVE-2021-20123,7.5,0.01538,A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.,2021-10-13 16:15:07.350,Nuclei
CVE-2021-20124,7.5,0.00961,A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.,2021-10-13 16:15:07.397,Nuclei
CVE-2021-20137,6.1,0.23391,"A reflected cross-site scripting vulnerability exists in the url parameter of the /cgi-bin/luci/site_access/ page on the Gryphon Tower router's web interface. An attacker could exploit this issue by tricking a user into following a specially crafted link, granting the attacker javascript execution in the context of the victim's browser.",2021-12-09 16:15:07.753,Nuclei
CVE-2021-20150,5.3,0.1772,Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses information via redirection from the setup wizard. Authentication can be bypassed and a user may view information as Admin by manually browsing to the setup wizard and forcing it to redirect to the desired page.,2021-12-30 22:15:08.623,Nuclei
CVE-2021-20158,9.8,0.01211,"Trendnet AC2600 TEW-827DRU version 2.08B01 contains an authentication bypass vulnerability. It is possible for an unauthenticated, malicous actor to force the change of the admin password due to a hidden administrative command.",2021-12-30 22:15:08.990,Nuclei
CVE-2021-20167,8.0,0.94822,Netgear RAX43 version 1.0.3.96 contains a command injection vulnerability. The readycloud cgi application is vulnerable to command injection in the name parameter.,2021-12-30 22:15:09.457,Nuclei
CVE-2021-20323,6.1,0.00311,A POST based reflected Cross Site Scripting vulnerability on has been identified in Keycloak.,2022-03-25 19:15:08.560,Nuclei
CVE-2021-20792,6.1,0.00222,Cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.1.14 allows a remote attacker to inject arbitrary script via unspecified vectors.,2021-08-18 06:15:07.517,Nuclei
CVE-2021-20837,9.8,0.97022,"Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Type 6.8.2 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.5002 and earlier (Movable Type Advanced 7 Series), Movable Type Advanced 6.8.2 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.46 and earlier, and Movable Type Premium Advanced 1.46 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors. Note that all versions of Movable Type 4.0 or later including unsupported (End-of-Life, EOL) versions are also affected by this vulnerability.",2021-10-26 06:15:06.987,EPSS/Nuclei
CVE-2021-21017,8.8,0.65226,"Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a heap-based buffer overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",2021-02-11 20:15:13.997,CISA
CVE-2021-21087,5.4,0.00219,"Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 10 and earlier) and 2021.0.0.323925 are affected by an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. An attacker could abuse this vulnerability to execute arbitrary JavaScript code in context of the current user. Exploitation of this issue requires user interaction.",2021-04-15 14:15:16.077,Nuclei
CVE-2021-2109,7.2,0.95233,"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).",2021-01-20 15:15:52.753,EPSS
CVE-2021-21148,8.8,0.01617,Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,2021-02-09 16:15:12.390,CISA
CVE-2021-21166,8.8,0.03166,Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,2021-03-09 18:15:16.297,CISA
CVE-2021-21193,8.8,0.0117,Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,2021-03-16 15:15:13.157,CISA
CVE-2021-21206,8.8,0.07822,Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,2021-04-26 17:15:08.213,CISA
CVE-2021-21220,8.8,0.97018,Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,2021-04-26 17:15:08.593,EPSS/CISA/Metasploit
CVE-2021-21224,8.8,0.63798,Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.,2021-04-26 17:15:08.703,CISA
CVE-2021-21234,7.7,0.96445,"spring-boot-actuator-logview in a library that adds a simple logfile viewer as spring boot actuator endpoint. It is maven package ""eu.hinsch:spring-boot-actuator-logview"". In spring-boot-actuator-logview before version 0.2.13 there is a directory traversal vulnerability. The nature of this library is to expose a log file directory via admin (spring boot actuator) HTTP endpoints. Both the filename to view and a base folder (relative to the logging folder root) can be specified via request parameters. While the filename parameter was checked to prevent directory traversal exploits (so that `filename=../somefile` would not work), the base folder parameter was not sufficiently checked, so that `filename=somefile&base=../` could access a file outside the logging base directory). The vulnerability has been patched in release 0.2.13. Any users of 0.2.12 should be able to update without any issues as there are no other changes in that release. There is no workaround to fix the vulnerability other than updating or removing the dependency. However, removing read access of the user the application is run with to any directory not required for running the application can limit the impact. Additionally, access to the logview endpoint can be limited by deploying the application behind a reverse proxy.",2021-01-05 18:15:16.443,EPSS/Nuclei
CVE-2021-21287,7.7,0.97257,"MinIO is a High Performance Object Storage released under Apache License v2.0. In MinIO before version RELEASE.2021-01-30T00-20-58Z there is a server-side request forgery vulnerability. The target application may have functionality for importing data from a URL, publishing data to a URL, or otherwise reading data from a URL that can be tampered with. The attacker modifies the calls to this functionality by supplying a completely different URL or by manipulating how URLs are built (path traversal etc.). In a Server-Side Request Forgery (SSRF) attack, the attacker can abuse functionality on the server to read or update internal resources. The attacker can supply or modify a URL which the code running on the server will read or submit data, and by carefully selecting the URLs, the attacker may be able to read server configuration such as AWS metadata, connect to internal services like HTTP enabled databases, or perform post requests towards internal services which are not intended to be exposed. This is fixed in version RELEASE.2021-01-30T00-20-58Z, all users are advised to upgrade. As a workaround you can disable the browser front-end with ""MINIO_BROWSER=off"" environment variable.",2021-02-01 18:15:13.890,EPSS/Nuclei
CVE-2021-21300,7.5,0.8854,"Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive file system such as NTFS, HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters have to be configured for that. Git for Windows configures Git LFS by default, and is therefore vulnerable. The problem has been patched in the versions published on Tuesday, March 9th, 2021. As a workaound, if symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. Likewise, if no clean/smudge filters such as Git LFS are configured globally (i.e. _before_ cloning), the attack is foiled. As always, it is best to avoid cloning repositories from untrusted sources. The earliest impacted version is 2.14.2. The fix versions are: 2.30.1, 2.29.3, 2.28.1, 2.27.1, 2.26.3, 2.25.5, 2.24.4, 2.23.4, 2.22.5, 2.21.4, 2.20.5, 2.19.6, 2.18.5, 2.17.62.17.6.",2021-03-09 20:15:13.260,Metasploit
CVE-2021-21307,9.8,0.97301,"Lucee Server is a dynamic, Java based (JSR-223), tag and scripting language used for rapid web application development. In Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 there is an unauthenticated remote code exploit. This is fixed in versions 5.3.7.47, 5.3.6.68 or 5.3.5.96. As a workaround, one can block access to the Lucee Administrator.",2021-02-11 19:15:13.313,EPSS/Metasploit/Nuclei
CVE-2021-21311,7.2,0.02092,Adminer is an open-source database management in a single PHP file. In adminer from version 4.0.0 and before 4.7.9 there is a server-side request forgery vulnerability. Users of Adminer versions bundling all drivers (e.g. `adminer.php`) are affected. This is fixed in version 4.7.9.,2021-02-11 21:15:13.820,Nuclei
CVE-2021-21315,7.8,0.97254,"The System Information Library for Node.JS (npm package ""systeminformation"") is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation before version 5.3.1 there is a command injection vulnerability. Problem was fixed in version 5.3.1. As a workaround instead of upgrading, be sure to check or sanitize service parameters that are passed to si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad() ... do only allow strings, reject any arrays. String sanitation works as expected.",2021-02-16 17:15:13.050,EPSS/CISA/Nuclei
CVE-2021-21345,9.9,0.26258,"XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.",2021-03-23 00:15:12.787,Nuclei
CVE-2021-21351,9.1,0.53064,"XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.",2021-03-23 00:15:13.367,Nuclei
CVE-2021-21389,8.8,0.83143,"BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint. The vulnerability has been fixed in BuddyPress 7.2.1. Existing installations of the plugin should be updated to this version to mitigate the issue.",2021-03-26 21:15:13.520,Nuclei
CVE-2021-21402,6.5,0.26309,"Jellyfin is a Free Software Media System. In Jellyfin before version 10.7.1, with certain endpoints, well crafted requests will allow arbitrary file read from a Jellyfin server's file system. This issue is more prevalent when Windows is used as the host OS. Servers that are exposed to the public Internet are potentially at risk. This is fixed in version 10.7.1. As a workaround, users may be able to restrict some access by enforcing strict security permissions on their filesystem, however, it is recommended to update as soon as possible.",2021-03-23 20:15:13.120,Nuclei
CVE-2021-21425,9.8,0.74429,"Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.10.7 and earlier, an unauthenticated user can execute some methods of administrator controller without needing any credentials. Particular method execution will result in arbitrary YAML file creation or content change of existing YAML files on the system. Successfully exploitation of that vulnerability results in configuration changes, such as general site information change, custom scheduler job definition, etc. Due to the nature of the vulnerability, an adversary can change some part of the webpage, or hijack an administrator account, or execute operating system command under the context of the web-server user. This vulnerability is fixed in version 1.10.8. Blocking access to the `/admin` path from untrusted sources can be applied as a workaround.",2021-04-07 19:15:12.190,Metasploit
CVE-2021-21479,9.1,0.00396,"In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity of the system.",2021-02-09 21:15:13.863,Nuclei
CVE-2021-21551,7.8,0.00301,"Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.

",2021-05-04 16:15:07.867,CISA/Metasploit
CVE-2021-21745,4.3,0.20512,"ZTE MF971R product has a Referer authentication bypass vulnerability. Without CSRF verification, an attackercould use this vulnerability to perform illegal authorization operations by sending a request to the user to click.",2021-10-20 16:15:08.203,Nuclei
CVE-2021-21799,6.1,0.80818,"Cross-site scripting vulnerabilities exist in the telnet_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code execution in the context of the targeted user’s browser. An attacker can provide a crafted URL to trigger this vulnerability.",2021-07-16 11:15:09.613,Nuclei
CVE-2021-21800,6.1,0.80818,"Cross-site scripting vulnerabilities exist in the ssh_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code execution in the context of the targeted user’s browser. An attacker can provide a crafted URL to trigger this vulnerability.",2021-07-16 11:15:09.723,Nuclei
CVE-2021-21801,6.1,0.80818,"This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution.",2021-07-16 11:15:09.753,Nuclei
CVE-2021-21802,6.1,0.80818,"This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution.",2021-07-16 11:15:09.790,Nuclei
CVE-2021-21803,6.1,0.80818,"This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution.",2021-07-16 11:15:09.833,Nuclei
CVE-2021-21805,9.8,0.97092,An OS Command Injection vulnerability exists in the ping.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). A specially crafted HTTP request can lead to arbitrary OS command execution. An attacker can send a crafted HTTP request to trigger this vulnerability.,2021-08-05 21:15:10.683,EPSS/Nuclei
CVE-2021-21809,9.1,0.02811,A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have administrator privileges to exploit this vulnerabilities.,2021-06-23 22:15:08.407,Metasploit
CVE-2021-21816,4.3,0.00346,An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to the disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability.,2021-07-16 11:15:09.900,Nuclei
CVE-2021-21881,9.9,0.97069,An OS command injection vulnerability exists in the Web Manager Wireless Network Scanner functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.,2021-12-22 19:15:09.040,EPSS/Nuclei
CVE-2021-21972,9.8,0.9733,"The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).",2021-02-24 17:15:15.833,EPSS/CISA/Metasploit/Nuclei
CVE-2021-21973,5.3,0.16328,"The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information disclosure. This affects: VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).",2021-02-24 17:15:15.923,CISA/Nuclei
CVE-2021-21975,7.5,0.97384,Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials.,2021-03-31 18:15:14.597,EPSS/CISA/Metasploit/Nuclei
CVE-2021-21978,9.8,0.97484,VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Improper input validation and lack of authorization leading to arbitrary file upload in logupload web application. An unauthorized attacker with network access to View Planner Harness could upload and execute a specially crafted file leading to remote code execution within the logupload container.,2021-03-03 18:15:14.177,EPSS/Metasploit/Nuclei
CVE-2021-21983,6.5,0.00248,Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system.,2021-03-31 18:15:14.723,Metasploit
CVE-2021-21985,9.8,0.97395,The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.,2021-05-26 15:15:07.937,EPSS/CISA/Metasploit/Nuclei
CVE-2021-22005,9.8,0.97357,The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file.,2021-09-23 12:15:07.707,EPSS/CISA/Metasploit/Nuclei
CVE-2021-22015,7.8,0.00045,The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. An authenticated local user with non-administrative privilege may exploit these issues to elevate their privileges to root on vCenter Server Appliance.,2021-09-23 13:15:07.827,Metasploit
CVE-2021-22017,5.3,0.08495,Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to bypass proxy leading to internal endpoints being accessed.,2021-09-23 13:15:08.207,CISA
CVE-2021-22053,8.8,0.54052,"Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf` expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at `/hystrix/monitor;[user-provided data]`, the path elements following `hystrix/monitor` are being evaluated as SpringEL expressions, which can lead to code execution.",2021-11-19 16:15:07.657,Nuclei
CVE-2021-22054,7.5,0.75751,"VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information.",2021-12-17 17:15:12.590,Nuclei
CVE-2021-22122,6.1,0.0548,"An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to perform a reflected cross site scripting attack (XSS) by injecting malicious payload in different vulnerable API end-points.",2021-02-08 16:15:12.080,Nuclei
CVE-2021-22145,6.5,0.96241,A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the ability to submit arbitrary queries to Elasticsearch could submit a malformed query that would result in an error message returned containing previously used portions of a data buffer. This buffer could contain sensitive information such as Elasticsearch documents or authentication details.,2021-07-21 15:15:14.063,EPSS/Metasploit/Nuclei
CVE-2021-22204,7.8,0.89007,Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image,2021-04-23 18:15:08.127,CISA
CVE-2021-22205,10.0,0.97463,An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.,2021-04-23 18:15:08.167,EPSS/CISA/Metasploit/Nuclei
CVE-2021-22214,8.6,0.09317,"When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is limited",2021-06-08 15:15:07.817,Nuclei
CVE-2021-22502,9.8,0.96381,"Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The vulnerability could be exploited to allow Remote Code Execution on the OBR server.",2021-02-08 22:15:12.527,EPSS/CISA/Metasploit/Nuclei
CVE-2021-22506,7.5,0.00425,"Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0. The vulnerability could cause information leakage.",2021-03-26 14:15:11.967,CISA
CVE-2021-22555,7.8,0.00213,A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space,2021-07-07 12:15:08.453,Metasploit
CVE-2021-22600,7.0,0.00067,A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755,2022-01-26 14:15:08.123,CISA
CVE-2021-22652,9.8,0.08106,"Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution.",2021-02-11 18:15:17.003,Metasploit
CVE-2021-22707,9.8,0.39995,"A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to issue unauthorized commands to the charging station web server with administrative privileges.",2021-07-21 15:15:14.200,Nuclei
CVE-2021-22873,6.1,0.01301,"Revive Adserver before 5.1.0 is vulnerable to open redirects via the `dest`, `oadest`, and/or `ct0` parameters of the lg.php and ck.php delivery scripts. Such open redirects had previously been available by design to allow third party ad servers to track such metrics when delivering ads. However, third party click tracking via redirects is not a viable option anymore, leading to such open redirect functionality being removed and reclassified as a vulnerability.",2021-01-26 18:16:19.163,Nuclei
CVE-2021-22893,10.0,0.96131,Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. This vulnerability has been exploited in the wild.,2021-04-23 17:15:08.127,EPSS/CISA
CVE-2021-22894,8.8,0.00562,A buffer overflow vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to execute arbitrary code as the root user via maliciously crafted meeting room.,2021-05-27 12:15:07.923,CISA
CVE-2021-22899,8.8,0.00287,A command injection vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to perform remote code execution via Windows Resource Profiles Feature,2021-05-27 12:15:07.963,CISA
CVE-2021-22900,7.2,0.00517,A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface.,2021-05-27 12:15:07.997,CISA
CVE-2021-22911,9.8,0.95326,"A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection, resulting potentially in RCE.",2021-05-27 12:15:08.153,EPSS/Nuclei
CVE-2021-22941,9.8,0.01186,Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an unauthenticated attacker to remotely compromise the storage zones controller.,2021-09-23 13:15:08.620,CISA
CVE-2021-22986,9.8,0.97372,"On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2, the iControl REST interface has an unauthenticated remote command execution vulnerability. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.",2021-03-31 15:15:15.153,EPSS/CISA/Metasploit/Nuclei
CVE-2021-22991,9.8,0.82893,"On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3, undisclosed requests to a virtual server may be incorrectly handled by the Traffic Management Microkernel (TMM) URI normalization, which may trigger a buffer overflow, resulting in a DoS attack. In certain situations, it may theoretically allow bypass of URL based access control or remote code execution (RCE). Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.",2021-03-31 18:15:14.787,CISA
CVE-2021-23241,5.3,0.0041,"MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ in conjunction with a loginLess or login.htm URI (for authentication bypass) to the web server, as demonstrated by the /loginLess/../../etc/passwd URI.",2021-01-07 21:15:14.040,Nuclei
CVE-2021-23758,9.8,0.36279,"All versions of package ajaxpro.2 are vulnerable to Deserialization of Untrusted Data due to the possibility of deserialization of arbitrary .NET classes, which can be abused to gain remote code execution.",2021-12-03 20:15:07.557,Metasploit
CVE-2021-23874,7.8,0.00114,Arbitrary Process Execution vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and execute arbitrary code bypassing MTP self-defense.,2021-02-10 11:15:12.943,CISA
CVE-2021-24145,7.2,0.96286,"Arbitrary file upload in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly check the imported file, allowing PHP ones to be uploaded by administrator by using the 'text/csv' content-type in the request.",2021-03-18 15:15:15.400,EPSS/Metasploit/Nuclei
CVE-2021-24146,7.5,0.02431,"Lack of authorisation checks in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format for example.",2021-03-18 15:15:15.480,Nuclei
CVE-2021-24150,7.5,0.01939,The LikeBtn WordPress Like Button Rating ♥ LikeBtn WordPress plugin before 2.6.32 was vulnerable to Unauthenticated Full-Read Server-Side Request Forgery (SSRF).,2021-04-05 19:15:14.357,Nuclei
CVE-2021-24155,7.2,0.96297,"The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users (admin+) to upload arbitrary files, including PHP ones, leading to RCE.",2021-04-05 19:15:14.700,EPSS/Metasploit/Nuclei
CVE-2021-24165,6.1,0.00129,"In the Ninja Forms Contact Form WordPress plugin before 3.4.34, the wp_ajax_nf_oauth_connect AJAX action was vulnerable to open redirect due to the use of a user supplied redirect parameter and no protection in place.",2021-04-05 19:15:15.437,Nuclei
CVE-2021-24169,6.1,0.0021,This Advanced Order Export For WooCommerce WordPress plugin before 3.1.8 helps you to easily export WooCommerce order data. The tab parameter in the Admin Panel is vulnerable to reflected XSS.,2021-04-05 19:15:15.733,Nuclei
CVE-2021-24176,5.4,0.00186,"The JH 404 Logger WordPress plugin through 1.1 doesn't sanitise the referer and path of 404 pages, when they are output in the dashboard, which leads to executing arbitrary JavaScript code in the WordPress dashboard.",2021-04-05 19:15:16.187,Nuclei
CVE-2021-24210,6.1,0.00167,There is an open redirect in the PhastPress WordPress plugin before 1.111 that allows an attacker to malform a request to a page with the plugin and then redirect the victim to a malicious page. There is also a support comment from another user one year ago (https://wordpress.org/support/topic/phast-php-used-for-remote-fetch/) that says that the php involved in the request only go to whitelisted pages but it's possible to redirect the victim to any domain.,2021-04-05 19:15:17.467,Nuclei
CVE-2021-24214,6.1,0.00337,"The OpenID Connect Generic Client WordPress plugin 3.8.0 and 3.8.1 did not sanitise the login error when output back in the login form, leading to a reflected Cross-Site Scripting issue. This issue does not require authentication and can be exploited with the default configuration.",2021-05-06 13:15:11.400,Nuclei
CVE-2021-24215,9.8,0.33112,"An Improper Access Control vulnerability was discovered in the Controlled Admin Access WordPress plugin before 1.5.2. Uncontrolled access to the website customization functionality and global CMS settings, like /wp-admin/customization.php and /wp-admin/options.php, can lead to a complete compromise of the target resource.",2021-04-12 14:15:15.133,Nuclei
CVE-2021-24226,7.5,0.02618,"In the AccessAlly WordPress plugin before 3.5.7, the file ""resource/frontend/product/product-shortcode.php"" responsible for the [accessally_order_form] shortcode is dumping serialize($_SERVER), which contains all environment variables. The leakage occurs on all public facing pages containing the [accessally_order_form] shortcode, no login or administrator role is required.",2021-04-12 14:15:15.913,Nuclei
CVE-2021-24227,7.5,0.0223,"The Jetpack Scan team identified a Local File Disclosure vulnerability in the Patreon WordPress plugin before 1.7.0 that could be abused by anyone visiting the site. Using this attack vector, an attacker could leak important internal files like wp-config.php, which contains database credentials and cryptographic keys used in the generation of nonces and cookies.",2021-04-12 14:15:15.977,Nuclei
CVE-2021-24235,6.1,0.00119,"The Goto WordPress theme before 2.0 does not sanitise the keywords and start_date GET parameter on its Tour List page, leading to an unauthenticated reflected Cross-Site Scripting issue.",2021-04-22 21:15:09.730,Nuclei
CVE-2021-24236,9.8,0.15951,"The Imagements WordPress plugin through 1.2.5 allows images to be uploaded in comments, however only checks for the Content-Type in the request to forbid dangerous files. This allows unauthenticated attackers to upload arbitrary files by using a valid image Content-Type along with a PHP filename and code, leading to RCE.",2021-05-06 13:15:11.430,Nuclei
CVE-2021-24237,6.1,0.00265,"The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, did not properly sanitise the keyword_search, search_radius. _bedrooms and _bathrooms GET parameters before outputting them in its properties page, leading to an unauthenticated reflected Cross-Site Scripting issue.",2021-04-22 21:15:09.763,Nuclei
CVE-2021-24239,6.1,0.00136,"The Pie Register – User Registration Forms. Invitation based registrations, Custom Login, Payments WordPress plugin before 3.7.0.1 does not sanitise the invitaion_code GET parameter when outputting it in the Activation Code page, leading to a reflected Cross-Site Scripting issue.",2021-04-22 21:15:09.830,Nuclei
CVE-2021-24245,6.1,0.00249,"The Stop Spammers WordPress plugin before 2021.9 did not escape user input when blocking requests (such as matching a spam word), outputting it in an attribute after sanitising it to remove HTML tags, which is not sufficient and lead to a reflected Cross-Site Scripting issue.",2021-05-06 13:15:11.530,Nuclei
CVE-2021-24274,6.1,0.00217,"The Ultimate Maps by Supsystic WordPress plugin before 1.2.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue",2021-05-05 19:15:08.583,Nuclei
CVE-2021-24275,6.1,0.00249,"The Popup by Supsystic WordPress plugin before 1.10.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue",2021-05-05 19:15:08.623,Nuclei
CVE-2021-24276,6.1,0.00249,"The Contact Form by Supsystic WordPress plugin before 1.7.15 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue",2021-05-05 19:15:08.660,Nuclei
CVE-2021-24278,7.5,0.05157,"In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, unauthenticated users can use the wpcf7r_get_nonce AJAX action to retrieve a valid nonce for any WordPress action/function.",2021-05-14 12:15:08.197,Nuclei
CVE-2021-24284,9.8,0.96712,The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows unauthenticated arbitrary file upload via the 'uploadFontIcon' AJAX action. The supplied zipfile being unzipped in the wp-content/uploads/kaswara/fonts_icon directory with no checks for malicious files such as PHP.,2021-05-14 12:15:08.387,EPSS/Nuclei
CVE-2021-24285,9.8,0.11694,"The request_list_request AJAX call of the Car Seller - Auto Classifieds Script WordPress plugin through 2.1.0, available to both authenticated and unauthenticated users, does not sanitise, validate or escape the order_id POST parameter before using it in a SQL statement, leading to a SQL Injection issue.",2021-05-14 12:15:08.420,Nuclei
CVE-2021-24286,6.1,0.00249,"The settings page of the Redirect 404 to parent WordPress plugin before 1.3.1 did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue",2021-05-14 12:15:08.457,Nuclei
CVE-2021-24287,6.1,0.00249,"The settings page of the Select All Categories and Taxonomies, Change Checkbox to Radio Buttons WordPress plugin before 1.3.2 did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue",2021-05-14 12:15:08.490,Nuclei
CVE-2021-24288,6.1,0.00137,"When subscribing using AcyMailing, the 'redirect' parameter isn't properly sanitized. Turning the request from POST to GET, an attacker can craft a link containing a potentially malicious landing page and send it to the victim.",2021-05-17 17:15:08.080,Nuclei
CVE-2021-24291,6.1,0.00102,"The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin before 1.5.69 was vulnerable to Reflected Cross-Site Scripting (XSS) issues via the gallery_id, tag, album_id and _id GET parameters passed to the bwg_frontend_data AJAX action (available to both unauthenticated and authenticated users)",2021-05-14 12:15:08.523,Nuclei
CVE-2021-24298,6.1,0.00123,"The method and share GET parameters of the Giveaway pages were not sanitised, validated or escaped before being output back in the pages, thus leading to reflected XSS",2021-05-24 11:15:08.143,Nuclei
CVE-2021-24300,6.1,0.00338,"The slider import search feature of the PickPlugins Product Slider for WooCommerce WordPress plugin before 1.13.22 did not properly sanitised the keyword GET parameter, leading to reflected Cross-Site Scripting issue",2021-05-24 11:15:08.177,Nuclei
CVE-2021-24316,6.1,0.00317,"The search feature of the Mediumish WordPress theme through 1.0.47 does not properly sanitise it's 's' GET parameter before output it back the page, leading to the Cross-SIte Scripting issue.",2021-06-01 14:15:08.953,Nuclei
CVE-2021-24320,6.1,0.00123,"The Bello - Directory & Listing WordPress theme before 1.6.0 did not properly sanitise and escape its listing_list_view, bt_bb_listing_field_my_lat, bt_bb_listing_field_my_lng, bt_bb_listing_field_distance_value, bt_bb_listing_field_my_lat_default, bt_bb_listing_field_keyword, bt_bb_listing_field_location_autocomplete, bt_bb_listing_field_price_range_from and bt_bb_listing_field_price_range_to parameter in ints listing page, leading to reflected Cross-Site Scripting issues.",2021-06-01 14:15:09.187,Nuclei
CVE-2021-24335,6.1,0.00181,"The Car Repair Services & Auto Mechanic WordPress theme before 4.0 did not properly sanitise its serviceestimatekey search parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting issue",2021-06-01 14:15:09.640,Nuclei
CVE-2021-24340,7.5,0.01606,"The WP Statistics WordPress plugin before 13.0.8 relied on using the WordPress esc_sql() function on a field not delimited by quotes and did not first prepare the query. Additionally, the page, which should have been accessible to administrator only, was also available to any visitor, including unauthenticated ones.",2021-06-07 11:15:16.677,Nuclei
CVE-2021-24342,6.1,0.00113,"The JNews WordPress theme before 8.0.6 did not sanitise the cat_id parameter in the POST request /?ajax-request=jnews (with action=jnews_build_mega_category_*), leading to a Reflected Cross-Site Scripting (XSS) issue.",2021-06-07 11:15:16.740,Nuclei
CVE-2021-24347,8.8,0.96872,"The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that php files could still be uploaded by changing the file extension's case, for example, from ""php"" to ""pHP"".",2021-06-14 14:15:08.200,EPSS/Metasploit/Nuclei
CVE-2021-24351,6.1,0.00154,"The theplus_more_post AJAX action of The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.12 did not properly sanitise some of its fields, leading to a reflected Cross-Site Scripting (exploitable on both unauthenticated and authenticated users)",2021-06-14 14:15:08.527,Nuclei
CVE-2021-24358,6.1,0.00329,"The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.10 did not validate a redirect parameter on a specifically crafted URL before redirecting the user to it, leading to an Open Redirect issue.",2021-06-14 14:15:08.940,Nuclei
CVE-2021-24364,6.1,0.00113,"The Jannah WordPress theme before 5.4.4 did not properly sanitize the options JSON parameter in its tie_get_user_weather AJAX action before outputting it back in the page, leading to a Reflected Cross-Site Scripting (XSS) vulnerability.",2021-06-21 20:15:08.417,Nuclei
CVE-2021-24370,9.8,0.3459,"The Fancy Product Designer WordPress plugin before 4.6.9 allows unauthenticated attackers to upload arbitrary files, resulting in remote code execution.",2021-06-21 20:15:08.727,Nuclei
CVE-2021-24387,6.1,0.00154,"The WP Pro Real Estate 7 WordPress theme before 3.1.1 did not properly sanitise the ct_community parameter in its search listing page before outputting it back in it, leading to a reflected Cross-Site Scripting which can be triggered in both unauthenticated or authenticated user context",2021-07-06 11:15:08.913,Nuclei
CVE-2021-24389,6.1,0.00168,"The WP Foodbakery WordPress plugin before 2.2, used in the FoodBakery WordPress theme before 2.2 did not properly sanitize the foodbakery_radius parameter before outputting it back in the response, leading to an unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability.",2021-07-06 11:15:09.040,Nuclei
CVE-2021-24406,6.1,0.00137,"The wpForo Forum WordPress plugin before 1.9.7 did not validate the redirect_to parameter in the login form of the forum, leading to an open redirect issue after a successful login. Such issue could allow an attacker to induce a user to use a login URL redirecting to a website under their control and being a replica of the legitimate one, asking them to re-enter their credentials (which will then in the attacker hands)",2021-07-06 11:15:09.183,Nuclei
CVE-2021-24407,6.1,0.00207,"The Jannah WordPress theme before 5.4.5 did not properly sanitize the 'query' POST parameter in its tie_ajax_search AJAX action, leading to a Reflected Cross-site Scripting (XSS) vulnerability.",2021-07-06 11:15:09.247,Nuclei
CVE-2021-24409,6.1,0.00171,"The Prismatic WordPress plugin before 2.8 does not escape the 'tab' GET parameter before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator",2021-07-12 20:15:08.797,Nuclei
CVE-2021-24435,6.1,0.00172,"The iframe-font-preview.php file of the titan-framework does not properly escape the font-weight and font-family GET parameters before outputting them back in an href attribute, leading to Reflected Cross-Site Scripting issues",2021-09-06 11:15:08.133,Nuclei
CVE-2021-24436,6.1,0.00106,"The W3 Total Cache WordPress plugin before 2.1.4 was vulnerable to a reflected Cross-Site Scripting (XSS) security vulnerability within the ""extension"" parameter in the Extensions dashboard, which is output in an attribute without being escaped first. This could allow an attacker, who can convince an authenticated admin into clicking a link, to run malicious JavaScript within the user's web browser, which could lead to full site compromise.",2021-07-19 11:15:08.403,Nuclei
CVE-2021-24442,9.8,0.10381,"The Poll, Survey, Questionnaire and Voting system WordPress plugin before 1.5.3 did not sanitise, escape or validate the date_answers[] POST parameter before using it in a SQL statement when sending a Poll result, allowing unauthenticated users to perform SQL Injection attacks",2021-07-12 20:15:09.777,Nuclei
CVE-2021-24452,6.1,0.00106,"The W3 Total Cache WordPress plugin before 2.1.5 was affected by a reflected Cross-Site Scripting (XSS) issue within the ""extension"" parameter in the Extensions dashboard, when the 'Anonymously track usage to improve product quality' setting is enabled, as the parameter is output in a JavaScript context without proper escaping. This could allow an attacker, who can convince an authenticated admin into clicking a link, to run malicious JavaScript within the user's web browser, which could lead to full site compromise.",2021-07-19 11:15:08.627,Nuclei
CVE-2021-24472,9.8,0.0359,"The OnAir2 WordPress theme before 3.9.9.2 and QT KenthaRadio WordPress plugin before 2.0.2 have exposed proxy functionality to unauthenticated users, sending requests to this proxy functionality will have the web server fetch and display the content from any URI, this would allow for SSRF (Server Side Request Forgery) and RFI (Remote File Inclusion) vulnerabilities on the website.",2021-08-02 11:15:10.127,Nuclei
CVE-2021-24488,6.1,0.00338,"The slider import search feature and tab parameter of the Post Grid WordPress plugin before 2.1.8 settings are not properly sanitised before being output back in the pages, leading to Reflected Cross-Site Scripting issues",2021-08-02 11:15:10.843,Nuclei
CVE-2021-24495,6.1,0.00123,"The Marmoset Viewer WordPress plugin before 1.9.3 does not property sanitize, validate or escape the 'id' parameter before outputting back in the page, leading to a reflected Cross-Site Scripting issue.",2021-08-09 10:15:07.327,Nuclei
CVE-2021-24498,6.1,0.00171,"The Calendar Event Multi View WordPress plugin before 1.4.01 does not sanitise or escape the 'start' and 'end' GET parameters before outputting them in the page (via php/edit.php), leading to a reflected Cross-Site Scripting issue.",2021-08-02 11:15:11.033,Nuclei
CVE-2021-24499,9.8,0.10936,"The Workreap WordPress theme before 2.2.2 AJAX actions workreap_award_temp_file_uploader and workreap_temp_file_uploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to the uploads/workreap-temp directory. Uploaded files were neither sanitized nor validated, allowing an unauthenticated visitor to upload executable code such as php scripts.",2021-08-09 10:15:07.397,Nuclei
CVE-2021-24510,6.1,0.00127,"The MF Gig Calendar WordPress plugin before 1.2 does not sanitise and escape the id GET parameter before outputting back in the admin dashboard when editing an Event, leading to a reflected Cross-Site Scripting issue",2021-09-13 18:15:15.800,Nuclei
CVE-2021-24554,7.2,0.29142,"The Paytm – Donation Plugin WordPress plugin through 1.3.2 does not sanitise, validate or escape the id GET parameter before using it in a SQL statement when deleting donations, leading to an authenticated SQL injection issue",2021-08-23 12:15:09.847,Nuclei
CVE-2021-24627,7.2,0.30355,"The G Auto-Hyperlink WordPress plugin through 1.0.1 does not sanitise or escape an 'id' GET parameter before using it in a SQL statement, to select data to be displayed in the admin dashboard, leading to an authenticated SQL injection",2021-11-08 18:15:08.433,Nuclei
CVE-2021-24647,8.1,0.17898,"The Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.1.7.6 has a flaw in the social login implementation, allowing unauthenticated attacker to login as any user on the site by only knowing their user ID or username",2021-11-08 18:15:08.803,Nuclei
CVE-2021-24666,9.8,0.28906,"The Podlove Podcast Publisher WordPress plugin before 3.5.6 contains a 'Social & Donations' module (not activated by default), which adds the rest route '/services/contributor/(?P<id>[\d]+), takes an 'id' and 'category' parameters as arguments. Both parameters can be used for the SQLi.",2021-09-27 16:15:09.107,Nuclei
CVE-2021-24731,9.8,0.26219,"The Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.7.1.6 does not properly escape user data before using it in a SQL statement in the wp-json/pie/v1/login REST API endpoint, leading to an SQL injection.",2021-11-08 18:15:09.557,Nuclei
CVE-2021-24746,6.1,0.00106,"The Social Sharing Plugin WordPress plugin before 3.3.40 does not escape the viewed post URL before outputting it back in onclick attributes when the ""Enable 'More' icon"" option is enabled (which is the default setting), leading to a Reflected Cross-Site Scripting issue.",2022-03-28 18:15:08.313,Nuclei
CVE-2021-24750,8.8,0.02891,"The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 4.8 does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which could allow users with a role as low as subscriber to perform SQL injection attacks",2021-12-21 09:15:06.987,Nuclei
CVE-2021-24762,9.8,0.27766,"The Perfect Survey WordPress plugin before 1.5.2 does not validate and escape the question_id GET parameter before using it in a SQL statement in the get_question AJAX action, allowing unauthenticated users to perform SQL injection.",2022-02-01 13:15:08.387,Nuclei
CVE-2021-24791,7.2,0.20068,"The Header Footer Code Manager WordPress plugin before 1.1.14 does not validate and escape the ""orderby"" and ""order"" request parameters before using them in a SQL statement when viewing the Snippets admin dashboard, leading to SQL injections",2021-11-08 18:15:09.867,Nuclei
CVE-2021-24827,9.8,0.21294,"The Asgaros Forum WordPress plugin before 1.15.13 does not validate and escape user input when subscribing to a topic before using it in a SQL statement, leading to an unauthenticated SQL injection issue",2021-11-08 18:15:10.187,Nuclei
CVE-2021-24838,6.1,0.00106,"The AnyComment WordPress plugin before 0.3.5 has an API endpoint which passes user input via the redirect parameter to the wp_redirect() function without being validated first, leading to an Open Redirect issue, which according to the vendor, is a feature.",2022-01-17 13:15:07.577,Nuclei
CVE-2021-24849,9.8,0.02568,"The wcfm_ajax_controller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL injections",2021-12-21 09:15:07.090,Nuclei
CVE-2021-24862,7.2,0.67416,"The RegistrationMagic WordPress plugin before 5.0.1.6 does not escape user input in its rm_chronos_ajax AJAX action before using it in a SQL statement when duplicating tasks in batches, which could lead to a SQL injection issue",2022-01-10 16:15:08.677,Metasploit/Nuclei
CVE-2021-24875,6.1,0.00143,"The eCommerce Product Catalog Plugin for WordPress plugin before 3.0.39 does not escape the ic-settings-search parameter before outputting it back in the page in an attribute, leading to a Reflected Cross-Site Scripting issue",2021-11-23 20:15:10.140,Nuclei
CVE-2021-24891,6.1,0.00116,"The Elementor Website Builder WordPress plugin before 3.4.8 does not sanitise or escape user input appended to the DOM via a malicious hash, resulting in a DOM Cross-Site Scripting issue.",2021-11-23 20:15:10.397,Nuclei
CVE-2021-24910,6.1,0.00086,"The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape the a parameter via an AJAX action (available to both unauthenticated and authenticated users when the curl library is installed) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue",2022-08-22 15:15:12.873,Nuclei
CVE-2021-24915,9.8,0.39709,"The Contest Gallery WordPress plugin before 13.1.0.6 does not have capability checks and does not sanitise or escape the cg-search-user-name-original parameter before using it in a SQL statement when exporting users from a gallery, which could allow unauthenticated to perform SQL injections attacks, as well as get the list of all users registered on the blog, including their username and email address",2021-11-29 09:15:07.970,Nuclei
CVE-2021-24917,7.5,0.04098,The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user.,2021-12-06 16:15:08.137,Metasploit/Nuclei
CVE-2021-24926,6.1,0.00171,"The Domain Check WordPress plugin before 1.0.17 does not sanitise and escape the domain parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting issue",2022-02-01 13:15:08.897,Nuclei
CVE-2021-24931,9.8,0.48176,"The Secure Copy Content Protection and Content Locking WordPress plugin before 2.8.2 does not escape the sccp_id parameter of the ays_sccp_results_export_file AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an SQL injection.",2021-12-06 16:15:08.417,Metasploit/Nuclei
CVE-2021-24940,6.1,0.00106,"The Persian Woocommerce WordPress plugin through 5.8.0 does not escape the s parameter before outputting it back in an attribute in the admin dashboard, which could lead to a Reflected Cross-Site Scripting issue",2022-03-14 15:15:08.557,Nuclei
CVE-2021-24943,9.8,0.3105,"The Registrations for the Events Calendar WordPress plugin before 2.7.6 does not sanitise and escape the event_id in the rtec_send_unregister_link AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an unauthenticated SQL injection.",2021-12-06 16:15:08.613,Nuclei
CVE-2021-24946,9.8,0.14263,"The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the time parameter before using it in a SQL statement in the mec_load_single_page AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue",2021-12-13 11:15:09.667,Metasploit/Nuclei
CVE-2021-24947,6.5,0.00281,"The RVM WordPress plugin before 6.4.2 does not have proper authorisation, CSRF checks and validation of the rvm_upload_regions_file_path parameter in the rvm_import_regions AJAX action, allowing any authenticated user, such as subscriber, to read arbitrary files on the web server",2022-02-07 16:15:43.453,Nuclei
CVE-2021-24956,6.1,0.00106,"The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.8.7 does not sanitise and escape the b2sShowByDate parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue",2021-12-21 09:15:07.240,Nuclei
CVE-2021-24970,7.2,0.02471,"The All-in-One Video Gallery WordPress plugin before 2.5.0 does not sanitise and validate the tab parameter before using it in a require statement in the admin dashboard, leading to a Local File Inclusion issue",2021-12-13 11:15:09.873,Nuclei
CVE-2021-24979,6.1,0.001,"The Paid Memberships Pro WordPress plugin before 2.6.6 does not escape the s parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting",2021-12-27 11:15:09.190,Nuclei
CVE-2021-24987,6.1,0.00086,"The Social Share, Social Login and Social Comments Plugin WordPress plugin before 7.13.30 does not sanitise and escape the urls parameter in its the_champ_sharing_count AJAX action (available to both unauthenticated and authenticated users) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue.",2022-04-11 15:15:07.970,Nuclei
CVE-2021-24991,4.8,0.00069,"The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.10.5 does not escape the tab and section parameters before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in the admin dashboard",2022-01-03 13:15:08.627,Nuclei
CVE-2021-24997,6.5,0.0019,"The WP Guppy WordPress plugin before 1.3 does not have any authorisation in some of the REST API endpoints, allowing any user to call them and could lead to sensitive information disclosure, such as usernames and chats between users, as well as be able to send messages as an arbitrary user",2021-12-27 11:15:09.463,Nuclei
CVE-2021-25003,9.8,0.61181,"The WPCargo Track & Trace WordPress plugin before 6.9.0 contains a file which could allow unauthenticated attackers to write a PHP file anywhere on the web server, leading to RCE",2022-03-14 15:15:08.970,Nuclei
CVE-2021-25008,6.1,0.00106,"The Code Snippets WordPress plugin before 2.14.3 does not escape the snippets-safe-mode parameter before outputting it back in attributes, leading to a Reflected Cross-Site Scripting issue",2022-01-24 08:15:09.193,Nuclei
CVE-2021-25016,6.1,0.00106,"The Chaty WordPress plugin before 2.8.3 and Chaty Pro WordPress plugin before 2.8.2 do not sanitise and escape the search parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting",2022-01-03 13:15:08.890,Nuclei
CVE-2021-25028,6.1,0.00106,"The Event Tickets WordPress plugin before 5.2.2 does not validate the tribe_tickets_redirect_to parameter before redirecting the user to the given value, leading to an arbitrary redirect issue",2022-01-24 08:15:09.390,Nuclei
CVE-2021-25033,6.1,0.001,"The WordPress Newsletter Plugin WordPress plugin before 1.6.5 does not validate the to parameter before redirecting the user to its given value, leading to an open redirect issue",2022-02-14 12:15:15.003,Nuclei
CVE-2021-25052,8.8,0.01998,"The Button Generator WordPress plugin before 2.3.3 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or http:// protocols), thus leading to CSRF RCE.",2022-01-10 16:15:09.083,Nuclei
CVE-2021-25055,6.1,0.001,"The FeedWordPress plugin before 2022.0123 is affected by a Reflected Cross-Site Scripting (XSS) within the ""visibility"" parameter.",2022-02-21 11:15:08.437,Nuclei
CVE-2021-25063,6.1,0.00106,"The Skins for Contact Form 7 WordPress plugin before 2.5.1 does not sanitise and escape the tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting",2022-02-01 13:15:09.207,Nuclei
CVE-2021-25065,5.4,0.00069,The Smash Balloon Social Post Feed WordPress plugin before 4.1.1 was affected by a reflected XSS in custom-facebook-feed in cff-top admin page.,2022-01-17 13:15:08.077,Nuclei
CVE-2021-25067,5.4,0.00069,The Landing Page Builder WordPress plugin before 1.4.9.6 was affected by a reflected XSS in page-builder-add on the ulpb_post admin page.,2022-01-17 13:15:08.130,Nuclei
CVE-2021-25074,6.1,0.00106,"The WebP Converter for Media WordPress plugin before 4.0.3 contains a file (passthru.php) which does not validate the src parameter before redirecting the user to it, leading to an Open Redirect issue",2022-01-24 08:15:09.743,Nuclei
CVE-2021-25075,3.5,0.00071,"The Duplicate Page or Post WordPress plugin before 1.5.1 does not have any authorisation and has a flawed CSRF check in the wpdevart_duplicate_post_parametrs_save_in_db AJAX action, allowing any authenticated users, such as subscriber to call it and change the plugin's settings, or perform such attack via CSRF. Furthermore, due to the lack of escaping, this could lead to Stored Cross-Site Scripting issues",2022-02-21 11:15:08.703,Nuclei
CVE-2021-25078,6.1,0.00382,"The Affiliates Manager WordPress plugin before 2.9.0 does not validate, sanitise and escape the IP address of requests logged by the click tracking feature, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against admin viewing the tracked requests.",2022-01-24 08:15:09.837,Nuclei
CVE-2021-25079,6.1,0.001,"The Contact Form Entries WordPress plugin before 1.2.4 does not sanitise and escape various parameters, such as form_id, status, end_date, order, orderby and search before outputting them back in the admin page",2022-01-24 08:15:09.883,Nuclei
CVE-2021-25085,6.1,0.001,"The WOOF WordPress plugin before 1.2.6.3 does not sanitise and escape the woof_redraw_elements before outputing back in an admin page, leading to a Reflected Cross-Site Scripting",2022-02-01 13:15:09.307,Nuclei
CVE-2021-25099,6.1,0.001,"The GiveWP WordPress plugin before 2.17.3 does not sanitise and escape the form_id parameter before outputting it back in the response of an unauthenticated request via the give_checkout_login AJAX action, leading to a Reflected Cross-Site Scripting",2022-02-21 11:15:08.813,Nuclei
CVE-2021-25104,6.1,0.00106,"The Ocean Extra WordPress plugin before 1.9.5 does not escape generated links which are then used when the OceanWP is active, leading to a Reflected Cross-Site Scripting issue",2022-06-20 11:15:08.993,Nuclei
CVE-2021-25111,6.1,0.00106,"The English WordPress Admin WordPress plugin before 1.5.2 does not validate the admin_custom_language_return_url before redirecting users o it, leading to an open redirect issue",2022-04-25 16:16:07.170,Nuclei
CVE-2021-25112,6.1,0.001,"The WHMCS Bridge WordPress plugin before 6.4b does not sanitise and escape the error parameter before outputting it back in admin dashboard, leading to a Reflected Cross-Site Scripting",2022-02-28 09:15:08.673,Nuclei
CVE-2021-25114,9.8,0.02984,"The Paid Memberships Pro WordPress plugin before 2.6.7 does not escape the discount_code in one of its REST route (available to unauthenticated users) before using it in a SQL statement, leading to a SQL injection",2022-02-07 16:15:46.240,Nuclei
CVE-2021-25118,5.3,0.00123,The Yoast SEO WordPress plugin (from versions 16.7 until 17.2) discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints which could help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities.,2022-02-28 09:15:08.720,Nuclei
CVE-2021-25120,6.1,0.00106,"The Easy Social Feed Free and Pro WordPress plugins before 6.2.7 do not sanitise some of their parameters used via AJAX actions before outputting them back in the response, leading to Reflected Cross-Site Scripting issues",2022-04-18 18:15:08.127,Nuclei
CVE-2021-25281,9.8,0.85989,"An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master.",2021-02-27 05:15:13.847,Metasploit/Nuclei
CVE-2021-25282,9.1,0.85284,An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal.,2021-02-27 05:15:13.910,Metasploit
CVE-2021-25296,8.8,0.88079,"Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.",2021-02-15 13:15:12.683,CISA/Metasploit/Nuclei
CVE-2021-25297,8.8,0.88079,"Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.",2021-02-15 13:15:12.793,CISA/Metasploit/Nuclei
CVE-2021-25298,8.8,0.97215,"Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.",2021-02-15 13:15:12.857,EPSS/CISA/Metasploit/Nuclei
CVE-2021-25299,6.1,0.9644,"Nagios XI version xi-5.7.5 is affected by cross-site scripting (XSS). The vulnerability exists in the file /usr/local/nagiosxi/html/admin/sshterm.php due to improper sanitization of user-controlled input. A maliciously crafted URL, when clicked by an admin user, can be used to steal his/her session cookies or it can be chained with the previous bugs to get one-click remote command execution (RCE) on the Nagios XI server.",2021-02-15 13:15:12.920,EPSS/Nuclei
CVE-2021-25337,7.1,0.00096,Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to read or write certain local files.,2021-03-04 21:15:13.667,CISA
CVE-2021-25369,5.5,0.00118,An improper access control vulnerability in sec_log file prior to SMR MAR-2021 Release 1 exposes sensitive kernel information to userspace.,2021-03-26 19:15:12.040,CISA
CVE-2021-25370,4.4,0.002,An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 results in memory corruption leading to kernel panic.,2021-03-26 19:15:12.147,CISA
CVE-2021-25371,6.7,0.00078,A vulnerability in DSP driver prior to SMR Mar-2021 Release 1 allows attackers load arbitrary ELF libraries inside DSP.,2021-03-26 19:15:12.227,CISA
CVE-2021-25372,6.7,0.00078,An improper boundary check in DSP driver prior to SMR Mar-2021 Release 1 allows out of bounds memory access.,2021-03-26 19:15:12.303,CISA
CVE-2021-25394,6.4,0.00078,A use after free vulnerability via race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows arbitrary write given a radio privilege is compromised.,2021-06-11 15:15:08.957,CISA
CVE-2021-25395,6.4,0.00238,A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows local attackers to bypass signature check given a radio privilege is compromised.,2021-06-11 15:15:09.030,CISA
CVE-2021-25487,7.8,0.00067,Lack of boundary checking of a buffer in set_skb_priv() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read and it results in arbitrary code execution by dereference of invalid function pointer.,2021-10-06 18:15:09.567,CISA
CVE-2021-25489,5.5,0.00139,"Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic.",2021-10-06 18:15:09.667,CISA
CVE-2021-25646,8.8,0.97386,"Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. This functionality is intended for use in high-trust environments, and is disabled by default. However, in Druid 0.20.0 and earlier, it is possible for an authenticated user to send a specially-crafted request that forces Druid to run user-provided JavaScript code for that request, regardless of server configuration. This can be leveraged to execute code on the target machine with the privileges of the Druid server process.",2021-01-29 20:15:12.997,EPSS/Metasploit/Nuclei
CVE-2021-25864,7.5,0.29108,"node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Directory Traversal.in the res.sendFile API, used in file hue-magic.js, to fetch an arbitrary file.",2021-01-26 18:16:21.897,Nuclei
CVE-2021-25899,7.5,0.47958,An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. An unauthenticated attacker can send a crafted HTTP request to perform a blind time-based SQL Injection. The vulnerable parameter is param1.,2021-04-23 21:15:08.213,Nuclei
CVE-2021-26084,9.8,0.97445,"In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.",2021-08-30 07:15:06.587,EPSS/CISA/Metasploit/Nuclei
CVE-2021-26085,5.3,0.96108,"Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3.",2021-08-03 00:15:08.557,EPSS/CISA/Nuclei
CVE-2021-26086,5.3,0.88841,"Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1.",2021-08-16 01:15:06.353,Nuclei
CVE-2021-26247,6.1,0.00255,"As an unauthenticated remote user, visit ""http://<CACTI_SERVER>/auth_changepassword.php?ref=<script>alert(1)</script>"" to successfully execute the JavaScript payload present in the ""ref"" URL parameter.",2022-01-19 21:15:08.237,Nuclei
CVE-2021-26294,7.5,0.21969,"An issue was discovered in AfterLogic Aurora through 7.7.9 and WebMail Pro through 7.7.9. They allow directory traversal to read files (such as a data/settings/settings.xml file containing admin panel credentials), as demonstrated by dav/server.php/files/personal/%2e%2e when using the caldav_public_user account (with caldav_public_user as its password).",2021-03-07 04:15:12.957,Nuclei
CVE-2021-26295,9.8,0.97468,Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz.,2021-03-22 12:15:13.877,EPSS/Metasploit/Nuclei
CVE-2021-26411,8.8,0.04096,Internet Explorer Memory Corruption Vulnerability,2021-03-11 16:15:13.863,CISA
CVE-2021-26475,6.1,0.00187,EPrints 3.4.2 exposes a reflected XSS opportunity in the via a cgi/cal URI.,2021-03-01 22:15:13.973,Nuclei
CVE-2021-26598,5.3,0.03958,"ImpressCMS before 1.4.3 has Incorrect Access Control because include/findusers.php allows access by unauthenticated attackers (who are, by design, able to have a security token).",2022-03-28 01:15:06.840,Nuclei
CVE-2021-26702,6.1,0.00187,EPrints 3.4.2 exposes a reflected XSS opportunity in the dataset parameter to the cgi/dataset_dictionary URI.,2021-03-01 22:15:14.117,Nuclei
CVE-2021-26710,6.1,0.00116,A cross-site scripting (XSS) issue in the login panel in Redwood Report2Web 4.3.4.5 and 4.5.3 allows remote attackers to inject JavaScript via the signIn.do urll parameter.,2021-02-05 14:15:18.840,Nuclei
CVE-2021-26723,6.1,0.07461,Jenzabar 9.2.x through 9.2.2 allows /ics?tool=search&query= XSS.,2021-02-06 06:15:12.287,Nuclei
CVE-2021-26812,6.1,0.00464,"Cross Site Scripting (XSS) in the Jitsi Meet 2.7 through 2.8.3 plugin for Moodle via the ""sessionpriv.php"" module. This allows attackers to craft a malicious URL, which when clicked on by users, can inject javascript code to be run by the application.",2021-04-14 14:15:13.413,Nuclei
CVE-2021-26855,9.1,0.97497,Microsoft Exchange Server Remote Code Execution Vulnerability,2021-03-03 00:15:12.103,EPSS/CISA/Nuclei
CVE-2021-26857,7.8,0.68319,Microsoft Exchange Server Remote Code Execution Vulnerability,2021-03-03 00:15:12.167,CISA
CVE-2021-26858,7.8,0.22253,Microsoft Exchange Server Remote Code Execution Vulnerability,2021-03-03 00:15:12.227,CISA
CVE-2021-26914,8.1,0.74899,NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in MvcUtil valueStringToObject.,2021-02-08 22:15:12.763,Metasploit
CVE-2021-27059,7.6,0.27906,Microsoft Office Remote Code Execution Vulnerability,2021-03-11 16:15:17.583,CISA
CVE-2021-27065,7.8,0.96488,Microsoft Exchange Server Remote Code Execution Vulnerability,2021-03-03 00:15:12.307,EPSS/CISA/Metasploit
CVE-2021-27085,8.8,0.27841,Internet Explorer Remote Code Execution Vulnerability,2021-03-11 16:15:18.677,CISA
CVE-2021-27101,9.8,0.00761,Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to document_root.html. The fixed version is FTA_9_12_380 and later.,2021-02-16 21:15:13.077,CISA
CVE-2021-27102,7.8,0.00083,Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call. The fixed version is FTA_9_12_416 and later.,2021-02-16 21:15:13.140,CISA
CVE-2021-27103,9.8,0.01217,Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html. The fixed version is FTA_9_12_416 and later.,2021-02-16 21:15:13.217,CISA
CVE-2021-27104,9.8,0.01427,Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. The fixed version is FTA_9_12_380 and later.,2021-02-16 21:15:13.280,CISA
CVE-2021-27124,6.5,0.02012,SQL injection in the expertise parameter in search_result.php in Doctor Appointment System v1.0 allows an authenticated patient user to dump the database credentials via a SQL injection attack.,2021-02-18 04:15:11.620,Nuclei
CVE-2021-27132,9.8,0.03793,SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header.,2021-02-27 06:15:12.493,Nuclei
CVE-2021-27309,6.1,0.00106,"Clansphere CMS 2011.4 allows unauthenticated reflected XSS via ""module"" parameter.",2021-03-23 14:15:13.337,Nuclei
CVE-2021-27310,6.1,0.00106,"Clansphere CMS 2011.4 allows unauthenticated reflected XSS via ""language"" parameter.",2021-03-23 14:15:13.413,Nuclei
CVE-2021-27314,9.8,0.45523,SQL injection in admin.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via username parameter at login page.,2021-03-05 00:15:12.577,Nuclei
CVE-2021-27315,7.5,0.0868,Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via the comment parameter.,2021-03-24 14:15:13.720,Nuclei
CVE-2021-27316,7.5,0.0868,Blind SQL injection in contactus.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via lastname parameter.,2021-03-24 14:15:13.830,Nuclei
CVE-2021-27319,7.5,0.0868,Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via email parameter.,2021-03-24 14:15:14.033,Nuclei
CVE-2021-27320,7.5,0.12137,Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via firstname parameter.,2021-03-24 14:15:14.110,Nuclei
CVE-2021-27330,6.1,0.00437,"Triconsole Datepicker Calendar <3.77 is affected by cross-site scripting (XSS) in calendar_form.php. Attackers can read authentication cookies that are still active, which can be used to perform further attacks such as reading browser history, directory listings, and file contents.",2021-02-25 16:15:12.260,Nuclei
CVE-2021-27358,7.5,0.0313,The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set.,2021-03-18 20:15:13.253,Nuclei
CVE-2021-27519,6.1,0.00308,"A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the ""srch"" parameter.",2021-03-19 19:15:13.913,Nuclei
CVE-2021-27520,6.1,0.00308,"A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the ""author"" parameter.",2021-03-19 19:15:13.977,Nuclei
CVE-2021-27561,9.8,0.97448,"Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication.",2021-10-15 18:15:07.490,EPSS/CISA/Nuclei
CVE-2021-27562,5.5,0.95412,"In Arm Trusted Firmware M through 1.2, the NS world may trigger a system halt, an overwrite of secure data, or the printing out of secure data when calling secure functions under the NSPE handler mode.",2021-05-25 19:15:07.737,EPSS/CISA
CVE-2021-27651,9.8,0.06797,"In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset functionality for local accounts can be used to bypass local authentication checks.",2021-04-29 15:15:10.917,Nuclei
CVE-2021-27670,9.8,0.58538,Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter.,2021-02-25 01:15:13.163,Nuclei
CVE-2021-27850,9.8,0.97337,"A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. The vulnerability I have found is a bypass of the fix for CVE-2019-0195. Recap: Before the fix of CVE-2019-0195 it was possible to download arbitrary class files from the classpath by providing a crafted asset file URL. An attacker was able to download the file `AppModule.class` by requesting the URL `http://localhost:8080/assets/something/services/AppModule.class` which contains a HMAC secret key. The fix for that bug was a blacklist filter that checks if the URL ends with `.class`, `.properties` or `.xml`. Bypass: Unfortunately, the blacklist solution can simply be bypassed by appending a `/` at the end of the URL: `http://localhost:8080/assets/something/services/AppModule.class/` The slash is stripped after the blacklist check and the file `AppModule.class` is loaded into the response. This class usually contains the HMAC secret key which is used to sign serialized Java objects. With the knowledge of that key an attacker can sign a Java gadget chain that leads to RCE (e.g. CommonsBeanUtils1 from ysoserial). Solution for this vulnerability: * For Apache Tapestry 5.4.0 to 5.6.1, upgrade to 5.6.2 or later. * For Apache Tapestry 5.7.0, upgrade to 5.7.1 or later.",2021-04-15 08:15:14.823,EPSS/Metasploit/Nuclei
CVE-2021-27852,9.8,0.01562,Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll of Checkbox Survey allows an unauthenticated remote attacker to execute arbitrary code. This issue affects: Checkbox Survey versions prior to 7.,2021-05-27 21:15:20.567,CISA
CVE-2021-27860,8.8,0.07224,"A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this vulnerability is FPSA006.",2021-12-08 17:15:10.800,CISA
CVE-2021-27876,8.1,0.73335,"An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an attacker is able to gain unauthorized access and complete the authentication process. Subsequently, the client can execute data management protocol commands on the authenticated connection. By using crafted input parameters in one of these commands, an attacker can access an arbitrary file on the system using System privileges.",2021-03-01 22:15:14.350,CISA/Metasploit
CVE-2021-27877,9.8,0.75295,"An issue was discovered in Veritas Backup Exec before 21.2. It supports multiple authentication schemes: SHA authentication is one of these. This authentication scheme is no longer used in current versions of the product, but hadn't yet been disabled. An attacker could remotely exploit this scheme to gain unauthorized access to an Agent and execute privileged commands.",2021-03-01 22:15:14.460,CISA/Metasploit
CVE-2021-27878,8.8,0.69839,"An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an attacker is able to gain unauthorized access and complete the authentication process. Subsequently, the client can execute data management protocol commands on the authenticated connection. The attacker could use one of these commands to execute an arbitrary command on the system using system privileges.",2021-03-01 22:15:14.537,CISA/Metasploit
CVE-2021-27905,9.8,0.94767,"The ReplicationHandler (normally registered at ""/replication"" under a Solr core) in Apache Solr has a ""masterUrl"" (also ""leaderUrl"" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the ""shards"" parameter. Prior to this bug getting fixed, it did not. This problem affects essentially all Solr versions prior to it getting fixed in 8.8.2.",2021-04-13 07:15:12.137,Nuclei
CVE-2021-27909,6.1,0.00101,"For Mautic versions prior to 3.3.4/4.0.0, there is an XSS vulnerability on Mautic's password reset page where a vulnerable parameter, ""bundle,"" in the URL could allow an attacker to execute Javascript code. The attacker would be required to convince or trick the target into clicking a password reset URL with the vulnerable parameter utilized.",2021-08-30 16:15:07.230,Nuclei
CVE-2021-27931,9.1,0.57375,LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthenticated blind XXE via an API request to PageControllerXml.jsp. One can send a request crafted with an XXE payload and achieve outcomes such as reading local server files or denial of service.,2021-03-03 20:15:12.357,Nuclei
CVE-2021-28149,6.5,0.07581,"Hongdian H8922 3.0.5 devices allow Directory Traversal. The /log_download.cgi log export handler does not validate user input and allows a remote attacker with minimal privileges to download any file from the device by substituting ../ (e.g., ../../etc/passwd) This can be carried out with a web browser by changing the file name accordingly. Upon visiting log_download.cgi?type=../../etc/passwd and logging in, the web server will allow a download of the contents of the /etc/passwd file.",2021-05-06 16:15:07.330,Nuclei
CVE-2021-28150,5.5,0.00253,Hongdian H8922 3.0.5 devices allow the unprivileged guest user to read cli.conf (with the administrator password and other sensitive data) via /backup2.cgi.,2021-05-06 16:15:07.360,Nuclei
CVE-2021-28151,8.8,0.96385,"Hongdian H8922 3.0.5 devices allow OS command injection via shell metacharacters into the ip-address (aka Destination) field to the tools.cgi ping command, which is accessible with the username guest and password guest.",2021-05-06 16:15:07.390,EPSS/Nuclei
CVE-2021-28164,5.3,0.06407,"In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.",2021-04-01 15:15:14.157,Metasploit/Nuclei
CVE-2021-28169,5.3,0.00618,"For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.",2021-06-09 02:15:06.853,Nuclei
CVE-2021-28310,7.8,0.0011,Win32k Elevation of Privilege Vulnerability,2021-04-13 20:15:16.267,CISA
CVE-2021-28377,5.3,0.00106,ChronoForums 2.0.11 allows av Directory Traversal to read arbitrary files.,2022-01-12 18:15:07.540,Nuclei
CVE-2021-28419,7.2,0.15235,"The ""order_col"" parameter in archive.php of SEO Panel 4.8.0 is vulnerable to time-based blind SQL injection, which leads to the ability to retrieve all databases.",2021-03-18 12:15:12.177,Nuclei
CVE-2021-28550,8.8,0.62292,"Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",2021-09-02 17:15:08.500,CISA
CVE-2021-28663,8.8,0.00626,"The Arm Mali GPU kernel driver allows privilege escalation or information disclosure because GPU memory operations are mishandled, leading to a use-after-free. This affects Bifrost r0p0 through r28p0 before r29p0, Valhall r19p0 through r28p0 before r29p0, and Midgard r4p0 through r30p0.",2021-05-10 15:15:07.557,CISA
CVE-2021-28664,8.8,0.0042,"The Arm Mali GPU kernel driver allows privilege escalation or a denial of service (memory corruption) because an unprivileged user can achieve read/write access to read-only pages. This affects Bifrost r0p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r8p0 through r30p0 before r31p0.",2021-05-10 15:15:07.590,CISA
CVE-2021-28799,9.8,0.87991,"An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 (Hybrid Backup Sync. ) If exploited, the vulnerability allows remote attackers to log in to a device. This issue affects: QNAP Systems Inc. HBS 3 versions prior to v16.0.0415 on QTS 4.5.2; versions prior to v3.0.210412 on QTS 4.3.6; versions prior to v3.0.210411 on QTS 4.3.4; versions prior to v3.0.210411 on QTS 4.3.3; versions prior to v16.0.0419 on QuTS hero h4.5.1; versions prior to v16.0.0419 on QuTScloud c4.5.1~c4.5.4. This issue does not affect: QNAP Systems Inc. HBS 2 . QNAP Systems Inc. HBS 1.3 .",2021-05-13 03:15:06.843,CISA
CVE-2021-28918,9.1,0.05913,"Improper input validation of octal strings in netmask npm package v1.0.6 and below allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many of the dependent packages. A remote unauthenticated attacker can bypass packages relying on netmask to filter IPs and reach critical VPN or LAN hosts.",2021-04-01 13:15:14.460,Nuclei
CVE-2021-28937,7.5,0.03261,The /password.html page of the Web management interface of the Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) contains the administrator account password in plaintext. The page can be intercepted on HTTP.,2021-03-29 13:15:12.787,Nuclei
CVE-2021-29006,6.5,0.06109,rConfig 3.9.6 is affected by a Local File Disclosure vulnerability. An authenticated user may successfully download any file on the server.,2021-10-11 13:15:07.370,Nuclei
CVE-2021-29133,5.5,0.00053,"Lack of verification in haserl, a component of Alpine Linux Configuration Framework, before 0.9.36 allows local users to read the contents of any file on the filesystem.",2021-03-24 07:15:13.007,Metasploit
CVE-2021-29156,7.5,0.25411,"ForgeRock OpenAM before 13.5.1 allows LDAP injection via the Webfinger protocol. For example, an unauthenticated attacker can perform character-by-character retrieval of password hashes, or retrieve a session token or a private key.",2021-03-25 09:15:13.120,Nuclei
CVE-2021-29200,9.8,0.84326,Apache OFBiz has unsafe deserialization prior to 17.12.07 version An unauthenticated user can perform an RCE attack,2021-04-27 20:15:08.827,Nuclei
CVE-2021-29203,9.8,0.95563,"A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software, prior to version 1.22. The vulnerability could be remotely exploited to bypass remote authentication leading to execution of arbitrary commands, gaining privileged access, causing denial of service, and changing the configuration. HPE has released a software update to resolve the vulnerability in the HPE Edgeline Infrastructure Manager.",2021-05-06 21:15:07.647,EPSS/Nuclei
CVE-2021-29256,8.8,0.02483,". The Arm Mali GPU kernel driver allows an unprivileged user to achieve access to freed memory, leading to information disclosure or root privilege escalation. This affects Bifrost r16p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r28p0 through r30p0.",2021-05-24 18:15:08.033,CISA
CVE-2021-29441,9.8,0.96791,"Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos before version 1.4.1, when configured to use authentication (-Dnacos.core.auth.enabled=true) Nacos uses the AuthFilter servlet filter to enforce authentication. This filter has a backdoor that enables Nacos servers to bypass this filter and therefore skip authentication checks. This mechanism relies on the user-agent HTTP header so it can be easily spoofed. This issue may allow any user to carry out any administrative tasks on the Nacos server.",2021-04-27 21:15:07.993,EPSS/Nuclei
CVE-2021-29442,7.5,0.96724,"Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos before version 1.4.1, the ConfigOpsController lets the user perform management operations like querying the database or even wiping it out. While the /data/remove endpoint is properly protected with the @Secured annotation, the /derby endpoint is not protected and can be openly accessed by unauthenticated users. These endpoints are only valid when using embedded storage (derby DB) so this issue should not affect those installations using external storage (e.g. mysql)",2021-04-27 21:15:08.030,EPSS/Nuclei
CVE-2021-29449,7.8,0.0055,Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Multiple privilege escalation vulnerabilities were discovered in version 5.2.4 of Pi-hole core. See the referenced GitHub security advisory for details.,2021-04-14 22:15:12.513,Metasploit
CVE-2021-29484,6.8,0.01483,"Ghost is a Node.js CMS. An unused endpoint added during the development of 4.0.0 has left sites vulnerable to untrusted users gaining access to Ghost Admin. Attackers can gain access by getting logged in users to click a link containing malicious code. Users do not need to enter credentials and may not know they've visited a malicious site. Ghost(Pro) has already been patched. We can find no evidence that the issue was exploited on Ghost(Pro) prior to the patch being added. Self-hosters are impacted if running Ghost a version between 4.0.0 and 4.3.2. Immediate action should be taken to secure your site. The issue has been fixed in 4.3.3, all 4.x sites should upgrade as soon as possible. As the endpoint is unused, the patch simply removes it. As a workaround blocking access to /ghost/preview can also mitigate the issue.",2021-04-29 21:15:08.590,Nuclei
CVE-2021-29490,5.8,0.00184,"Jellyfin is a free software media system that provides media from a dedicated server to end-user devices via multiple apps. Verions prior to 10.7.3 vulnerable to unauthenticated Server-Side Request Forgery (SSRF) attacks via the imageUrl parameter. This issue potentially exposes both internal and external HTTP servers or other resources available via HTTP `GET` that are visible from the Jellyfin server. The vulnerability is patched in version 10.7.3. As a workaround, disable external access to the API endpoints `/Items/*/RemoteImages/Download`, `/Items/RemoteSearch/Image` and `/Images/Remote` via reverse proxy, or limit to known-friendly IPs.",2021-05-06 13:15:12.493,Nuclei
CVE-2021-29505,8.8,0.04816,XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types is affected. The vulnerability is patched in version 1.4.17.,2021-05-28 21:15:08.713,Nuclei
CVE-2021-29622,6.1,0.00287,"Prometheus is an open-source monitoring system and time series database. In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a seamless transition, the URL's prefixed by /new redirect to /. Due to a bug in the code, it is possible for an attacker to craft an URL that can redirect to any other URL, in the /new endpoint. If a user visits a prometheus server with a specially crafted address, they can be redirected to an arbitrary URL. The issue was patched in the 2.26.1 and 2.27.1 releases. In 2.28.0, the /new endpoint will be removed completely. The workaround is to disable access to /new via a reverse proxy in front of Prometheus.",2021-05-19 20:15:07.487,Nuclei
CVE-2021-29625,6.1,0.00236,"Adminer is open-source database management software. A cross-site scripting vulnerability in Adminer versions 4.6.1 to 4.8.0 affects users of MySQL, MariaDB, PgSQL and SQLite. XSS is in most cases prevented by strict CSP in all modern browsers. The only exception is when Adminer is using a `pdo_` extension to communicate with the database (it is used if the native extensions are not enabled). In browsers without CSP, Adminer versions 4.6.1 to 4.8.0 are affected. The vulnerability is patched in version 4.8.1. As workarounds, one can use a browser supporting strict CSP or enable the native PHP extensions (e.g. `mysqli`) or disable displaying PHP errors (`display_errors`).",2021-05-19 22:15:07.903,Nuclei
CVE-2021-3002,6.1,0.00143,Seo Panel 4.8.0 allows reflected XSS via the seo/seopanel/login.php?sec=forgot email parameter.,2021-01-01 19:15:11.077,Nuclei
CVE-2021-30049,6.1,0.00113,SysAid 20.3.64 b14 is affected by Cross Site Scripting (XSS) via a /KeepAlive.jsp?stamp= URI.,2021-07-22 12:15:07.897,Nuclei
CVE-2021-30116,9.8,0.85574,"Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. By default Kaseya VSA on premise offers a download page where the clients for the installation can be downloaded. The default URL for this page is https://x.x.x.x/dl.asp When an attacker download a client for Windows and installs it, the file KaseyaD.ini is generated (C:\Program Files (x86)\Kaseya\XXXXXXXXXX\KaseyaD.ini) which contains an Agent_Guid and AgentPassword This Agent_Guid and AgentPassword can be used to log in on dl.asp (https://x.x.x.x/dl.asp?un=840997037507813&pw=113cc622839a4077a84837485ced6b93e440bf66d44057713cb2f95e503a06d9) This request authenticates the client and returns a sessionId cookie that can be used in subsequent attacks to bypass authentication. Security issues discovered --- * Unauthenticated download page leaks credentials * Credentials of agent software can be used to obtain a sessionId (cookie) that can be used for services not intended for use by agents * dl.asp accepts credentials via a GET request * Access to KaseyaD.ini gives an attacker access to sufficient information to penetrate the Kaseya installation and its clients. Impact --- Via the page /dl.asp enough information can be obtained to give an attacker a sessionId that can be used to execute further (semi-authenticated) attacks against the system.",2021-07-09 14:15:07.770,CISA
CVE-2021-30128,9.8,0.59411,Apache OFBiz has unsafe deserialization prior to 17.12.07 version,2021-04-27 20:15:08.903,Nuclei
CVE-2021-30134,6.1,0.00117,php-mod/curl (a wrapper of the PHP cURL extension) before 2.3.2 allows XSS via the post_file_path_upload.php key parameter and the POST data to post_multidimensional.php.,2022-12-26 07:15:11.310,Nuclei
CVE-2021-30151,6.1,0.00812,Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used.,2021-04-06 06:15:15.547,Nuclei
CVE-2021-3017,7.5,0.01905,The web interface on Intelbras WIN 300 and WRN 342 devices through 2021-01-04 allows remote attackers to discover credentials by reading the def_wirelesspassword line in the HTML source code.,2021-04-14 18:15:14.940,Nuclei
CVE-2021-30175,9.8,0.07111,ZEROF Web Server 1.0 (April 2021) allows SQL Injection via the /HandleEvent endpoint for the login page.,2021-04-13 14:15:14.363,Nuclei
CVE-2021-3019,7.5,0.00936,ffay lanproxy 0.1 allows Directory Traversal to read /../conf/config.properties to obtain credentials for a connection to the intranet.,2021-01-05 05:15:10.907,Nuclei
CVE-2021-30213,6.1,0.00106,Knowage Suite 7.3 is vulnerable to unauthenticated reflected cross-site scripting (XSS). An attacker can inject arbitrary web script in '/servlet/AdapterHTTP' via the 'targetService' parameter.,2021-05-12 17:15:07.627,Nuclei
CVE-2021-30461,9.8,0.95518,"A remote code execution issue was discovered in the web UI of VoIPmonitor before 24.61. When the recheck option is used, the user-supplied SPOOLDIR value (which might contain PHP code) is injected into config/configuration.php.",2021-05-29 14:15:08.400,EPSS/Nuclei
CVE-2021-30497,7.5,0.95082,"Ivanti Avalanche (Premise) 6.3.2 allows remote unauthenticated users to read arbitrary files via Absolute Path Traversal. The imageFilePath parameter processed by the /AvalancheWeb/image endpoint is not verified to be within the scope of the image folder, e.g., the attacker can obtain sensitive information via the C:/Windows/system32/config/system.sav value.",2022-04-06 02:15:08.287,EPSS/Nuclei
CVE-2021-30533,6.5,0.02735,Insufficient policy enforcement in PopupBlocker in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted iframe.,2021-06-07 20:15:08.730,CISA
CVE-2021-30551,8.8,0.15254,Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,2021-06-15 22:15:09.067,CISA
CVE-2021-30554,8.8,0.02681,Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,2021-07-02 19:15:07.893,CISA
CVE-2021-30563,8.8,0.00374,Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,2021-08-03 19:15:08.230,CISA
CVE-2021-30632,8.8,0.50981,Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,2021-10-08 21:15:07.603,CISA
CVE-2021-30633,9.6,0.00732,Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.,2021-10-08 21:15:07.650,CISA
CVE-2021-30657,5.5,0.56995,"A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. A malicious application may bypass Gatekeeper checks. Apple is aware of a report that this issue may have been actively exploited..",2021-09-08 15:15:13.127,CISA/Metasploit
CVE-2021-30661,8.8,0.00618,"A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.1, iOS 12.5.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..",2021-09-08 15:15:13.320,CISA
CVE-2021-30663,8.8,0.00422,"An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution.",2021-09-08 15:15:13.413,CISA
CVE-2021-30665,8.8,0.00485,"A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..",2021-09-08 15:15:13.507,CISA
CVE-2021-30666,8.8,0.00518,A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.5.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..,2021-09-08 15:15:13.553,CISA
CVE-2021-30713,7.8,0.00575,A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4. A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited..,2021-09-08 15:15:15.893,CISA
CVE-2021-30761,8.8,0.00469,A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.5.4. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..,2021-09-08 14:15:10.257,CISA
CVE-2021-30762,8.8,0.00549,A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.5.4. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..,2021-09-08 14:15:10.300,CISA
CVE-2021-30807,7.8,0.00101,"A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.5.1, iOS 14.7.1 and iPadOS 14.7.1, watchOS 7.6.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.",2021-10-19 14:15:08.313,CISA
CVE-2021-30858,8.8,0.00952,"A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.",2021-08-24 19:15:14.253,CISA
CVE-2021-30860,7.8,0.00233,"An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.",2021-08-24 19:15:14.370,CISA
CVE-2021-30869,7.8,0.00176,"A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 12.5.5, iOS 14.4 and iPadOS 14.4, macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, Security Update 2021-006 Catalina. A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of reports that an exploit for this issue exists in the wild.",2021-08-24 19:15:15.080,CISA
CVE-2021-30883,7.8,0.0027,"A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.0.2 and iPadOS 15.0.2, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, macOS Big Sur 11.6.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..",2021-08-24 19:15:16.403,CISA
CVE-2021-30900,7.8,0.0032,"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 14.8.1 and iPadOS 14.8.1, iOS 15.1 and iPadOS 15.1. A malicious application may be able to execute arbitrary code with kernel privileges.",2021-08-24 19:15:18.083,CISA
CVE-2021-30983,7.8,0.00131,A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 15.2 and iPadOS 15.2. An application may be able to execute arbitrary code with kernel privileges.,2021-08-24 19:15:23.507,CISA
CVE-2021-31010,7.5,0.00266,"A deserialization issue was addressed through improved validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 12.5.5, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. A sandboxed process may be able to circumvent sandbox restrictions. Apple was aware of a report that this issue may have been actively exploited at the time of release..",2021-08-24 19:15:24.967,CISA
CVE-2021-3110,9.8,0.83896,The store system in PrestaShop 1.7.7.0 allows time-based boolean SQL injection via the module=productcomments controller=CommentGrade id_products[] parameter.,2021-01-20 13:15:13.033,Nuclei
CVE-2021-31166,9.8,0.97319,HTTP Protocol Stack Remote Code Execution Vulnerability,2021-05-11 19:15:09.300,EPSS/CISA/Metasploit
CVE-2021-31181,8.8,0.30621,Microsoft SharePoint Remote Code Execution Vulnerability,2021-05-11 19:15:09.837,Metasploit
CVE-2021-31195,6.5,0.92663,Microsoft Exchange Server Remote Code Execution Vulnerability,2021-05-11 19:15:10.227,Nuclei
CVE-2021-31199,5.2,0.0052,Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability,2021-06-08 23:15:08.360,CISA
CVE-2021-31201,5.2,0.00392,Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability,2021-06-08 23:15:08.387,CISA
CVE-2021-31207,6.6,0.96746,Microsoft Exchange Server Security Feature Bypass Vulnerability,2021-05-11 19:15:10.397,EPSS/CISA/Metasploit
CVE-2021-31249,6.5,0.00666,"A CRLF injection vulnerability was found on BF-430, BF-431, and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of validation on the parameter redirect= available on multiple CGI components.",2021-06-04 21:15:07.463,Nuclei
CVE-2021-31250,5.4,0.97061,"Multiple storage XSS vulnerabilities were discovered on BF-430, BF-431 and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of sanitization of the input on the components man.cgi, if.cgi, dhcpc.cgi, ppp.cgi.",2021-06-04 21:15:07.490,EPSS/Nuclei
CVE-2021-3129,9.8,0.97469,"Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.",2021-01-12 15:15:16.453,EPSS/CISA/Metasploit/Nuclei
CVE-2021-31537,6.1,0.00355,"SIS SIS-REWE Go before 7.7 SP17 allows XSS: rewe/prod/web/index.php (affected parameters are config, version, win, db, pwd, and user) and /rewe/prod/web/rewe_go_check.php (version and all other parameters).",2021-05-11 15:15:08.550,Nuclei
CVE-2021-3156,7.8,0.96952,"Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via ""sudoedit -s"" and a command-line argument that ends with a single backslash character.",2021-01-26 21:15:12.987,EPSS/CISA/Metasploit
CVE-2021-31581,4.4,0.00213,"The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be escaped by abusing the 'Edit MySQL Configuration' command. This command launches a standard vi editor interface which can then be escaped. This issue was resolved in Akkadian OVA appliance version 3.0 (and later), Akkadian Provisioning Manager 5.0.2 (and later), and Akkadian Appliance Manager 3.3.0.314-4a349e0 (and later).",2021-07-22 19:15:08.953,Nuclei
CVE-2021-31589,6.1,0.00286,"A cross-site scripting (XSS) vulnerability has been reported and confirmed for BeyondTrust Secure Remote Access Base Software version 6.0.1 and older, which allows the injection of unauthenticated, specially-crafted web requests without proper sanitization.",2022-01-05 12:15:08.063,Nuclei
CVE-2021-31602,7.5,0.25923,"An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. The Security Model has different layers of Access Control. One of these layers is the applicationContext security, which is defined in the applicationContext-spring-security.xml file. The default configuration allows an unauthenticated user with no previous knowledge of the platform settings to extract pieces of information without possessing valid credentials.",2021-11-08 04:15:08.267,Nuclei
CVE-2021-31682,6.1,0.01824,The login portal for the Automated Logic WebCTRL/WebCTRL OEM web application contains a vulnerability that allows for reflected XSS attacks due to the operatorlocale GET parameter not being sanitized. This issue impacts versions 6.5 and below. This issue works by passing in a basic XSS payload to a vulnerable GET parameter that is reflected in the output without sanitization.,2021-10-22 12:15:07.923,Nuclei
CVE-2021-31755,9.8,0.97104,An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request.,2021-05-07 23:15:07.047,EPSS/CISA/Nuclei
CVE-2021-31761,9.6,0.96024,Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to achieve Remote Command Execution through Webmin's running process feature.,2021-04-25 19:15:08.207,EPSS
CVE-2021-31802,8.8,0.01701,NETGEAR R7000 1.0.11.116 devices have a heap-based Buffer Overflow that is exploitable from the local network without authentication. The vulnerability exists within the handling of an HTTP request. An attacker can leverage this to execute code as root. The problem is that a user-provided length value is trusted during a backup.cgi file upload. The attacker must add a \n before the Content-Length header.,2021-04-26 13:15:07.787,Metasploit
CVE-2021-31805,9.8,0.18558,"The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax. Using forced OGNL evaluation on untrusted user input can lead to a Remote Code Execution and security degradation.",2022-04-12 16:15:08.133,Nuclei
CVE-2021-31806,6.5,0.91623,"An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy) via HTTP Range request processing.",2021-05-27 13:15:08.270,Metasploit
CVE-2021-31807,6.5,0.03208,An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent.,2021-06-08 20:15:09.057,Metasploit
CVE-2021-31856,9.8,0.04378,A SQL Injection vulnerability in the REST API in Layer5 Meshery 0.5.2 allows an attacker to execute arbitrary SQL commands via the /experimental/patternfiles endpoint (order parameter in GetMesheryPatterns in models/meshery_pattern_persister.go).,2021-04-28 06:15:07.257,Nuclei
CVE-2021-31862,6.1,0.00171,SysAid 20.4.74 allows XSS via the KeepAlive.jsp stamp parameter without any authentication.,2021-10-29 11:15:08.477,Nuclei
CVE-2021-31955,5.5,0.96641,Windows Kernel Information Disclosure Vulnerability,2021-06-08 23:15:08.817,EPSS/CISA
CVE-2021-31956,7.8,0.00043,Windows NTFS Elevation of Privilege Vulnerability,2021-06-08 23:15:08.847,CISA
CVE-2021-31979,7.8,0.00109,Windows Kernel Elevation of Privilege Vulnerability,2021-07-14 18:15:09.597,CISA
CVE-2021-32030,9.8,0.55137,"The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 allows authentication bypass when processing remote input from an unauthenticated user, leading to unauthorized access to the administrator interface. This relates to handle_request in router/httpd/httpd.c and auth_check in web_hook.o. An attacker-supplied value of '\0' matches the device's default value of '\0' in some situations.",2021-05-06 15:15:07.973,Nuclei
CVE-2021-32172,9.8,0.28481,Maian Cart v3.8 contains a preauthorization remote code execution (RCE) exploit via a broken access control issue in the Elfinder plugin.,2021-10-07 11:15:07.340,Nuclei
CVE-2021-3223,7.5,0.09614,Node-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f directory traversal to read files.,2021-01-26 18:16:28.757,Nuclei
CVE-2021-32305,9.8,0.94638,WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search parameter.,2021-05-18 17:15:07.263,Nuclei
CVE-2021-32618,6.1,0.00113,"The Python ""Flask-Security-Too"" package is used for adding security features to your Flask application. It is an is an independently maintained version of Flask-Security based on the 3.0.0 version of Flask-Security. All versions of Flask-Security-Too allow redirects after many successful views (e.g. /login) by honoring the ?next query param. There is code in FS to validate that the url specified in the next parameter is either relative OR has the same netloc (network location) as the requesting URL. This check utilizes Pythons urlsplit library. However many browsers are very lenient on the kind of URL they accept and 'fill in the blanks' when presented with a possibly incomplete URL. As a concrete example - setting http://login?next=\\\github.com will pass FS's relative URL check however many browsers will gladly convert this to http://github.com. Thus an attacker could send such a link to an unwitting user, using a legitimate site and have it redirect to whatever site they want. This is considered a low severity due to the fact that if Werkzeug is used (which is very common with Flask applications) as the WSGI layer, it by default ALWAYS ensures that the Location header is absolute - thus making this attack vector mute. It is possible for application writers to modify this default behavior by setting the 'autocorrect_location_header=False`.",2021-05-17 18:15:08.123,Nuclei
CVE-2021-32648,9.1,0.02231,octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request. The issue has been patched in Build 472 and v1.1.5.,2021-08-26 19:15:07.230,CISA
CVE-2021-32682,9.8,0.97312,"elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Several vulnerabilities affect elFinder 2.1.58. These vulnerabilities can allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal configuration. The issues were patched in version 2.1.59. As a workaround, ensure the connector is not exposed without authentication.",2021-06-14 17:15:07.643,EPSS/Metasploit/Nuclei
CVE-2021-32706,8.8,0.00883,"Pi-hole's Web interface provides a central location to manage a Pi-hole instance and review performance statistics. Prior to Pi-hole Web interface version 5.5.1, the `validDomainWildcard` preg_match filter allows a malicious character through that can be used to execute code, list directories, and overwrite sensitive files. The issue lies in the fact that one of the periods is not escaped, allowing any character to be used in its place. A patch for this vulnerability was released in version 5.5.1.",2021-08-04 18:15:09.447,Metasploit
CVE-2021-32789,7.5,0.09768,"woocommerce-gutenberg-products-block is a feature plugin for WooCommerce Gutenberg Blocks. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce Blocks feature plugin between version 2.5.0 and prior to version 2.5.16. Via a carefully crafted URL, an exploit can be executed against the `wc/store/products/collection-data?calculate_attribute_counts[][taxonomy]` endpoint that allows the execution of a read only sql query. There are patches for many versions of this package, starting with version 2.5.16. There are no known workarounds aside from upgrading.",2021-07-26 16:15:07.743,Nuclei
CVE-2021-32819,8.8,0.79486,Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options remote code execution may be triggered in downstream applications. This issue is fixed in version 9.0.0. For complete details refer to the referenced GHSL-2021-023.,2021-05-14 19:15:07.920,Nuclei
CVE-2021-32820,8.6,0.02061,"Express-handlebars is a Handlebars view engine for Express. Express-handlebars mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential vulnerability is somewhat restricted in that only files with existing extentions (i.e. file.extension) can be included, files that lack an extension will have .handlebars appended to them. For complete details refer to the referenced GHSL-2021-018 report. Notes in documentation have been added to help users avoid this potential information exposure vulnerability.",2021-05-14 19:15:07.960,Nuclei
CVE-2021-32853,9.6,0.05283,"Erxes, an experience operating system (XOS) with a set of plugins, is vulnerable to cross-site scripting in versions 0.22.3 and prior. This results in client-side code execution. The victim must follow a malicious link or be redirected there from malicious web site. There are no known patches.",2023-02-20 23:15:12.133,Nuclei
CVE-2021-3287,9.8,0.40695,Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class.,2021-04-22 13:15:07.970,Metasploit
CVE-2021-3293,5.3,0.003,"emlog v5.3.1 has full path disclosure vulnerability in t/index.php, which allows an attacker to see the path to the webroot/file.",2021-02-08 15:15:12.457,Nuclei
CVE-2021-3297,7.8,0.27492,"On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login cookie to 1 provides administrator access.",2021-01-26 18:16:29.770,Nuclei
CVE-2021-33044,9.8,0.25629,The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.,2021-09-15 22:15:10.497,Nuclei
CVE-2021-33221,9.8,0.34697,An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Unauthenticated API Endpoints.,2021-07-07 15:15:09.137,Nuclei
CVE-2021-33357,9.8,0.96726,"A vulnerability exists in RaspAP 2.6 to 2.6.5 in the ""iface"" GET parameter in /ajax/networking/get_netcfg.php, when the ""iface"" parameter value contains special characters such as "";"" which enables an unauthenticated attacker to execute arbitrary OS commands.",2021-06-09 18:15:08.677,EPSS/Nuclei
CVE-2021-33393,8.8,0.93838,"lfs/backup in IPFire 2.25-core155 does not ensure that /var/ipfire/backup/bin/backup.pl is owned by the root account. It might be owned by an unprivileged account, which could potentially be used to install a Trojan horse backup.pl script that is later executed by root. Similar problems with the ownership/permissions of other files may be present as well.",2021-06-09 22:15:08.647,Metasploit
CVE-2021-33543,9.8,0.00173,"Multiple camera devices by UDP Technology, Geutebrück and other vendors allow unauthenticated remote access to sensitive files due to default user authentication settings. This can lead to manipulation of the device and denial of service.",2021-09-13 18:15:19.693,Metasploit
CVE-2021-33544,7.2,0.97485,"Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.",2021-09-13 18:15:21.130,EPSS/Metasploit/Nuclei
CVE-2021-33548,7.2,0.97209,"Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.",2021-09-13 18:15:22.657,EPSS/Metasploit
CVE-2021-33549,7.2,0.97221,"Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the action parameter, which may allow an attacker to remotely execute arbitrary code.",2021-09-13 18:15:22.773,EPSS/Metasploit
CVE-2021-33550,7.2,0.97209,"Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.",2021-09-13 18:15:23.040,EPSS/Metasploit
CVE-2021-33551,7.2,0.97209,"Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.",2021-09-13 18:15:23.217,EPSS/Metasploit
CVE-2021-33552,7.2,0.97209,"Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.",2021-09-13 18:15:23.343,EPSS/Metasploit
CVE-2021-33553,7.2,0.97209,"Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.",2021-09-13 18:15:23.597,EPSS/Metasploit
CVE-2021-33554,7.2,0.97209,"Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.",2021-09-13 18:15:23.730,EPSS/Metasploit
CVE-2021-33564,9.8,0.12437,An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitrary files via a crafted URL when the verify_url option is disabled. This may lead to code execution. The problem occurs because the generate and process features mishandle use of the ImageMagick convert utility.,2021-05-29 14:15:08.510,Nuclei
CVE-2021-33690,9.9,0.3594,"Server-Side Request Forgery (SSRF) vulnerability has been detected in the SAP NetWeaver Development Infrastructure Component Build Service versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50The SAP NetWeaver Development Infrastructure Component Build Service allows a threat actor who has access to the server to perform proxy attacks on server by sending crafted queries. Due to this, the threat actor could completely compromise sensitive data residing on the Server and impact its availability.Note: The impact of this vulnerability depends on whether SAP NetWeaver Development Infrastructure (NWDI) runs on the intranet or internet. The CVSS score reflects the impact considering the worst-case scenario that it runs on the internet.",2021-09-15 19:15:09.093,Nuclei
CVE-2021-33739,8.4,0.00115,Microsoft DWM Core Library Elevation of Privilege Vulnerability,2021-06-08 23:15:09.493,CISA
CVE-2021-3374,5.3,0.00235,"Directory traversal in RStudio Shiny Server before 1.5.16 allows attackers to read the application source code, involving an encoded slash.",2021-04-02 19:15:21.163,Nuclei
CVE-2021-33742,7.5,0.2986,Windows MSHTML Platform Remote Code Execution Vulnerability,2021-06-08 23:15:09.540,CISA
CVE-2021-33766,7.3,0.34749,Microsoft Exchange Server Information Disclosure Vulnerability,2021-07-14 18:15:10.380,CISA
CVE-2021-3377,6.1,0.00129,"The npm package ansi_up converts ANSI escape codes into HTML. In ansi_up v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL sanitization, this feature is affected by a cross-site scripting (XSS) vulnerability. This issue is fixed in v5.0.0.",2021-03-05 21:15:13.263,Nuclei
CVE-2021-33771,7.8,0.00109,Windows Kernel Elevation of Privilege Vulnerability,2021-07-14 18:15:10.483,CISA
CVE-2021-3378,9.8,0.68553,"FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a ""Content-Type: image/png"" header to Config/SaveUploadedHotspotLogoFile and then visiting Assets/temp/hotspot/img/logohotspot.asp.",2021-02-01 23:15:12.797,Metasploit/Nuclei
CVE-2021-33807,7.5,0.02481,Cartadis Gespage through 8.2.1 allows Directory Traversal in gespage/doDownloadData and gespage/webapp/doDownloadData.,2021-07-12 15:15:08.530,Nuclei
CVE-2021-33851,5.4,0.00069,"A cross-site scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the ""Custom logo link"" executes whenever the user opens the Settings Page of the ""Customize Login Image"" Plugin.",2022-03-10 17:42:36.047,Nuclei
CVE-2021-33904,6.1,0.00182,"In Accela Civic Platform through 21.1, the security/hostSignon.do parameter servProvCode is vulnerable to XSS. NOTE: The vendor states ""there are configurable security flags and we are unable to reproduce them with the available information.",2021-06-07 12:15:09.107,Nuclei
CVE-2021-34370,6.1,0.0021,"Accela Civic Platform through 20.1 allows ssoAdapter/logoutAction.do successURL XSS. NOTE: the vendor states ""there are configurable security flags and we are unable to reproduce them with the available information.",2021-06-09 12:15:08.067,Nuclei
CVE-2021-34429,5.3,0.48917,"For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5.",2021-07-15 17:15:08.637,Metasploit/Nuclei
CVE-2021-34448,6.8,0.95461,Scripting Engine Memory Corruption Vulnerability,2021-07-16 21:15:09.580,EPSS/CISA
CVE-2021-34473,9.1,0.97311,Microsoft Exchange Server Remote Code Execution Vulnerability,2021-07-14 18:15:11.163,EPSS/CISA/Metasploit/Nuclei
CVE-2021-34484,7.8,0.00716,Windows User Profile Service Elevation of Privilege Vulnerability,2021-08-12 18:15:09.117,CISA
CVE-2021-34486,7.8,0.01285,Windows Event Tracing Elevation of Privilege Vulnerability,2021-08-12 18:15:09.190,CISA
CVE-2021-34523,9.0,0.82011,Microsoft Exchange Server Elevation of Privilege Vulnerability,2021-07-14 18:15:12.347,CISA/Metasploit
CVE-2021-34527,8.8,0.96735,"<p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p>
<p>UPDATE July 7, 2021: The security update for Windows Server 2012, Windows Server 2016 and Windows 10, Version 1607 have been released. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. If you are unable to install these updates, see the FAQ and Workaround sections in this CVE for information on how to help protect your system from this vulnerability.</p>
<p>In addition to installing the updates, in order to secure your system, you must confirm that the following registry settings are set to 0 (zero) or are not defined (<strong>Note</strong>: These registry keys do not exist by default, and therefore are already at the secure setting.), also that your Group Policy setting are correct (see FAQ):</p>
<ul>
<li>HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint</li>
<li>NoWarningNoElevationOnInstall = 0 (DWORD) or not defined (default setting)</li>
<li>UpdatePromptSettings = 0 (DWORD) or not defined (default setting)</li>
</ul>
<p><strong>Having NoWarningNoElevationOnInstall set to 1 makes your system vulnerable by design.</strong></p>
<p>UPDATE July 6, 2021: Microsoft has completed the investigation and has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. If you are unable to install these updates, see the FAQ and Workaround sections in this CVE for information on how to help protect your system from this vulnerability. See also <a href=""https://support.microsoft.com/topic/31b91c02-05bc-4ada-a7ea-183b129578a7"">KB5005010: Restricting installation of new printer drivers after applying the July 6, 2021 updates</a>.</p>
<p>Note that the security updates released on and after July 6, 2021 contain protections for CVE-2021-1675 and the additional remote code execution exploit in the Windows Print Spooler service known as “PrintNightmare”, documented in CVE-2021-34527.</p>
",2021-07-02 22:15:08.757,EPSS/CISA/Metasploit
CVE-2021-34621,9.8,0.77274,A vulnerability in the user registration component found in the ~/src/Classes/RegistrationAuth.php file of the ProfilePress WordPress plugin made it possible for users to register on sites as an administrator. This issue affects versions 3.0.0 - 3.1.3. .,2021-07-07 13:15:08.537,Nuclei
CVE-2021-34640,6.1,0.00123,"The Securimage-WP-Fixed WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/securimage-wp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.5.4.",2021-08-11 15:15:07.247,Nuclei
CVE-2021-34643,6.1,0.00123,"The Skaut bazar WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/skaut-bazar.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.3.2.",2021-08-16 19:15:14.477,Nuclei
CVE-2021-34805,7.5,0.17035,"An issue was discovered in FAUST iServer before 9.0.019.019.7. For each URL request, it accesses the corresponding .fau file on the operating system without preventing %2e%2e%5c directory traversal.",2022-01-31 08:15:07.250,Nuclei
CVE-2021-3490,7.8,0.00196,"The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution. This issue was fixed via commit 049c4e13714e (""bpf: Fix alu32 const subreg bound tracking on bitwise operations"") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. The AND/OR issues were introduced by commit 3f50f132d840 (""bpf: Verifier, do explicit ALU32 bounds tracking"") (5.7-rc1) and the XOR variant was introduced by 2921c90d4718 (""bpf:Fix a verifier failure with xor"") ( 5.10-rc1).",2021-06-04 02:15:07.150,Metasploit
CVE-2021-3493,7.8,0.00588,"The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges.",2021-04-17 05:15:14.630,CISA/Metasploit
CVE-2021-35211,10.0,0.92302,"Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP for Windows before 15.2.3 HF2 are affected by this vulnerability.",2021-07-14 21:15:08.090,CISA
CVE-2021-35247,5.3,0.00669,Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. SolarWinds has updated the input mechanism to perform additional validation and sanitization. Please Note: No downstream affect has been detected as the LDAP servers ignored improper characters. To insure proper input validation is completed in all environments. SolarWinds recommends scheduling an update to the latest version of Serv-U.,2022-01-10 14:10:17.667,CISA
CVE-2021-35250,7.5,0.04877,"A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3. This may allow access to files relating to the Serv-U installation and server files. This issue has been resolved in Serv-U 15.3 Hotfix 1.

",2022-04-25 20:15:41.787,Nuclei
CVE-2021-35265,6.1,0.00141,A reflected cross-site scripting (XSS) vulnerability in MaxSite CMS before V106 via product/page/* allows remote attackers to inject arbitrary web script to a page.,2021-08-03 12:15:07.880,Nuclei
CVE-2021-35323,6.1,0.00183,Cross Site Scripting (XSS) vulnerability exists in bludit 3-13-1 via the username in admin/login.,2021-10-19 18:15:07.920,Nuclei
CVE-2021-35336,9.8,0.239,Tieline IP Audio Gateway 2.6.4.8 and below is affected by Incorrect Access Control. A vulnerability in the Tieline Web Administrative Interface could allow an unauthenticated user to access a sensitive part of the system with a high privileged account.,2021-07-01 13:15:08.223,Nuclei
CVE-2021-35380,7.5,0.45222,"A Directory Traversal vulnerability exists in Solari di Udine TermTalk Server (TTServer) 3.24.0.2, which lets an unauthenticated malicious user gain access to the files on the remote system by gaining access to the relative path of the file they want to download (http://url:port/file?valore).",2022-02-15 22:15:07.620,Nuclei
CVE-2021-35394,9.8,0.96679,Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that is usually compiled as 'UDPServer' binary. The binary is affected by multiple memory corruption vulnerabilities and an arbitrary command injection vulnerability that can be exploited by remote unauthenticated attackers.,2021-08-16 12:15:07.267,EPSS/CISA
CVE-2021-35395,9.8,0.96948,"Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web server exposing a management interface that can be used to configure the access point. Two versions of this management interface exists: one based on Go-Ahead named webs and another based on Boa named boa. Both of them are affected by these vulnerabilities. Specifically, these binaries are vulnerable to the following issues: - stack buffer overflow in formRebootCheck due to unsafe copy of submit-url parameter - stack buffer overflow in formWsc due to unsafe copy of submit-url parameter - stack buffer overflow in formWlanMultipleAP due to unsafe copy of submit-url parameter - stack buffer overflow in formWlSiteSurvey due to unsafe copy of ifname parameter - stack buffer overflow in formStaticDHCP due to unsafe copy of hostname parameter - stack buffer overflow in formWsc due to unsafe copy of 'peerPin' parameter - arbitrary command execution in formSysCmd via the sysCmd parameter - arbitrary command injection in formWsc via the 'peerPin' parameter Exploitability of identified issues will differ based on what the end vendor/manufacturer did with the Realtek SDK webserver. Some vendors use it as-is, others add their own authentication implementation, some kept all the features from the server, some remove some of them, some inserted their own set of features. However, given that Realtek SDK implementation is full of insecure calls and that developers tends to re-use those examples in their custom code, any binary based on Realtek SDK webserver will probably contains its own set of issues on top of the Realtek ones (if kept). Successful exploitation of these issues allows remote attackers to gain arbitrary code execution on the device.",2021-08-16 12:15:07.300,EPSS/CISA/Nuclei
CVE-2021-35449,7.8,0.00114,"The Lexmark Universal Print Driver version 2.15.1.0 and below, G2 driver 2.7.1.0 and below, G3 driver 3.2.0.0 and below, and G4 driver 4.2.1.0 and below are affected by a privilege escalation vulnerability. A standard low priviliged user can use the driver to execute a DLL of their choosing during the add printer process, resulting in escalation of privileges to SYSTEM.",2021-07-19 15:15:07.780,Metasploit
CVE-2021-35464,9.8,0.97398,"ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/* request to the server. The vulnerability exists due to the usage of Sun ONE Application Framework (JATO) found in versions of Java 8 or earlier",2021-07-22 18:15:23.247,EPSS/CISA/Metasploit/Nuclei
CVE-2021-35488,6.1,0.00145,Thruk 2.40-2 allows /thruk/#cgi-bin/status.cgi?style=combined&title={TITLE] Reflected XSS via the host or title parameter. An attacker could inject arbitrary JavaScript into status.cgi. The payload would be triggered every time an authenticated user browses the page containing it.,2021-11-09 23:15:08.787,Nuclei
CVE-2021-35587,9.8,0.9581,"Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent). Supported versions that are affected are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in takeover of Oracle Access Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",2022-01-19 12:15:09.727,EPSS/CISA/Nuclei
CVE-2021-3560,7.8,0.01177,"It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",2022-02-16 19:15:08.450,CISA/Metasploit
CVE-2021-3577,8.8,0.9576,An unauthenticated remote code execution vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker on the same network unauthorized access to the device.,2021-11-12 22:15:07.790,EPSS/Nuclei
CVE-2021-36260,9.8,0.97483,"A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.",2021-09-22 13:15:07.690,EPSS/CISA/Metasploit/Nuclei
CVE-2021-36356,9.8,0.88083,KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts arbitrary executable pathnames (even though browseSystemFiles.php is no longer reachable via the GUI). NOTE: this issue exists because of an incomplete fix for CVE-2019-17124.,2021-08-31 04:15:10.497,Nuclei
CVE-2021-36380,9.8,0.97494,Sunhillo SureLine before 8.7.0.1.1 allows Unauthenticated OS Command Injection via shell metacharacters in ipAddr or dnsAddr /cgi/networkDiag.cgi.,2021-08-13 16:15:07.607,EPSS/CISA/Nuclei
CVE-2021-36450,6.1,0.00229,Verint Workforce Optimization (WFO) 15.2.8.10048 allows XSS via the control/my_notifications NEWUINAV parameter.,2021-12-15 07:15:06.970,Nuclei
CVE-2021-3654,6.1,0.92607,"A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL.",2022-03-02 23:15:08.730,Nuclei
CVE-2021-36580,6.1,0.00233,Open Redirect vulnerability exists in IceWarp MailServer IceWarp Server Deep Castle 2 Update 1 (13.0.1.2) via the referer parameter.,2023-07-27 18:15:09.893,Nuclei
CVE-2021-36741,8.8,0.03152,"An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the product�s management console in order to exploit this vulnerability.",2021-07-29 20:15:07.620,CISA
CVE-2021-36742,7.8,0.00137,"A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.",2021-07-29 20:15:07.650,CISA
CVE-2021-36748,7.5,0.00445,A SQL Injection issue in the list controller of the Prestahome Blog (aka ph_simpleblog) module before 1.7.8 for Prestashop allows a remote attacker to extract data from the database via the sb_category parameter.,2021-08-20 18:15:07.967,Nuclei
CVE-2021-36749,6.5,0.75985,"In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not an elevation of privilege when users access Druid directly, since Druid also provides the Local InputSource, which allows the same level of access. But it is problematic when users interact with Druid indirectly through an application that allows users to specify the HTTP InputSource, but not the Local InputSource. In this case, users could bypass the application-level restriction by passing a file URL to the HTTP InputSource. This issue was previously mentioned as being fixed in 0.21.0 as per CVE-2021-26920 but was not fixed in 0.21.0 or 0.21.1.",2021-09-24 10:15:07.257,Nuclei
CVE-2021-36782,9.9,0.06552,"A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the Kubernetes API to retrieve plaintext version of sensitive data. This issue affects: SUSE Rancher Rancher versions prior to 2.5.16; Rancher versions prior to 2.6.7.",2022-09-07 09:15:08.397,Metasploit
CVE-2021-36873,5.4,0.00131,Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in WordPress iQ Block Country plugin (versions <= 1.2.11). Vulnerable parameter: &blockcountry_blockmessage.,2021-09-23 17:15:12.153,Nuclei
CVE-2021-36934,7.8,0.00309,"<p>An elevation of privilege vulnerability exists because of overly permissive Access Control Lists (ACLs) on multiple system files, including the Security Accounts Manager (SAM) database. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p>
<p>An attacker must have the ability to execute code on a victim system to exploit this vulnerability.</p>
<p>After installing this security update, you <em>must</em> manually delete all shadow copies of system files, including the SAM database, to fully mitigate this vulnerabilty. <strong>Simply installing this security update will not fully mitigate this vulnerability.</strong> See <a href=""https://support.microsoft.com/topic/1ceaa637-aaa3-4b58-a48b-baf72a2fa9e7"">KB5005357- Delete Volume Shadow Copies</a>.</p>
",2021-07-22 07:15:11.013,CISA/Metasploit
CVE-2021-36942,7.5,0.81552,Windows LSA Spoofing Vulnerability,2021-08-12 18:15:10.000,CISA/Metasploit
CVE-2021-36948,7.8,0.00043,Windows Update Medic Service Elevation of Privilege Vulnerability,2021-08-12 18:15:10.190,CISA
CVE-2021-36955,7.8,0.0006,Windows Common Log File System Driver Elevation of Privilege Vulnerability,2021-09-15 12:15:13.197,CISA
CVE-2021-37216,6.1,0.00115,QSAN Storage Manager header page parameters does not filter special characters. Remote attackers can inject JavaScript without logging in and launch reflected XSS attacks to access and modify specific data.,2021-08-02 12:15:08.183,Nuclei
CVE-2021-37304,7.5,0.00703,An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface.,2023-02-03 18:15:11.770,Nuclei
CVE-2021-37305,7.5,0.00416,An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: /sys/user/querySysUser?username=admin.,2023-02-03 18:15:11.890,Nuclei
CVE-2021-37415,9.8,0.92856,Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication.,2021-09-01 06:15:06.530,CISA
CVE-2021-37416,6.1,0.00149,Zoho ManageEngine ADSelfService Plus version 6103 and prior is vulnerable to reflected XSS on the loadframe page.,2021-08-30 19:15:08.967,Nuclei
CVE-2021-37538,9.8,0.01766,"Multiple SQL injection vulnerabilities in SmartDataSoft SmartBlog for PrestaShop before 4.06 allow a remote unauthenticated attacker to execute arbitrary SQL commands via the day, month, or year parameter to the controllers/front/archive.php archive controller, or the id_category parameter to the controllers/front/category.php category controller.",2021-08-24 13:15:12.390,Nuclei
CVE-2021-37573,6.1,0.00303,"A reflected cross-site scripting (XSS) vulnerability in the web server TTiny Java Web Server and Servlet Container (TJWS) <=1.115 allows an adversary to inject malicious code on the server's ""404 Page not Found"" error page",2021-08-09 13:15:07.480,Nuclei
CVE-2021-37580,9.8,0.9324,A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0,2021-11-16 10:15:07.220,Nuclei
CVE-2021-37589,7.5,0.00842,Virtua Cobranca before 12R allows SQL Injection on the login page.,2022-06-07 14:15:09.333,Nuclei
CVE-2021-37704,4.3,0.0062,"PhpFastCache is a high-performance backend cache system (packagist package phpfastcache/phpfastcache). In versions before 6.1.5, 7.1.2, and 8.0.7 the `phpinfo()` can be exposed if the `/vendor` is not protected from public access. This is a rare situation today since the vendor directory is often located outside the web directory or protected via server rule (.htaccess, etc). Only the v6, v7 and v8 will be patched respectively in 8.0.7, 7.1.2, 6.1.5. Older versions such as v5, v4 are not longer supported and will **NOT** be patched. As a workaround, protect the `/vendor` directory from public access.",2021-08-12 20:15:07.267,Nuclei
CVE-2021-37833,6.1,0.00287,A reflected cross-site scripting (XSS) vulnerability exists in multiple pages in version 3.0.2 of the Hotel Druid application that allows for arbitrary execution of JavaScript commands.,2021-08-03 13:15:09.440,Nuclei
CVE-2021-37973,9.6,0.00914,Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.,2021-10-08 22:15:08.287,CISA
CVE-2021-37975,8.8,0.09026,Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,2021-10-08 22:15:08.373,CISA
CVE-2021-37976,6.5,0.054,Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.,2021-10-08 22:15:08.417,CISA
CVE-2021-38000,6.1,0.00418,Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page.,2021-11-23 22:15:07.807,CISA
CVE-2021-38003,8.8,0.01815,Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,2021-11-23 22:15:07.937,CISA
CVE-2021-38085,7.8,0.00053,"The Canon TR150 print driver through 3.71.2.10 is vulnerable to a privilege escalation issue. During the add printer process, a local attacker can overwrite CNMurGE.dll and, if timed properly, the overwritten DLL will be loaded into a SYSTEM process resulting in escalation of privileges. This occurs because the driver drops a world-writable DLL into a CanonBJ %PROGRAMDATA% location that gets loaded by printisolationhost (a system process).",2021-08-11 18:15:07.500,Metasploit
CVE-2021-38146,7.5,0.10208,The File Download API in Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to read arbitrary files via absolute path traversal in the SearchString JSON field in /home/download POST data.,2021-11-22 09:15:07.347,Nuclei
CVE-2021-38147,7.5,0.05194,"Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to download arbitrary files, such as reports containing sensitive information, because authentication is not required for API access to processexecution/DownloadExcelFile/Domain_Credential_Report_Excel, processexecution/DownloadExcelFile/User_Report_Excel, processexecution/DownloadExcelFile/Process_Report_Excel, processexecution/DownloadExcelFile/Infrastructure_Report_Excel, or processexecution/DownloadExcelFile/Resolver_Report_Excel.",2021-11-29 08:15:07.707,Nuclei
CVE-2021-38163,8.8,0.96507,"SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker authenticated as a non-administrative user can upload a malicious file over a network and trigger its processing, which is capable of running operating system commands with the privilege of the Java Server process. These commands can be used to read or modify any information on the server or shut the server down making it unavailable.

",2021-09-14 12:15:10.890,EPSS/CISA
CVE-2021-38294,9.8,0.80896,A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x prior to 2.2.1 and Apache Storm 1.x prior to 1.2.4. A specially crafted thrift request to the Nimbus server allows Remote Code Execution (RCE) prior to authentication.,2021-10-25 13:15:07.957,Metasploit
CVE-2021-38314,5.3,0.00201,"The Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for WordPress registered several AJAX actions available to unauthenticated users in the `includes` function in `redux-core/class-redux-core.php` that were unique to a given site but deterministic and predictable given that they were based on an md5 hash of the site URL with a known salt value of '-redux' and an md5 hash of the previous hash with a known salt value of '-support'. These AJAX actions could be used to retrieve a list of active plugins and their versions, the site's PHP version, and an unsalted md5 hash of site’s `AUTH_KEY` concatenated with the `SECURE_AUTH_KEY`.",2021-09-02 17:15:09.777,Nuclei
CVE-2021-38406,7.8,0.8762,Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in multiple out-of-bounds write instances. An attacker could leverage this vulnerability to execute code in the context of the current process.,2021-09-17 19:15:08.710,CISA
CVE-2021-38540,9.8,0.01902,"The variable import endpoint was not protected by authentication in Airflow >=2.0.0, <2.1.3. This allowed unauthenticated users to hit that endpoint to add/modify Airflow variables used in DAGs, potentially resulting in a denial of service, information disclosure or remote code execution. This issue affects Apache Airflow >=2.0.0, <2.1.3.",2021-09-09 15:15:09.170,Nuclei
CVE-2021-38645,7.8,0.0006,Open Management Infrastructure Elevation of Privilege Vulnerability,2021-09-15 12:15:14.967,CISA
CVE-2021-38646,7.8,0.39058,Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability,2021-09-15 12:15:15.033,CISA
CVE-2021-38647,9.8,0.97461,Open Management Infrastructure Remote Code Execution Vulnerability,2021-09-15 12:15:15.090,EPSS/CISA/Metasploit/Nuclei
CVE-2021-38648,7.8,0.9564,Open Management Infrastructure Elevation of Privilege Vulnerability,2021-09-15 12:15:15.147,EPSS/CISA/Metasploit
CVE-2021-38649,7.0,0.0006,Open Management Infrastructure Elevation of Privilege Vulnerability,2021-09-15 12:15:15.203,CISA
CVE-2021-38702,6.1,0.01053,Cyberoam NetGenie C0101B1-20141120-NG11VO devices through 2021-08-14 allow tweb/ft.php?u=[XSS] attacks.,2021-08-17 20:15:08.230,Nuclei
CVE-2021-38704,6.1,0.0015,Multiple reflected cross-site scripting (XSS) vulnerabilities in ClinicCases 7.3.3 allow unauthenticated attackers to introduce arbitrary JavaScript by crafting a malicious URL. This can result in account takeover via session token theft.,2021-09-07 20:15:07.990,Nuclei
CVE-2021-38751,4.3,0.0017,"A HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponent_constants.php. A modified HTTP header can change links on the webpage to an arbitrary value, leading to a possible attack vector for MITM.",2021-08-16 14:15:07.100,Nuclei
CVE-2021-39141,8.5,0.25418,"XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.",2021-08-23 18:15:12.010,Nuclei
CVE-2021-39144,8.5,0.97191,"XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.",2021-08-23 18:15:12.087,EPSS/CISA/Metasploit/Nuclei
CVE-2021-39146,8.5,0.27391,"XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.",2021-08-23 18:15:12.443,Nuclei
CVE-2021-39152,8.5,0.01242,"XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the [Security Framework](https://x-stream.github.io/security.html#framework), you will have to use at least version 1.4.18.",2021-08-23 19:15:13.247,Nuclei
CVE-2021-39165,6.5,0.0536,"Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the `SearchableTrait#scopeSearch()`. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator's password and session. The original repository of Cachet <https://github.com/CachetHQ/Cachet> is not active, the stable version 2.3.18 and it's developing 2.4 branch is affected.",2021-08-26 21:15:10.053,Nuclei
CVE-2021-39211,5.3,0.00141,"GLPI is a free Asset and IT management software package. Starting in version 9.2 and prior to version 9.5.6, the telemetry endpoint discloses GLPI and server information. This issue is fixed in version 9.5.6. As a workaround, remove the file `ajax/telemetry.php`, which is not needed for usual functions of GLPI.",2021-09-15 17:15:10.267,Nuclei
CVE-2021-39226,7.3,0.97098,"Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot ""public_mode"" configuration setting is set to true (vs default of false), unauthenticated users are able to delete the snapshot with the lowest database key by accessing the literal path: /api/snapshots-delete/:deleteKey. Regardless of the snapshot ""public_mode"" setting, authenticated users are able to delete the snapshot with the lowest database key by accessing the literal paths: /api/snapshots/:key, or /api/snapshots-delete/:deleteKey. The combination of deletion and viewing enables a complete walk through all snapshot data while resulting in complete snapshot data loss. This issue has been resolved in versions 8.1.6 and 7.5.11. If for some reason you cannot upgrade you can use a reverse proxy or similar to block access to the literal paths: /api/snapshots/:key, /api/snapshots-delete/:deleteKey, /dashboard/snapshot/:key, and /api/snapshots/:key. They have no normal function and can be disabled without side effects.",2021-10-05 18:15:07.947,EPSS/CISA/Nuclei
CVE-2021-39312,7.5,0.16864,"The True Ranker plugin <= 2.2.2 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be accessed via the src parameter found in the ~/admin/vendor/datatables/examples/resources/examples.php file.",2021-12-14 16:15:08.597,Nuclei
CVE-2021-39316,7.5,0.37466,"The Zoomsounds plugin <= 6.45 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the `dzsap_download` action using directory traversal in the `link` parameter.",2021-08-31 12:15:07.420,Nuclei
CVE-2021-39320,6.1,0.00228,"The underConstruction plugin <= 1.18 for WordPress echoes out the raw value of `$GLOBALS['PHP_SELF']` in the ucOptions.php file. On certain configurations including Apache+modPHP, this makes it possible to use it to perform a reflected Cross-Site Scripting attack by injecting malicious code in the request path.",2021-09-01 15:15:12.653,Nuclei
CVE-2021-39322,6.1,0.0026,The Easy Social Icons plugin <= 3.0.8 for WordPress echoes out the raw value of `$_SERVER['PHP_SELF']` in its main file. On certain configurations including Apache+modPHP this makes it possible to use it to perform a reflected Cross-Site Scripting attack by injecting malicious code in the request path.,2021-09-02 17:15:09.837,Nuclei
CVE-2021-39327,5.3,0.24815,"The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up to, and including, 5.1.",2021-09-17 11:15:08.647,Metasploit/Nuclei
CVE-2021-39350,6.1,0.00113,"The FV Flowplayer Video Player WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the player_id parameter found in the ~/view/stats.php file which allows attackers to inject arbitrary web scripts, in versions 7.5.0.727 - 7.5.2.727.",2021-10-06 16:15:07.427,Nuclei
CVE-2021-39352,7.2,0.93647,"The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with administrative privileges to upload malicious files that can be used to achieve remote code execution.",2021-10-21 20:15:08.060,Metasploit
CVE-2021-39433,7.5,0.00695,A local file inclusion (LFI) vulnerability exists in version BIQS IT Biqs-drive v1.83 and below when sending a specific payload as the file parameter to download/index.php. This allows the attacker to read arbitrary files from the server with the permissions of the configured web-user.,2021-10-04 20:15:07.703,Nuclei
CVE-2021-39501,6.1,0.00141,EyouCMS 1.5.4 is vulnerable to Open Redirect. An attacker can redirect a user to a malicious url via the Logout function.,2021-09-07 21:15:08.940,Nuclei
CVE-2021-39793,7.8,0.00066,"In kbase_jd_user_buf_pin_pages of mali_kbase_mem.c, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210470189References: N/A",2022-03-16 15:15:12.430,CISA
CVE-2021-40149,5.9,0.00942,The web server of the E1 Zoom camera through 3.0.0.716 discloses its SSL private key via the root web server directory. In this way an attacker can download the entire key via the /self.key URI.,2022-07-17 22:15:08.683,Nuclei
CVE-2021-40150,7.5,0.01031,The web server of the E1 Zoom camera through 3.0.0.716 discloses its configuration via the /conf/ directory that is mapped to a publicly accessible path. In this way an attacker can download the entire NGINX/FastCGI configurations by querying the /conf/nginx.conf or /conf/fastcgi.conf URI.,2022-07-17 23:15:08.347,Nuclei
CVE-2021-40323,9.8,0.03731,"Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.",2021-10-04 06:15:07.187,Nuclei
CVE-2021-4034,7.8,0.00046,A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.,2022-01-28 20:15:12.193,CISA/Metasploit
CVE-2021-40438,9.0,0.97057,A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.,2021-09-16 15:15:07.633,EPSS/CISA/Nuclei
CVE-2021-40444,8.8,0.96821,"<p>Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents.</p>
<p>An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p>
<p>Microsoft Defender Antivirus and Microsoft Defender for Endpoint both provide detection and protections for the known vulnerability. Customers should keep antimalware products up to date. Customers who utilize automatic updates do not need to take additional action. Enterprise customers who manage updates should select the detection build 1.349.22.0 or newer and deploy it across their environments. Microsoft Defender for Endpoint alerts will be displayed as: “Suspicious Cpl File Execution”.</p>
<p>Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.</p>
<p>Please see the <strong>Mitigations</strong> and <strong>Workaround</strong> sections for important information about steps you can take to protect your system from this vulnerability.</p>
<p><strong>UPDATE</strong> September 14, 2021: Microsoft has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. Please see the FAQ for important information about which updates are applicable to your system.</p>
",2021-09-15 12:15:16.467,EPSS/CISA/Metasploit
CVE-2021-40449,7.8,0.00103,Win32k Elevation of Privilege Vulnerability,2021-10-13 01:15:09.703,CISA/Metasploit
CVE-2021-40450,7.8,0.00654,Win32k Elevation of Privilege Vulnerability,2021-10-13 01:15:09.750,CISA
CVE-2021-40539,9.8,0.97492,Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.,2021-09-07 17:15:07.367,EPSS/CISA/Metasploit/Nuclei
CVE-2021-40542,6.1,0.00342,Opensis-Classic Version 8.0 is affected by cross-site scripting (XSS). An unauthenticated user can inject and execute JavaScript code through the link_url parameter in Ajax_url_encode.php.,2021-10-11 13:15:07.417,Nuclei
CVE-2021-40651,6.5,0.02562,"OS4Ed OpenSIS Community 8.0 is vulnerable to a local file inclusion vulnerability in Modules.php (modname parameter), which can disclose arbitrary file from the server's filesystem as long as the application has access to the file.",2021-09-29 12:15:07.317,Nuclei
CVE-2021-40655,7.5,0.08617,An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page,2021-09-24 21:15:07.310,CISA
CVE-2021-40661,7.5,0.01461,"A remote, unauthenticated, directory traversal vulnerability was identified within the web interface used by IND780 Advanced Weighing Terminals Build 8.0.07 March 19, 2018 (SS Label 'IND780_8.0.07'), Version 7.2.10 June 18, 2012 (SS Label 'IND780_7.2.10'). It was possible to traverse the folders of the affected host by providing a traversal path to the 'webpage' parameter in AutoCE.ini This could allow a remote unauthenticated adversary to access additional files on the affected system. This could also allow the adversary to perform further enumeration against the affected host to identify the versions of the systems in use, in order to launch further attacks in future.",2022-10-31 12:15:10.057,Nuclei
CVE-2021-40822,7.5,0.65156,GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host.,2022-05-02 00:15:08.113,Nuclei
CVE-2021-40856,7.5,0.19673,Auerswald COMfortel 1400 IP and 2600 IP before 2.8G devices allow Authentication Bypass via the /about/../ substring.,2021-12-13 04:15:06.973,Nuclei
CVE-2021-40859,9.8,0.02655,"Backdoors were discovered in Auerswald COMpact 5500R 7.8A and 8.0B devices, that allow attackers with access to the web based management application full administrative access to the device.",2021-12-07 19:15:07.547,Nuclei
CVE-2021-40868,6.1,0.00532,"In Cloudron 6.2, the returnTo parameter on the login page is vulnerable to Reflected XSS.",2021-09-21 17:15:09.947,Nuclei
CVE-2021-40870,9.8,0.93406,"An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal.",2021-09-13 08:15:13.913,CISA/Nuclei
CVE-2021-40875,7.5,0.31087,"Improper Access Control in Gurock TestRail versions < 7.2.0.3014 resulted in sensitive information exposure. A threat actor can access the /files.md5 file on the client side of a Gurock TestRail application, disclosing a full list of application files and the corresponding file paths. The corresponding file paths can be tested, and in some cases, result in the disclosure of hardcoded credentials, API keys, or other sensitive data.",2021-09-22 15:15:09.677,Nuclei
CVE-2021-40908,9.8,0.0161,"SQL injection vulnerability in Login.php in Sourcecodester Purchase Order Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter.",2022-01-24 15:15:09.263,Nuclei
CVE-2021-40960,9.8,0.01091,Galera WebTemplate 1.0 is affected by a directory traversal vulnerability that could reveal information from /etc/passwd and /etc/shadow.,2021-10-01 14:15:08.577,Nuclei
CVE-2021-40968,6.1,0.00141,Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword2 parameter.,2021-10-01 16:15:07.610,Nuclei
CVE-2021-40969,6.1,0.00141,Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the firstname parameter.,2021-10-01 16:15:07.653,Nuclei
CVE-2021-40970,6.1,0.00141,Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the username parameter.,2021-10-01 16:15:07.697,Nuclei
CVE-2021-40971,6.1,0.00141,Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword1 parameter.,2021-10-01 16:15:07.737,Nuclei
CVE-2021-40972,6.1,0.00141,Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the mail parameter.,2021-10-01 16:15:07.787,Nuclei
CVE-2021-40973,6.1,0.00141,Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the lastname parameter.,2021-10-01 16:15:07.837,Nuclei
CVE-2021-40978,7.5,0.03054,"The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information. NOTE: the vendor has disputed this as described in https://github.com/mkdocs/mkdocs/issues/2601.] and https://github.com/nisdn/CVE-2021-40978/issues/1",2021-10-07 14:15:08.280,Nuclei
CVE-2021-4102,8.8,0.02927,Use after free in V8 in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,2022-02-11 23:15:08.273,CISA
CVE-2021-41174,6.1,0.96081,"Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim's browser. The user visiting the malicious link must be unauthenticated and the link must be for a page that contains the login button in the menu bar. The url has to be crafted to exploit AngularJS rendering and contain the interpolation binding for AngularJS expressions. AngularJS uses double curly braces for interpolation binding: {{ }} ex: {{constructor.constructor(‘alert(1)’)()}}. When the user follows the link and the page renders, the login button will contain the original link with a query parameter to force a redirect to the login page. The URL is not validated and the AngularJS rendering engine will execute the JavaScript expression contained in the URL. Users are advised to upgrade as soon as possible. If for some reason you cannot upgrade, you can use a reverse proxy or similar to block access to block the literal string {{ in the path.",2021-11-03 18:15:08.413,EPSS/Nuclei
CVE-2021-41192,6.5,0.00807,"Redash is a package for data visualization and sharing. If an admin sets up Redash versions 10.0.0 and prior without explicitly specifying the `REDASH_COOKIE_SECRET` or `REDASH_SECRET_KEY` environment variables, a default value is used for both that is the same across all installations. In such cases, the instance is vulnerable to attackers being able to forge sessions using the known default value. This issue only affects installations where the `REDASH_COOKIE_SECRET or REDASH_SECRET_KEY` environment variables have not been explicitly set. This issue does not affect users of the official Redash cloud images, Redash's Digital Ocean marketplace droplets, or the scripts in the `getredash/setup` repository. These instances automatically generate unique secret keys during installation. One can verify whether one's instance is affected by checking the value of the `REDASH_COOKIE_SECRET` environment variable. If it is `c292a0a3aa32397cdb050e233733900f`, should follow the steps to secure the instance, outlined in the GitHub Security Advisory.",2021-11-24 16:15:14.173,Nuclei
CVE-2021-41266,9.8,0.06556,"Minio console is a graphical user interface for the for MinIO operator. Minio itself is a multi-cloud object storage project. Affected versions are subject to an authentication bypass issue in the Operator Console when an external IDP is enabled. All users on release v0.12.2 and before are affected and are advised to update to 0.12.3 or newer. Users unable to upgrade should add automountServiceAccountToken: false to the operator-console deployment in Kubernetes so no service account token will get mounted inside the pod, then disable the external identity provider authentication by unset the CONSOLE_IDP_URL, CONSOLE_IDP_CLIENT_ID, CONSOLE_IDP_SECRET and CONSOLE_IDP_CALLBACK environment variable and instead use the Kubernetes service account token.",2021-11-15 21:15:07.320,Nuclei
CVE-2021-41277,7.5,0.95403,"Metabase is an open source data analytics platform. In affected versions a security issue has been discovered with the custom GeoJSON map (`admin->settings->maps->custom maps->add a map`) support and potential local file inclusion (including environment variables). URLs were not validated prior to being loaded. This issue is fixed in a new maintenance release (0.40.5 and 1.40.5), and any subsequent release after that. If you’re unable to upgrade immediately, you can mitigate this by including rules in your reverse proxy or load balancer or WAF to provide a validation filter before the application.",2021-11-17 20:15:10.587,EPSS/Nuclei
CVE-2021-41282,8.8,0.97097,"diag_routes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the common protection mechanisms against command injection (i.e., the usage of the escapeshellarg function for the arguments) are used, it is still possible to inject sed-specific code and write an arbitrary file in an arbitrary location.",2022-03-01 23:15:08.347,EPSS/Metasploit/Nuclei
CVE-2021-41291,7.5,0.02424,"ECOA BAS controller suffers from a path traversal content disclosure vulnerability. Using the GET parameter in File Manager, unauthenticated attackers can remotely disclose directory content on the affected device.",2021-09-30 11:15:07.423,Nuclei
CVE-2021-41293,7.5,0.02424,"ECOA BAS controller suffers from a path traversal vulnerability, causing arbitrary files disclosure. Using the specific POST parameter, unauthenticated attackers can remotely disclose arbitrary files on the affected device and disclose sensitive and system information.",2021-09-30 11:15:07.540,Nuclei
CVE-2021-41349,6.5,0.95861,Microsoft Exchange Server Spoofing Vulnerability,2021-11-10 01:19:28.653,EPSS/Nuclei
CVE-2021-41357,7.8,0.00654,Win32k Elevation of Privilege Vulnerability,2021-10-13 01:15:13.950,CISA
CVE-2021-41379,5.5,0.00376,Windows Installer Elevation of Privilege Vulnerability,2021-11-10 01:19:32.127,CISA
CVE-2021-41381,7.5,0.15459,Payara Micro Community 5.2021.6 and below allows Directory Traversal.,2021-09-23 15:15:08.100,Nuclei
CVE-2021-41432,5.4,0.00067,A stored cross-site scripting (XSS) vulnerability exists in FlatPress 1.2.1 that allows for arbitrary execution of JavaScript commands through blog content.,2022-06-23 17:15:11.600,Nuclei
CVE-2021-41460,7.5,0.00718,"ECShop 4.1.0 has SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information.",2022-06-28 13:15:10.030,Nuclei
CVE-2021-41467,6.1,0.0012,Cross-site scripting (XSS) vulnerability in application/controllers/dropbox.php in JustWriting 1.0.0 and below allow remote attackers to inject arbitrary web script or HTML via the challenge parameter.,2021-10-01 16:15:08.140,Nuclei
CVE-2021-41569,7.5,0.01003,"SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. The samples library (included by default) in the appstart.sas file, allows end-users of the application to access the sample.webcsf1.sas program, which contains user-controlled macro variables that are passed to the DS2CSF macro. Users can escape the context of the configured user-controllable variable and append additional functions native to the macro but not included as variables within the library. This includes a function that retrieves files from the host OS.",2021-11-19 18:15:09.677,Nuclei
CVE-2021-41648,7.5,0.05206,An un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced through the /action.php prId parameter. Using a post request does not sanitize the user input.,2021-10-01 14:15:08.627,Nuclei
CVE-2021-41649,9.8,0.07615,An un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced through the /homeaction.php cat_id parameter. Using a post request does not sanitize the user input.,2021-10-01 14:15:08.673,Nuclei
CVE-2021-41653,9.8,0.9502,The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field.,2021-11-13 15:15:08.110,EPSS/Nuclei
CVE-2021-41749,9.8,0.38172,"In the SEOmatic plugin up to 3.4.11 for Craft CMS 3, it is possible for unauthenticated attackers to perform a Server-Side Template Injection, allowing for remote code execution.",2022-06-12 11:15:07.663,Nuclei
CVE-2021-41773,7.5,0.97458,"A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration ""require all denied"", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.",2021-10-05 09:15:07.593,EPSS/CISA/Nuclei
CVE-2021-41826,6.1,0.90437,PlaceOS Authentication Service before 1.29.10.0 allows app/controllers/auth/sessions_controller.rb open redirect.,2021-09-30 00:15:07.543,Nuclei
CVE-2021-41878,6.1,0.01333,A reflected cross-site scripting (XSS) vulnerability exists in the i-Panel Administration System Version 2.0 that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console and it is possible to insert a vulnerable malicious button.,2021-10-04 12:15:09.333,Nuclei
CVE-2021-4191,5.3,0.78179,"An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and 14.8 to 14.8.2. Private GitLab instances with restricted sign-ups may be vulnerable to user enumeration to unauthenticated users through the GraphQL API.",2022-03-28 19:15:08.093,Metasploit/Nuclei
CVE-2021-41951,6.1,0.71286,"ResourceSpace before 9.6 rev 18290 is affected by a reflected Cross-Site Scripting vulnerability in plugins/wordpress_sso/pages/index.php via the wordpress_user parameter. If an attacker is able to persuade a victim to visit a crafted URL, malicious JavaScript content may be executed within the context of the victim's browser.",2021-11-15 16:15:10.323,Nuclei
CVE-2021-42013,9.8,0.97434,"It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration ""require all denied"", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions.",2021-10-07 16:15:09.270,EPSS/CISA/Nuclei
CVE-2021-42063,6.1,0.00425,"A security vulnerability has been discovered in the SAP Knowledge Warehouse - versions 7.30, 7.31, 7.40, 7.50. The usage of one SAP KW component within a Web browser enables unauthorized attackers to conduct XSS attacks, which might lead to disclose sensitive data.",2021-12-14 16:15:09.260,Nuclei
CVE-2021-42071,9.8,0.9605,"In Visual Tools DVR VX16 4.2.28.0, an unauthenticated attacker can achieve remote command execution via shell metacharacters in the cgi-bin/slogin/login.py User-Agent HTTP header.",2021-10-07 17:15:08.453,EPSS/Nuclei
CVE-2021-42192,8.8,0.04579,Konga v0.14.9 is affected by an incorrect access control vulnerability where a specially crafted request can lead to privilege escalation.,2022-05-04 11:15:07.950,Nuclei
CVE-2021-42237,9.8,0.97549,Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability.,2021-11-05 10:15:08.240,EPSS/CISA/Metasploit/Nuclei
CVE-2021-42258,9.8,0.97378,"BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution, as exploited in the wild in October 2021 for ransomware installation. SQL injection can, for example, use the txtID (aka username) parameter. Successful exploitation can include the ability to execute arbitrary code as MSSQLSERVER$ via xp_cmdshell.",2021-10-22 22:15:07.907,EPSS/CISA/Metasploit/Nuclei
CVE-2021-42278,7.5,0.585,Active Directory Domain Services Elevation of Privilege Vulnerability,2021-11-10 01:19:44.300,CISA
CVE-2021-42287,7.5,0.90435,Active Directory Domain Services Elevation of Privilege Vulnerability,2021-11-10 01:19:46.137,CISA
CVE-2021-42292,7.8,0.03435,Microsoft Excel Security Feature Bypass Vulnerability,2021-11-10 01:19:47.007,CISA
CVE-2021-42321,8.8,0.9654,Microsoft Exchange Server Remote Code Execution Vulnerability,2021-11-10 01:19:50.047,EPSS/CISA/Metasploit
CVE-2021-42362,8.8,0.94916,"The WordPress Popular Posts WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/src/Image.php file which makes it possible for attackers with contributor level access and above to upload malicious files that can be used to obtain remote code execution, in versions up to and including 5.3.2.

",2021-11-17 18:15:08.297,Metasploit
CVE-2021-42551,6.1,0.00124,Cross-site Scripting (XSS) vulnerability in the search functionality of AlCoda NetBiblio WebOPAC allows an unauthenticated user to craft a reflected Cross-Site Scripting attack. This issue affects: AlCoda NetBiblio WebOPAC versions prior to 4.0.0.320; versions later than 4.0.0.328. This issue does not affect: AlCoda NetBiblio WebOPAC version 4.0.0.335 and later versions.,2022-01-14 10:15:07.960,Nuclei
CVE-2021-42565,6.1,0.00106,myfactory.FMS before 7.1-912 allows XSS via the UID parameter.,2021-10-18 08:15:07.127,Nuclei
CVE-2021-42566,6.1,0.00106,myfactory.FMS before 7.1-912 allows XSS via the Error parameter.,2021-10-18 08:15:07.173,Nuclei
CVE-2021-42567,6.1,0.25981,Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST API endpoints.,2021-12-07 22:15:06.907,Nuclei
CVE-2021-42627,9.8,0.23452,"The WAN configuration page ""wan.htm"" on D-Link DIR-615 devices with firmware 20.06 can be accessed directly without authentication which can lead to disclose the information about WAN settings and also leverage attacker to modify the data fields of page.",2022-08-23 12:15:08.487,Nuclei
CVE-2021-42663,4.3,0.00121,An HTML injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the msg parameter to /event-management/index.php. An attacker can leverage this vulnerability in order to change the visibility of the website. Once the target user clicks on a given link he will display the content of the HTML code of the attacker's choice.,2021-11-05 13:15:07.630,Nuclei
CVE-2021-42667,9.8,0.07996,A SQL Injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP in event-management/views. An attacker can leverage this vulnerability in order to manipulate the sql query performed. As a result he can extract sensitive data from the web server and in some cases he can use this vulnerability in order to get a remote code execution on the remote web server.,2021-11-05 13:15:09.013,Nuclei
CVE-2021-42840,8.8,0.08907,"SuiteCRM before 7.11.19 allows remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled PHP file under the web root, because only the all-lowercase PHP file extensions were blocked. NOTE: this issue exists because of an incomplete fix for CVE-2020-28328.",2021-10-22 19:15:08.173,Metasploit
CVE-2021-42847,9.8,0.14273,"Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write to, and execute, arbitrary files.",2021-11-11 05:15:09.597,Metasploit
CVE-2021-42887,9.8,0.08034,"In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm.",2022-06-03 12:15:07.933,Nuclei
CVE-2021-43062,6.1,0.00561,"A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiMail version 7.0.1 and 7.0.0, version 6.4.5 and below, version 6.3.7 and below, version 6.0.11 and below allows attacker to execute unauthorized code or commands via crafted HTTP GET requests to the FortiGuard URI protection service.",2022-02-02 11:15:07.887,Nuclei
CVE-2021-43258,8.8,0.05903,"CartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote code execution through insecure uploads. This requires authenticated access tot he ChurchInfo application. Once authenticated, a user can add names to their cart, and compose an email. Uploading an attachment for the email stores the attachment on the site in the /tmp_attach/ folder where it can be accessed with a GET request. There are no limitations on files that can be attached, allowing for malicious PHP code to be uploaded and interpreted by the server.",2022-11-23 19:15:11.823,Metasploit
CVE-2021-43287,7.5,0.46288,"An issue was discovered in ThoughtWorks GoCD before 21.3.0. The business continuity add-on, which is enabled by default, leaks all secrets known to the GoCD server to unauthenticated attackers.",2022-04-14 12:15:07.717,Nuclei
CVE-2021-43421,9.8,0.06607,"A File Upload vulnerability exists in Studio-42 elFinder 2.0.4 to 2.1.59 via connector.minimal.php, which allows a remote malicious user to upload arbitrary files and execute PHP code.",2022-04-07 17:15:08.720,Nuclei
CVE-2021-43495,7.5,0.03073,AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9c1d36 is affected by a directory traversal vulnerability in alquist/IO/input.py. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access.,2021-11-15 13:15:07.663,Nuclei
CVE-2021-43496,7.5,0.03073,Clustering master branch as of commit 53e663e259bcfc8cdecb56c0bb255bd70bfcaa70 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access.,2021-11-12 14:15:07.447,Nuclei
CVE-2021-43510,9.8,0.04213,SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the username field in login.php.,2022-02-01 14:15:09.440,Nuclei
CVE-2021-43574,6.1,0.00134,WebAdmin Control Panel in Atmail 6.5.0 (a version released in 2012) allows XSS via the format parameter to the default URI. NOTE: This vulnerability only affects products that are no longer supported by the maintainer,2021-11-15 15:15:06.867,Nuclei
CVE-2021-43725,6.1,0.00152,"There is a Cross Site Scripting (XSS) vulnerability in SpotPage_login.php of Spotweb 1.5.1 and below, which allows remote attackers to inject arbitrary web script or HTML via the data[performredirect] parameter.",2022-03-28 13:15:07.693,Nuclei
CVE-2021-43734,7.5,0.00856,kkFileview v4.0.0 has arbitrary file read through a directory traversal vulnerability which may lead to sensitive file leak on related host.,2022-02-15 14:15:08.010,Nuclei
CVE-2021-43778,7.5,0.64914,"Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI instances version 2.x prior to version 2.6.1 with the barcode plugin installed are vulnerable to a path traversal vulnerability. This issue was patched in version 2.6.1. As a workaround, delete the `front/send.php` file.",2021-11-24 19:15:07.957,Nuclei
CVE-2021-43798,7.5,0.97488,"Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline.",2021-12-07 19:15:07.633,EPSS/Metasploit/Nuclei
CVE-2021-43810,6.1,0.00726,"Admidio is a free open source user management system for websites of organizations and groups. A cross-site scripting vulnerability is present in Admidio prior to version 4.0.12. The Reflected XSS vulnerability occurs because redirect.php does not properly validate the value of the url parameter. Through this vulnerability, an attacker is capable to execute malicious scripts. This issue is patched in version 4.0.12.",2021-12-07 22:15:06.997,Nuclei
CVE-2021-43831,7.7,0.00623,Gradio is an open source framework for building interactive machine learning models and demos. In versions prior to 2.5.0 there is a vulnerability that affects anyone who creates and publicly shares Gradio interfaces. File paths are not restricted and users who receive a Gradio link can access any files on the host computer if they know the file names or file paths. This is limited only by the host operating system. Paths are opened in read only mode. The problem has been patched in gradio 2.5.0.,2021-12-15 20:15:08.620,Nuclei
CVE-2021-43890,7.1,0.00167,"We have investigated reports of a spoofing vulnerability in AppX installer that affects Microsoft Windows. Microsoft is aware of attacks that attempt to exploit this vulnerability by using specially crafted packages that include the malware family known as Emotet/Trickbot/Bazaloader.
An attacker could craft a malicious attachment to be used in phishing campaigns. The attacker would then have to convince the user to open the specially crafted attachment. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Please see the Security Updates table for the link to the updated app. Alternatively you can download and install the Installer using the links provided in the FAQ section.
Please see the Mitigations and Workaround sections for important information about steps you can take to protect your system from this vulnerability.
December 27 2023 Update:
In recent months, Microsoft Threat Intelligence has seen an increase in activity from threat actors leveraging social engineering and phishing techniques to target Windows OS users and utilizing the ms-appinstaller URI scheme.
To address this increase in activity, we have updated the App Installer to disable the ms-appinstaller protocol by default and recommend other potential mitigations.
",2021-12-15 15:15:11.207,CISA
CVE-2021-44026,9.8,0.00435,Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params.,2021-11-19 04:15:07.197,CISA
CVE-2021-44077,9.8,0.97384,"Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration.",2021-11-29 04:15:06.737,EPSS/CISA/Metasploit/Nuclei
CVE-2021-44138,7.5,0.01258,"There is a Directory traversal vulnerability in Caucho Resin, as distributed in Resin 4.0.52 - 4.0.56, which allows remote attackers to read files in arbitrary directories via a ; in a pathname within an HTTP request.",2022-04-04 13:15:07.590,Nuclei
CVE-2021-44139,7.5,0.01303,Sentinel 1.8.2 is vulnerable to Server-side request forgery (SSRF).,2022-03-23 17:15:07.750,Nuclei
CVE-2021-44152,9.8,0.87539,"An issue was discovered in Reprise RLM 14.2. Because /goform/change_password_process does not verify authentication or authorization, an unauthenticated user can change the password of any existing user. This allows an attacker to change the password of any known user, thereby preventing valid users from accessing the system and granting the attacker full access to that user's account.",2021-12-13 04:15:07.180,Nuclei
CVE-2021-44168,7.8,0.00146,"A download of code without integrity check vulnerability in the ""execute restore src-vis"" command of FortiOS before 7.0.3 may allow a local authenticated attacker to download arbitrary files on the device via specially crafted update packages.",2022-01-04 13:15:07.957,CISA
CVE-2021-44228,10.0,0.97559,"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.",2021-12-10 10:15:09.143,EPSS/CISA/Nuclei
CVE-2021-44427,9.8,0.04431,"An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter.",2021-11-29 22:15:07.533,Nuclei
CVE-2021-44451,6.5,0.0058,Apache Superset up to and including 1.3.2 allowed for registered database connections password leak for authenticated users. This information could be accessed in a non-trivial way. Users should upgrade to Apache Superset 1.4.0 or higher.,2022-02-01 14:15:09.483,Nuclei
CVE-2021-44515,9.8,0.97426,"Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in the wild in December 2021. For Enterprise builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For Enterprise builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3. For MSP builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For MSP builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3.",2021-12-12 05:15:07.997,EPSS/CISA/Nuclei
CVE-2021-44521,9.1,0.05005,"When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissions to create user defined functions in the cluster to be able to exploit this. Note that this configuration is documented as unsafe, and will continue to be considered unsafe after this CVE.",2022-02-11 13:15:07.907,Nuclei
CVE-2021-44528,6.1,0.00178,"A open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an attacker to craft a ""X-Forwarded-Host"" headers in combination with certain ""allowed host"" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website.",2022-01-10 14:10:26.117,Nuclei
CVE-2021-44529,9.8,0.97077,A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody).,2021-12-08 22:15:10.163,EPSS/CISA/Metasploit/Nuclei
CVE-2021-44848,5.3,0.02038,"In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns different responses for invalid authentication requests depending on whether the username exists.",2021-12-13 02:15:06.790,Nuclei
CVE-2021-45043,7.5,0.05404,HD-Network Real-time Monitoring System 2.0 allows ../ directory traversal to read /etc/shadow via the /language/lang s_Language parameter.,2021-12-15 08:15:07.423,Nuclei
CVE-2021-45046,9.0,0.97365,"It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default.",2021-12-14 19:15:07.733,EPSS/CISA/Metasploit/Nuclei
CVE-2021-45092,9.8,0.05776,Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachable by default that could allow IFRAME injection via the vpath parameter.,2021-12-16 04:15:06.747,Nuclei
CVE-2021-45105,5.9,0.96625,"Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.",2021-12-18 12:15:07.433,EPSS
CVE-2021-45232,9.8,0.97228,"In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces framework `droplet` on the basis of framework `gin`, all APIs and authentication middleware are developed based on framework `droplet`, but some API directly use the interface of framework `gin` thus bypassing the authentication.",2021-12-27 15:15:07.757,EPSS/Nuclei
CVE-2021-45380,6.1,0.00314,AppCMS 2.0.101 has a XSS injection vulnerability in \templates\m\inc_head.php,2022-01-23 17:15:07.730,Nuclei
CVE-2021-45382,9.8,0.96916,"A Remote Command Execution (RCE) vulnerability exists in all series H/W revisions D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L routers via the DDNS function in ncc2 binary file. Note: DIR-810L, DIR-820L, DIR-830L, DIR-826L, DIR-836L, all hardware revisions, have reached their End of Life (""EOL"") /End of Service Life (""EOS"") Life-Cycle and as such this issue will not be patched.",2022-02-17 21:15:07.737,EPSS/CISA/Nuclei
CVE-2021-45422,6.1,0.00218,"Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability in the /goform/activate_process ""count"" parameter via GET. No authentication is required.",2022-01-13 19:15:08.540,Nuclei
CVE-2021-45428,9.8,0.07905,TLR-2005KSH is affected by an incorrect access control vulnerability. THe PUT method is enabled so an attacker can upload arbitrary files including HTML and CGI formats.,2022-01-03 14:15:07.693,Nuclei
CVE-2021-45837,9.8,0.0026,"It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by sending a specifically crafted input to /tos/index.php?app/del.",2022-04-25 11:15:07.103,Metasploit
CVE-2021-45839,6.5,0.00077,"It is possible to obtain the first administrator's hash set up on the system in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/webNasIPS endpoint.",2022-04-25 11:15:07.147,Metasploit
CVE-2021-45841,8.1,0.00261,"In Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517), an attacker can self-sign session cookies by knowing the target's MAC address and the user's password hash. Guest users (disabled by default) can be abused using a null/empty hash and allow an unauthenticated attacker to login as guest.",2022-04-25 11:15:07.237,Metasploit
CVE-2021-45967,9.8,0.67593,"An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.",2022-03-18 05:15:07.027,Nuclei
CVE-2021-45968,7.5,0.01718,"An issue was discovered in xmppserver jar in the XMPP Server component of the JIve platform, as used in Pascom Cloud Phone System before 7.20.x (and in other products). An endpoint in the backend Tomcat server of the Pascom allows SSRF, a related issue to CVE-2019-18394.",2022-03-18 05:15:07.070,Nuclei
CVE-2021-46005,5.4,0.00143,Sourcecodester Car Rental Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via vehicalorcview parameter.,2022-01-18 18:15:08.290,Nuclei
CVE-2021-46068,4.8,0.0011,A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the My Account Section in login panel.,2022-01-06 16:15:08.660,Nuclei
CVE-2021-46069,4.8,0.0011,A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Mechanic List Section in login panel.,2022-01-06 16:15:08.707,Nuclei
CVE-2021-46071,4.8,0.0011,A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Category List Section in login panel.,2022-01-06 16:15:08.797,Nuclei
CVE-2021-46072,4.8,0.0011,A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Service List Section in login panel.,2022-01-06 16:15:08.847,Nuclei
CVE-2021-46073,4.8,0.0011,A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the User List Section in login panel.,2022-01-06 16:15:08.893,Nuclei
CVE-2021-46107,7.5,0.01419,Ligeo Archives Ligeo Basics as of 02_01-2022 is vulnerable to Server Side Request Forgery (SSRF) which allows an attacker to read any documents via the download features.,2022-03-17 21:15:08.030,Nuclei
CVE-2021-46379,6.1,0.00437,DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through URL redirection to untrusted site.,2022-03-04 16:15:09.383,Nuclei
CVE-2021-46381,7.5,0.02555,Local File Inclusion due to path traversal in D-Link DAP-1620 leads to unauthorized internal files reading [/etc/passwd] and [/etc/shadow].,2022-03-04 16:15:09.987,Nuclei
CVE-2021-46387,6.1,0.12221,"ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by Cross Site Scripting (XSS). Insecure URI handling leads to bypass security restriction to achieve Cross Site Scripting, which allows an attacker able to execute arbitrary JavaScript codes to perform multiple attacks such as clipboard hijacking and session hijacking.",2022-03-01 15:15:07.887,Nuclei
CVE-2021-46417,7.5,0.6049,Insecure handling of a download function leads to disclosure of internal files due to path traversal with root privileges in Franklin Fueling Systems Colibri Controller Module 1.8.19.8580.,2022-04-07 11:15:10.183,Nuclei
CVE-2021-46418,7.5,0.07418,An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 via PUT method can allow creation of CGI scripts.,2022-04-07 12:15:07.780,Nuclei
CVE-2021-46419,9.1,0.36968,An unauthorized file deletion vulnerability in Telesquare TLR-2855KS6 via DELETE method can allow deletion of system files and scripts.,2022-04-07 12:15:07.837,Nuclei
CVE-2021-46422,9.8,0.95843,Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication.,2022-04-27 13:15:09.173,EPSS/Nuclei
CVE-2021-46424,9.1,0.0159,"Telesquare TLR-2005KSH 1.0.0 is affected by an arbitrary file deletion vulnerability that allows a remote attacker to delete any file, even system internal files, via a DELETE request.",2022-04-27 13:15:09.287,Nuclei
CVE-2021-46704,9.8,0.94888,"In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument (lib/ui/api.ts and lib/ping.ts). The vulnerability arises from insufficient input validation combined with a missing authorization check.",2022-03-06 07:15:07.200,Nuclei
CVE-2022-0028,8.6,0.00268,"A PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks. The DoS attack would appear to originate from a Palo Alto Networks PA-Series (hardware), VM-Series (virtual) and CN-Series (container) firewall against an attacker-specified target. To be misused by an external attacker, the firewall configuration must have a URL filtering profile with one or more blocked categories assigned to a source zone that has an external facing interface. This configuration is not typical for URL filtering and, if set, is likely unintended by the administrator. If exploited, this issue would not impact the confidentiality, integrity, or availability of our products. However, the resulting denial-of-service (DoS) attack may help obfuscate the identity of the attacker and implicate the firewall as the source of the attack. We have taken prompt action to address this issue in our PAN-OS software. All software updates for this issue are expected to be released no later than the week of August 15, 2022. This issue does not impact Panorama M-Series or Panorama virtual appliances. This issue has been resolved for all Cloud NGFW and Prisma Access customers and no additional action is required from them.",2022-08-10 16:15:08.343,CISA
CVE-2022-0087,6.1,0.001,keystone is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),2022-01-12 00:15:10.103,Nuclei
CVE-2022-0140,5.3,0.00818,"The Visual Form Builder WordPress plugin before 3.0.6 does not perform access control on entry form export, allowing unauthenticated users to see the form entries or export it as a CSV File using the vfb-export endpoint.",2022-04-12 12:15:08.183,Nuclei
CVE-2022-0147,6.1,0.001,"The Cookie Information | Free GDPR Consent Solution WordPress plugin before 2.0.8 does not escape user data before outputting it back in attributes in the admin dashboard, leading to a Reflected Cross-Site Scripting issue",2022-03-14 15:15:09.417,Nuclei
CVE-2022-0148,5.4,0.00144,"The All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs WordPress plugin before 2.0.4 was vulnerable to reflected XSS on the my-sticky-elements-leads admin page.",2022-02-07 16:16:38.987,Nuclei
CVE-2022-0149,6.1,0.001,The WooCommerce Stored Exporter WordPress plugin before 2.7.1 was affected by a Reflected Cross-Site Scripting (XSS) vulnerability in the woo_ce admin page.,2022-02-07 16:16:39.337,Nuclei
CVE-2022-0150,6.1,0.001,"The WP Accessibility Helper (WAH) WordPress plugin before 0.6.0.7 does not sanitise and escape the wahi parameter before outputting back its base64 decode value in the page, leading to a Reflected Cross-Site Scripting issue",2022-02-28 09:15:08.843,Nuclei
CVE-2022-0165,6.1,0.001,The Page Builder KingComposer WordPress plugin through 2.9.6 does not validate the id parameter before redirecting the user to it via the kc_get_thumbn AJAX action available to both unauthenticated and authenticated users,2022-03-14 15:15:09.523,Nuclei
CVE-2022-0169,9.8,0.01067,"The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not validate and escape the bwg_tag_id_bwg_thumbnails_0 parameter before using it in a SQL statement via the bwg_frontend_data AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL injection",2022-03-14 15:15:09.570,Nuclei
CVE-2022-0189,6.1,0.001,"The WP RSS Aggregator WordPress plugin before 4.20 does not sanitise and escape the id parameter in the wprss_fetch_items_row_action AJAX action before outputting it back in the response, leading to a Reflected Cross-Site Scripting",2022-02-28 09:15:08.893,Nuclei
CVE-2022-0201,6.1,0.001,"The Permalink Manager Lite WordPress plugin before 2.2.15 and Permalink Manager Pro WordPress plugin before 2.2.15 do not sanitise and escape query parameters before outputting them back in the debug page, leading to a Reflected Cross-Site Scripting issue",2022-02-14 12:15:16.373,Nuclei
CVE-2022-0206,6.1,0.00106,"The NewStatPress WordPress plugin before 1.3.6 does not properly escape the whatX parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues",2022-02-14 12:15:16.437,Nuclei
CVE-2022-0208,6.1,0.00106,"The MapPress Maps for WordPress plugin before 2.73.4 does not sanitise and escape the mapid parameter before outputting it back in the ""Bad mapid"" error message, leading to a Reflected Cross-Site Scripting",2022-02-14 12:15:16.500,Nuclei
CVE-2022-0212,6.1,0.00086,"The SpiderCalendar WordPress plugin through 1.5.65 does not sanitise and escape the callback parameter before outputting it back in the page via the window AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting issue.",2022-02-14 12:15:16.550,Nuclei
CVE-2022-0218,6.1,0.03872,"The WP HTML Mail WordPress plugin is vulnerable to unauthorized access which allows unauthenticated attackers to retrieve and modify theme settings due to a missing capability check on the /themesettings REST-API endpoint found in the ~/includes/class-template-designer.php file, in versions up to and including 3.0.9. This makes it possible for attackers with no privileges to execute the endpoint and add malicious JavaScript to a vulnerable WordPress site.",2022-02-04 23:15:12.357,Nuclei
CVE-2022-0220,6.1,0.00124,"The check_privacy_settings AJAX action of the WordPress GDPR WordPress plugin before 1.9.27, available to both unauthenticated and authenticated users, responds with JSON data without an ""application/json"" content-type. Since an HTML payload isn't properly escaped, it may be interpreted by a web browser led to this endpoint. Javascript code may be executed on a victim's browser. Due to v1.9.26 adding a CSRF check, the XSS is only exploitable against unauthenticated users (as they all share the same nonce)",2022-02-01 13:15:09.920,Nuclei
CVE-2022-0228,7.2,0.02638,"The Popup Builder WordPress plugin before 4.0.7 does not validate and properly escape the orderby and order parameters before using them in a SQL statement in the admin dashboard, which could allow high privilege users to perform SQL injection",2022-02-21 11:15:09.420,Nuclei
CVE-2022-0234,6.1,0.001,"The WOOCS WordPress plugin before 1.3.7.5 does not sanitise and escape the woocs_in_order_currency parameter of the woocs_get_products_price_html AJAX action (available to both unauthenticated and authenticated users) before outputting it back in the response, leading to a Reflected Cross-Site Scripting",2022-02-21 11:15:09.473,Nuclei
CVE-2022-0271,6.1,0.00106,"The LearnPress WordPress plugin before 4.1.6 does not sanitise and escape the lp-dismiss-notice before outputting it back via the lp_background_single_email AJAX action, leading to a Reflected Cross-Site Scripting",2022-04-11 15:15:08.183,Nuclei
CVE-2022-0281,7.5,0.00415,Exposure of Sensitive Information to an Unauthorized Actor in Packagist microweber/microweber prior to 1.2.11.,2022-01-20 11:15:08.033,Nuclei
CVE-2022-0288,6.1,0.00106,"The Ad Inserter WordPress plugin before 2.7.10, Ad Inserter Pro WordPress plugin before 2.7.10 do not sanitise and escape the html_element_selection parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting",2022-02-21 11:15:09.680,Nuclei
CVE-2022-0342,9.8,0.08015,"An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware versions V1.20 through V1.33 Patch 4, which could allow an attacker to bypass the web authentication and obtain administrative access of the device.",2022-03-28 13:15:07.747,Nuclei
CVE-2022-0346,6.1,0.00088,"The XML Sitemap Generator for Google WordPress plugin before 2.0.4 does not validate a parameter which can be set to an arbitrary value, thus causing XSS via error message or RCE if allow_url_include is turned on.",2022-05-23 08:16:06.600,Nuclei
CVE-2022-0349,9.8,0.02414,"The NotificationX WordPress plugin before 2.3.9 does not sanitise and escape the nx_id parameter before using it in a SQL statement, leading to an Unauthenticated Blind SQL Injection",2022-03-07 09:15:09.143,Nuclei
CVE-2022-0378,5.4,0.001,Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.,2022-01-26 16:15:07.657,Nuclei
CVE-2022-0381,6.1,0.00218,"The Embed Swagger WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient escaping/sanitization and validation via the url parameter found in the ~/swagger-iframe.php file which allows attackers to inject arbitrary web scripts onto the page, in versions up to and including 1.0.0.",2022-02-04 23:15:12.667,Nuclei
CVE-2022-0412,9.8,0.08522,"The TI WooCommerce Wishlist WordPress plugin before 1.40.1, TI WooCommerce Wishlist Pro WordPress plugin before 1.40.1 do not sanitise and escape the item_id parameter before using it in a SQL statement via the wishlist/remove_product REST endpoint, allowing unauthenticated attackers to perform SQL injection attacks",2022-02-28 09:15:09.290,Nuclei
CVE-2022-0415,8.8,0.11758,Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6.,2022-03-21 11:15:10.757,Nuclei
CVE-2022-0422,6.1,0.001,"The White Label CMS WordPress plugin before 2.2.9 does not sanitise and validate the wlcms[_login_custom_js] parameter before outputting it back in the response while previewing, leading to a Reflected Cross-Site Scripting issue",2022-03-07 09:15:09.407,Nuclei
CVE-2022-0424,5.3,0.01488,"The Popup by Supsystic WordPress plugin before 1.10.9 does not have any authentication and authorisation in an AJAX action, allowing unauthenticated attackers to call it and get the email addresses of subscribed users",2022-05-09 17:15:08.137,Nuclei
CVE-2022-0432,6.1,0.001,Prototype Pollution in GitHub repository mastodon/mastodon prior to 3.5.0.,2022-02-02 22:15:07.503,Nuclei
CVE-2022-0434,9.8,0.04032,"The Page View Count WordPress plugin before 2.4.15 does not sanitise and escape the post_ids parameter before using it in a SQL statement via a REST endpoint, available to both unauthenticated and authenticated users. As a result, unauthenticated attackers could perform SQL injection attacks",2022-03-07 09:15:09.563,Nuclei
CVE-2022-0437,6.1,0.001,Cross-site Scripting (XSS) - DOM in NPM karma prior to 6.3.14.,2022-02-05 02:15:06.780,Nuclei
CVE-2022-0441,9.8,0.2623,"The MasterStudy LMS WordPress plugin before 2.7.6 does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin",2022-03-07 09:15:09.720,Metasploit/Nuclei
CVE-2022-0482,9.1,0.18188,Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository alextselegidis/easyappointments prior to 1.4.3.,2022-03-09 11:15:07.857,Nuclei
CVE-2022-0492,7.8,0.09515,"A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.",2022-03-03 19:15:08.633,Metasploit
CVE-2022-0533,6.1,0.001,The Ditty (formerly Ditty News Ticker) WordPress plugin before 3.0.15 is affected by a Reflected Cross-Site Scripting (XSS) vulnerability.,2022-03-07 09:15:09.933,Nuclei
CVE-2022-0535,4.8,0.00084,"The E2Pdf WordPress plugin before 1.16.45 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed",2022-03-07 09:15:09.987,Nuclei
CVE-2022-0540,9.8,0.2282,"A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0 and later before 8.22.0. This also affects Atlassian Jira Service Management Server and Data Center versions before 4.13.18, versions 4.14.0 and later before 4.20.6, and versions 4.21.0 and later before 4.22.0.",2022-04-20 19:15:07.680,Nuclei
CVE-2022-0543,10.0,0.97114,"It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.",2022-02-18 20:15:17.583,EPSS/CISA/Metasploit/Nuclei
CVE-2022-0591,9.1,0.03494,"The FormCraft WordPress plugin before 3.8.28 does not validate the URL parameter in the formcraft3_get AJAX action, leading to SSRF issues exploitable by unauthenticated users",2022-03-21 19:15:10.937,Nuclei
CVE-2022-0594,5.3,0.00188,"The Professional Social Sharing Buttons, Icons & Related Posts WordPress plugin before 9.7.6 does not have proper authorisation check in one of the AJAX action, available to unauthenticated (in v < 9.7.5) and author+ (in v9.7.5) users, allowing them to call it and retrieve various information such as the list of active plugins, various version like PHP, cURL, WP etc.",2022-07-25 13:15:08.030,Nuclei
CVE-2022-0595,5.4,0.00102,"The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.3 allows SVG files to be uploaded by default via the dnd_codedropz_upload AJAX action, which could lead to Stored Cross-Site Scripting issue",2022-03-28 18:15:09.063,Nuclei
CVE-2022-0597,6.1,0.00115,Open Redirect in Packagist microweber/microweber prior to 1.2.11.,2022-02-15 14:15:08.120,Nuclei
CVE-2022-0599,6.1,0.00106,"The Mapping Multiple URLs Redirect Same Page WordPress plugin through 5.8 does not sanitize and escape the mmursp_id parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.",2022-03-28 18:15:09.117,Nuclei
CVE-2022-0609,8.8,0.0419,Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,2022-04-05 00:15:17.680,CISA
CVE-2022-0651,7.5,0.32625,"The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_type parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 13.1.5.",2022-02-24 19:15:09.857,Nuclei
CVE-2022-0653,6.1,0.00206,The Profile Builder – User Profile & User Registration Forms WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the site_url parameter found in the ~/assets/misc/fallback-page.php file which allows attackers to inject arbitrary web scripts onto a pages that executes whenever a user clicks on a specially crafted link by an attacker. This affects versions up to and including 3.6.1.,2022-02-24 19:15:09.910,Nuclei
CVE-2022-0656,7.5,0.00658,"The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not validate the url parameter in its udraw_convert_url_to_base64 AJAX action (available to both unauthenticated and authenticated users) before using it in the file_get_contents function and returning its content base64 encoded in the response. As a result, unauthenticated users could read arbitrary files on the web server (such as /etc/passwd, wp-config.php etc)",2022-04-25 16:16:07.823,Nuclei
CVE-2022-0658,9.8,0.04032,"The CommonsBooking WordPress plugin before 2.6.8 does not sanitise and escape the location parameter of the calendar_data AJAX action (available to unauthenticated users) before it is used in dynamically constructed SQL queries, leading to an unauthenticated SQL injection",2022-03-14 15:15:10.240,Nuclei
CVE-2022-0660,7.5,0.00585,Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11.,2022-02-18 11:15:08.017,Nuclei
CVE-2022-0666,7.5,0.02936,CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to 1.2.11.,2022-02-18 15:15:07.653,Nuclei
CVE-2022-0678,6.1,0.00138,Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.,2022-02-19 11:15:08.027,Nuclei
CVE-2022-0679,9.8,0.03099,The Narnoo Distributor WordPress plugin through 2.5.1 fails to validate and sanitize the lib_path parameter before it is passed into a call to require() via the narnoo_distributor_lib_request AJAX action (available to both unauthenticated and authenticated users) which results in the disclosure of arbitrary files as the content of the file is then displayed in the response as JSON data. This could also lead to RCE with various tricks but depends on the underlying system and it's configuration.,2022-03-28 18:15:09.533,Nuclei
CVE-2022-0692,6.1,0.001,Open Redirect on Rudloff/alltube in Packagist rudloff/alltube prior to 3.0.1.,2022-02-21 13:15:15.503,Nuclei
CVE-2022-0693,9.8,0.02367,"The Master Elements WordPress plugin through 8.0 does not validate and escape the meta_ids parameter of its remove_post_meta_condition AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an unauthenticated SQL Injection",2022-04-25 16:16:07.940,Nuclei
CVE-2022-0735,9.8,0.03278,"An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. An unauthorised user was able to steal runner registration tokens through an information disclosure vulnerability using quick actions commands.",2022-03-28 19:15:08.680,Nuclei
CVE-2022-0739,9.8,0.00583,"The BookingPress WordPress plugin before 1.0.11 fails to properly sanitize user supplied POST data before it is used in a dynamically constructed SQL query via the bookingpress_front_get_category_services AJAX action (available to unauthenticated users), leading to an unauthenticated SQL Injection",2022-03-21 19:15:11.447,Metasploit
CVE-2022-0747,9.8,0.02705,"The Infographic Maker WordPress plugin before 4.3.8 does not validate and escape the post_id parameter before using it in a SQL statement via the qcld_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL Injection",2022-03-21 19:15:11.500,Nuclei
CVE-2022-0760,9.8,0.02705,"The Simple Link Directory WordPress plugin before 7.7.2 does not validate and escape the post_id parameter before using it in a SQL statement via the qcopd_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL Injection",2022-03-21 19:15:11.557,Nuclei
CVE-2022-0769,9.8,0.02367,"The Users Ultra WordPress plugin through 3.1.0 fails to properly sanitize and escape the data_target parameter before it is being interpolated in an SQL statement and then executed via the rating_vote AJAX action (available to both unauthenticated and authenticated users), leading to an SQL Injection.",2022-04-25 16:16:07.997,Nuclei
CVE-2022-0773,9.8,0.04032,"The Documentor WordPress plugin through 1.5.3 fails to sanitize and escape user input before it is being interpolated in an SQL statement and then executed, leading to an SQL Injection exploitable by unauthenticated users.",2022-05-02 16:15:08.517,Nuclei
CVE-2022-0776,6.1,0.001,Cross-site Scripting (XSS) - DOM in GitHub repository hakimel/reveal.js prior to 4.3.0.,2022-03-01 09:15:07.307,Nuclei
CVE-2022-0781,9.8,0.01278,"The Nirweb support WordPress plugin before 2.8.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action (available to unauthenticated users), leading to an SQL injection",2022-05-23 08:16:06.670,Nuclei
CVE-2022-0784,9.8,0.04032,"The Title Experiments Free WordPress plugin before 9.0.1 does not sanitise and escape the id parameter before using it in a SQL statement via the wpex_titles AJAX action (available to unauthenticated users), leading to an unauthenticated SQL injection",2022-03-28 18:15:09.740,Nuclei
CVE-2022-0785,9.8,0.04032,"The Daily Prayer Time WordPress plugin before 2022.03.01 does not sanitise and escape the month parameter before using it in a SQL statement via the get_monthly_timetable AJAX action (available to unauthenticated users), leading to an unauthenticated SQL injection",2022-04-18 18:15:08.527,Nuclei
CVE-2022-0786,9.8,0.04032,"The KiviCare WordPress plugin before 2.3.9 does not sanitise and escape some parameters before using them in SQL statements via the ajax_post AJAX action with the get_doctor_details route, leading to SQL Injections exploitable by unauthenticated users",2022-06-13 13:15:10.390,Nuclei
CVE-2022-0787,9.8,0.04032,"The Limit Login Attempts (Spam Protection) WordPress plugin before 5.1 does not sanitise and escape some parameters before using them in SQL statements via AJAX actions (available to unauthenticated users), leading to SQL Injections",2022-03-28 18:15:09.790,Nuclei
CVE-2022-0788,9.8,0.04032,"The WP Fundraising Donation and Crowdfunding Platform WordPress plugin before 1.5.0 does not sanitise and escape a parameter before using it in a SQL statement via one of it's REST route, leading to an SQL injection exploitable by unauthenticated users",2022-06-08 10:15:09.077,Nuclei
CVE-2022-0814,9.8,0.04032,"The Ubigeo de Perú para Woocommerce WordPress plugin before 3.6.4 does not properly sanitise and escape some parameters before using them in SQL statements via various AJAX actions, some of which are available to unauthenticated users, leading to SQL Injections",2022-05-09 17:15:08.303,Nuclei
CVE-2022-0817,9.8,0.04032,"The BadgeOS WordPress plugin through 3.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users",2022-05-09 17:15:08.357,Nuclei
CVE-2022-0824,8.8,0.97183,Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990.,2022-03-02 12:15:07.777,EPSS/Metasploit/Nuclei
CVE-2022-0826,9.8,0.04032,"The WP Video Gallery WordPress plugin through 1.7.1 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users",2022-05-09 17:15:08.407,Nuclei
CVE-2022-0827,9.8,0.04032,"The Bestbooks WordPress plugin through 2.6.3 does not sanitise and escape some parameters before using them in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users",2022-06-13 13:15:10.457,Nuclei
CVE-2022-0846,9.8,0.04032,"The SpeakOut! Email Petitions WordPress plugin before 2.14.15.1 does not sanitise and escape the id parameter before using it in a SQL statement via the dk_speakout_sendmail AJAX action, leading to an SQL Injection exploitable by unauthenticated users",2022-03-28 18:15:09.947,Nuclei
CVE-2022-0847,7.8,0.07584,"A flaw was found in the way the ""flags"" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.",2022-03-10 17:44:57.283,CISA/Metasploit
CVE-2022-0864,6.1,0.00242,"The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.22.9 does not sanitise and escape the updraft_interval parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting (XSS) vulnerability.",2022-04-04 16:15:09.893,Nuclei
CVE-2022-0867,9.8,0.09183,The Pricing Table WordPress plugin before 3.6.1 fails to properly sanitize and escape user supplied POST data before it is being interpolated in an SQL statement and then executed via an AJAX action available to unauthenticated users,2022-05-16 15:15:08.657,Nuclei
CVE-2022-0869,6.1,0.00115,Multiple Open Redirect in GitHub repository nitely/spirit prior to 0.12.3.,2022-03-06 10:15:08.003,Nuclei
CVE-2022-0870,5.3,0.00146,Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.5.,2022-03-11 11:15:07.897,Nuclei
CVE-2022-0885,9.8,0.28394,"The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments.",2022-06-13 13:15:10.577,Nuclei
CVE-2022-0899,6.1,0.00106,"The Header Footer Code Manager WordPress plugin before 1.1.24 does not escape generated URLs before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting.",2022-07-25 13:15:08.107,Nuclei
CVE-2022-0928,5.4,0.00144,Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.12.,2022-03-11 11:15:09.177,Nuclei
CVE-2022-0948,9.8,0.0412,"The Order Listener for WooCommerce WordPress plugin before 3.2.2 does not sanitise and escape the id parameter before using it in a SQL statement via a REST route available to unauthenticated users, leading to an SQL injection",2022-05-09 17:15:08.620,Nuclei
CVE-2022-0949,9.8,0.04032,"The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 6.930 does not properly sanitise and escape the fingerprint parameter before using it in a SQL statement via the stopbadbots_grava_fingerprint AJAX action, available to unauthenticated users, leading to a SQL injection",2022-04-11 15:15:08.787,Nuclei
CVE-2022-0952,8.8,0.45286,"The Sitemap by click5 WordPress plugin before 1.0.36 does not have authorisation and CSRF checks when updating options via a REST endpoint, and does not ensure that the option to be updated belongs to the plugin. As a result, unauthenticated attackers could change arbitrary blog options, such as the users_can_register and default_role, allowing them to create a new admin account and take over the blog.",2022-05-02 16:15:08.637,Nuclei
CVE-2022-0954,5.4,0.00144,"Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop's Other Settings, Shop's Autorespond E-mail Settings and Shops' Payments Methods in GitHub repository microweber/microweber prior to 1.2.11.",2022-03-15 12:15:10.117,Nuclei
CVE-2022-0963,5.4,0.00144,Unrestricted XML Files Leads to Stored XSS in GitHub repository microweber/microweber prior to 1.2.12.,2022-03-15 16:15:07.953,Nuclei
CVE-2022-0968,5.5,0.00076,"The microweber application allows large characters to insert in the input field ""fist & last name"" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in microweber/microweber in GitHub repository microweber/microweber prior to 1.2.12.",2022-03-15 16:15:09.340,Nuclei
CVE-2022-0995,7.8,0.00053,"An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system.",2022-03-25 19:15:10.520,Metasploit
CVE-2022-1007,6.1,0.001,"The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the room parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue",2022-04-11 15:15:08.977,Nuclei
CVE-2022-1013,9.8,0.0161,"The Personal Dictionary WordPress plugin before 1.3.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to a blind SQL injection vulnerability.",2022-05-09 17:15:08.677,Nuclei
CVE-2022-1020,9.8,0.02834,"The Product Table for WooCommerce (wooproducttable) WordPress plugin before 3.1.2 does not have authorisation and CSRF checks in the wpt_admin_update_notice_option AJAX action (available to both unauthenticated and authenticated users), as well as does not validate the callback parameter, allowing unauthenticated attackers to call arbitrary functions with either none or one user controlled argument",2022-04-18 18:15:08.740,Nuclei
CVE-2022-1040,9.8,0.9741,An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older.,2022-03-25 12:15:07.750,EPSS/CISA/Nuclei
CVE-2022-1043,8.8,0.00152,"A flaw was found in the Linux kernel’s io_uring implementation. This flaw allows an attacker with a local account to corrupt system memory, crash the system or escalate privileges.",2022-08-29 15:15:10.243,Metasploit
CVE-2022-1054,5.3,0.00292,"The RSVP and Event Management Plugin WordPress plugin before 2.7.8 does not have any authorisation checks when exporting its entries, and has the export function hooked to the init action. As a result, unauthenticated attackers could call it and retrieve PII such as first name, last name and email address of user registered for events",2022-04-18 18:15:08.847,Nuclei
CVE-2022-1057,9.8,0.04043,"The Pricing Deals for WooCommerce WordPress plugin through 2.0.2.02 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection",2022-07-11 13:15:08.307,Nuclei
CVE-2022-1058,6.1,0.001,Open Redirect on login in GitHub repository go-gitea/gitea prior to 1.16.5.,2022-03-24 15:15:08.023,Nuclei
CVE-2022-1096,8.8,0.01397,Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,2022-07-23 00:15:08.333,CISA
CVE-2022-1119,7.5,0.37939,"The Simple File List WordPress plugin is vulnerable to Arbitrary File Download via the eeFile parameter found in the ~/includes/ee-downloader.php file due to missing controls which makes it possible unauthenticated attackers to supply a path to a file that will subsequently be downloaded, in versions up to and including 3.2.7.",2022-04-19 21:15:13.810,Nuclei
CVE-2022-1162,9.8,0.30995,"A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts",2022-04-04 20:15:09.943,Nuclei
CVE-2022-1168,6.1,0.001,There is a Cross-Site Scripting vulnerability in the JobSearch WP JobSearch WordPress plugin before 1.5.1.,2022-04-04 16:15:11.007,Nuclei
CVE-2022-1170,6.1,0.001,In the Noo JobMonster WordPress theme before 4.5.2.9 JobMonster there is a XSS vulnerability as the input for the search form is provided through unsanitized GET requests.,2022-04-04 16:15:11.280,Nuclei
CVE-2022-1221,6.1,0.00106,"The Gwyn's Imagemap Selector WordPress plugin through 0.3.3 does not sanitise and escape some parameters before outputting them back in attributes, leading to a Reflected Cross-Site Scripting.",2022-05-23 08:16:06.957,Nuclei
CVE-2022-1329,8.8,0.95991,"The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the ~/core/app/modules/onboarding/module.php file that make it possible for attackers to modify site data in addition to uploading malicious files that can be used to obtain remote code execution, in versions 3.6.0 to 3.6.2.",2022-04-19 21:15:13.987,EPSS/Metasploit/Nuclei
CVE-2022-1364,8.8,0.02049,Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,2022-07-26 22:15:09.147,CISA
CVE-2022-1386,9.8,0.22187,"The Fusion Builder WordPress plugin before 3.6.2, used in the Avada theme, does not validate a parameter in its forms which could be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. This could be used to interact with hosts on the server's local network bypassing firewalls and access control measures.",2022-05-16 15:15:09.310,Nuclei
CVE-2022-1388,9.8,0.9748,"On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated",2022-05-05 17:15:10.570,EPSS/CISA/Metasploit/Nuclei
CVE-2022-1390,9.8,0.96052,"The Admin Word Count Column WordPress plugin through 2.2 does not validate the path parameter given to readfile(), which could allow unauthenticated attackers to read arbitrary files on server running old version of PHP susceptible to the null byte technique. This could also lead to RCE by using a Phar Deserialization technique",2022-04-25 16:16:08.720,EPSS/Nuclei
CVE-2022-1391,9.8,0.03037,"The Cab fare calculator WordPress plugin before 1.0.4 does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues.",2022-04-25 16:16:08.787,Nuclei
CVE-2022-1392,7.5,0.01514,"The Videos sync PDF WordPress plugin through 1.7.4 does not validate the p parameter before using it in an include statement, which could lead to Local File Inclusion issues",2022-04-25 16:16:08.840,Nuclei
CVE-2022-1398,6.5,0.00496,"The External Media without Import WordPress plugin through 1.1.2 does not have any authorisation and does to ensure that medias added via URLs are external medias, which could allow any authenticated users, such as subscriber to perform blind SSRF attacks",2022-05-16 15:15:09.413,Nuclei
CVE-2022-1439,6.1,0.001,"Reflected XSS on demo.microweber.org/demo/module/ in GitHub repository microweber/microweber prior to 1.2.15. Execute Arbitrary JavaScript as the attacked user. It's the only payload I found working, you might need to press ""tab"" but there is probably a paylaod that runs without user interaction.",2022-04-22 17:15:07.973,Nuclei
CVE-2022-1442,7.5,0.03348,"The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the ~/core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs like that of PayPal, Stripe, Mailchimp, Hubspot, HelpScout, reCAPTCHA and many more, in versions up to and including 2.1.3.",2022-05-10 20:15:08.473,Nuclei
CVE-2022-1471,9.8,0.02152,"SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond.
",2022-12-01 11:15:10.553,Metasploit
CVE-2022-1574,9.8,0.05047,"The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks when importing files, and does not validate them, as a result, unauthenticated attackers can upload arbitrary files (such as PHP) on the remote server",2022-06-27 09:15:09.227,Nuclei
CVE-2022-1580,4.3,0.00069,The Site Offline Or Coming Soon Or Maintenance Mode WordPress plugin before 1.5.3 prevents users from accessing a website but does not do so if the URL contained certain keywords. Adding those keywords to the URL's query string would bypass the plugin's main feature.,2022-09-19 14:15:10.590,Nuclei
CVE-2022-1595,5.3,0.0016,The HC Custom WP-Admin URL WordPress plugin through 1.4 leaks the secret login URL when sending a specific crafted request,2022-06-13 13:15:11.200,Nuclei
CVE-2022-1597,6.1,0.00188,"The WPQA Builder WordPress plugin before 5.4, used as a companion for the Discy and Himer , does not sanitise and escape a parameter on its reset password form which makes it possible to perform Reflected Cross-Site Scripting attacks",2022-06-08 10:15:09.897,Nuclei
CVE-2022-1598,5.3,0.01171,"The WPQA Builder WordPress plugin before 5.5 which is a companion to the Discy and Himer , lacks authentication in a REST API endpoint, allowing unauthenticated users to discover private questions sent between users on the site.",2022-06-08 10:15:09.953,Nuclei
CVE-2022-1609,9.8,0.12695,"The School Management WordPress plugin before 9.9.7 contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP code on the site.",2024-01-16 16:15:09.530,Nuclei
CVE-2022-1713,7.5,0.02483,SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information.,2022-05-16 15:15:10.180,Nuclei
CVE-2022-1724,6.1,0.00106,"The Simple Membership WordPress plugin before 4.1.1 does not properly sanitise and escape parameters before outputting them back in AJAX actions, leading to Reflected Cross-Site Scripting",2022-06-13 13:15:11.933,Nuclei
CVE-2022-1756,6.1,0.00088,"The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $_SERVER['REQUEST_URI'] before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected XSS in older browsers such as Internet Explorer 9 or below.",2022-06-13 13:15:11.987,Nuclei
CVE-2022-1768,7.5,0.10537,"The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to insufficient escaping and parameterization on user supplied data passed to multiple SQL queries in the ~/rsvpmaker-email.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to, and including, 9.3.2. 

Please note that this is separate from CVE-2022-1453 & CVE-2022-1505.",2022-06-13 14:15:08.703,Nuclei
CVE-2022-1815,7.5,0.02239,Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.1.2.,2022-05-25 09:15:07.957,Nuclei
CVE-2022-1883,8.8,0.08142,SQL Injection in GitHub repository camptocamp/terraboard prior to 2.2.0.,2022-05-25 09:15:08.110,Nuclei
CVE-2022-1903,8.1,0.70044,"The ARMember WordPress plugin before 3.4.8 is vulnerable to account takeover (even the administrator) due to missing nonce and authorization checks in an AJAX action available to unauthenticated users, allowing them to change the password of arbitrary users by knowing their username",2022-06-27 09:15:10.070,Nuclei
CVE-2022-1904,6.1,0.00086,"The Pricing Tables WordPress Plugin WordPress plugin before 3.2.1 does not sanitise and escape parameter before outputting it back in a page available to any user (both authenticated and unauthenticated) when a specific setting is enabled, leading to a Reflected Cross-Site Scripting",2022-06-27 09:15:10.123,Nuclei
CVE-2022-1906,6.1,0.00086,"The Copyright Proof WordPress plugin through 4.16 does not sanitise and escape a parameter before outputting it back via an AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting when a specific setting is enabled.",2022-08-01 13:15:09.993,Nuclei
CVE-2022-1910,6.1,0.00106,"The Shortcodes and extra features for Phlox WordPress plugin before 2.9.8 does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting",2022-07-11 13:15:08.803,Nuclei
CVE-2022-1916,6.1,0.00086,"The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store WordPress plugin before 1.0.5 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected cross-Site Scripting",2022-06-27 09:15:10.283,Nuclei
CVE-2022-1933,6.1,0.00086,"The CDI WordPress plugin before 5.1.9 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting",2022-07-17 11:15:08.503,Nuclei
CVE-2022-1937,6.1,0.00086,"The Awin Data Feed WordPress plugin before 1.8 does not sanitise and escape a parameter before outputting it back via an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting",2022-07-11 13:15:08.853,Nuclei
CVE-2022-1946,6.1,0.00086,"The Gallery WordPress plugin before 2.0.0 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting issue",2022-07-04 13:15:08.747,Nuclei
CVE-2022-1952,9.8,0.73109,"The Free Booking Plugin for Hotels, Restaurant and Car Rental WordPress plugin before 1.1.16 suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote code execution. An AJAX action accessible to unauthenticated users is affected by this issue. An allowlist of valid file extensions is defined but is not used during the validation steps.",2022-07-11 13:15:09.007,Nuclei
CVE-2022-2034,5.3,0.00506,"The Sensei LMS WordPress plugin before 4.5.0 does not have proper permissions set in one of its REST endpoint, allowing unauthenticated users to access private messages sent to teachers",2022-08-29 18:15:09.027,Nuclei
CVE-2022-20699,9.8,0.96324,"Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.",2022-02-10 18:15:08.980,EPSS/CISA/Metasploit
CVE-2022-20700,9.8,0.00571,"Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.",2022-02-10 18:15:09.033,CISA
CVE-2022-20701,7.8,0.00209,"Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.",2022-02-10 18:15:09.087,CISA
CVE-2022-20703,8.4,0.01039,"Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.",2022-02-10 18:15:09.197,CISA
CVE-2022-20705,9.8,0.09926,"Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.",2022-02-10 18:15:09.307,Metasploit
CVE-2022-20707,7.3,0.08232,"Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.",2022-02-10 18:15:09.413,Metasploit
CVE-2022-20708,9.8,0.01444,"Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.",2022-02-10 18:15:09.467,CISA
CVE-2022-20821,6.5,0.00367,"A vulnerability in the health check RPM of Cisco IOS XR Software could allow an unauthenticated, remote attacker to access the Redis instance that is running within the NOSi container. This vulnerability exists because the health check RPM opens TCP port 6379 by default upon activation. An attacker could exploit this vulnerability by connecting to the Redis instance on the open port. A successful exploit could allow the attacker to write to the Redis in-memory database, write arbitrary files to the container filesystem, and retrieve information about the Redis database. Given the configuration of the sandboxed container that the Redis instance runs in, a remote attacker would be unable to execute remote code or abuse the integrity of the Cisco IOS XR Software host system.",2022-05-26 14:15:08.123,CISA
CVE-2022-20828,7.2,0.13678,"A vulnerability in the CLI parser of Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected ASA FirePOWER module as the root user. This vulnerability is due to improper handling of undefined command parameters. An attacker could exploit this vulnerability by using a crafted command on the CLI or by submitting a crafted HTTPS request to the web-based management interface of the Cisco ASA that is hosting the ASA FirePOWER module. Note: To exploit this vulnerability, the attacker must have administrative access to the Cisco ASA. A user who has administrative access to a particular Cisco ASA is also expected to have administrative access to the ASA FirePOWER module that is hosted by that Cisco ASA.",2022-06-24 16:15:08.523,Metasploit
CVE-2022-21371,7.5,0.96449,"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",2022-01-19 12:15:16.047,EPSS/Nuclei
CVE-2022-2143,9.8,0.20431,"The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code.",2022-07-22 15:15:08.463,Metasploit
CVE-2022-21500,7.5,0.93111,"Vulnerability in Oracle E-Business Suite (component: Manage Proxies). The supported version that is affected is 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle E-Business Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle E-Business Suite accessible data. Note: Authentication is required for successful attack, however the user may be self-registered. <br> <br>Oracle E-Business Suite 12.1 is not impacted by this vulnerability. Customers should refer to the Patch Availability Document for details. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",2022-05-20 00:15:07.793,Nuclei
CVE-2022-21587,9.8,0.97416,"Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",2022-10-18 21:15:10.960,EPSS/CISA/Metasploit/Nuclei
CVE-2022-21661,7.5,0.93422,"WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WP_Query, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this vulnerability.",2022-01-06 23:15:07.933,Nuclei
CVE-2022-21705,7.2,0.00522,"Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. In affected versions user input was not properly sanitized before rendering. An authenticated user with the permissions to create, modify and delete website pages can exploit this vulnerability to bypass `cms.safe_mode` / `cms.enableSafeMode` in order to execute arbitrary code. This issue only affects admin panels that rely on safe mode and restricted permissions. To exploit this vulnerability, an attacker must first have access to the backend area. The issue has been patched in Build 474 (v1.0.474) and v1.1.10. Users unable to upgrade should apply https://github.com/octobercms/library/commit/c393c5ce9ca2c5acc3ed6c9bb0dab5ffd61965fe to your installation manually.",2022-02-23 19:15:08.583,Nuclei
CVE-2022-2174,6.1,0.001,Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.18.,2022-06-22 12:15:08.130,Nuclei
CVE-2022-2185,8.8,0.49688,"A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 where an authenticated user authorized to import projects could import a maliciously crafted project leading to remote code execution.",2022-07-01 16:15:08.093,Nuclei
CVE-2022-2187,6.1,0.00106,"The Contact Form 7 Captcha WordPress plugin before 0.1.2 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers",2022-07-17 11:15:09.403,Nuclei
CVE-2022-21882,7.8,0.00113,Win32k Elevation of Privilege Vulnerability,2022-01-11 21:15:11.507,CISA/Metasploit
CVE-2022-21919,7.0,0.00202,Windows User Profile Service Elevation of Privilege Vulnerability,2022-01-11 21:15:13.463,CISA
CVE-2022-21971,7.8,0.34266,Windows Runtime Remote Code Execution Vulnerability,2022-02-09 17:15:08.640,CISA
CVE-2022-21999,7.8,0.00101,Windows Print Spooler Elevation of Privilege Vulnerability,2022-02-09 17:15:09.563,CISA/Metasploit
CVE-2022-22047,7.8,0.00056,Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability,2022-07-12 23:15:10.343,CISA
CVE-2022-22071,7.8,0.00114,"Possible use after free when process shell memory is freed using IOCTL munmap call and process initialization is in progress in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music",2022-06-14 10:15:19.003,CISA
CVE-2022-2219,7.2,0.00159,"The Unyson WordPress plugin before 2.7.27 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting",2022-07-25 13:15:08.460,Nuclei
CVE-2022-22242,6.1,0.43644,"A Cross-site Scripting (XSS) vulnerability in the J-Web component of Juniper Networks Junos OS allows an unauthenticated attacker to run malicious scripts reflected off of J-Web to the victim's browser in the context of their session within J-Web. This issue affects Juniper Networks Junos OS all versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S7, 19.4R3-S8; 20.1 versions prior to 20.1R3-S5; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2; 22.1 versions prior to 22.1R2.",2022-10-18 03:15:11.033,Nuclei
CVE-2022-22265,7.8,0.00069,An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution.,2022-01-10 14:12:35.837,CISA
CVE-2022-22536,10.0,0.96509,"SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system.

",2022-02-09 23:15:18.620,EPSS/CISA/Nuclei
CVE-2022-22587,9.8,0.00263,"A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, macOS Big Sur 11.6.3, macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..",2022-03-18 18:15:12.480,CISA
CVE-2022-22616,5.5,0.00056,"This issue was addressed with improved checks. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A maliciously crafted ZIP archive may bypass Gatekeeper checks.",2022-05-26 18:15:08.867,Metasploit
CVE-2022-22620,8.8,0.00243,"A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1, Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8). Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..",2022-03-18 18:15:13.787,CISA
CVE-2022-22674,5.5,0.00062,"An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Monterey 12.3.1, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. A local user may be able to read kernel memory.",2022-05-26 18:15:09.107,CISA
CVE-2022-22675,7.8,0.0014,"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.3.1, iOS 15.4.1 and iPadOS 15.4.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..",2022-05-26 18:15:09.153,CISA
CVE-2022-22706,7.8,0.71247,"Arm Mali GPU Kernel Driver allows a non-privileged user to achieve write access to read-only memory pages. This affects Midgard r26p0 through r31p0, Bifrost r0p0 through r35p0, and Valhall r19p0 through r35p0.",2022-03-03 15:15:08.610,CISA
CVE-2022-22718,7.8,0.00343,Windows Print Spooler Elevation of Privilege Vulnerability,2022-02-09 17:15:10.280,CISA
CVE-2022-22733,6.5,0.1983,Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache ShardingSphere ElasticJob-UI allows an attacker who has guest account to do privilege escalation. This issue affects Apache ShardingSphere ElasticJob-UI Apache ShardingSphere ElasticJob-UI 3.x version 3.0.0 and prior versions.,2022-01-20 11:15:08.100,Nuclei
CVE-2022-22897,9.8,0.08469,A SQL injection vulnerability in the product_all_one_img and image_product parameters of the ApolloTheme AP PageBuilder component through 2.4.4 for PrestaShop allows unauthenticated attackers to exfiltrate database data.,2022-08-29 06:15:08.617,Nuclei
CVE-2022-2290,6.1,0.001,"Cross-site Scripting (XSS) - Reflected in GitHub repository zadam/trilium prior to 0.52.4, 0.53.1-beta.",2022-07-03 06:15:07.123,Nuclei
CVE-2022-2294,8.8,0.01152,Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,2022-07-28 02:15:07.797,CISA
CVE-2022-22942,7.8,0.00072,The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling 'file' pointer.,2023-12-13 09:15:33.890,Metasploit
CVE-2022-22947,10.0,0.97481,"In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.",2022-03-03 22:15:08.673,EPSS/CISA/Metasploit/Nuclei
CVE-2022-22948,6.5,0.01187,The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information.,2022-03-29 18:15:08.040,Metasploit
CVE-2022-22954,9.8,0.9737,VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.,2022-04-11 20:15:19.890,EPSS/CISA/Metasploit/Nuclei
CVE-2022-22956,9.8,0.00205,VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework.,2022-04-13 18:15:12.970,Metasploit
CVE-2022-22957,7.2,0.01956,"VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution.",2022-04-13 18:15:13.087,Metasploit
CVE-2022-22960,7.8,0.00078,"VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'.",2022-04-13 18:15:13.510,CISA/Metasploit
CVE-2022-22963,9.8,0.97514,"In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.",2022-04-01 23:15:13.663,EPSS/CISA/Metasploit/Nuclei
CVE-2022-22965,9.8,0.97478,"A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.",2022-04-01 23:15:13.870,EPSS/CISA/Metasploit/Nuclei
CVE-2022-22972,9.8,0.57357,"VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.",2022-05-20 21:15:09.847,Nuclei
CVE-2022-23102,6.1,0.00341,A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Affected products contain an open redirect vulnerability. An attacker could trick a valid authenticated user to the device into clicking a malicious link there by leading to phishing attacks.,2022-02-09 16:15:15.617,Nuclei
CVE-2022-23131,9.8,0.96978,"In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified. Malicious unauthenticated actor may exploit this issue to escalate privileges and gain admin access to Zabbix Frontend. To perform the attack, SAML authentication is required to be enabled and the actor has to know the username of Zabbix user (or use the guest account, which is disabled by default).",2022-01-13 16:15:08.053,EPSS/CISA/Nuclei
CVE-2022-23134,5.3,0.6298,"After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend.",2022-01-13 16:15:08.227,CISA/Nuclei
CVE-2022-2314,9.8,0.31857,The VR Calendar WordPress plugin through 2.3.2 lets any user execute arbitrary PHP functions on the site.,2022-08-15 11:21:21.393,Nuclei
CVE-2022-23176,8.8,0.01564,"WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management session via exposed management access. This vulnerability impacts Fireware OS before 12.7.2_U1, 12.x before 12.1.3_U3, and 12.2.x through 12.5.x before 12.5.7_U3.",2022-02-24 15:15:28.447,CISA
CVE-2022-23178,9.8,0.03956,"An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are valid to authenticate to the web interface. Specifically, aj.html sends a JSON document with uname and upassword fields.",2022-01-15 15:17:30.597,Nuclei
CVE-2022-23277,8.8,0.01439,Microsoft Exchange Server Remote Code Execution Vulnerability,2022-03-09 17:15:11.113,Metasploit
CVE-2022-23347,7.5,0.10697,BigAnt Software BigAnt Server v5.6.06 was discovered to be vulnerable to directory traversal attacks.,2022-03-21 20:15:13.743,Nuclei
CVE-2022-23348,5.3,0.00396,BigAnt Software BigAnt Server v5.6.06 was discovered to utilize weak password hashes.,2022-03-21 20:15:13.787,Nuclei
CVE-2022-23544,6.1,0.00111,"MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions prior to 2.5.0 are subject to a Server-Side Request Forgery that leads to Cross-Site Scripting. A Server-Side request forgery in `IssueProxyResourceService::getMdImageByUrl` allows an attacker to access internal resources, as well as executing JavaScript code in the context of Metersphere's origin by a victim of a reflected XSS. This vulnerability has been fixed in v2.5.0. There are no known workarounds.",2022-12-28 00:15:13.567,Nuclei
CVE-2022-23642,8.8,0.93476,"Sourcegraph is a code search and navigation engine. Sourcegraph prior to version 3.37 is vulnerable to remote code execution in the `gitserver` service. The service acts as a git exec proxy, and fails to properly restrict calling `git config`. This allows an attacker to set the git `core.sshCommand` option, which sets git to use the specified command instead of ssh when they need to connect to a remote system. Exploitation of this vulnerability depends on how Sourcegraph is deployed. An attacker able to make HTTP requests to internal services like gitserver is able to exploit it. This issue is patched in Sourcegraph version 3.37. As a workaround, ensure that requests to gitserver are properly protected.",2022-02-18 23:15:09.697,Metasploit
CVE-2022-2373,5.3,0.00292,"The Simply Schedule Appointments WordPress plugin before 1.5.7.7 is missing authorisation in a REST endpoint, allowing unauthenticated users to retrieve WordPress users details such as name and email address",2022-08-29 18:15:09.367,Nuclei
CVE-2022-2376,5.3,0.03672,The Directorist WordPress plugin before 7.3.1 discloses the email address of all users in an AJAX action available to both unauthenticated and any authenticated users,2022-09-05 13:15:08.277,Nuclei
CVE-2022-23779,5.3,0.00636,Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses.,2022-03-02 15:15:08.037,Nuclei
CVE-2022-2379,7.5,0.02846,"The Easy Student Results WordPress plugin through 2.2.8 lacks authorisation in its REST API, allowing unauthenticated users to retrieve information related to the courses, exams, departments as well as student's grades and PII such as email address, physical address, phone number etc",2022-08-15 11:21:23.480,Nuclei
CVE-2022-23808,6.1,0.00808,"An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection.",2022-01-22 02:15:07.197,Nuclei
CVE-2022-2383,6.1,0.00106,"The Feed Them Social WordPress plugin before 3.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting",2022-08-22 15:15:14.847,Nuclei
CVE-2022-23854,7.5,0.77023,"
AVEVA InTouch Access Anywhere versions 2020 R2 and older are vulnerable to a path traversal exploit that could allow an unauthenticated user with network access to read files on the system outside of the secure gateway web server. 

",2022-12-23 21:15:09.097,Nuclei
CVE-2022-23881,9.8,0.16616,ZZZCMS zzzphp v2.1.0 was discovered to contain a remote command execution (RCE) vulnerability via danger_key() at zzz_template.php.,2022-03-23 21:15:07.980,Nuclei
CVE-2022-23898,9.8,0.0161,MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via the categoryId parameter in the file IContentDao.xml.,2022-03-03 19:15:08.777,Nuclei
CVE-2022-23944,9.1,0.25675,User can access /plugin api without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.1.,2022-01-25 13:15:08.183,Nuclei
CVE-2022-24086,9.8,0.22602,Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution.,2022-02-16 17:15:13.307,CISA
CVE-2022-24112,9.8,0.97411,"An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. A default configuration of Apache APISIX (with default API key) is vulnerable to remote code execution. When the admin key was changed or the port of Admin API was changed to a port different from the data panel, the impact is lower. But there is still a risk to bypass the IP restriction of Apache APISIX's data panel. There is a check in the batch-requests plugin which overrides the client IP with its real remote IP. But due to a bug in the code, this check can be bypassed.",2022-02-11 13:15:08.073,EPSS/CISA/Metasploit/Nuclei
CVE-2022-24124,7.5,0.08991,"The query API in Casdoor before 1.13.1 has a SQL injection vulnerability related to the field and value parameters, as demonstrated by api/get-organizations.",2022-01-29 23:15:07.540,Nuclei
CVE-2022-24129,8.2,0.00602,The OIDC OP plugin before 3.0.4 for Shibboleth Identity Provider allows server-side request forgery (SSRF) due to insufficient restriction of the request_uri parameter. This allows attackers to interact with arbitrary third-party HTTP services.,2022-02-04 20:15:08.657,Nuclei
CVE-2022-2414,7.5,0.03884,Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests.,2022-07-29 19:15:08.477,Nuclei
CVE-2022-24181,6.1,0.00241,Cross-site scripting (XSS) via Host Header injection in PKP Open Journals System 2.4.8 >= 3.3 allows remote attackers to inject arbitary code via the X-Forwarded-Host Header.,2022-04-01 12:15:07.853,Nuclei
CVE-2022-24223,9.8,0.33986,AtomCMS v2.0 was discovered to contain a SQL injection vulnerability via /admin/login.php.,2022-02-01 19:15:07.840,Nuclei
CVE-2022-24260,9.8,0.22176,A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level.,2022-02-04 17:15:07.957,Nuclei
CVE-2022-24264,7.5,0.11196,Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the search_word parameter.,2022-01-31 22:15:07.777,Nuclei
CVE-2022-24265,7.5,0.11196,Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/menu/ via the path=component/menu/&menu_filter=3 parameter.,2022-01-31 22:15:07.827,Nuclei
CVE-2022-24266,7.5,0.07762,Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the order_by parameter.,2022-01-31 22:15:07.880,Nuclei
CVE-2022-24288,8.8,0.94883,"In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI.",2022-02-25 09:15:06.957,Nuclei
CVE-2022-24384,6.1,0.00084,Cross-site Scripting (XSS) vulnerability in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.,2022-03-14 13:15:07.770,Nuclei
CVE-2022-24521,7.8,0.00044,Windows Common Log File System Driver Elevation of Privilege Vulnerability,2022-04-15 19:15:11.107,CISA
CVE-2022-2462,5.3,0.02514,"The Transposh WordPress Translation plugin for WordPress is vulnerable to sensitive information disclosure to unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient permissions checking on the 'tp_history' AJAX action and insufficient restriction on the data returned in the response. This makes it possible for unauthenticated users to exfiltrate usernames of individuals who have translated text.",2022-09-06 18:15:13.950,Nuclei
CVE-2022-24627,9.8,0.01538,An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unauthenticated SQL injection in the p parameter of the process_login.php login form.,2023-05-29 21:15:09.423,Nuclei
CVE-2022-24637,9.8,0.89373,"Open Web Analytics (OWA) before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '<?php (instead of the intended ""<?php sequence) aren't handled by the PHP interpreter.",2022-03-18 16:15:08.450,Metasploit
CVE-2022-2467,9.8,0.03948,A vulnerability has been found in SourceCodester Garage Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument username with the input 1@a.com' AND (SELECT 6427 FROM (SELECT(SLEEP(5)))LwLu) AND 'hsvT'='hsvT leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.,2022-07-19 10:15:08.173,Nuclei
CVE-2022-24681,6.1,0.00155,"Zoho ManageEngine ADSelfService Plus before 6121 allows XSS via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screen.",2022-04-07 22:15:07.807,Nuclei
CVE-2022-24682,6.1,0.01933,"An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1), as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document.",2022-02-09 04:15:07.400,CISA
CVE-2022-24706,9.8,0.97472,"In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations.",2022-04-26 10:15:35.083,EPSS/CISA/Metasploit/Nuclei
CVE-2022-24716,7.5,0.24959,"Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including `icingaweb2` configuration files with database credentials. This issue has been resolved in versions 2.9.6 and 2.10 of Icinga Web 2. Database credentials should be rotated.",2022-03-08 20:15:07.853,Metasploit/Nuclei
CVE-2022-24734,7.2,0.25943,"MyBB is a free and open source forum software. In affected versions the Admin CP's Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type `php` with PHP code, executed on on _Change Settings_ pages. This results in a Remote Code Execution (RCE) vulnerability. The vulnerable module requires Admin CP access with the `Can manage settings?` permission. MyBB's Settings module, which allows administrators to add, edit, and delete non-default settings, stores setting data in an options code string ($options_code; mybb_settings.optionscode database column) that identifies the setting type and its options, separated by a new line character (\n). In MyBB 1.2.0, support for setting type php was added, for which the remaining part of the options code is PHP code executed on Change Settings pages (reserved for plugins and internal use). MyBB 1.8.30 resolves this issue. There are no known workarounds.",2022-03-09 22:15:09.363,Metasploit
CVE-2022-24816,9.8,0.8217,"JAI-EXT is an open-source project which aims to extend the Java Advanced Imaging (JAI) API. Programs allowing Jiffle script to be provided via network request can lead to a Remote Code Execution as the Jiffle script is compiled into Java code via Janino, and executed. In particular, this affects the downstream GeoServer project. Version 1.2.22 will contain a patch that disables the ability to inject malicious code into the resulting script. Users unable to upgrade may negate the ability to compile Jiffle scripts from the final application, by removing janino-x.y.z.jar from the classpath.",2022-04-13 21:15:07.683,Nuclei
CVE-2022-24856,7.5,0.08179,"FlyteConsole is the web user interface for the Flyte platform. FlyteConsole prior to version 0.52.0 is vulnerable to server-side request forgery (SSRF) when FlyteConsole is open to the general internet. An attacker can exploit any user of a vulnerable instance to access the internal metadata server or other unauthenticated URLs. Passing of headers to an unauthorized actor may occur. The patch for this issue deletes the entire `cors_proxy`, as this is not required for console anymore. A patch is available in FlyteConsole version 0.52.0. Disable FlyteConsole availability on the internet as a workaround.",2022-05-17 16:15:09.157,Nuclei
CVE-2022-2486,9.8,0.97331,"A vulnerability, which was classified as critical, was found in WAVLINK WN535K2 and WN535K3. This affects an unknown part of the file /cgi-bin/mesh.cgi?page=upgrade. The manipulation of the argument key leads to os command injection. The exploit has been disclosed to the public and may be used.",2022-07-20 12:15:08.197,EPSS/Nuclei
CVE-2022-2487,9.8,0.97409,A vulnerability has been found in WAVLINK WN535K2 and WN535K3 and classified as critical. This vulnerability affects unknown code of the file /cgi-bin/nightled.cgi. The manipulation of the argument start_hour leads to os command injection. The exploit has been disclosed to the public and may be used.,2022-07-20 12:15:08.367,EPSS/Nuclei
CVE-2022-2488,9.8,0.97398,A vulnerability was found in WAVLINK WN535K2 and WN535K3 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/touchlist_sync.cgi. The manipulation of the argument IP leads to os command injection. The exploit has been disclosed to the public and may be used.,2022-07-20 12:15:08.477,EPSS/Nuclei
CVE-2022-24899,6.1,0.00342,Contao is a powerful open source CMS that allows you to create professional websites and scalable web applications. In versions of Contao prior to 4.13.3 it is possible to inject code into the canonical tag. As a workaround users may disable canonical tags in the root page settings.,2022-05-06 00:15:07.757,Nuclei
CVE-2022-24900,8.6,0.00927,"Piano LED Visualizer is software that allows LED lights to light up as a person plays a piano connected to a computer. Version 1.3 and prior are vulnerable to a path traversal attack. The `os.path.join` call is unsafe for use with untrusted input. When the `os.path.join` call encounters an absolute path, it ignores all the parameters it has encountered till that point and starts working with the new absolute path. Since the ""malicious"" parameter represents an absolute path, the result of `os.path.join` ignores the static directory completely. Hence, untrusted input is passed via the `os.path.join` call to `flask.send_file` can lead to path traversal attacks. A patch with a fix is available on the `master` branch of the GitHub repository. This can also be fixed by preventing flow of untrusted data to the vulnerable `send_file` function. In case the application logic necessiates this behaviour, one can either use the `flask.safe_join` to join untrusted paths or replace `flask.send_file` calls with `flask.send_from_directory` calls.",2022-04-29 14:15:11.377,Nuclei
CVE-2022-24989,9.8,0.00324,TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute arbitrary code as root via the raidtype and diskstring parameters for PHP Object Instantiation to the api.php?mobile/createRaid URI. (Shell metacharacters can be placed in raidtype because popen is used without any sanitization.) The credentials from CVE-2022-24990 exploitation can be used.,2023-08-20 18:15:09.523,Metasploit
CVE-2022-24990,7.5,0.96033,"TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending ""User-Agent: TNAS"" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response.",2023-02-07 18:15:09.100,EPSS/CISA/Metasploit/Nuclei
CVE-2022-25082,9.8,0.0417,"TOTOLink A950RG V5.9c.4050_B20190424 and V4.1.2cu.5204_B20210112 were discovered to contain a command injection vulnerability in the ""Main"" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.",2022-02-24 15:15:30.493,Nuclei
CVE-2022-25125,9.8,0.0161,MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via search.do in the file /mdiy/dict/listExcludeApp.,2022-03-03 19:15:08.913,Nuclei
CVE-2022-25148,9.8,0.50788,"The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_id parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 13.1.5.",2022-02-24 19:15:10.400,Nuclei
CVE-2022-25149,7.5,0.32625,"The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the IP parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 13.1.5.",2022-02-24 19:15:10.453,Nuclei
CVE-2022-25216,7.5,0.0152,"An absolute path traversal vulnerability allows a remote attacker to download any file on the Windows file system for which the user account running DVDFab 12 Player (recently renamed PlayerFab) has read-access, by means of an HTTP GET request to http://<IP_ADDRESS>:32080/download/<URL_ENCODED_PATH>.",2022-03-11 18:15:40.160,Nuclei
CVE-2022-25323,6.1,0.00115,ZEROF Web Server 2.0 allows /admin.back XSS.,2022-02-18 17:15:08.500,Nuclei
CVE-2022-2535,5.3,0.00198,"The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a live search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink",2022-08-15 11:21:28.740,Nuclei
CVE-2022-25356,5.3,0.00425,Alt-N MDaemon Security Gateway through 8.5.0 allows SecurityGateway.dll?view=login XML Injection.,2022-04-05 02:15:07.317,Nuclei
CVE-2022-2544,7.5,0.01123,"The Ninja Job Board WordPress plugin before 1.3.3 does not protect the directory where it stores uploaded resumes, making it vulnerable to unauthenticated Directory Listing which allows the download of uploaded resumes.",2022-08-22 15:15:15.263,Nuclei
CVE-2022-2546,4.7,0.00252,"The All-in-One WP Migration WordPress plugin before 7.63 uses the wrong content type, and does not properly escape the response from the ai1wm_export AJAX action, allowing an attacker to craft a request that when submitted by any visitor will inject arbitrary html or javascript into the response that will be executed in the victims session. Note: This requires knowledge of a static secret key",2023-02-02 09:15:08.403,Nuclei
CVE-2022-25481,7.5,0.01261,ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all system environment parameters from index.php. NOTE: this is disputed by a third party because system environment exposure is an intended feature of the debugging mode.,2022-03-21 00:15:07.713,Nuclei
CVE-2022-25485,7.8,0.00648,CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertLightbox.php.,2022-03-15 18:15:12.047,Nuclei
CVE-2022-25486,7.8,0.01525,CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertConfigField.php.,2022-03-15 18:15:12.230,Nuclei
CVE-2022-25487,9.8,0.77771,Atom CMS v2.0 was discovered to contain a remote code execution (RCE) vulnerability via /admin/uploads.php.,2022-03-15 18:15:12.287,Nuclei
CVE-2022-25488,9.8,0.0161,Atom CMS v2.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/ajax/avatar.php.,2022-03-15 18:15:12.343,Nuclei
CVE-2022-25489,5.4,0.00134,"Atom CMS v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the ""A"" parameter in /widgets/debug.php.",2022-03-15 18:15:12.430,Nuclei
CVE-2022-25497,5.3,0.00508,CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function.,2022-03-15 18:15:12.920,Nuclei
CVE-2022-2551,7.5,0.66448,"The Duplicator WordPress plugin before 1.4.7 discloses the url of the a backup to unauthenticated visitors accessing the main installer endpoint of the plugin, if the installer script has been run once by an administrator, allowing download of the full site backup without authenticating.",2022-08-22 15:15:15.317,Nuclei
CVE-2022-25568,7.5,0.01501,"MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user password must be unconfigured.",2022-03-24 17:15:08.410,Nuclei
CVE-2022-2599,6.1,0.00106,"The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.21.83 does not sanitise and escape some parameters before outputting them back in an admin dashboard, leading to Reflected Cross-Site Scripting",2022-08-29 18:15:09.690,Nuclei
CVE-2022-26134,9.8,0.975,"In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.",2022-06-03 22:15:07.717,EPSS/CISA/Metasploit/Nuclei
CVE-2022-26138,9.8,0.97245,"The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access all content accessible to users in the confluence-users group. This user account is created when installing versions 2.7.34, 2.7.35, and 3.0.2 of the app.",2022-07-20 18:15:08.617,EPSS/CISA/Nuclei
CVE-2022-26143,9.8,0.05917,The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic). This was exploited in the wild in February and March 2022 for the TP240PhoneHome DDoS attack.,2022-03-10 17:47:32.813,CISA
CVE-2022-26148,9.8,0.15727,"An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password can be found in the api_jsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search for password in api_jsonrpc.php to discover the Zabbix account password and URL address.",2022-03-21 20:15:14.030,Nuclei
CVE-2022-26159,5.3,0.00606,"The auto-completion plugin in Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion/<domain>/en.xml (and similar pathnames for other languages), which contain all characters typed by all users, including the content of private pages. For example, a private page may contain usernames, e-mail addresses, and possibly passwords.",2022-02-28 04:15:07.123,Nuclei
CVE-2022-26233,7.5,0.00628,"Barco Control Room Management through Suite 2.9 Build 0275 was discovered to be vulnerable to directory traversal, allowing attackers to access sensitive information and components. Requests must begin with the ""GET /..\.."" substring.",2022-04-03 23:15:08.060,Nuclei
CVE-2022-26258,9.8,0.45615,D-Link DIR-820L 1.05B03 was discovered to contain remote command execution (RCE) vulnerability via HTTP POST to get set ccp.,2022-03-28 00:15:07.813,CISA
CVE-2022-26263,6.1,0.00147,Yonyou u8 v13.0 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability via the component /u8sl/WebHelp.,2022-03-25 17:15:08.800,Nuclei
CVE-2022-2627,6.1,0.00106,"The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting.",2022-10-31 16:15:10.827,Nuclei
CVE-2022-26318,9.8,0.8417,"On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.",2022-03-04 18:15:08.367,CISA/Metasploit
CVE-2022-2633,8.2,0.03214,"The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file downloads and blind server-side request forgery via the 'dl' parameter found in the ~/public/video.php file in versions up to, and including 2.6.0. This makes it possible for unauthenticated users to download sensitive files hosted on the affected server and forge requests to the server.",2022-09-06 18:15:14.503,Nuclei
CVE-2022-26352,9.8,0.97448,"An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. Attackers can craft a multipart form request to post a file whose filename is not initially sanitized. This allows directory traversal, in which the file is saved outside of the intended storage location. If anonymous content creation is enabled, this allows an unauthenticated attacker to upload an executable file, such as a .jsp file, that can lead to remote code execution.",2022-07-17 22:15:08.787,EPSS/CISA/Metasploit/Nuclei
CVE-2022-26485,8.8,0.01016,"Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 91.6.2, and Focus < 97.3.0.",2022-12-22 20:15:22.563,CISA
CVE-2022-26486,9.6,0.0032,"An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 91.6.2, and Focus < 97.3.0.",2022-12-22 20:15:22.797,CISA
CVE-2022-26500,8.8,0.03427,"Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code.",2022-03-17 21:15:08.193,CISA
CVE-2022-26501,9.8,0.08304,Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2).,2022-03-17 21:15:08.233,CISA
CVE-2022-26564,6.1,0.00097,HotelDruid Hotel Management Software v3.0.3 contains a cross-site scripting (XSS) vulnerability via the prezzoperiodo4 parameter in creaprezzi.php.,2022-04-26 23:15:44.480,Nuclei
CVE-2022-26833,9.4,0.0166,An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to trigger this vulnerability.,2022-05-25 21:15:08.250,Nuclei
CVE-2022-26871,9.8,0.15835,An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to upload an arbitrary file which could lead to remote code execution.,2022-03-29 21:15:07.760,CISA
CVE-2022-26904,7.0,0.00102,Windows User Profile Service Elevation of Privilege Vulnerability,2022-04-15 19:15:15.027,CISA/Metasploit
CVE-2022-26923,8.8,0.0707,Active Directory Domain Services Elevation of Privilege Vulnerability,2022-05-10 21:15:10.133,CISA/Metasploit
CVE-2022-26925,5.9,0.89699,Windows LSA Spoofing Vulnerability,2022-05-10 21:15:10.187,CISA
CVE-2022-26960,9.1,0.86035,"connector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths.",2022-03-21 17:15:07.740,Nuclei
CVE-2022-2733,6.1,0.00173,Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1.,2022-08-09 12:15:08.417,Nuclei
CVE-2022-27518,9.8,0.23924,"Unauthenticated remote arbitrary code execution
",2022-12-13 17:15:14.350,CISA
CVE-2022-2756,6.5,0.01581,Server-Side Request Forgery (SSRF) in GitHub repository kareadita/kavita prior to 0.5.4.1.,2022-08-10 16:15:08.423,Nuclei
CVE-2022-27593,9.1,0.57075,"An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later QTS 4.3.6: Photo Station 5.7.18 and later QTS 4.3.3: Photo Station 5.4.15 and later QTS 4.2.6: Photo Station 5.2.14 and later",2022-09-08 11:15:19.503,CISA/Nuclei
CVE-2022-27849,7.5,0.00504,Sensitive Information Disclosure (sac-export.csv) in Simple Ajax Chat (WordPress plugin) <= 20220115,2022-04-15 17:15:08.773,Nuclei
CVE-2022-27924,7.5,0.09665,"Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 allows an unauthenticated attacker to inject arbitrary memcache commands into a targeted instance. These memcache commands becomes unescaped, causing an overwrite of arbitrary cached entries.",2022-04-21 00:15:08.360,CISA
CVE-2022-27925,7.2,0.94758,"Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenticated user with administrator rights has the ability to upload arbitrary files to the system, leading to directory traversal.",2022-04-21 00:15:08.407,CISA/Metasploit
CVE-2022-27926,6.1,0.96153,A reflected cross-site scripting (XSS) vulnerability in the /public/launchNewWindow.jsp component of Zimbra Collaboration (aka ZCS) 9.0 allows unauthenticated attackers to execute arbitrary web script or HTML via request parameters.,2022-04-21 00:15:08.450,EPSS/CISA/Nuclei
CVE-2022-27927,9.8,0.28529,A SQL injection vulnerability exists in Microfinance Management System 1.0 when MySQL is being used as the application database. An attacker can issue SQL commands to the MySQL database through the vulnerable course_code and/or customer_number parameter.,2022-04-19 13:15:08.483,Nuclei
CVE-2022-27984,9.8,0.02079,CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via the menu_filter parameter at /administrator/templates/default/html/windows/right.php.,2022-04-26 14:15:41.557,Nuclei
CVE-2022-27985,9.8,0.01859,CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via /administrator/alerts/alertLightbox.php.,2022-04-26 14:15:41.763,Nuclei
CVE-2022-28022,9.8,0.0161,Purchase Order Management System v1.0 was discovered to contain a SQL injection vulnerability via /purchase_order/classes/Master.php?f=delete_item.,2022-04-21 20:15:09.697,Nuclei
CVE-2022-28023,9.8,0.0161,Purchase Order Management System v1.0 was discovered to contain a SQL injection vulnerability via /purchase_order/classes/Master.php?f=delete_supplier.,2022-04-21 20:15:09.737,Nuclei
CVE-2022-28032,9.8,0.0161,AtomCMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_pages.php,2022-04-12 16:15:09.207,Nuclei
CVE-2022-28079,8.8,0.59649,College Management System v1.0 was discovered to contain a SQL injection vulnerability via the course_code parameter.,2022-05-05 17:15:13.917,Nuclei
CVE-2022-28080,8.8,0.01564,Royal Event Management System v1.0 was discovered to contain a SQL injection vulnerability via the todate parameter.,2022-05-05 17:15:13.960,Nuclei
CVE-2022-28117,4.9,0.04469,A Server-Side Request Forgery (SSRF) in feed_parser class of Navigate CMS v2.9.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter.,2022-04-28 15:15:10.143,Nuclei
CVE-2022-28219,9.8,0.9745,Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution.,2022-04-05 19:15:08.360,EPSS/Metasploit/Nuclei
CVE-2022-28290,6.1,0.00088,Reflective Cross-Site Scripting vulnerability in WordPress Country Selector Plugin Version 1.6.5. The XSS payload executes whenever the user tries to access the country selector page with the specified payload as a part of the HTTP request,2022-04-25 17:15:36.957,Nuclei
CVE-2022-28363,6.1,0.00336,Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability (XSS) in the /goform/login_process username parameter via GET. No authentication is required.,2022-04-09 17:15:07.907,Nuclei
CVE-2022-28365,5.3,0.05306,"Reprise License Manager 14.2 is affected by an Information Disclosure vulnerability via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with software versions, process IDs, network configuration, hostname(s), system architecture, and file/directory details.",2022-04-09 17:15:08.013,Nuclei
CVE-2022-28381,9.8,0.73206,"Mediaserver.exe in ALLMediaServer 1.6 has a stack-based buffer overflow that allows remote attackers to execute arbitrary code via a long string to TCP port 888, a related issue to CVE-2017-17932.",2022-04-03 19:15:07.947,Metasploit
CVE-2022-2856,6.5,0.00525,Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page.,2022-09-26 16:15:11.207,CISA
CVE-2022-2863,4.9,0.35211,"The Migration, Backup, Staging WordPress plugin before 0.9.76 does not sanitise and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server via a Traversal attack",2022-09-16 09:15:11.077,Nuclei
CVE-2022-28810,6.8,0.92092,"Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary operating OS commands as SYSTEM via the policy custom script feature. Due to the use of a default administrator password, attackers may be able to abuse this functionality with minimal effort. Additionally, a remote and partially authenticated attacker may be able to inject arbitrary commands into the custom script due to an unsanitized password field.",2022-04-18 13:15:08.233,CISA/Metasploit
CVE-2022-28923,6.1,0.00337,Caddy v2.4.6 was discovered to contain an open redirection vulnerability which allows attackers to redirect users to phishing websites via crafted URLs.,2023-02-06 23:15:09.637,Nuclei
CVE-2022-28955,7.5,0.02532,An access control issue in D-Link DIR816L_FW206b01 allows unauthenticated attackers to access folders folder_view.php and category_view.php.,2022-05-18 12:15:08.010,Nuclei
CVE-2022-29004,6.1,0.00254,Diary Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name parameter in search-result.php.,2022-05-23 16:16:07.693,Nuclei
CVE-2022-29005,6.1,0.00205,Multiple cross-site scripting (XSS) vulnerabilities in the component /obcs/user/profile.php of Online Birth Certificate System v1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fname or lname parameters.,2022-05-23 16:16:07.737,Nuclei
CVE-2022-29006,9.8,0.1338,Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Directory Management System v1.0 allows attackers to bypass authentication.,2022-05-11 14:15:07.947,Nuclei
CVE-2022-29007,9.8,0.1338,Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Dairy Farm Shop Management System v1.0 allows attackers to bypass authentication.,2022-05-11 14:15:07.987,Nuclei
CVE-2022-29009,9.8,0.1338,Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Cyber Cafe Management System Project v1.0 allows attackers to bypass authentication.,2022-05-11 14:15:08.073,Nuclei
CVE-2022-29013,9.8,0.86058,A command injection in the command parameter of Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to execute arbitrary commands via a crafted POST request.,2022-06-09 00:15:08.017,Nuclei
CVE-2022-29014,7.5,0.79802,A local file inclusion vulnerability in Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to read arbitrary files.,2022-06-09 00:15:08.063,Nuclei
CVE-2022-29078,9.8,0.28707,"The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation).",2022-04-25 15:15:49.887,Nuclei
CVE-2022-29153,7.5,0.02019,"HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints. Fixed in 1.9.17, 1.10.10, and 1.11.5.",2022-04-19 16:17:10.493,Nuclei
CVE-2022-29272,6.1,0.00239,"In Nagios XI through 5.8.5, an open redirect vulnerability exists in the login function that could lead to spoofing.",2022-06-29 01:15:07.550,Nuclei
CVE-2022-29298,7.5,0.1374,SolarView Compact ver.6.00 allows attackers to access sensitive files via directory traversal.,2022-05-12 16:15:07.510,Nuclei
CVE-2022-29299,0.0,0.00175,Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-20660. Reason: This candidate is a reservation duplicate of CVE-2021-20660. Notes: All CVE users should reference CVE-2021-20660 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage,2022-06-23 17:15:12.667,Nuclei
CVE-2022-29301,0.0,0.00175,Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-20660. Reason: This candidate is a reservation duplicate of CVE-2021-20660. Notes: All CVE users should reference CVE-2021-20660 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage,2022-06-23 17:15:12.707,Nuclei
CVE-2022-29303,9.8,0.96578,SolarView Compact ver.6.00 was discovered to contain a command injection vulnerability via conf_mail.php.,2022-05-12 16:15:07.600,EPSS/CISA/Nuclei
CVE-2022-29349,6.1,0.00314,kkFileView v4.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the url parameter at /controller/OnlinePreviewController.java.,2022-05-25 01:15:07.113,Nuclei
CVE-2022-29383,9.8,0.32425,NETGEAR ProSafe SSL VPN firmware FVS336Gv2 and FVS336Gv3 was discovered to contain a SQL injection vulnerability via USERDBDomains.Domainname at cgi-bin/platform.cgi.,2022-05-13 13:15:07.737,Nuclei
CVE-2022-29455,6.1,0.0019,DOM-based Reflected Cross-Site Scripting (XSS) vulnerability in Elementor's Elementor Website Builder plugin <= 3.5.5 versions.,2022-06-13 17:15:10.100,Nuclei
CVE-2022-29464,9.8,0.9734,"Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /fileupload endpoint with a Content-Disposition directory traversal sequence to reach a directory under the web root, such as a ../../../../repository/deployment/server/webapps directory. This affects WSO2 API Manager 2.2.0 up to 4.0.0, WSO2 Identity Server 5.2.0 up to 5.11.0, WSO2 Identity Server Analytics 5.4.0, 5.4.1, 5.5.0 and 5.6.0, WSO2 Identity Server as Key Manager 5.3.0 up to 5.11.0, WSO2 Enterprise Integrator 6.2.0 up to 6.6.0, WSO2 Open Banking AM 1.4.0 up to 2.0.0 and WSO2 Open Banking KM 1.4.0, up to 2.0.0.",2022-04-18 22:15:09.027,EPSS/CISA/Metasploit/Nuclei
CVE-2022-29499,9.8,0.03585,"The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorrect data validation. The Service Appliances are SA 100, SA 400, and Virtual SA.",2022-04-26 02:15:37.107,CISA
CVE-2022-29548,6.1,0.01901,"A reflected XSS issue exists in the Management Console of several WSO2 products. This affects API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2.6.0; API Microgateway 2.2.0; Data Analytics Server 3.2.0; Enterprise Integrator 6.2.0, 6.3.0, 6.4.0, 6.5.0, and 6.6.0; IS as Key Manager 5.5.0, 5.6.0, 5.7.0, 5.9.0, and 5.10.0; Identity Server 5.5.0, 5.6.0, 5.7.0, 5.9.0, 5.10.0, and 5.11.0; Identity Server Analytics 5.5.0 and 5.6.0; and WSO2 Micro Integrator 1.0.0.",2022-04-21 02:15:06.800,Nuclei
CVE-2022-29775,9.8,0.01197,iSpyConnect iSpy v7.2.2.0 allows attackers to bypass authentication via a crafted URL.,2022-06-21 14:15:08.197,Nuclei
CVE-2022-29806,9.8,0.38968,ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability.,2022-04-26 04:15:42.487,Metasploit
CVE-2022-29845,6.5,0.00048,"In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read the contents of a local file.",2022-05-11 18:15:29.020,Metasploit
CVE-2022-29846,5.3,0.00062,"In Progress Ipswitch WhatsUp Gold 16.1 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to obtain the WhatsUp Gold installation serial number.",2022-05-11 18:15:29.057,Metasploit
CVE-2022-29847,7.5,0.00104,"In Progress Ipswitch WhatsUp Gold 21.0.0 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to invoke an API transaction that would allow them to relay encrypted WhatsUp Gold user credentials to an arbitrary host.",2022-05-11 18:15:29.097,Metasploit
CVE-2022-29848,6.5,0.00048,"In Progress Ipswitch WhatsUp Gold 17.0.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read sensitive operating-system attributes from a host that is accessible by the WhatsUp Gold system.",2022-05-11 18:15:29.133,Metasploit
CVE-2022-2992,9.9,0.02847,"A vulnerability in GitLab CE/EE affecting all versions from 11.10 prior to 15.1.6, 15.2 to 15.2.4, 15.3 to 15.3.2 allows an authenticated user to achieve remote code execution via the Import from GitHub API endpoint.",2022-10-17 16:15:21.640,Metasploit
CVE-2022-30073,5.4,0.00205,WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via /admin/users/save.php.,2022-05-17 16:15:09.267,Nuclei
CVE-2022-30190,7.8,0.96632,"A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights.
Please see the MSRC Blog Entry for important information about steps you can take to protect your system from this vulnerability.
",2022-06-01 20:15:07.983,EPSS/CISA/Metasploit
CVE-2022-30333,7.5,0.92674,"RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.",2022-05-09 08:15:06.937,CISA
CVE-2022-3038,8.8,0.04963,Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.,2022-09-26 16:15:11.793,CISA
CVE-2022-30489,6.1,0.00102,WAVLINK WN535 G3 was discovered to contain a cross-site scripting (XSS) vulnerability via the hostname parameter at /cgi-bin/login.cgi.,2022-05-13 13:15:08.067,Nuclei
CVE-2022-30512,9.8,0.11597,School Dormitory Management System 1.0 is vulnerable to SQL Injection via accounts/payment_history.php:31.,2022-06-02 14:15:53.657,Nuclei
CVE-2022-30513,6.1,0.00112,School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via admin/inc/navigation.php:125,2022-06-02 14:15:53.727,Nuclei
CVE-2022-30514,6.1,0.00112,School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via admin/inc/navigation.php:126.,2022-06-02 14:15:53.810,Nuclei
CVE-2022-30525,9.8,0.97456,"A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware versions 4.60 through 5.21 Patch 1, which could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device.",2022-05-12 14:15:07.053,EPSS/CISA/Metasploit/Nuclei
CVE-2022-30526,7.8,0.00118,"A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.09 through 4.72, which could allow a local attacker to execute some OS commands with root privileges in some directories on a vulnerable device.",2022-07-19 06:15:08.827,Metasploit
CVE-2022-3062,6.1,0.00106,"The Simple File List WordPress plugin before 4.4.12 does not escape parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting",2022-09-26 13:15:10.833,Nuclei
CVE-2022-3075,9.6,0.00996,Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.,2022-09-26 16:15:13.463,CISA
CVE-2022-30776,6.1,0.00112,atmail 6.5.0 allows XSS via the index.php/admin/index/ error parameter.,2022-05-16 14:15:08.147,Nuclei
CVE-2022-30777,6.1,0.00087,Parallels H-Sphere 3.6.1713 allows XSS via the index_en.php from parameter.,2022-05-16 14:15:08.187,Nuclei
CVE-2022-30781,7.5,0.81031,Gitea before 1.16.7 does not escape git fetch remote.,2022-05-16 04:15:13.343,Metasploit
CVE-2022-31126,9.8,0.83974,"Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A vulnerability in Roxy-wi allows a remote, unauthenticated attacker to code execution by sending a specially crafted HTTP request to /app/options.py file. This affects Roxy-wi versions before 6.1.1.0. Users are advised to upgrade. There are no known workarounds for this issue.",2022-07-06 18:15:19.433,Nuclei
CVE-2022-31137,9.8,0.94886,"Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 6.1.1.0 are subject to a remote code execution vulnerability. System commands can be run remotely via the subprocess_execute function without processing the inputs received from the user in the /app/options.py file. Attackers need not be authenticated to exploit this vulnerability. Users are advised to upgrade. There are no known workarounds for this vulnerability.",2022-07-08 20:15:07.980,Metasploit
CVE-2022-31199,9.8,0.4738,"Remote code execution vulnerabilities exist in the Netwrix Auditor User Activity Video Recording component affecting both the Netwrix Auditor server and agents installed on monitored systems. The remote code execution vulnerabilities exist within the underlying protocol used by the component, and potentially allow an unauthenticated remote attacker to execute arbitrary code as the NT AUTHORITY\SYSTEM user on affected systems, including on systems Netwrix Auditor monitors.",2022-11-08 01:15:09.767,CISA
CVE-2022-31268,7.5,0.00773,"A Path Traversal vulnerability in Gitblit 1.9.3 can lead to reading website files via /resources//../ (e.g., followed by a WEB-INF or META-INF pathname).",2022-05-21 21:15:52.057,Nuclei
CVE-2022-31269,8.2,0.00284,Nortek Linear eMerge E3-Series devices through 0.32-09c place admin credentials in /test.txt that allow an attacker to open a building's doors. (This occurs in situations where the CVE-2019-7271 default credentials have been changed.),2022-08-25 22:15:08.547,Nuclei
CVE-2022-31299,6.1,0.00243,Haraj v3.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the User Upgrade Form.,2022-06-16 22:15:07.983,Nuclei
CVE-2022-31373,6.1,0.00088,SolarView Compact v6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Solar_AiConf.php.,2022-06-21 13:15:08.340,Nuclei
CVE-2022-3142,8.8,0.00376,"The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. The attack can be executed by anyone who is permitted to view the forms statistics chart, by default administrators, however can be configured otherwise via the plugin settings.",2022-09-19 14:15:11.357,Nuclei
CVE-2022-31474,7.5,0.01504,"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in iThemes BackupBuddy allows Path Traversal.This issue affects BackupBuddy: from 8.5.8.0 through 8.7.4.1.

",2023-03-13 14:15:12.507,Nuclei
CVE-2022-31499,9.8,0.77331,Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to inject OS commands via ReaderNo. NOTE: this issue exists because of an incomplete fix for CVE-2019-7256.,2022-08-25 23:15:08.177,Nuclei
CVE-2022-31656,9.8,0.64132,"VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.",2022-08-05 16:15:12.610,Nuclei
CVE-2022-31660,7.8,0.00117,"VMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.",2022-08-05 16:15:12.777,Metasploit
CVE-2022-31704,9.8,0.00431,The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution.,2023-01-26 21:15:37.320,Metasploit
CVE-2022-31706,9.8,0.00728,"The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.",2023-01-26 21:15:37.610,Metasploit
CVE-2022-31711,5.3,0.00132,VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication.,2023-01-26 21:15:38.270,Metasploit
CVE-2022-31793,7.5,0.30308,"do_request in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. This occurs because the code skips over the first character when serving files. Arris NVG443, NVG599, NVG589, and NVG510 devices and Arris-derived BGW210 and BGW320 devices are affected.",2022-08-04 22:15:08.017,Nuclei
CVE-2022-31798,6.1,0.00126,Nortek Linear eMerge E3-Series 0.32-07p devices are vulnerable to /card_scan.php?CardFormatNo= XSS with session fixation (via PHPSESSID) when they are chained together. This would allow an attacker to take over an admin account or a user account.,2022-08-25 23:15:08.217,Nuclei
CVE-2022-31814,9.8,0.97141,pfSense pfBlockerNG through 2.1.4_26 allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host header. NOTE: 3.x is unaffected.,2022-09-05 16:15:08.500,EPSS/Metasploit/Nuclei
CVE-2022-31845,7.5,0.00874,A vulnerability in live_check.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function.,2022-06-14 14:15:08.130,Nuclei
CVE-2022-31846,7.5,0.00874,A vulnerability in live_mfg.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function.,2022-06-14 14:15:08.177,Nuclei
CVE-2022-31847,7.5,0.01261,A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN579 X3 M79X3.V5030.180719 allows attackers to obtain sensitive router information via a crafted POST request.,2022-06-14 14:15:08.220,Nuclei
CVE-2022-31854,7.2,0.27127,Codoforum v5.1 was discovered to contain an arbitrary file upload vulnerability via the logo change option in the admin panel.,2022-07-07 13:15:08.223,Nuclei
CVE-2022-31974,7.2,0.01128,Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=reports&date=.,2022-06-02 14:15:59.783,Nuclei
CVE-2022-31975,7.2,0.01128,Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=user/manage_user&id=.,2022-06-02 14:15:59.827,Nuclei
CVE-2022-31976,9.8,0.0161,Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_request.,2022-06-02 14:15:59.870,Nuclei
CVE-2022-31977,9.8,0.0161,Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_team.,2022-06-02 14:15:59.913,Nuclei
CVE-2022-31978,9.8,0.0161,Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_inquiry.,2022-06-02 14:15:59.957,Nuclei
CVE-2022-31980,7.2,0.01128,Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=teams/manage_team&id=.,2022-06-02 14:16:00.003,Nuclei
CVE-2022-31981,7.2,0.01128,Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=teams/view_team&id=.,2022-06-02 14:16:00.050,Nuclei
CVE-2022-31982,7.2,0.01128,Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=requests/view_request&id=.,2022-06-02 14:16:00.093,Nuclei
CVE-2022-31983,7.2,0.10363,Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=requests/manage_request&id=.,2022-06-02 14:16:00.133,Nuclei
CVE-2022-31984,7.2,0.01128,Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/requests/take_action.php?id=.,2022-06-02 14:16:00.177,Nuclei
CVE-2022-32007,7.2,0.01128,Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/company/index.php?view=edit&id=.,2022-06-02 16:15:08.610,Nuclei
CVE-2022-32015,7.2,0.01128,Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=category&search=.,2022-06-02 16:15:08.923,Nuclei
CVE-2022-32018,7.2,0.01128,Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=hiring&search=.,2022-06-02 16:15:09.057,Nuclei
CVE-2022-32022,7.2,0.01214,Car Rental Management System v1.0 is vulnerable to SQL Injection via /ip/car-rental-management-system/admin/ajax.php?action=login.,2022-06-02 16:15:09.193,Nuclei
CVE-2022-32024,7.2,0.01128,Car Rental Management System v1.0 is vulnerable to SQL Injection via car-rental-management-system/booking.php?car_id=.,2022-06-02 16:15:09.237,Nuclei
CVE-2022-32025,7.2,0.01128,Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/view_car.php?id=.,2022-06-02 16:15:09.280,Nuclei
CVE-2022-32026,7.2,0.01128,Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_booking.php?id=.,2022-06-02 16:15:09.323,Nuclei
CVE-2022-32028,7.2,0.01128,Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_user.php?id=.,2022-06-02 16:15:09.413,Nuclei
CVE-2022-32094,9.8,0.02266,Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at doctorlogin.php.,2022-07-01 21:15:08.233,Nuclei
CVE-2022-3218,9.8,0.91907,"Due to a reliance on client-side authentication, the WiFi Mouse (Mouse Server) from Necta LLC's authentication mechanism is trivially bypassed, which can result in remote code execution.",2022-09-19 17:15:14.630,Metasploit
CVE-2022-32195,6.1,0.00112,"Open edX platform before 2022-06-06 allows XSS via the ""next"" parameter in the logout URL.",2022-06-09 04:15:11.277,Nuclei
CVE-2022-3229,9.8,0.02378,"Because the web management interface for Unified Intents' Unified Remote solution does not itself require authentication, a remote, unauthenticated attacker can change or disable authentication requirements for the Unified Remote protocol, and leverage this now-unauthenticated access to run code of the attacker's choosing.",2023-02-06 23:15:09.713,Metasploit
CVE-2022-3236,9.8,0.12788,A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older.,2022-09-23 13:15:10.327,CISA
CVE-2022-32409,9.8,0.47251,A local file inclusion (LFI) vulnerability in the component codemirror.php of Portal do Software Publico Brasileiro i3geo v7.0.5 allows attackers to execute arbitrary PHP code via a crafted HTTP request.,2022-07-14 22:15:08.597,Nuclei
CVE-2022-3242,6.1,0.01785,Code Injection in GitHub repository microweber/microweber prior to 1.3.2.,2022-09-20 11:15:09.480,Nuclei
CVE-2022-32429,9.8,0.10566,"An authentication-bypass issue in the component http://MYDEVICEIP/cgi-bin-sdb/ExportSettings.sh of Mega System Technologies Inc MSNSwitch MNT.2408 allows unauthenticated attackers to arbitrarily configure settings within the application, leading to remote code execution.",2022-08-10 20:15:48.233,Nuclei
CVE-2022-32430,7.5,0.01571,An access control issue in Lin CMS Spring Boot v0.2.1 allows attackers to access the backend information and functions within the application.,2022-07-21 16:15:09.207,Nuclei
CVE-2022-32444,6.1,0.00148,An issue was discovered in u5cms verion 8.3.5 There is a URL redirection vulnerability that can cause a user's browser to be redirected to another site via /loginsave.php.,2022-06-17 16:15:08.710,Nuclei
CVE-2022-32770,6.1,0.00136,"A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability.This vulnerability arrises from the ""toast"" parameter which is inserted into the document with insufficient sanitization.",2022-08-22 19:15:10.470,Nuclei
CVE-2022-32771,6.1,0.00074,"A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability.This vulnerability arrises from the ""success"" parameter which is inserted into the document with insufficient sanitization.",2022-08-22 19:15:10.537,Nuclei
CVE-2022-32772,6.1,0.00074,"A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability.This vulnerability arrises from the ""msg"" parameter which is inserted into the document with insufficient sanitization.",2022-08-22 19:15:10.603,Nuclei
CVE-2022-32893,8.8,0.00537,"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.",2022-08-24 20:15:09.147,CISA
CVE-2022-32894,7.8,0.00149,"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.",2022-08-24 20:15:09.193,CISA
CVE-2022-32917,7.8,0.00062,"The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..",2022-09-20 21:15:11.200,CISA
CVE-2022-33119,6.1,0.00314,NUUO Network Video Recorder NVRsolo v03.06.02 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via login.php.,2022-06-21 13:15:08.487,Nuclei
CVE-2022-33174,7.5,0.00844,"Power Distribution Units running on Powertek firmware (multiple brands) before 3.30.30 allows remote authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface (/cgi/get_param.cgi) with the tmpToken cookie set to an empty string followed by a semicolon. This bypasses an active session authorization check. This can be then used to fetch the values of protected sys.passwd and sys.su.name fields that contain the username and password in cleartext.",2022-06-13 18:15:10.230,Nuclei
CVE-2022-3358,7.5,0.0011,"OpenSSL supports creating a custom cipher via the legacy EVP_CIPHER_meth_new() function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy custom ciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() functions (as well as other similarly named encryption and decryption initialisation functions). Instead of using the custom cipher directly it incorrectly tries to fetch an equivalent cipher from the available providers. An equivalent cipher is found based on the NID passed to EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a given cipher. However it is possible for an application to incorrectly pass NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSL encryption/decryption initialisation function will match the NULL cipher as being equivalent and will fetch this from the available providers. This will succeed if the default provider has been loaded (or if a third party provider has been loaded that offers this cipher). Using the NULL cipher means that the plaintext is emitted as the ciphertext. Applications are only affected by this issue if they call EVP_CIPHER_meth_new() using NID_undef and subsequently use it in a call to an encryption/decryption initialisation function. Applications that only use SSL/TLS are not impacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5).",2022-10-11 15:15:10.233,Metasploit
CVE-2022-33891,8.8,0.97172,"The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can allow someone to perform impersonation by providing an arbitrary user name. A malicious user might then be able to reach a permission check function that will ultimately build a Unix shell command based on their input, and execute it. This will result in arbitrary shell command execution as the user Spark is currently running as. This affects Apache Spark versions 3.0.3 and earlier, versions 3.1.1 to 3.1.2, and versions 3.2.0 to 3.2.1.",2022-07-18 07:15:07.600,EPSS/CISA/Metasploit/Nuclei
CVE-2022-33901,7.5,0.00758,Unauthenticated Arbitrary File Read vulnerability in MultiSafepay plugin for WooCommerce plugin <= 4.13.1 at WordPress.,2022-07-22 17:15:08.850,Nuclei
CVE-2022-33965,9.8,0.01692,Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities in Osamaesh WP Visitor Statistics plugin <= 5.7 at WordPress.,2022-07-25 15:15:09.533,Nuclei
CVE-2022-34045,9.8,0.05662,Wavlink WN530HG4 M30HG4.V5030.191116 was discovered to contain a hardcoded encryption/decryption key for its configuration files at /etc_ro/lighttpd/www/cgi-bin/ExportAllSettings.sh.,2022-07-20 17:15:08.483,Nuclei
CVE-2022-34046,7.5,0.14292,An access control issue in Wavlink WN533A8 M33A8.V5030.190716 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/sysinit.shtml?r=52300 and searching for [logincheck(user);].,2022-07-20 17:15:08.527,Nuclei
CVE-2022-34047,7.5,0.14292,An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/set_safety.shtml?r=52300 and searching for [var syspasswd].,2022-07-20 17:15:08.570,Nuclei
CVE-2022-34048,6.1,0.00146,Wavlink WN533A8 M33A8.V5030.190716 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the login_page parameter.,2022-07-20 17:15:08.617,Nuclei
CVE-2022-34049,5.3,0.25269,An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows unauthenticated attackers to download log files and configuration data.,2022-07-20 17:15:08.670,Nuclei
CVE-2022-34093,6.1,0.00258,Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via access_token.php.,2022-07-14 22:15:09.037,Nuclei
CVE-2022-34094,6.1,0.00258,Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via request_token.php.,2022-07-14 22:15:09.083,Nuclei
CVE-2022-34121,7.5,0.63131,Cuppa CMS v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the component /templates/default/html/windows/right.php.,2022-07-27 18:15:09.313,Nuclei
CVE-2022-34328,6.1,0.00088,PMB 7.3.10 allows reflected XSS via the id parameter in an lvl=author_see request to index.php.,2022-06-23 17:15:18.703,Nuclei
CVE-2022-34534,7.5,0.00764,Digital Watchdog DW Spectrum Server 4.2.0.32842 allows attackers to access sensitive infromation via a crafted API call.,2022-07-19 20:15:11.433,Nuclei
CVE-2022-34576,7.5,0.03075,A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to execute arbitrary code via a crafted POST request.,2022-07-25 22:15:08.670,Nuclei
CVE-2022-34590,7.2,0.01593,Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in /HMS/admin.php.,2022-07-20 21:15:08.553,Nuclei
CVE-2022-34713,7.8,0.58153,Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability,2022-08-09 20:15:11.487,CISA
CVE-2022-34753,8.8,0.97136,"A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote root exploit when the command is compromised. Affected Products: SpaceLogic C-Bus Home Controller (5200WHC2), formerly known as C-Bus Wiser Homer Controller MK2 (V1.31.460 and prior)",2022-07-13 21:15:08.163,EPSS/Nuclei
CVE-2022-3484,6.1,0.00106,"The WPB Show Core WordPress plugin does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.",2022-11-14 15:15:49.520,Nuclei
CVE-2022-34876,8.8,0.00189,"SQL Injection vulnerability in admin interface (/vicidial/admin.php) of VICIdial via modify_email_accounts, access_recordings, and agentcall_email parameters allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server. This issue affects: VICIdial 2.14b0.5 versions prior to 3555.",2022-07-05 16:15:08.033,Metasploit
CVE-2022-34877,8.8,0.00189,"SQL Injection vulnerability in AST Agent Time Sheet interface ((/vicidial/AST_agent_time_sheet.php) of VICIdial via the agent parameter allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server. This issue affects: VICIdial 2.14b0.5 versions prior to 3555.",2022-07-05 16:15:08.167,Metasploit
CVE-2022-34878,8.8,0.00189,"SQL Injection vulnerability in User Stats interface (/vicidial/user_stats.php) of VICIdial via the file_download parameter allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server.",2022-07-05 16:15:08.243,Metasploit
CVE-2022-34918,7.8,0.00635,"An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c.",2022-07-04 21:15:07.730,Metasploit
CVE-2022-3506,5.4,0.00144,Cross-site Scripting (XSS) - Stored in GitHub repository barrykooij/related-posts-for-wp prior to 2.1.3.,2022-10-14 14:15:10.747,Nuclei
CVE-2022-35151,6.1,0.00314,kkFileView v4.1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java.,2022-08-17 22:15:08.873,Nuclei
CVE-2022-35405,9.8,0.97401,Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. (This also affects ManageEngine Access Manager Plus before 4303 with authentication.),2022-07-19 15:15:08.680,EPSS/CISA/Metasploit/Nuclei
CVE-2022-35413,9.8,0.79887,WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential information (such as SSL keys) via an HTTPS request to the /webapi/ URI on port 443 or 5001.,2022-09-13 22:15:09.080,Nuclei
CVE-2022-35416,6.1,0.00102,H3C SSL VPN through 2022-07-10 allows wnm/login/login.json svpnlang cookie XSS.,2022-07-11 03:15:07.860,Nuclei
CVE-2022-35493,6.1,0.00118,"A Cross-site scripting (XSS) vulnerability in json search parse and the json response in wrteam.in, eShop - Multipurpose Ecommerce Store Website version 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the get_products?search parameter.",2022-08-08 15:15:08.853,Nuclei
CVE-2022-35653,6.1,0.01113,"A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks. This vulnerability does not impact authenticated users.",2022-07-25 16:15:08.520,Nuclei
CVE-2022-3569,7.8,0.00171,"Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the 'zimbra' user can effectively coerce postfix into running arbitrary commands as 'root'.",2022-10-17 23:15:09.437,Metasploit
CVE-2022-3578,6.1,0.00106,"The ProfileGrid WordPress plugin before 5.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting",2022-11-14 15:15:52.770,Nuclei
CVE-2022-35871,7.8,0.95318,This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Authentication is not required to exploit this vulnerability. The specific flaw exists within the authenticateAdSso method. The issue results from the lack of authentication prior to allowing the execution of python code. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17206.,2022-07-25 19:15:45.637,EPSS
CVE-2022-35914,9.8,0.97438,/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection.,2022-09-19 16:15:11.253,EPSS/CISA/Metasploit/Nuclei
CVE-2022-36446,9.8,0.9693,software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.,2022-07-25 06:15:07.900,EPSS/Metasploit/Nuclei
CVE-2022-36534,8.8,0.28844,Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below was discovered to contain multiple remote code execution (RCE) vulnerabilities via the Job_ExecuteBefore and Job_ExecuteAfter parameters at post_profilesettings.php.,2022-09-16 03:15:09.593,Metasploit
CVE-2022-36536,9.8,0.03665,An issue in the component post_applogin.php of Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below allows attackers to escalate privileges via creating crafted session tokens.,2022-09-16 03:15:09.633,Metasploit
CVE-2022-36537,7.5,0.95754,"ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader.",2022-08-26 20:15:08.303,EPSS/CISA/Nuclei
CVE-2022-36553,9.8,0.65851,Hytec Inter HWL-2511-SS v1.05 and below was discovered to contain a command injection vulnerability via the component /www/cgi-bin/popen.cgi.,2022-08-29 23:15:08.340,Nuclei
CVE-2022-36642,9.8,0.72538,A local file disclosure vulnerability in /appConfig/userDB.json of Telos Alliance Omnia MPX Node through 1.0.0-1.4.9 allows attackers to access users credentials which makes him able to gain initial access to the control panel with high privilege because the cleartext storage of sensitive information which can be unlatched by exploiting the LFD vulnerability.,2022-09-02 22:15:08.477,Nuclei
CVE-2022-36804,8.8,0.97352,"Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1 allows remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request. This vulnerability was reported via our Bug Bounty Program by TheGrandPew.",2022-08-25 06:15:09.077,EPSS/CISA/Metasploit/Nuclei
CVE-2022-36883,7.5,0.01156,A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit.,2022-07-27 15:15:08.880,Nuclei
CVE-2022-3699,7.8,0.00159,"
A privilege escalation vulnerability was reported in the Lenovo HardwareScanPlugin prior to version 1.3.1.2 and Lenovo Diagnostics prior to version 4.45



 that could allow a local user to execute code with elevated privileges.",2023-10-25 18:17:15.807,Metasploit
CVE-2022-37042,9.8,0.97536,"Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication (i.e., not having an authtoken), an attacker can upload arbitrary files to the system, leading to directory traversal and remote code execution. NOTE: this issue exists because of an incomplete fix for CVE-2022-27925.",2022-08-12 15:15:16.053,EPSS/CISA/Metasploit/Nuclei
CVE-2022-37061,9.8,0.97478,All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Command Injection. This can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST parameter in the res.php endpoint. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the root privileges.,2022-08-18 18:15:08.317,EPSS/Metasploit
CVE-2022-37153,6.1,0.01626,An issue was discovered in Artica Proxy 4.30.000000. There is a XSS vulnerability via the password parameter in /fw.login.php.,2022-08-24 13:15:08.177,Nuclei
CVE-2022-37190,8.8,0.19055,"CuppaCMS 1.0 is vulnerable to Remote Code Execution (RCE). An authenticated user can control both parameters (action and function) from ""/api/index.php.",2022-09-13 23:15:08.620,Nuclei
CVE-2022-37191,6.5,0.25178,"The component ""cuppa/api/index.php"" of CuppaCMS v1.0 is Vulnerable to LFI. An authenticated user can read system files via crafted POST request using [function] parameter value as LFI payload.",2022-09-13 23:15:08.667,Nuclei
CVE-2022-3723,8.8,0.01399,Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High),2022-11-01 23:15:19.710,CISA
CVE-2022-37299,6.5,0.00569,An issue was discovered in Shirne CMS 1.2.0. There is a Path Traversal vulnerability which could cause arbitrary file read via /static/ueditor/php/controller.php,2022-09-09 15:15:13.317,Nuclei
CVE-2022-37393,7.8,0.00114,"Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root.",2022-08-16 20:15:07.860,Metasploit
CVE-2022-3768,8.8,0.06204,"The WPSmartContracts WordPress plugin before 1.3.12 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author",2022-11-28 14:15:13.817,Nuclei
CVE-2022-37706,7.8,0.00079,"enlightenment_sys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames that begin with a /dev/.. substring.",2022-12-25 19:15:10.440,Metasploit
CVE-2022-37969,7.8,0.00125,Windows Common Log File System Driver Elevation of Privilege Vulnerability,2022-09-13 19:15:12.323,CISA
CVE-2022-3800,8.8,0.07885,"A vulnerability, which was classified as critical, has been found in IBAX go-ibax. Affected by this issue is some unknown functionality of the file /api/v2/open/rowsInfo. The manipulation of the argument table_name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212636.",2022-11-01 16:15:13.977,Nuclei
CVE-2022-38028,7.8,0.00051,Windows Print Spooler Elevation of Privilege Vulnerability,2022-10-11 19:15:15.067,CISA
CVE-2022-38108,7.2,0.03089,SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.,2022-10-20 21:15:10.147,Metasploit
CVE-2022-38131,6.1,0.001,RStudio Connect prior to 2023.01.0 is affected by an Open Redirect issue. The vulnerability could allow an attacker to redirect users to malicious websites.,2022-09-06 18:15:15.933,Nuclei
CVE-2022-38181,8.8,0.37863,"The Arm Mali GPU kernel driver allows unprivileged users to access freed memory because GPU memory operations are mishandled. This affects Bifrost r0p0 through r38p1, and r39p0; Valhall r19p0 through r38p1, and r39p0; and Midgard r4p0 through r32p0.",2022-10-25 19:15:11.487,CISA
CVE-2022-38295,6.1,0.00285,Cuppa CMS v1.0 was discovered to contain a cross-site scripting vulnerability at /table_manager/view/cu_user_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field under the Add New Group function.,2022-09-12 21:15:11.243,Nuclei
CVE-2022-38296,9.8,0.0339,Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager.,2022-09-12 21:15:11.297,Nuclei
CVE-2022-38463,6.1,0.00174,ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS in the logout functionality.,2022-08-23 19:15:09.853,Nuclei
CVE-2022-38467,6.1,0.00092,Reflected Cross-Site Scripting (XSS) vulnerability in CRM Perks Forms – WordPress Form Builder <= 1.1.0 ver.,2023-01-14 11:15:09.067,Nuclei
CVE-2022-38553,6.1,0.00212,Academy Learning Management System before v5.9.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Search parameter.,2022-09-26 10:15:09.883,Nuclei
CVE-2022-38637,9.8,0.03004,Hospital Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the Username and Password parameters on the Login page.,2022-09-13 21:15:09.763,Nuclei
CVE-2022-38794,7.5,0.01098,Zaver through 2020-12-15 allows directory traversal via the GET /.. substring.,2022-08-27 21:15:08.890,Nuclei
CVE-2022-38817,7.5,0.0132,Dapr Dashboard v0.1.0 through v0.10.0 is vulnerable to Incorrect Access Control that allows attackers to obtain sensitive data.,2022-10-03 13:15:11.030,Nuclei
CVE-2022-38870,7.5,0.01561,Free5gc v3.2.1 is vulnerable to Information disclosure.,2022-10-25 17:15:55.773,Nuclei
CVE-2022-39048,6.1,0.02684,"A XSS vulnerability was identified in the ServiceNow UI page assessment_redirect. To exploit this vulnerability, an attacker would need to persuade an authenticated user to click a maliciously crafted URL. Successful exploitation potentially could be used to conduct various client-side attacks, including, but not limited to, phishing, redirection, theft of CSRF tokens, and use of an authenticated user's browser or session to attack other systems.

",2023-04-10 14:15:07.453,Nuclei
CVE-2022-3908,6.1,0.00122,"The Helloprint WordPress plugin before 1.4.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting",2022-12-12 18:15:11.690,Nuclei
CVE-2022-39195,6.1,0.00211,A cross-site scripting (XSS) vulnerability in the LISTSERV 17 web interface allows remote attackers to inject arbitrary JavaScript or HTML via the c parameter.,2023-01-17 21:15:13.023,Nuclei
CVE-2022-39197,6.1,0.00767,"An XSS (Cross Site Scripting) vulnerability was found in HelpSystems Cobalt Strike through 4.7 that allowed a remote attacker to execute HTML on the Cobalt Strike teamserver. To exploit the vulnerability, one must first inspect a Cobalt Strike payload, and then modify the username field in the payload (or create a new payload with the extracted information and then modify that username field to be malformed).",2022-09-22 01:15:11.963,CISA
CVE-2022-3933,5.4,0.00079,"The Essential Real Estate WordPress plugin before 3.9.6 does not sanitize and escapes some parameters, which could allow users with a role as low as Admin to perform Cross-Site Scripting attacks.",2022-12-12 18:15:12.167,Nuclei
CVE-2022-3934,5.4,0.00079,"The FlatPM WordPress plugin before 3.0.13 does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin",2022-12-12 18:15:12.230,Nuclei
CVE-2022-3980,9.8,0.36783,An XML External Entity (XEE) vulnerability allows server-side request forgery (SSRF) and potential code execution in Sophos Mobile managed on-premises between versions 5.0.0 and 9.7.4.,2022-11-16 13:15:10.180,Nuclei
CVE-2022-3982,9.8,0.28919,"The Booking calendar, Appointment Booking System WordPress plugin before 3.2.2 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE",2022-12-12 18:15:12.487,Nuclei
CVE-2022-39952,9.8,0.94791,"A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request.",2023-02-16 19:15:13.060,Metasploit/Nuclei
CVE-2022-39960,5.3,0.19471,The Netic Group Export add-on before 1.0.3 for Atlassian Jira does not perform authorization checks. This might allow an unauthenticated user to export all groups from the Jira instance by making a groupexport_download=true request to a plugins/servlet/groupexportforjira/admin/ URI.,2022-09-17 18:15:09.423,Nuclei
CVE-2022-39986,9.8,0.88069,A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php.,2023-08-01 14:15:09.877,Metasploit/Nuclei
CVE-2022-40022,9.8,0.79127,Microchip Technology (Microsemi) SyncServer S650 was discovered to contain a command injection vulnerability.,2023-02-13 15:15:15.440,Metasploit/Nuclei
CVE-2022-40032,9.8,0.00392,"SQL Injection vulnerability in Simple Task Managing System version 1.0 in login.php in 'username' and 'password' parameters, allows attackers to execute arbitrary code and gain sensitive information.",2023-02-17 14:15:15.370,Nuclei
CVE-2022-40047,5.4,0.00467,Flatpress v1.2.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the page parameter at /flatpress/admin.php.,2022-10-11 19:15:20.327,Nuclei
CVE-2022-40083,9.6,0.02597,Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component. This vulnerability can be leveraged by attackers to cause a Server-Side Request Forgery (SSRF).,2022-09-28 14:15:10.953,Nuclei
CVE-2022-40127,8.8,0.37079,"A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0.",2022-11-14 10:15:10.293,Nuclei
CVE-2022-40139,7.2,0.01425,"Improper validation of some components used by the rollback mechanism in Trend Micro Apex One and Trend Micro Apex One as a Service clients could allow a Apex One server administrator to instruct affected clients to download an unverified rollback package, which could lead to remote code execution. Please note: an attacker must first obtain Apex One server administration console access in order to exploit this vulnerability.",2022-09-19 18:15:09.960,CISA
CVE-2022-40359,6.1,0.00097,Cross site scripting (XSS) vulnerability in kfm through 1.4.7 via crafted GET request to /kfm/index.php.,2022-09-23 18:15:11.370,Nuclei
CVE-2022-4049,9.8,0.05436,"The WP User WordPress plugin through 7.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users.",2023-01-02 22:15:15.827,Nuclei
CVE-2022-4050,9.8,0.05436,"The JoomSport WordPress plugin before 5.2.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users",2022-12-19 14:15:11.847,Nuclei
CVE-2022-4057,5.3,0.00183,The Autoptimize WordPress plugin before 3.1.0 uses an easily guessable path to store plugin's exported settings and logs.,2023-01-02 22:15:15.890,Nuclei
CVE-2022-4059,9.8,0.02409,"The Cryptocurrency Widgets Pack WordPress plugin before 2.0 does not sanitise and escape some parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.",2023-01-02 22:15:15.950,Nuclei
CVE-2022-4060,9.8,0.08444,"The User Post Gallery WordPress plugin through 2.19 does not limit what callback functions can be called by users, making it possible to any visitors to run code on sites running it.",2023-01-16 16:15:11.000,Nuclei
CVE-2022-4063,9.8,0.07924,"The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract() function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers.",2022-12-19 14:15:12.103,Nuclei
CVE-2022-40684,9.8,0.97243,"An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.",2022-10-18 14:15:09.747,EPSS/CISA/Metasploit/Nuclei
CVE-2022-40734,6.5,0.09142,"UniSharp laravel-filemanager (aka Laravel Filemanager) before 2.6.4 allows download?working_dir=%2F.. directory traversal to read arbitrary files, as exploited in the wild in June 2022. This is related to league/flysystem before 2.0.0.",2022-09-14 23:15:09.583,Nuclei
CVE-2022-40765,6.8,0.00168,"A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker with internal network access to conduct a command-injection attack, due to insufficient restriction of URL parameters.",2022-11-22 01:15:31.847,CISA
CVE-2022-40843,4.9,0.18628,The Tenda AC1200 V-W15Ev2 V15.11.0.10(1576) router is vulnerable to improper authorization / improper session management that allows the router login page to be bypassed. This leads to authenticated attackers having the ability to read the routers syslog.log file which contains the MD5 password of the Administrator's user account.,2022-11-15 02:15:09.093,Nuclei
CVE-2022-40879,6.1,0.0157,kkFileView v4.1.0 is vulnerable to Cross Site Scripting (XSS) via the parameter 'errorMsg.',2022-09-29 17:15:54.690,Nuclei
CVE-2022-40881,9.8,0.96137,SolarView Compact 6.00 was discovered to contain a command injection vulnerability via network_test.php,2022-11-17 04:15:10.857,EPSS/Nuclei
CVE-2022-41033,7.8,0.00068,Windows COM+ Event System Service Elevation of Privilege Vulnerability,2022-10-11 19:15:20.567,CISA
CVE-2022-41034,7.8,0.44013,Visual Studio Code Remote Code Execution Vulnerability,2022-10-11 19:15:20.643,Metasploit
CVE-2022-41040,8.8,0.96675,Microsoft Exchange Server Elevation of Privilege Vulnerability,2022-10-03 01:15:08.753,EPSS/CISA/Metasploit
CVE-2022-41049,5.4,0.00302,Windows Mark of the Web Security Feature Bypass Vulnerability,2022-11-09 22:15:19.567,CISA
CVE-2022-41073,7.8,0.00079,Windows Print Spooler Elevation of Privilege Vulnerability,2022-11-09 22:15:21.207,CISA
CVE-2022-41080,8.8,0.0167,Microsoft Exchange Server Elevation of Privilege Vulnerability,2022-11-09 22:15:21.550,CISA
CVE-2022-41082,8.0,0.21627,Microsoft Exchange Server Remote Code Execution Vulnerability,2022-10-03 01:15:08.843,CISA/Metasploit
CVE-2022-41091,5.4,0.00343,Windows Mark of the Web Security Feature Bypass Vulnerability,2022-11-09 22:15:22.093,CISA
CVE-2022-41125,7.8,0.00043,Windows CNG Key Isolation Service Elevation of Privilege Vulnerability,2022-11-09 22:15:25.307,CISA
CVE-2022-41128,8.8,0.17293,Windows Scripting Languages Remote Code Execution Vulnerability,2022-11-09 22:15:25.453,CISA
CVE-2022-4117,9.8,0.03948,"The IWS WordPress plugin through 1.0 does not properly escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection.",2022-12-26 13:15:12.373,Nuclei
CVE-2022-41223,6.8,0.00168,The Director database component of MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker to conduct a code-injection attack via crafted data due to insufficient restrictions on the database data type.,2022-11-22 01:15:32.897,CISA
CVE-2022-41328,7.1,0.06752,"A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in Fortinet FortiOS version 7.2.0 through 7.2.3, 7.0.0 through 7.0.9 and before 6.4.11 allows a privileged attacker to read and write files on the underlying Linux system via crafted CLI commands.",2023-03-07 17:15:12.093,CISA
CVE-2022-4135,9.6,0.01274,Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High),2022-11-25 01:15:09.957,CISA
CVE-2022-41352,9.8,0.95456,"An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also, pax is in the prerequisites of Zimbra on Ubuntu; however, pax is no longer part of a default Red Hat installation after RHEL 6 (or CentOS 6). Once pax is installed, amavis automatically prefers it over cpio.",2022-09-26 02:15:10.733,EPSS/CISA/Metasploit
CVE-2022-4140,7.5,0.01286,"The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to output the content of a file, which could allow unauthenticated attacker to read arbitrary files on the server",2023-01-02 22:15:16.287,Nuclei
CVE-2022-41412,8.6,0.03815,An issue in the graphData.cgi component of perfSONAR v4.4.5 and prior allows attackers to access sensitive data and execute Server-Side Request Forgery (SSRF) attacks.,2022-11-30 05:15:11.037,Nuclei
CVE-2022-41441,6.1,0.00136,Multiple cross-site scripting (XSS) vulnerabilities in ReQlogic v11.3 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the POBatch and WaitDuration parameters.,2023-01-20 15:15:13.553,Nuclei
CVE-2022-41473,6.1,0.01698,RPCMS v3.0.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Search function.,2022-10-13 14:15:10.583,Nuclei
CVE-2022-41622,8.8,0.49225,"In all versions, 

BIG-IP and BIG-IQ are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP.  

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

",2022-12-07 04:15:10.333,Metasploit
CVE-2022-41800,8.7,0.01061,"
In all versions of BIG-IP, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary.  

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

",2022-12-07 04:15:10.480,Metasploit
CVE-2022-41840,9.8,0.01602,Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin <= 2.7.7 on WordPress.,2022-11-18 19:15:30.547,Nuclei
CVE-2022-42094,4.8,0.0072,Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the 'Card' content.,2022-11-22 13:15:14.007,Nuclei
CVE-2022-42095,4.8,0.00478,Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Page content.,2022-11-23 02:15:10.143,Nuclei
CVE-2022-42096,4.8,0.00761,Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via Post content.,2022-11-21 21:15:11.417,Nuclei
CVE-2022-42233,9.8,0.64381,Tenda 11N with firmware version V5.07.33_cn suffers from an Authentication Bypass vulnerability.,2022-10-20 17:15:10.617,Nuclei
CVE-2022-42475,9.8,0.32117,"A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier  and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.",2023-01-02 09:15:09.490,CISA
CVE-2022-4260,4.8,0.00092,"The WP-Ban WordPress plugin before 1.69.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).",2023-01-02 22:15:16.750,Nuclei
CVE-2022-4262,8.8,0.00407,Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High),2022-12-02 21:15:12.247,CISA
CVE-2022-42746,6.1,0.00097,"CandidATS version 3.0.0 on 'indexFile' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks.

",2022-11-03 20:15:32.503,Nuclei
CVE-2022-42747,6.1,0.00097,"CandidATS version 3.0.0 on 'sortBy' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks.

",2022-11-03 20:15:32.617,Nuclei
CVE-2022-42748,6.1,0.00097,"CandidATS version 3.0.0 on 'sortDirection' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks.

",2022-11-03 20:15:32.727,Nuclei
CVE-2022-42749,6.1,0.00097,"CandidATS version 3.0.0 on 'page' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks.

",2022-11-03 20:15:32.853,Nuclei
CVE-2022-42827,7.8,0.00095,"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..",2022-11-01 20:15:24.333,CISA
CVE-2022-42856,8.8,0.0031,"A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1..",2022-12-15 19:15:25.123,CISA
CVE-2022-42889,9.8,0.97162,"Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is ""${prefix:name}"", where ""prefix"" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - ""script"" - execute expressions using the JVM script execution engine (javax.script) - ""dns"" - resolve dns records - ""url"" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default.",2022-10-13 13:15:10.113,EPSS/Metasploit
CVE-2022-42948,9.8,0.03359,"Cobalt Strike 4.7.1 fails to properly escape HTML tags when they are displayed on Swing components. By injecting crafted HTML code, it is possible to remotely execute code in the Cobalt Strike UI.",2023-03-24 14:15:09.927,CISA
CVE-2022-4295,6.1,0.00119,"The Show All Comments WordPress plugin before 7.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a logged in high privilege users such as admin.",2023-01-16 16:15:11.213,Nuclei
CVE-2022-4301,6.1,0.00141,"The Sunshine Photo Cart WordPress plugin before 2.9.15 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.",2023-01-09 23:15:27.497,Nuclei
CVE-2022-43014,6.1,0.00088,OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the joborderID parameter.,2022-10-19 18:15:13.413,Nuclei
CVE-2022-43015,6.1,0.00088,OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the entriesPerPage parameter.,2022-10-19 18:15:13.470,Nuclei
CVE-2022-43016,6.1,0.00088,OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the callback component.,2022-10-19 18:15:13.533,Nuclei
CVE-2022-43017,6.1,0.00088,OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the indexFile component.,2022-10-19 18:15:13.600,Nuclei
CVE-2022-43018,6.1,0.00088,OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the email parameter in the Check Email function.,2022-10-19 18:15:13.687,Nuclei
CVE-2022-4305,9.8,0.0831,"The Login as User or Customer WordPress plugin before 3.3 lacks authorization checks to ensure that users are allowed to log in as another one, which could allow unauthenticated attackers to obtain a valid admin session.",2023-01-23 15:15:14.283,Nuclei
CVE-2022-4306,5.4,0.00092,"The Panda Pods Repeater Field WordPress plugin before 1.5.4 does not sanitize and escapes a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a user having at least Contributor permission.",2023-01-30 21:15:10.510,Nuclei
CVE-2022-43140,7.5,0.00888,kkFileView v4.1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component cn.keking.web.controller.OnlinePreviewController#getCorsFile. This vulnerability allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the url parameter.,2022-11-17 17:15:13.613,Nuclei
CVE-2022-43164,5.4,0.00285,"A stored cross-site scripting (XSS) vulnerability in the Global Lists feature (/index.php?module=global_lists/lists) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking ""Add"".",2022-10-28 17:15:26.973,Nuclei
CVE-2022-43165,5.4,0.00285,"A stored cross-site scripting (XSS) vulnerability in the Global Variables feature (/index.php?module=global_vars/vars) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Value parameter after clicking ""Create"".",2022-10-28 17:15:27.047,Nuclei
CVE-2022-43166,5.4,0.00285,"A stored cross-site scripting (XSS) vulnerability in the Global Entities feature (/index.php?module=entities/entities) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking ""Add New Entity"".",2022-10-28 17:15:27.130,Nuclei
CVE-2022-43167,5.4,0.00285,"A stored cross-site scripting (XSS) vulnerability in the Users Alerts feature (/index.php?module=users_alerts/users_alerts) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking ""Add"".",2022-10-28 17:15:27.213,Nuclei
CVE-2022-43169,5.4,0.00285,"A stored cross-site scripting (XSS) vulnerability in the Users Access Groups feature (/index.php?module=users_groups/users_groups) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking ""Add New Group"".",2022-10-28 17:15:27.360,Nuclei
CVE-2022-43170,5.4,0.25691,"A stored cross-site scripting (XSS) vulnerability in the Dashboard Configuration feature (index.php?module=dashboard_configure/index) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking ""Add info block"".",2022-10-28 17:15:27.443,Nuclei
CVE-2022-43185,5.4,0.37041,A stored cross-site scripting (XSS) vulnerability in the Configuration/Holidays module of Rukovoditel v3.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter.,2022-10-19 14:15:10.443,Nuclei
CVE-2022-4320,6.1,0.00097,"The WordPress Events Calendar WordPress plugin before 1.4.5 does not sanitize and escapes a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against both unauthenticated and authenticated users (such as high-privilege ones like admin).",2023-01-16 16:15:11.430,Nuclei
CVE-2022-4321,6.1,0.00119,The PDF Generator for WordPress plugin before 1.1.2 includes a vendored dompdf example file which is susceptible to Reflected Cross-Site Scripting and could be used against high privilege users such as admin,2023-02-06 20:15:11.260,Nuclei
CVE-2022-4325,6.1,0.00141,"The Post Status Notifier Lite WordPress plugin before 1.10.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which can be used against high privilege users such as admin.",2023-01-09 23:15:27.647,Nuclei
CVE-2022-4328,9.8,0.20211,"The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server",2023-03-06 14:15:09.723,Nuclei
CVE-2022-43769,7.2,0.56193,"
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream. 

",2023-04-03 18:15:07.703,Metasploit/Nuclei
CVE-2022-43781,9.8,0.57002,There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbucket Server and Data Center instance has enabled “Allow public signup”.,2022-11-17 00:15:18.483,Metasploit
CVE-2022-43939,9.8,0.00266,"
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x contain security restrictions using non-canonical URLs which can be circumvented. 

",2023-04-03 19:15:07.047,Metasploit
CVE-2022-44290,9.8,0.00992,webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in deleteapprovalstages.php.,2022-12-02 20:15:13.880,Nuclei
CVE-2022-44291,9.8,0.00992,webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in phasesets.php.,2022-12-02 20:15:13.950,Nuclei
CVE-2022-4447,9.8,0.04713,"The Fontsy WordPress plugin through 1.8.6 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.",2023-01-16 16:15:11.817,Nuclei
CVE-2022-44698,5.4,0.02269,Windows SmartScreen Security Feature Bypass Vulnerability,2022-12-13 19:15:14.403,CISA
CVE-2022-44877,9.8,0.97392,login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter.,2023-01-05 23:15:09.150,EPSS/CISA/Metasploit/Nuclei
CVE-2022-44944,5.4,0.00069,Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Announcement function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field.,2022-12-02 20:15:14.027,Nuclei
CVE-2022-44946,5.4,0.00069,Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Page function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field.,2022-12-02 20:15:14.180,Nuclei
CVE-2022-44947,5.4,0.00082,"Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Highlight Row feature at /index.php?module=entities/listing_types&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note field after clicking ""Add"".",2022-12-02 20:15:14.257,Nuclei
CVE-2022-44948,5.4,0.00069,"Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Entities Group feature at/index.php?module=entities/entities_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking ""Add"".",2022-12-02 20:15:14.320,Nuclei
CVE-2022-44949,5.4,0.00069,Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Short Name field.,2022-12-02 20:15:14.397,Nuclei
CVE-2022-44950,5.4,0.00069,Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.,2022-12-02 20:15:14.463,Nuclei
CVE-2022-44951,5.4,0.00069,Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Form tab function at /index.php?module=entities/forms&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.,2022-12-02 20:15:14.523,Nuclei
CVE-2022-44952,5.4,0.05618,"Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in /index.php?module=configuration/application. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Copyright Text field after clicking ""Add"".",2022-12-02 20:15:14.583,Nuclei
CVE-2022-44957,5.4,0.00069,webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /clients/listclients.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.,2022-12-02 20:15:14.897,Nuclei
CVE-2022-45037,5.4,0.00069,A cross-site scripting (XSS) vulnerability in /admin/users/index.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name field.,2022-11-25 16:15:10.927,Nuclei
CVE-2022-45038,5.4,0.00069,A cross-site scripting (XSS) vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Footer field.,2022-11-25 16:15:10.977,Nuclei
CVE-2022-45354,7.5,0.00492,"Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.7.60.

",2024-01-08 21:15:08.260,Nuclei
CVE-2022-45362,6.5,0.00093,"Server-Side Request Forgery (SSRF) vulnerability in Paytm Paytm Payment Gateway.This issue affects Paytm Payment Gateway: from n/a through 2.7.0.

",2023-12-07 11:15:07.260,Nuclei
CVE-2022-45365,6.1,0.00064,"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aleksandar Urošević Stock Ticker allows Reflected XSS.This issue affects Stock Ticker: from n/a through 3.23.2.

",2023-12-14 15:15:07.357,Nuclei
CVE-2022-45805,9.8,0.00584,"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Paytm Paytm Payment Gateway paytm-payments allows SQL Injection.This issue affects Paytm Payment Gateway: from n/a through 2.7.3.

",2023-11-03 13:15:08.227,Nuclei
CVE-2022-45835,7.5,0.00359,"Server-Side Request Forgery (SSRF) vulnerability in PhonePe PhonePe Payment Solutions.This issue affects PhonePe Payment Solutions: from n/a through 1.0.15.

",2023-11-13 03:15:07.783,Nuclei
CVE-2022-45917,6.1,0.00221,ILIAS before 7.16 has an Open Redirect.,2022-12-07 01:15:11.620,Nuclei
CVE-2022-45933,9.8,0.01256,"KubeView through 0.1.31 allows attackers to obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication, and retrieves certificate files that can be used for authentication as kube-admin. NOTE: the vendor's position is that KubeView was a ""fun side project and a learning exercise,"" and not ""very secure.""",2022-11-27 03:15:11.180,Nuclei
CVE-2022-46020,9.8,0.02454,WBCE CMS v1.5.4 can implement getshell by modifying the upload file type.,2022-12-20 16:15:09.943,Nuclei
CVE-2022-46071,9.8,0.01679,There is SQL Injection vulnerability at Helmet Store Showroom v1.0 Login Page. This vulnerability can be exploited to bypass admin access.,2022-12-14 18:15:22.627,Nuclei
CVE-2022-46073,6.1,0.00095,Helmet Store Showroom 1.0 is vulnerable to Cross Site Scripting (XSS).,2022-12-14 17:15:11.433,Nuclei
CVE-2022-46169,9.8,0.9652,"Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. In affected versions a command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific data source was selected for any monitored device. The vulnerability resides in the `remote_agent.php` file. This file can be accessed without authentication. This function retrieves the IP address of the client via `get_client_addr` and resolves this IP address to the corresponding hostname via `gethostbyaddr`. After this, it is verified that an entry within the `poller` table exists, where the hostname corresponds to the resolved hostname. If such an entry was found, the function returns `true` and the client is authorized. This authorization can be bypassed due to the implementation of the `get_client_addr` function. The function is defined in the file `lib/functions.php` and checks serval `$_SERVER` variables to determine the IP address of the client. The variables beginning with `HTTP_` can be arbitrarily set by an attacker. Since there is a default entry in the `poller` table with the hostname of the server running Cacti, an attacker can bypass the authentication e.g. by providing the header `Forwarded-For: <TARGETIP>`. This way the function `get_client_addr` returns the IP address of the server running Cacti. The following call to `gethostbyaddr` will resolve this IP address to the hostname of the server, which will pass the `poller` hostname check because of the default entry. After the authorization of the `remote_agent.php` file is bypassed, an attacker can trigger different actions. One of these actions is called `polldata`. The called function `poll_for_data` retrieves a few request parameters and loads the corresponding `poller_item` entries from the database. If the `action` of a `poller_item` equals `POLLER_ACTION_SCRIPT_PHP`, the function `proc_open` is used to execute a PHP script. The attacker-controlled parameter `$poller_id` is retrieved via the function `get_nfilter_request_var`, which allows arbitrary strings. This variable is later inserted into the string passed to `proc_open`, which leads to a command injection vulnerability. By e.g. providing the `poller_id=;id` the `id` command is executed. In order to reach the vulnerable call, the attacker must provide a `host_id` and `local_data_id`, where the `action` of the corresponding `poller_item` is set to `POLLER_ACTION_SCRIPT_PHP`. Both of these ids (`host_id` and `local_data_id`) can easily be bruteforced. The only requirement is that a `poller_item` with an `POLLER_ACTION_SCRIPT_PHP` action exists. This is very likely on a productive instance because this action is added by some predefined templates like `Device - Uptime` or `Device - Polling Time`.

This command injection vulnerability allows an unauthenticated user to execute arbitrary commands if a `poller_item` with the `action` type `POLLER_ACTION_SCRIPT_PHP` (`2`) is configured. The authorization bypass should be prevented by not allowing an attacker to make `get_client_addr` (file `lib/functions.php`) return an arbitrary IP address. This could be done by not honoring the `HTTP_...` `$_SERVER` variables. If these should be kept for compatibility reasons it should at least be prevented to fake the IP address of the server running Cacti. This vulnerability has been addressed in both the 1.2.x and 1.3.x release branches with `1.2.23` being the first release containing the patch.",2022-12-05 21:15:10.527,EPSS/CISA/Metasploit/Nuclei
CVE-2022-46381,6.1,0.00101,"Certain Linear eMerge E3-Series devices are vulnerable to XSS via the type parameter (e.g., to the badging/badge_template_v0.php component). This affects 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e.",2022-12-13 22:15:10.300,Nuclei
CVE-2022-46443,8.8,0.05244,mesinkasir Bangresto 1.0 is vulnberable to SQL Injection via the itemqty%5B%5D parameter.,2022-12-14 18:15:23.920,Nuclei
CVE-2022-46463,7.5,0.07569,"An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication. NOTE: the vendor's position is that this ""is clearly described in the documentation as a feature.""",2023-01-13 00:15:09.673,Nuclei
CVE-2022-46689,7.0,0.00935,"A race condition was addressed with additional validation. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges.",2022-12-15 19:15:26.033,Metasploit
CVE-2022-46770,7.5,0.33667,qubes-mirage-firewall (aka Mirage firewall for QubesOS) 0.8.x through 0.8.3 allows guest OS users to cause a denial of service (CPU consumption and loss of forwarding) via a crafted multicast UDP packet (IP address range of 224.0.0.0 through 239.255.255.255).,2022-12-07 20:15:11.720,Metasploit
CVE-2022-46888,6.1,0.00143,Multiple reflective cross-site scripting (XSS) vulnerabilities in NexusPHP before 1.7.33 allow remote attackers to inject arbitrary web script or HTML via the secret parameter in /login.php; q parameter in /user-ban-log.php; query parameter in /log.php; text parameter in /moresmiles.php; q parameter in myhr.php; or id parameter in /viewrequests.php.,2023-01-19 19:15:10.950,Nuclei
CVE-2022-46934,6.1,0.012,kkFileView v4.1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the url parameter at /controller/OnlinePreviewController.java.,2023-02-01 20:15:10.363,Nuclei
CVE-2022-47002,9.8,0.0417,"A vulnerability in the Remember Me function of Masa CMS v7.2, 7.3, and 7.4-beta allows attackers to bypass authentication via a crafted web request.",2023-02-01 14:15:08.873,Nuclei
CVE-2022-47003,9.8,0.01235,A vulnerability in the Remember Me function of Mura CMS before v10.0.580 allows attackers to bypass authentication via a crafted web request.,2023-02-01 14:15:08.927,Nuclei
CVE-2022-47075,7.5,0.014,"An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to download sensitive information via the action name parameter to ExportEmployeeDetails.aspx, and to ExportReportingManager.aspx.",2023-02-28 23:15:11.317,Nuclei
CVE-2022-47501,7.5,0.10866,"Arbitrary file reading vulnerability in Apache Software Foundation Apache OFBiz when using the Solr plugin. This is a 
pre-authentication attack.
This issue affects Apache OFBiz: before 18.12.07.

",2023-04-14 16:15:07.203,Nuclei
CVE-2022-47615,9.8,0.02075,Local File Inclusion vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions.,2023-01-26 21:18:03.217,Nuclei
CVE-2022-47945,9.8,0.04841,"ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled (lang_switch_on=true). An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php.",2022-12-23 21:15:09.203,Nuclei
CVE-2022-47966,9.8,0.97456,"Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections. This affects Access Manager Plus before 4308, Active Directory 360 before 4310, ADAudit Plus before 7081, ADManager Plus before 7162, ADSelfService Plus before 6211, Analytics Plus before 5150, Application Control Plus before 10.1.2220.18, Asset Explorer before 6983, Browser Security Plus before 11.1.2238.6, Device Control Plus before 10.1.2220.18, Endpoint Central before 10.1.2228.11, Endpoint Central MSP before 10.1.2228.11, Endpoint DLP before 10.1.2137.6, Key Manager Plus before 6401, OS Deployer before 1.1.2243.1, PAM 360 before 5713, Password Manager Pro before 12124, Patch Manager Plus before 10.1.2220.18, Remote Access Plus before 10.1.2228.11, Remote Monitoring and Management (RMM) before 10.1.41. ServiceDesk Plus before 14004, ServiceDesk Plus MSP before 13001, SupportCenter Plus before 11026, and Vulnerability Manager Plus before 10.1.2220.18. Exploitation is only possible if SAML SSO has ever been configured for a product (for some products, exploitation requires that SAML SSO is currently active).",2023-01-18 18:15:10.570,EPSS/CISA/Nuclei
CVE-2022-47986,9.8,0.95924,"
IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was removed in Faspex 4.4.2 PL2. IBM X-Force ID: 243512.

",2023-02-17 16:15:10.873,EPSS/CISA/Nuclei
CVE-2022-48012,6.1,0.00112,Opencats v0.9.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /opencats/index.php?m=settings&a=ajax_tags_upd.,2023-01-27 18:15:15.463,Nuclei
CVE-2022-48165,7.5,0.03326,An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN530H4 M30H4.V5030.210121 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials.,2023-02-03 21:15:10.890,Nuclei
CVE-2022-48197,6.1,0.00592,"Reflected cross-site scripting (XSS) exists in Sandbox examples in the YUI2 repository. The download distributions, TreeView component and the YUI Javascript library overall are not affected. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.",2023-01-02 16:15:10.997,Nuclei
CVE-2022-48618,7.0,0.00234,"The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited against versions of iOS released before iOS 15.7.1.",2024-01-09 18:15:45.120,CISA
CVE-2022-4897,6.1,0.00488,"The BackupBuddy WordPress plugin before 8.8.3 does not sanitise and escape some parameters before outputting them back in various places, leading to Reflected Cross-Site Scripting",2023-02-21 09:15:11.827,Nuclei
CVE-2023-0099,6.1,0.00109,"The Simple URLs WordPress plugin before 115 does not sanitise and escape some parameters before outputting them back in some pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.",2023-02-13 15:15:20.660,Nuclei
CVE-2023-0126,7.5,0.29084,"Pre-authentication path traversal vulnerability in SMA1000 firmware version 12.4.2, which allows an unauthenticated attacker to access arbitrary files and directories stored outside the web root directory.",2023-01-19 20:15:10.850,Nuclei
CVE-2023-0159,7.5,0.01059,"The Extensive VC Addons for WPBakery page builder WordPress plugin before 1.9.1 does not validate a parameter passed to the php extract function when loading templates, allowing an unauthenticated attacker to override the template path to read arbitrary files from the hosts file system. This may be escalated to RCE using PHP filter chains.",2023-02-13 15:15:20.827,Nuclei
CVE-2023-0236,6.1,0.00119,"The Tutor LMS WordPress plugin before 2.0.10 does not sanitise and escape the reset_key and user_id parameters before outputting then back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin",2023-02-06 20:15:14.117,Nuclei
CVE-2023-0261,8.8,0.08908,"The WP TripAdvisor Review Slider WordPress plugin before 10.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber.",2023-02-13 15:15:21.473,Nuclei
CVE-2023-0266,7.8,0.00098,"A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e
",2023-01-30 14:15:10.500,CISA
CVE-2023-0297,9.8,0.52663,Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31.,2023-01-14 03:15:18.800,Metasploit/Nuclei
CVE-2023-0315,8.8,0.54023,Command Injection in GitHub repository froxlor/froxlor prior to 2.0.8.,2023-01-16 01:15:08.937,Metasploit
CVE-2023-0334,6.1,0.00119,"The ShortPixel Adaptive Images WordPress plugin before 3.6.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against any high privilege users such as admin",2023-02-27 16:15:12.047,Nuclei
CVE-2023-0342,5.3,0.01174,"MongoDB Ops Manager Diagnostics Archive may not redact sensitive PEM key file password app settings. Archives do not include the PEM files themselves. This issue affects MongoDB Ops Manager v5.0 prior to 5.0.21 and MongoDB Ops Manager v6.0 prior to 6.0.12

",2023-06-09 09:15:09.383,Metasploit
CVE-2023-0448,6.1,0.00119,"The WP Helper Lite WordPress plugin, in versions < 4.3, returns all GET parameters unsanitized in the response, resulting in a reflected cross-site scripting vulnerability.",2023-01-26 21:18:08.447,Nuclei
CVE-2023-0514,6.1,0.00135,"The Membership Database WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin",2023-05-08 14:15:11.330,Nuclei
CVE-2023-0527,6.1,0.0047,"A vulnerability was found in PHPGurukul Online Security Guards Hiring System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file search-request.php. The manipulation of the argument searchdata with the input ""><script>alert(document.domain)</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-219596.",2023-01-27 11:15:12.240,Nuclei
CVE-2023-0552,5.4,0.00092,"The Registration Forms WordPress plugin before 3.8.2.3 does not properly validate the redirection URL when logging in and login out, leading to an Open Redirect vulnerability",2023-02-27 16:15:12.610,Nuclei
CVE-2023-0562,9.8,0.02345,A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php of the component Login. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-219716.,2023-01-28 23:15:08.810,Nuclei
CVE-2023-0563,4.8,0.00752,A vulnerability classified as problematic has been found in PHPGurukul Bank Locker Management System 1.0. This affects an unknown part of the file add-locker-form.php of the component Assign Locker. The manipulation of the argument ahname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-219717 was assigned to this vulnerability.,2023-01-28 23:15:08.897,Nuclei
CVE-2023-0600,9.8,0.04936,"The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 6.9 does not escape user input which is concatenated to an SQL query, allowing unauthenticated visitors to conduct SQL Injection attacks.",2023-05-15 13:15:09.867,Nuclei
CVE-2023-0602,6.1,0.00071,"The Twittee Text Tweet WordPress plugin through 1.0.8 does not properly escape POST values which are printed back to the user inside one of the plugin's administrative page, which allows reflected XSS attacks targeting administrators to happen.",2023-07-31 10:15:10.333,Nuclei
CVE-2023-0630,8.8,0.09886,The Slimstat Analytics WordPress plugin before 4.9.3.3 does not prevent subscribers from rendering shortcodes that concatenates attributes directly into an SQL query.,2023-03-20 16:15:12.367,Nuclei
CVE-2023-0669,7.2,0.96887,"Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.",2023-02-06 20:15:14.300,EPSS/CISA/Metasploit/Nuclei
CVE-2023-0678,5.3,0.02274,Missing Authorization in GitHub repository phpipam/phpipam prior to v1.5.1.,2023-02-04 13:15:12.713,Nuclei
CVE-2023-0777,9.8,0.04006,Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4.,2023-02-10 19:15:12.937,Nuclei
CVE-2023-0872,8.0,0.00043,"The Horizon REST API includes a users endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to elevation of privilege. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet.

OpenNMS thanks Erik Wynter for reporting this issue.",2023-08-14 18:15:10.730,Metasploit
CVE-2023-0900,7.2,0.01208,"The Pricing Table Builder WordPress plugin through 1.1.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admins.",2023-06-05 14:15:09.793,Nuclei
CVE-2023-0942,6.1,0.00574,"The Japanized For WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in versions up to, and including, 2.5.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",2023-02-21 20:15:12.523,Nuclei
CVE-2023-0947,9.8,0.01787,Path Traversal in GitHub repository flatpressblog/flatpress prior to 1.3.,2023-02-22 01:15:11.930,Nuclei
CVE-2023-0948,6.1,0.00104,"The Japanized For WooCommerce WordPress plugin before 2.5.8 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting",2023-05-08 14:15:12.277,Nuclei
CVE-2023-0968,6.1,0.00262,"The Watu Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘dn’, 'email', 'points', and 'date' parameters in versions up to, and including, 3.3.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",2023-03-03 22:15:09.557,Nuclei
CVE-2023-1020,9.8,0.05289,"The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.",2023-04-24 19:15:09.103,Nuclei
CVE-2023-1080,6.1,0.00262,"The GN Publisher plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",2023-02-28 13:15:10.510,Nuclei
CVE-2023-1133,9.8,0.10805,"Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which the Device-status service listens on port 10100/ UDP by default. The service accepts the unverified UDP packets and deserializes the content, which could allow an unauthenticated attacker to remotely execute arbitrary code.",2023-03-27 15:15:07.293,Metasploit
CVE-2023-1177,9.8,0.03903,"Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1.

",2023-03-24 15:15:10.193,Nuclei
CVE-2023-1263,5.3,0.00257,"The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 4.1.6  via the cmp_get_post_detail function. This can allow unauthenticated individuals to obtain the contents of any non-password-protected, published post or page even when maintenance mode is enabled.",2023-03-07 22:15:10.647,Nuclei
CVE-2023-1362,6.1,0.00134,Improper Restriction of Rendered UI Layers or Frames in GitHub repository unilogies/bumsys prior to v2.0.2.,2023-03-13 05:15:11.933,Nuclei
CVE-2023-1389,8.8,0.06877,"TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. Specifically, the country parameter of the write operation was not sanitized before being used in a call to popen(), allowing an unauthenticated attacker to inject commands, which would be run as root, with a simple POST request.",2023-03-15 23:15:09.403,CISA
CVE-2023-1408,7.2,0.01208,"The Video List Manager WordPress plugin through 1.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin",2023-05-08 14:15:12.577,Nuclei
CVE-2023-1454,9.8,0.09078,A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This affects an unknown part of the file jmreport/qurestSql. The manipulation of the argument apiSelectId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223299.,2023-03-17 07:15:13.573,Nuclei
CVE-2023-1496,5.4,0.00091,Cross-site Scripting (XSS) - Reflected in GitHub repository imgproxy/imgproxy prior to 3.14.0.,2023-03-19 17:15:11.173,Nuclei
CVE-2023-1546,6.1,0.00104,"The MyCryptoCheckout WordPress plugin before 2.124 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting",2023-05-02 08:15:09.957,Nuclei
CVE-2023-1671,9.8,0.96451,A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code.,2023-04-04 10:15:07.197,EPSS/CISA/Nuclei
CVE-2023-1698,9.8,0.89714,"In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise.",2023-05-15 09:15:09.510,Nuclei
CVE-2023-1719,9.8,0.03101,"Global variable extraction in bitrix/modules/main/tools.php in Bitrix24 22.0.300 allows unauthenticated remote attackers to (1) enumerate attachments on the server and (2) execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via overwriting uninitialised variables.",2023-11-01 10:15:09.373,Nuclei
CVE-2023-1730,9.8,0.05289,"The SupportCandy WordPress plugin before 3.1.5 does not validate and escape user input before using it in an SQL statement, which could allow unauthenticated attackers to perform SQL injection attacks",2023-05-02 08:15:10.267,Nuclei
CVE-2023-1780,6.1,0.00077,"The Companion Sitemap Generator WordPress plugin before 4.5.3 does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.",2023-07-10 16:15:48.950,Nuclei
CVE-2023-1835,6.1,0.00135,"The Ninja Forms Contact Form WordPress plugin before 3.6.22 does not properly escape user input before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin",2023-05-15 13:15:10.463,Nuclei
CVE-2023-1880,6.1,0.00109,Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.12.,2023-04-05 17:15:07.133,Nuclei
CVE-2023-1890,6.1,0.00281,"The Tablesome WordPress plugin before 1.0.9 does not escape various generated URLs, before outputting them in attributes when some notices are displayed, leading to Reflected Cross-Site Scripting",2023-05-15 13:15:10.593,Nuclei
CVE-2023-1892,9.6,0.02595,Cross-site Scripting (XSS) - Reflected in GitHub repository sidekiq/sidekiq prior to 7.0.8.,2023-04-21 05:15:07.057,Nuclei
CVE-2023-20073,9.8,0.36353,"A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement mechanisms in the context of file uploads. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to upload arbitrary files to the affected device.",2023-04-05 16:15:07.720,Nuclei
CVE-2023-2009,4.8,0.00099,"Plugin does not sanitize and escape the URL field in the Pretty Url WordPress plugin through 1.5.4 settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).",2023-05-15 13:15:10.817,Nuclei
CVE-2023-20109,6.6,0.00773,"A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute arbitrary code on an affected device or cause the device to crash.

 This vulnerability is due to insufficient validation of attributes in the Group Domain of Interpretation (GDOI) and G-IKEv2 protocols of the GET VPN feature. An attacker could exploit this vulnerability by either compromising an installed key server or modifying the configuration of a group member to point to a key server that is controlled by the attacker. A successful exploit could allow the attacker to execute arbitrary code and gain full control of the affected system or cause the affected system to reload, resulting in a denial of service (DoS) condition. For more information, see the Details [""#details""] section of this advisory.",2023-09-27 18:15:10.860,CISA
CVE-2023-20198,10.0,0.84801,"Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are updating the list of fixed releases and adding the Software Checker. Our investigation has determined that the actors exploited two previously unknown issues. The attacker first exploited CVE-2023-20198 to gain initial access and issued a privilege 15 command to create a local user and password combination. This allowed the user to log in with normal user access. The attacker then exploited another component of the web UI feature, leveraging the new local user to elevate privilege to root and write the implant to the file system. Cisco has assigned CVE-2023-20273 to this issue. CVE-2023-20198 has been assigned a CVSS Score of 10.0. CVE-2023-20273 has been assigned a CVSS Score of 7.2. Both of these CVEs are being tracked by CSCwh87343.",2023-10-16 16:15:10.023,CISA/Nuclei
CVE-2023-2023,6.1,0.00418,"The Custom 404 Pro WordPress plugin before 3.7.3 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting.",2023-05-30 08:15:09.787,Nuclei
CVE-2023-20269,9.1,0.02298,"A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and password combinations or an authenticated, remote attacker to establish a clientless SSL VPN session with an unauthorized user.

 This vulnerability is due to improper separation of authentication, authorization, and accounting (AAA) between the remote access VPN feature and the HTTPS management and site-to-site VPN features. An attacker could exploit this vulnerability by specifying a default connection profile/tunnel group while conducting a brute force attack or while establishing a clientless SSL VPN session using valid credentials. A successful exploit could allow the attacker to achieve one or both of the following:

 
 Identify valid credentials that could then be used to establish an unauthorized remote access VPN session.
 Establish a clientless SSL VPN session (only when running Cisco ASA Software Release 9.16 or earlier).
 
 Notes:

 
 Establishing a client-based remote access VPN tunnel is not possible as these default connection profiles/tunnel groups do not and cannot have an IP address pool configured.
 This vulnerability does not allow an attacker to bypass authentication. To successfully establish a remote access VPN session, valid credentials are required, including a valid second factor if multi-factor authentication (MFA) is configured.
 
 Cisco will release software updates that address this vulnerability. There are workarounds that address this vulnerability.",2023-09-06 18:15:08.303,CISA
CVE-2023-20273,7.2,0.03646,"A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges.",2023-10-25 18:17:23.017,CISA
CVE-2023-2033,8.8,0.02559,Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High),2023-04-14 19:15:09.453,CISA
CVE-2023-2059,5.3,0.03693,A vulnerability was found in DedeCMS 5.7.87. It has been rated as problematic. Affected by this issue is some unknown functionality of the file uploads/include/dialog/select_templets.php. The manipulation leads to path traversal: '..\filedir'. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225944.,2023-04-14 15:15:07.600,Nuclei
CVE-2023-2068,9.8,0.33469,"The File Manager Advanced Shortcode WordPress plugin through 2.3.2 does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to unauthenticated users.",2023-06-27 14:15:10.477,Metasploit
CVE-2023-20864,9.8,0.25824,"VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root.",2023-04-20 21:15:08.620,Nuclei
CVE-2023-20867,3.9,0.00159,"A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.",2023-06-13 17:15:14.070,CISA
CVE-2023-20887,9.8,0.96668,Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution.,2023-06-07 15:15:09.190,EPSS/CISA/Metasploit/Nuclei
CVE-2023-20888,8.8,0.24774,Aria Operations for Networks contains an authenticated deserialization vulnerability. A malicious actor with network access to VMware Aria Operations for Networks and valid 'member' role credentials may be able to perform a deserialization attack resulting in remote code execution.,2023-06-07 15:15:09.263,Nuclei
CVE-2023-20889,7.5,0.48839,Aria Operations for Networks contains an information disclosure vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in information disclosure.,2023-06-07 15:15:09.317,Nuclei
CVE-2023-20963,7.8,0.00224,"In WorkSource, there is a possible parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-220302519",2023-03-24 20:15:10.010,CISA
CVE-2023-2122,6.1,0.00071,"The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitise and escape the iowd_tabs_active parameter before rendering it in the plugin admin panel, leading to a reflected Cross-Site Scripting vulnerability, allowing an attacker to trick a logged in admin to execute arbitrary javascript by clicking a link.",2023-08-16 12:15:12.607,Nuclei
CVE-2023-21237,5.5,0.00242,"In applyRemoteView of NotificationContentInflater.java, there is a possible way to hide foreground service notification due to misleading or insufficient UI. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-251586912",2023-06-28 18:15:16.560,CISA
CVE-2023-2130,9.8,0.02537,A vulnerability classified as critical has been found in SourceCodester Purchase Order Management System 1.0. Affected is an unknown function of the file /admin/suppliers/view_details.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-226206 is the identifier assigned to this vulnerability.,2023-04-17 20:15:07.243,Nuclei
CVE-2023-2136,9.6,0.00635,Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High),2023-04-19 04:15:31.607,CISA
CVE-2023-21492,4.4,0.00116,Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR.,2023-05-04 21:15:10.070,CISA
CVE-2023-21554,9.8,0.95084,Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability,2023-04-11 21:15:15.597,EPSS/Metasploit
CVE-2023-21608,7.8,0.01503,"Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",2023-01-18 19:15:11.877,CISA
CVE-2023-21674,8.8,0.00559,Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability,2023-01-10 22:15:16.307,CISA
CVE-2023-21715,7.3,0.00385,Microsoft Publisher Security Features Bypass Vulnerability,2023-02-14 20:15:14.280,CISA
CVE-2023-21768,7.8,0.00288,Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability,2023-01-10 22:15:19.367,Metasploit
CVE-2023-2178,4.8,0.00094,"The Aajoda Testimonials WordPress plugin before 2.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).",2023-06-27 14:15:10.540,Nuclei
CVE-2023-21823,7.8,0.64056,Windows Graphics Component Remote Code Execution Vulnerability,2023-02-14 21:15:12.297,CISA
CVE-2023-21839,7.5,0.95502,"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).  Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and  14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",2023-01-18 00:15:13.450,EPSS/CISA/Metasploit
CVE-2023-22232,5.3,0.12731,"Adobe Connect versions 11.4.5 (and earlier), 12.1.5 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the integrity of a minor feature. Exploitation of this issue does not require user interaction.",2023-02-17 22:15:13.533,Nuclei
CVE-2023-2224,4.8,0.00158,"The SEO by 10Web WordPress plugin before 1.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).",2023-06-05 14:15:09.977,Nuclei
CVE-2023-2227,9.1,0.01175,Improper Authorization in GitHub repository modoboa/modoboa prior to 2.1.0.,2023-04-21 13:15:07.120,Nuclei
CVE-2023-22432,6.1,0.00359,"Open redirect vulnerability exists in web2py versions prior to 2.23.1. When using the tool, a web2py user may be redirected to an arbitrary website by accessing a specially crafted URL. As a result, the user may become a victim of a phishing attack.",2023-03-06 00:15:10.700,Nuclei
CVE-2023-22463,9.8,0.03615,"KubePi is a k8s panel. The jwt authentication function of KubePi through version 1.6.2 uses hard-coded Jwtsigkeys, resulting in the same Jwtsigkeys for all online projects. This means that an attacker can forge any jwt token to take over the administrator account of any online project. Furthermore, they may use the administrator to take over the k8s cluster of the target enterprise. `session.go`, the use of hard-coded JwtSigKey, allows an attacker to use this value to forge jwt tokens arbitrarily. The JwtSigKey is confidential and should not be hard-coded in the code. The vulnerability has been fixed in 1.6.3. In the patch, JWT key is specified in app.yml. If the user leaves it blank, a random key will be used. There are no workarounds aside from upgrading.",2023-01-04 16:15:09.143,Nuclei
CVE-2023-22478,7.5,0.12271,KubePi is a modern Kubernetes panel. The API interfaces with unauthorized entities and may leak sensitive information. This issue has been patched in version 1.6.4. There are currently no known workarounds.,2023-01-14 01:15:14.637,Nuclei
CVE-2023-22480,9.8,0.10769,"KubeOperator is an open source Kubernetes distribution focused on helping enterprises plan, deploy and operate production-level K8s clusters. In KubeOperator versions 3.16.3 and below, API interfaces with unauthorized entities and can leak sensitive information. This vulnerability could be used to take over the cluster under certain conditions. This issue has been patched in version 3.16.4.
",2023-01-14 01:15:15.207,Nuclei
CVE-2023-22515,9.8,0.97333,"Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. 

Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue. ",2023-10-04 14:15:10.440,EPSS/CISA/Nuclei
CVE-2023-22518,9.8,0.96595,"All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Improper Authorization vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account. Using this account, an attacker can then perform all administrative actions that are available to Confluence instance administrator leading to - but not limited to - full loss of confidentiality, integrity and availability. 

Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.",2023-10-31 15:15:08.573,EPSS/CISA/Metasploit/Nuclei
CVE-2023-2252,2.7,0.00105,The Directorist WordPress plugin before 7.5.4 is vulnerable to Local File Inclusion as it does not validate the file parameter when importing CSV files.,2024-01-16 16:15:10.773,Nuclei
CVE-2023-22527,9.8,0.97264,"A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action.

Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin.",2024-01-16 05:15:08.290,EPSS/CISA/Metasploit/Nuclei
CVE-2023-22620,7.5,0.03698,An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device's authentication and get access to the administrative interface.,2023-04-12 23:15:06.943,Nuclei
CVE-2023-2272,6.1,0.00071,"The Tiempo.com WordPress plugin through 0.1.2 does not sanitise and escape the page parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin",2023-08-16 12:15:13.053,Nuclei
CVE-2023-22809,7.8,0.0005,"In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a ""--"" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.",2023-01-18 17:15:10.353,Metasploit
CVE-2023-22897,6.5,0.03238,"An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows information disclosure of memory contents to be achieved by an authenticated user. Essentially, uninitialized data can be retrieved via an approach in which a sessionid is obtained but not used.",2023-04-12 23:15:07.077,Nuclei
CVE-2023-22952,8.8,0.29198,"In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation.",2023-01-11 09:15:08.787,CISA/Metasploit
CVE-2023-23161,6.1,0.00315,A reflected cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the artname parameter under ART TYPE option in the navigation bar.,2023-02-10 20:15:53.313,Nuclei
CVE-2023-23333,9.8,0.96326,"There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions through downloader.php.",2023-02-06 22:15:09.630,EPSS/Metasploit/Nuclei
CVE-2023-23376,7.8,0.00062,Windows Common Log File System Driver Elevation of Privilege Vulnerability,2023-02-14 20:15:16.907,CISA
CVE-2023-23397,9.8,0.91547,Microsoft Outlook Elevation of Privilege Vulnerability,2023-03-14 17:15:13.263,CISA
CVE-2023-23488,9.8,0.05363,"The Paid Memberships Pro WordPress Plugin, version < 2.9.8, is affected by an unauthenticated SQL injection vulnerability in the 'code' parameter of the '/pmpro/v1/order' REST route.",2023-01-20 18:15:10.470,Metasploit/Nuclei
CVE-2023-23489,9.8,0.11793,"The Easy Digital Downloads WordPress Plugin, versions 3.1.0.2 & 3.1.0.3, is affected by an unauthenticated SQL injection vulnerability in the 's' parameter of its 'edd_download_search' action.",2023-01-20 18:15:10.530,Nuclei
CVE-2023-23491,6.1,0.00119,"The Quick Event Manager WordPress Plugin, version < 9.7.5, is affected by a reflected cross-site scripting vulnerability in the 'category' parameter of its 'qem_ajax_calendar' action.",2023-01-20 19:15:18.493,Nuclei
CVE-2023-23492,8.8,0.06178,"The Login with Phone Number WordPress Plugin, version < 1.4.2, is affected by an authenticated SQL injection vulnerability in the 'ID' parameter of its 'lwp_forgot_password' action.",2023-01-20 19:15:18.543,Nuclei
CVE-2023-23529,8.8,0.00186,"A type confusion issue was addressed with improved checks. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.",2023-02-27 20:15:14.710,CISA
CVE-2023-2356,7.5,0.01419,Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1.,2023-04-28 00:15:08.890,Nuclei
CVE-2023-23752,5.3,0.94888,An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.,2023-02-16 17:15:10.603,CISA/Metasploit/Nuclei
CVE-2023-24044,6.1,0.00183,"A Host Header Injection issue on the Login page of Plesk Obsidian through 18.0.49 allows attackers to redirect users to malicious websites via a Host request header. NOTE: the vendor's position is ""the ability to use arbitrary domain names to access the panel is an intended feature.""",2023-01-22 03:15:09.967,Nuclei
CVE-2023-24243,7.5,0.0159,CData RSB Connect v22.0.8336 was discovered to contain a Server-Side Request Forgery (SSRF).,2023-06-16 17:15:11.763,Nuclei
CVE-2023-24278,6.1,0.00158,Squidex before 7.4.0 was discovered to contain a squid.svg cross-site scripting (XSS) vulnerability.,2023-03-18 04:16:02.020,Nuclei
CVE-2023-24322,6.1,0.00157,A reflected cross-site scripting (XSS) vulnerability in the FileDialog.aspx component of mojoPortal v2.7.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ed and tbi parameters.,2023-02-09 20:15:11.807,Nuclei
CVE-2023-24488,6.1,0.05461,Cross site scripting vulnerability in Citrix ADC and Citrix Gateway  in allows and attacker to perform cross site scripting,2023-07-10 21:15:10.707,Nuclei
CVE-2023-24489,9.8,0.97355,"
A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller.",2023-07-10 22:15:09.197,EPSS/CISA/Nuclei
CVE-2023-24657,6.1,0.00983,phpipam v1.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the closeClass parameter at /subnet-masks/popup.php.,2023-03-08 06:15:44.490,Nuclei
CVE-2023-24733,6.1,0.00099,PMB v7.4.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the query parameter at /admin/convert/export_z3950_new.php.,2023-03-06 21:15:11.080,Nuclei
CVE-2023-24735,6.1,0.00602,PMB v7.4.6 was discovered to contain an open redirect vulnerability via the component /opac_css/pmb.php. This vulnerability allows attackers to redirect victim users to an external domain via a crafted URL.,2023-03-06 21:15:11.183,Nuclei
CVE-2023-24737,6.1,0.00099,PMB v7.4.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the query parameter at /admin/convert/export_z3950.php.,2023-03-06 21:15:11.290,Nuclei
CVE-2023-2479,9.8,0.96376,OS Command Injection in GitHub repository appium/appium-desktop prior to v1.22.3-4.,2023-05-02 15:15:23.760,EPSS/Nuclei
CVE-2023-24880,4.4,0.00606,Windows SmartScreen Security Feature Bypass Vulnerability,2023-03-14 17:15:17.683,CISA
CVE-2023-24955,7.2,0.70701,Microsoft SharePoint Server Remote Code Execution Vulnerability,2023-05-09 18:15:13.317,CISA/Metasploit
CVE-2023-25135,9.8,0.71557,"vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers deserialization. This occurs because verify_serialized checks that a value is serialized by calling unserialize and then checking for errors. The fixed versions are 5.6.7 PL1, 5.6.8 PL1, and 5.6.9 PL1.",2023-02-03 05:15:10.737,Nuclei
CVE-2023-25157,9.8,0.5795,"GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language (CQL) as part of the Web Feature Service (WFS) and Web Map Service (WMS) protocols.  CQL is also supported through the Web Coverage Service (WCS) protocol for ImageMosaic coverages. Users are advised to upgrade to either version 2.21.4, or version 2.22.2 to resolve this issue. Users unable to upgrade should disable the PostGIS Datastore *encode functions* setting to mitigate ``strEndsWith``, ``strStartsWith`` and ``PropertyIsLike `` misuse and enable the PostGIS DataStore *preparedStatements* setting to mitigate the ``FeatureId`` misuse.",2023-02-21 22:15:10.620,Nuclei
CVE-2023-25194,8.8,0.97016,"A possible security vulnerability has been identified in Apache Kafka Connect API.
This requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config
and a SASL-based security protocol, which has been possible on Kafka Connect clusters since Apache Kafka Connect 2.3.0.
When configuring the connector via the Kafka Connect REST API, an authenticated operator can set the `sasl.jaas.config`
property for any of the connector's Kafka clients to ""com.sun.security.auth.module.JndiLoginModule"", which can be done via the
`producer.override.sasl.jaas.config`, `consumer.override.sasl.jaas.config`, or `admin.override.sasl.jaas.config` properties.
This will allow the server to connect to the attacker's LDAP server
and deserialize the LDAP response, which the attacker can use to execute java deserialization gadget chains on the Kafka connect server.
Attacker can cause unrestricted deserialization of untrusted data (or) RCE vulnerability when there are gadgets in the classpath.

Since Apache Kafka 3.0.0, users are allowed to specify these properties in connector configurations for Kafka Connect clusters running with out-of-the-box
configurations. Before Apache Kafka 3.0.0, users may not specify these properties unless the Kafka Connect cluster has been reconfigured with a connector
client override policy that permits them.

Since Apache Kafka 3.4.0, we have added a system property (""-Dorg.apache.kafka.disallowed.login.modules"") to disable the problematic login modules usage
in SASL JAAS configuration. Also by default ""com.sun.security.auth.module.JndiLoginModule"" is disabled in Apache Kafka Connect 3.4.0. 

We advise the Kafka Connect users to validate connector configurations and only allow trusted JNDI configurations. Also examine connector dependencies for 
vulnerable versions and either upgrade their connectors, upgrading that specific dependency, or removing the connectors as options for remediation. Finally,
in addition to leveraging the ""org.apache.kafka.disallowed.login.modules"" system property, Kafka Connect users can also implement their own connector
client config override policy, which can be used to control which Kafka client properties can be overridden directly in a connector config and which cannot.
",2023-02-07 20:15:09.017,EPSS/Metasploit/Nuclei
CVE-2023-25346,6.1,0.0018,A reflected cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter of /churchcrm/v2/family/not-found.,2023-04-25 13:15:09.710,Nuclei
CVE-2023-25573,7.5,0.05337,"metersphere is an open source continuous testing platform. In affected versions an improper access control vulnerability exists in `/api/jmeter/download/files`, which allows any user to download any file without authentication. This issue may expose all files available to the running process. This issue has been addressed in version 1.20.20 lts and 2.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.",2023-03-09 17:15:10.600,Nuclei
CVE-2023-25717,9.8,0.95686,"Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring.",2023-02-13 20:15:10.973,EPSS/CISA/Nuclei
CVE-2023-25826,9.8,0.00146,"
Due to insufficient validation of parameters passed to the legacy HTTP query API, it is possible to inject crafted OS commands into multiple parameters and execute malicious code on the OpenTSDB host system. This exploit exists due to an incomplete fix that was made when this vulnerability was previously disclosed as CVE-2020-35476. Regex validation that was implemented to restrict allowed input to the query API does not work as intended, allowing crafted commands to bypass validation.

",2023-05-03 19:15:08.963,Metasploit
CVE-2023-26035,9.8,0.96572,"ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the snapshot action, which expects an id to fetch an existing monitor but can be passed an object to create a new one instead. TriggerOn ends up calling shell_exec using the supplied Id. This issue is fixed in This issue is fixed in versions 1.36.33 and 1.37.33.",2023-02-25 02:15:13.550,EPSS/Metasploit/Nuclei
CVE-2023-26067,8.1,0.17036,Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 1 of 4).,2023-04-10 20:15:10.387,Nuclei
CVE-2023-26068,9.8,0.20911,Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 2 of 4).,2023-04-10 20:15:10.483,Metasploit
CVE-2023-26083,3.3,0.03767,"Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost GPU Kernel Driver all versions from r0p0 - r42p0, Valhall GPU Kernel Driver all versions from r19p0 - r42p0, and Avalon GPU Kernel Driver all versions from r41p0 - r42p0 allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata.",2023-04-06 16:15:07.843,CISA
CVE-2023-26255,7.5,0.18262,"An unauthenticated path traversal vulnerability affects the ""STAGIL Navigation for Jira - Menu & Themes"" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjCustomDesignConfig endpoint, it is possible to traverse and read the file system.",2023-02-28 16:15:09.447,Nuclei
CVE-2023-26256,7.5,0.02086,"An unauthenticated path traversal vulnerability affects the ""STAGIL Navigation for Jira - Menu & Themes"" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjFooterNavigationConfig endpoint, it is possible to traverse and read the file system.",2023-02-28 16:15:09.500,Nuclei
CVE-2023-26347,7.5,0.00315,Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An unauthenticated attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction.,2023-11-17 14:15:20.867,Nuclei
CVE-2023-26359,9.8,0.7223,Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.,2023-03-23 20:15:15.167,CISA
CVE-2023-26360,8.6,0.95219,Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.,2023-03-23 20:15:15.263,EPSS/CISA/Nuclei
CVE-2023-26369,7.8,0.01536,"Acrobat Reader versions 23.003.20284 (and earlier), 20.005.30516 (and earlier) and 20.005.30514 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",2023-09-13 09:15:13.007,CISA
CVE-2023-26469,9.8,0.93223,"In Jorani 1.0.0, an attacker could leverage path traversal to access files and execute code on the server.",2023-08-17 19:15:12.143,Metasploit/Nuclei
CVE-2023-2648,9.8,0.10552,A vulnerability was found in Weaver E-Office 9.5. It has been classified as critical. This affects an unknown part of the file /inc/jquery/uploadify/uploadify.php. The manipulation of the argument Filedata leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228777 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.,2023-05-11 08:15:08.773,Nuclei
CVE-2023-26842,5.4,0.00267,A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the OptionManager.php.,2023-05-31 14:15:10.067,Nuclei
CVE-2023-26843,5.4,0.00264,A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the NoteEditor.php.,2023-04-25 13:15:10.063,Nuclei
CVE-2023-26876,8.8,0.02208,SQL injection vulnerability found in Piwigo v.13.5.0 and before allows a remote attacker to execute arbitrary code via the filter_user_id parameter to the admin.php?page=history&filter_image_id=&filter_user_id endpoint.,2023-04-21 15:15:07.160,Metasploit
CVE-2023-27008,6.1,0.00133,A Cross-site scripting (XSS) vulnerability in the function encrypt_password() in login.tmpl.php in ATutor 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter.,2023-03-28 15:15:06.973,Nuclei
CVE-2023-27032,9.8,0.01802,Prestashop advancedpopupcreator v1.1.21 to v1.1.24 was discovered to contain a SQL injection vulnerability via the component AdvancedPopup::getPopups().,2023-04-12 14:15:07.757,Nuclei
CVE-2023-27034,9.8,0.0137,PrestaShop jmsblog 2.5.5 was discovered to contain a SQL injection vulnerability.,2023-03-23 22:15:13.053,Nuclei
CVE-2023-27159,7.5,0.00418,Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /v1/avatars/favicon. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request.,2023-03-31 19:15:07.273,Nuclei
CVE-2023-27179,7.5,0.02602,GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via the filename parameter at /_admin/imgdownload.php.,2023-04-11 12:15:07.700,Nuclei
CVE-2023-27253,8.8,0.48134,A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0 allows authenticated attackers to execute arbitrary commands via manipulating the contents of an XML file supplied to the component config.xml.,2023-03-17 22:15:11.227,Metasploit
CVE-2023-27292,5.4,0.00092,An open redirect vulnerability exposes OpenCATS to template injection due to improper validation of user-supplied GET parameters.,2023-02-28 17:15:11.373,Nuclei
CVE-2023-2732,9.8,0.1241,"The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.2. This is due to insufficient verification on the user being supplied during the add listing REST API request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id.",2023-05-25 03:15:08.630,Nuclei
CVE-2023-27350,9.8,0.97114,This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987.,2023-04-20 16:15:07.653,EPSS/CISA/Metasploit/Nuclei
CVE-2023-27372,9.8,0.97363,"SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.",2023-02-28 20:15:10.243,EPSS/Metasploit/Nuclei
CVE-2023-27482,10.0,0.03385,"homeassistant is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor API through Home Assistant has been discovered. This impacts all Home Assistant installation types that use the Supervisor 2023.01.1 or older. Installation types, like Home Assistant Container (for example Docker), or Home Assistant Core manually in a Python environment, are not affected. The issue has been mitigated and closed in Supervisor version 2023.03.1, which has been rolled out to all affected installations via the auto-update feature of the Supervisor. This rollout has been completed at the time of publication of this advisory. Home Assistant Core 2023.3.0 included mitigation for this vulnerability. Upgrading to at least that version is thus advised. In case one is not able to upgrade the Home Assistant Supervisor or the Home Assistant Core application at this time, it is advised to not expose your Home Assistant instance to the internet.",2023-03-08 18:15:11.783,Nuclei
CVE-2023-27524,9.8,0.9704,"Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config.

All superset installations should always set a unique secure random SECRET_KEY. Your SECRET_KEY is used to securely sign all session cookies and encrypting sensitive information on the database.
Add a strong SECRET_KEY to your `superset_config.py` file like:

SECRET_KEY = <YOUR_OWN_RANDOM_GENERATED_SECRET_KEY>

Alternatively you can set it with `SUPERSET_SECRET_KEY` environment variable.
",2023-04-24 16:15:07.843,EPSS/CISA/Nuclei
CVE-2023-27532,7.5,0.02226,Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts.,2023-03-10 22:15:10.557,CISA
CVE-2023-27587,6.5,0.17233,"ReadtoMyShoe, a web app that lets users upload articles and listen to them later, generates an error message containing sensitive information prior to commit 8533b01. If an error occurs when adding an article, the website shows the user an error message. If the error originates from the Google Cloud TTS request, then it will include the full URL of the request. The request URL contains the Google Cloud API key. This has been patched in commit 8533b01. Upgrading should be accompanied by deleting the current GCP API key and issuing a new one. There are no known workarounds.",2023-03-13 22:15:12.483,Nuclei
CVE-2023-27639,7.5,0.03446,"An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with the POST parameter file_name in the tshirtecommerce/ajax.php?type=svg endpoint, to allow a remote attacker to traverse directories on the system in order to open files (without restriction on the extension and path). Only files that can be parsed in XML can be opened. This is exploited in the wild in March 2023.",2023-06-01 21:15:09.260,Nuclei
CVE-2023-27640,7.5,0.03446,"An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with the POST parameter type in the /tshirtecommerce/fonts.php endpoint, to allow a remote attacker to traverse directories on the system in order to open files (without restriction on the extension and path). The content of the file is returned with base64 encoding. This is exploited in the wild in March 2023.",2023-06-01 21:15:09.313,Nuclei
CVE-2023-2766,7.5,0.10636,A vulnerability was found in Weaver OA 9.5 and classified as problematic. This issue affects some unknown processing of the file /building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini. The manipulation leads to files or directories accessible. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229271. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.,2023-05-17 17:15:17.443,Nuclei
CVE-2023-2779,6.1,0.00791,"The Social Share, Social Login and Social Comments WordPress plugin before 7.13.52 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.",2023-06-19 11:15:10.653,Nuclei
CVE-2023-2780,9.8,0.0332,Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.3.1.,2023-05-17 21:15:09.470,Nuclei
CVE-2023-27922,6.1,0.00277,Cross-site scripting vulnerability in Newsletter versions prior to 7.6.9 allows a remote unauthenticated attacker to inject an arbitrary script.,2023-05-23 02:15:09.907,Nuclei
CVE-2023-2796,5.3,0.02865,"The EventON WordPress plugin before 2.1.2 lacks authentication and authorization in its eventon_ics_download ajax action, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id.",2023-07-10 16:15:51.497,Nuclei
CVE-2023-27992,9.8,0.03006,"The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, NAS540 firmware versions prior to V5.21(AATB.11)C0, and NAS542 firmware versions prior to V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands remotely by sending a crafted HTTP request.",2023-06-19 12:15:09.433,CISA
CVE-2023-27997,9.8,0.13466,"A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.",2023-06-13 09:15:16.613,CISA
CVE-2023-28121,9.8,0.92374,"An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the affected version of the plugin activated.",2023-04-12 21:15:28.057,Metasploit/Nuclei
CVE-2023-28128,7.2,0.13034,An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution.,2023-05-09 22:15:09.920,Metasploit
CVE-2023-2813,6.1,0.00127,"All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before 1.8.6, Brain Power WordPress theme through 1.2, BunnyPressLite WordPress theme before 2.1, Cafe Bistro WordPress theme before 1.1.4, College WordPress theme before 1.5.1, Connections Reloaded WordPress theme through 3.1, Counterpoint WordPress theme through 1.8.1, Digitally WordPress theme through 1.0.8, Directory WordPress theme before 3.0.2, Drop WordPress theme before 1.22, Everse WordPress theme before 1.2.4, Fashionable Store WordPress theme through 1.3.4, Fullbase WordPress theme before 1.2.1, Ilex WordPress theme before 1.4.2, Js O3 Lite WordPress theme through 1.5.8.2, Js Paper WordPress theme through 2.5.7, Kata WordPress theme before 1.2.9, Kata App WordPress theme through 1.0.5, Kata Business WordPress theme through 1.0.2, Looki Lite WordPress theme before 1.3.0, moseter WordPress theme through 1.3.1, Nokke WordPress theme before 1.2.4, Nothing Personal WordPress theme through 1.0.7, Offset Writing WordPress theme through 1.2, Opor Ayam WordPress theme through 18, Pinzolo WordPress theme before 1.2.10, Plato WordPress theme before 1.1.9, Polka Dots WordPress theme through 1.2, Purity Of Soul WordPress theme through 1.9, Restaurant PT WordPress theme before 1.1.3, Saul WordPress theme before 1.1.0, Sean Lite WordPress theme before 1.4.6, Tantyyellow WordPress theme through 1.0.0.5, TIJAJI WordPress theme through 1.43, Tiki Time WordPress theme through 1.3, Tuaug4 WordPress theme through 1.4, Tydskrif WordPress theme through 1.1.3, UltraLight WordPress theme through 1.2, Venice Lite WordPress theme before 1.5.5, Viala WordPress theme through 1.3.1, viburno WordPress theme before 1.3.2, Wedding Bride WordPress theme before 1.0.2, Wlow WordPress theme before 1.2.7 suffer from the same issue about the search box reflecting the results causing XSS which allows an unauthenticated attacker to exploit against users if they click a malicious link.",2023-09-04 12:15:08.997,Nuclei
CVE-2023-28204,6.5,0.00147,"An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited.",2023-06-23 18:15:11.333,CISA
CVE-2023-28205,8.8,0.00292,"A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.4.1, iOS 15.7.5 and iPadOS 15.7.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.",2023-04-10 19:15:07.237,CISA
CVE-2023-28206,8.6,0.00377,"An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.6.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1, iOS 15.7.5 and iPadOS 15.7.5, macOS Big Sur 11.7.6. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.",2023-04-10 19:15:07.273,CISA
CVE-2023-2822,6.1,0.05691,A vulnerability was found in Ellucian Ethos Identity up to 5.10.5. It has been classified as problematic. Affected is an unknown function of the file /cas/logout. The manipulation of the argument url leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 5.10.6 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-229596.,2023-05-20 07:15:43.913,Nuclei
CVE-2023-28229,7.0,0.00077,Windows CNG Key Isolation Service Elevation of Privilege Vulnerability,2023-04-11 21:15:23.387,CISA
CVE-2023-2825,7.5,0.16704,An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups.,2023-05-26 21:15:16.740,Metasploit/Nuclei
CVE-2023-28252,7.8,0.01746,Windows Common Log File System Driver Elevation of Privilege Vulnerability,2023-04-11 21:15:25.137,CISA/Metasploit
CVE-2023-28343,9.8,0.85555,"OS command injection affects Altenergy Power Control Software C1.2.5 via shell metacharacters in the index.php/management/set_timezone timezone parameter, because of set_timezone in models/management_model.php.",2023-03-14 20:15:10.123,Nuclei
CVE-2023-28432,7.5,0.88487,"Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY`
and `MINIO_ROOT_PASSWORD`, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z.",2023-03-22 21:15:18.257,CISA/Metasploit/Nuclei
CVE-2023-28434,8.8,0.04634,"Minio is a Multi-Cloud Object Storage framework. Prior to RELEASE.2023-03-20T20-16-18Z, an attacker can use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing `PostPolicyBucket`. To carry out this attack, the attacker requires credentials with `arn:aws:s3:::*` permission, as well as enabled Console API access. This issue has been patched in RELEASE.2023-03-20T20-16-18Z. As a workaround, enable browser API access and turn off `MINIO_BROWSER=off`. 
",2023-03-22 21:15:18.427,CISA
CVE-2023-28502,9.8,0.15509,"Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a stack-based buffer overflow in the ""udadmin"" service that can lead to remote code execution as the root user.",2023-03-29 21:15:08.080,Metasploit
CVE-2023-28503,9.8,0.02616,"Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from an authentication bypass vulnerability, where a special username with a deterministic password can be leveraged to bypass authentication checks and execute OS commands as the root user.",2023-03-29 21:15:08.123,Metasploit
CVE-2023-28528,7.8,0.00192,"IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands.  IBM X-Force ID:  251207.",2023-04-28 03:15:08.453,Metasploit
CVE-2023-28662,9.8,0.01196,"The Gift Cards (Gift Vouchers and Packages) WordPress Plugin, version <= 4.3.1, is affected by an unauthenticated SQL injection vulnerability in the template parameter in the wpgv_doajax_voucher_pdf_save_func action.",2023-03-22 21:15:18.913,Nuclei
CVE-2023-28665,5.4,0.00092,"The Woo Bulk Price Update WordPress plugin, in versions < 2.2.2, is affected by a reflected cross-site scripting vulnerability in the 'page' parameter to the techno_get_products action, which can only be triggered by an authenticated user.",2023-03-22 21:15:19.077,Nuclei
CVE-2023-2868,9.8,0.0708,"A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape archives). The vulnerability stems from incomplete input validation of a user-supplied .tar file as it pertains to the names of the files contained within the archive. As a consequence, a remote attacker can specifically format these file names in a particular manner that will result in remotely executing a system command through Perl's qx operator with the privileges of the Email Security Gateway product. This issue was fixed as part of BNSF-36456 patch. This patch was automatically applied to all customer appliances.",2023-05-24 19:15:09.363,CISA
CVE-2023-28769,9.8,0.16346,The buffer overflow vulnerability in the library “libclinkc.so” of the web server “zhttpd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device.,2023-04-27 09:15:09.057,Metasploit
CVE-2023-28770,7.5,0.05654,The sensitive information exposure vulnerability in the CGI “Export_Log” and the binary “zcmd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to read the system files and to retrieve the password of the supervisor from the encrypted file.,2023-04-27 09:15:09.850,Metasploit
CVE-2023-28771,9.8,0.91864,"Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an unauthenticated attacker to execute some OS commands remotely by sending crafted packets to an affected device.",2023-04-25 02:15:08.743,CISA/Metasploit
CVE-2023-29084,7.2,0.33509,Zoho ManageEngine ADManager Plus before 7181 allows for authenticated users to exploit command injection via Proxy settings.,2023-04-13 19:15:11.680,Metasploit/Nuclei
CVE-2023-29298,7.5,0.94395,"Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction.",2023-07-12 16:15:11.623,CISA/Nuclei
CVE-2023-29300,9.8,0.96984,"Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.",2023-07-12 16:15:11.733,EPSS/CISA/Nuclei
CVE-2023-29336,7.8,0.0011,Win32k Elevation of Privilege Vulnerability,2023-05-09 18:15:13.840,CISA
CVE-2023-29357,9.8,0.88961,Microsoft SharePoint Server Elevation of Privilege Vulnerability,2023-06-14 00:15:09.903,CISA/Metasploit/Nuclei
CVE-2023-29360,8.4,0.00297,Microsoft Streaming Service Elevation of Privilege Vulnerability,2023-06-14 00:15:10.067,CISA
CVE-2023-29439,6.1,0.00181,Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FooPlugins FooGallery plugin <= 2.2.35 versions.,2023-05-16 15:15:08.983,Nuclei
CVE-2023-2948,6.1,0.00471,Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.1.,2023-05-28 04:15:12.117,Nuclei
CVE-2023-29489,6.1,0.00388,"An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the cpsrvd error page via an invalid webcall ID, aka SEC-669. The fixed versions are 11.109.9999.116, 11.108.0.13, 11.106.0.18, and 11.102.0.31.",2023-04-27 21:15:10.783,Nuclei
CVE-2023-2949,6.1,0.00471,Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.1.,2023-05-28 04:15:13.143,Nuclei
CVE-2023-29492,9.8,0.02922,Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This does not provide access to stored survey or response data.,2023-04-11 05:15:07.393,CISA
CVE-2023-29552,7.5,0.02295,"The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor.",2023-04-25 16:15:09.537,CISA
CVE-2023-29622,9.8,0.02727,Purchase Order Management v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /purchase_order/admin/login.php.,2023-04-14 02:15:13.047,Nuclei
CVE-2023-29623,6.1,0.00135,Purchase Order Management v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the password parameter at /purchase_order/classes/login.php.,2023-04-14 02:15:13.157,Nuclei
CVE-2023-2982,9.8,0.01221,"The WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 7.6.4. This is due to insufficient encryption on the user being supplied during a login validated through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they know the email address associated with that user. This was partially patched in version 7.6.4 and fully patched in version 7.6.5.",2023-06-29 02:15:16.103,Nuclei
CVE-2023-29827,9.8,0.10068,"ejs v3.1.9 is vulnerable to server-side template injection. If the ejs file is controllable, template injection can be implemented through the configuration settings of the closeDelimiter parameter. NOTE: this is disputed by the vendor because the render function is not intended to be used with untrusted input.",2023-05-04 14:15:11.363,Nuclei
CVE-2023-29887,7.5,0.00553,A Local File inclusion vulnerability in test.php in spreadsheet-reader 0.5.11 allows remote attackers to include arbitrary files via the File parameter.,2023-04-18 20:15:19.917,Nuclei
CVE-2023-29919,9.1,0.4786,SolarView Compact <= 6.0 is vulnerable to Insecure Permissions. Any file on the server can be read or modified because texteditor.php is not restricted.,2023-05-23 01:15:09.820,Nuclei
CVE-2023-29922,5.3,0.00822,PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create user/save interface.,2023-04-19 19:15:07.373,Nuclei
CVE-2023-29923,5.3,0.02177,PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface.,2023-04-19 14:15:07.197,Nuclei
CVE-2023-30013,9.8,0.96225,"TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the ""command"" parameter.",2023-05-05 14:15:09.147,EPSS/Metasploit/Nuclei
CVE-2023-30019,5.3,0.0018,imgproxy <=3.14.0 is vulnerable to Server-Side Request Forgery (SSRF) due to a lack of sanitization of the imageURL parameter.,2023-05-08 15:15:11.087,Nuclei
CVE-2023-30150,9.8,0.04228,PrestaShop leocustomajax 1.0 and 1.0.0 are vulnerable to SQL Injection via modules/leocustomajax/leoajax.php.,2023-06-14 21:15:09.557,Nuclei
CVE-2023-30210,6.1,0.00112,OURPHP <= 7.2.0 is vulnerable to Cross Site Scripting (XSS) via ourphp_tz.php.,2023-04-26 16:15:10.023,Nuclei
CVE-2023-30212,6.1,0.02977,OURPHP <= 7.2.0 is vulnerale to Cross Site Scripting (XSS) via /client/manage/ourphp_out.php.,2023-04-26 17:15:11.297,Nuclei
CVE-2023-30256,6.1,0.01005,Cross Site Scripting vulnerability found in Webkil QloApps v.1.5.2 allows a remote attacker to obtain sensitive information via the back and email_create parameters in the AuthController.php file.,2023-05-11 11:15:09.047,Nuclei
CVE-2023-30258,9.8,0.25604,Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request.,2023-06-23 12:15:09.473,Metasploit/Nuclei
CVE-2023-30534,4.3,0.09326,"Cacti is an open source operational monitoring and fault management framework. There are two instances of insecure deserialization in Cacti version 1.2.24. While a viable gadget chain exists in Cacti’s vendor directory (phpseclib), the necessary gadgets are not included, making them inaccessible and the insecure deserializations not exploitable. Each instance of insecure deserialization is due to using the unserialize function without sanitizing the user input. Cacti has a “safe” deserialization that attempts to sanitize the content and check for specific values before calling unserialize, but it isn’t used in these instances. The vulnerable code lies in graphs_new.php, specifically within the host_new_graphs_save function. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.
",2023-09-05 22:15:08.240,Nuclei
CVE-2023-30625,8.8,0.93829,"rudder-server is part of RudderStack, an open source Customer Data Platform (CDP). Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution (RCE) due to the `rudder` role in PostgresSQL having superuser permissions by default. Version 1.3.0-rc.1 contains patches for this issue.",2023-06-16 17:15:11.950,Metasploit/Nuclei
CVE-2023-3077,9.8,0.05861,"The MStore API WordPress plugin before 3.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to a Blind SQL injection exploitable by unauthenticated users. This is only exploitable if the site owner elected to pay to get access to the plugins' pro features, and uses the woocommerce-appointments plugin.",2023-07-10 16:15:54.913,Nuclei
CVE-2023-30777,6.1,0.00592,"Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Engine Advanced Custom Fields Pro, WP Engine Advanced Custom Fields plugins <= 6.1.5 versions.",2023-05-10 06:15:18.520,Nuclei
CVE-2023-3079,8.8,0.01303,Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High),2023-06-05 22:15:12.383,CISA
CVE-2023-30868,6.1,0.00138,Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Jon Christopher CMS Tree Page View plugin <= 1.6.7 versions.,2023-05-18 09:15:10.437,Nuclei
CVE-2023-30943,5.3,0.0163,The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system.,2023-05-02 20:15:10.943,Nuclei
CVE-2023-31059,7.5,0.00975,"Repetier Server through 1.4.10 allows ..%5c directory traversal for reading files that contain credentials, as demonstrated by connectionLost.php.",2023-04-24 03:15:07.333,Nuclei
CVE-2023-31446,9.8,0.01593,"In Cassia Gateway firmware XC1000_2.1.1.2303082218 and XC2000_2.1.1.2303090947, the queueUrl parameter in /bypass/config is not sanitized. This leads to injecting Bash code and executing it with root privileges on device startup.",2024-01-10 03:15:43.263,Nuclei
CVE-2023-31465,9.8,0.01966,"An issue was discovered in FSMLabs TimeKeeper 8.0.17 through 8.0.28. By intercepting requests from various timekeeper streams, it is possible to find the getsamplebacklog call. Some query parameters are passed directly in the URL and named arg[x], with x an integer starting from 1; it is possible to modify arg[2] to insert Bash code that will be executed directly by the server.",2023-07-26 20:15:12.500,Nuclei
CVE-2023-31548,5.4,0.00098,A stored Cross-site scripting (XSS) vulnerability in the FundRaiserEditor.php component of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.,2023-05-31 14:15:10.187,Nuclei
CVE-2023-32046,7.8,0.00145,Windows MSHTML Platform Elevation of Privilege Vulnerability,2023-07-11 18:15:13.313,CISA
CVE-2023-32049,8.8,0.0146,Windows SmartScreen Security Feature Bypass Vulnerability,2023-07-11 18:15:13.430,CISA
CVE-2023-32068,6.1,0.29955,"XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions prior to 14.10.4 it's possible to exploit well known parameters in XWiki URLs to perform redirection to untrusted site. This vulnerability was partially fixed in the past for XWiki 12.10.7 and 13.3RC1 but there is still the possibility to force specific URLs to skip some checks, e.g. using URLs like `http:example.com` in the parameter would allow the redirect.  The issue has now been patched against all patterns that are known for performing redirects. This issue has been patched in XWiki 14.10.4 and 15.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.",2023-05-15 21:15:09.367,Nuclei
CVE-2023-32077,7.5,0.08931,"Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. The issue is patched in 0.17.1 and fixed in 0.18.6.  If users are using 0.17.1, they should run `docker pull gravitl/netmaker:v0.17.1` and `docker-compose up -d`. This will switch them to the patched users. If users are using v0.18.0-0.18.5, they should upgrade to v0.18.6 or later. As a workaround, someone who is using version 0.17.1 can pull the latest docker image of the backend and restart the server.",2023-08-24 22:15:08.077,Nuclei
CVE-2023-3219,5.3,0.11297,"The EventON WordPress plugin before 2.1.2 does not validate that the event_id parameter in its eventon_ics_download ajax action is a valid Event, allowing unauthenticated visitors to access any Post (including unpublished or protected posts) content via the ics export functionality by providing the numeric id of the post.",2023-07-10 16:15:55.250,Nuclei
CVE-2023-32235,7.5,0.88841,Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js.,2023-05-05 05:15:09.293,Nuclei
CVE-2023-32243,9.8,0.09673,Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation. This issue affects Essential Addons for Elementor: from 5.4.0 through 5.7.1.,2023-05-12 08:15:09.280,Nuclei
CVE-2023-32315,7.5,0.97346,"Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users. This vulnerability affects all versions of Openfire that have been released since April 2015, starting with version 3.10.0. The problem has been patched in Openfire release 4.7.5 and 4.6.8, and further improvements will be included in the yet-to-be released first version on the 4.8 branch (which is expected to be version 4.8.0). Users are advised to upgrade. If an Openfire upgrade isn’t available for a specific release, or isn’t quickly actionable, users may see the linked github advisory (GHSA-gw42-f939-fhvm) for mitigation advice.",2023-05-26 23:15:16.643,EPSS/CISA/Metasploit/Nuclei
CVE-2023-32373,8.8,0.00109,"A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.",2023-06-23 18:15:12.007,CISA
CVE-2023-32409,8.6,0.02135,"The issue was addressed with improved bounds checks. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.8 and iPadOS 15.7.8, Safari 16.5, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a report that this issue may have been actively exploited.",2023-06-23 18:15:13.183,CISA
CVE-2023-32434,7.8,0.00073,"An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.5.2, macOS Big Sur 11.7.8, iOS 15.7.7 and iPadOS 15.7.7, macOS Monterey 12.6.7, watchOS 8.8.1, iOS 16.5.1 and iPadOS 16.5.1, macOS Ventura 13.4.1. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.",2023-06-23 18:15:13.720,CISA
CVE-2023-32435,8.8,0.0014,"A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.7 and iPadOS 15.7.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.",2023-06-23 18:15:13.767,CISA
CVE-2023-32439,8.8,0.00242,"A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5.1 and iPadOS 16.5.1, iOS 15.7.7 and iPadOS 15.7.7, macOS Ventura 13.4.1, Safari 16.5.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.",2023-06-23 18:15:13.813,CISA
CVE-2023-32560,9.8,0.46062,"An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary code execution.

Thanks to a Researcher at Tenable for finding and reporting.

Fixed in version 6.4.1.",2023-08-10 20:15:10.200,Metasploit
CVE-2023-32563,9.8,0.34508,An unauthenticated attacker could achieve the code execution through a RemoteControl server.,2023-08-10 20:15:10.437,Nuclei
CVE-2023-32707,8.8,0.89852,"In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the ‘edit_user’ capability assigned to it can escalate their privileges to that of the admin user by providing specially crafted web requests.",2023-06-01 17:15:10.117,Metasploit
CVE-2023-32781,7.2,0.04221,A command injection vulnerability was identified in PRTG 23.2.84.1566 and earlier versions in the HL7 sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. The severity of this vulnerability is high and received a score of 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H,2023-08-09 12:15:10.047,Metasploit
CVE-2023-33009,9.8,0.0255,"A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.60 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.60 through 5.36 Patch 1, VPN series firmware versions 4.60 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.60 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.

",2023-05-24 13:15:09.560,CISA
CVE-2023-33010,9.8,0.0255,"A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.",2023-05-24 13:15:09.640,CISA
CVE-2023-33063,7.8,0.00064,Memory corruption in DSP Services during a remote call from HLOS to DSP.,2023-12-05 03:15:12.067,CISA
CVE-2023-33106,7.8,0.00064,Memory corruption while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND.,2023-12-05 03:15:14.673,CISA
CVE-2023-33107,7.8,0.00064,Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call.,2023-12-05 03:15:14.860,CISA
CVE-2023-33246,9.8,0.97332,"For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. 

Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content. 

To prevent these attacks, users are recommended to upgrade to version 5.1.1 or above for using RocketMQ 5.x or 4.9.6 or above for using RocketMQ 4.x .











",2023-05-24 15:15:09.553,EPSS/CISA/Metasploit/Nuclei
CVE-2023-33338,9.8,0.01425,Old Age Home Management 1.0 is vulnerable to SQL Injection via the username parameter.,2023-05-23 13:15:09.887,Nuclei
CVE-2023-33405,6.1,0.00077,Blogengine.net 3.3.8.0 and earlier is vulnerable to Open Redirect.,2023-06-21 21:15:11.357,Nuclei
CVE-2023-33439,7.2,0.00728,Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_task.php?id=.,2023-05-26 16:15:09.597,Nuclei
CVE-2023-33440,7.2,0.09538,Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via /eval/ajax.php?action=save_user.,2023-05-26 16:15:10.713,Nuclei
CVE-2023-3345,6.5,0.0037,"The LMS by Masteriyo WordPress plugin before 1.6.8 does not properly safeguards sensitive user information, like other user's email addresses, making it possible for any students to leak them via some of the plugin's REST API endpoints.",2023-07-31 10:15:10.653,Nuclei
CVE-2023-33510,7.5,0.00485,Jeecg P3 Biz Chat 1.0.5 allows remote attackers to read arbitrary files through specific parameters.,2023-06-07 20:15:09.877,Nuclei
CVE-2023-33568,7.5,0.56879,"An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists.",2023-06-13 15:15:14.147,Nuclei
CVE-2023-33625,9.8,0.00119,"D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a command injection vulnerability via the ST parameter in the lxmldbc_system() function.",2023-06-12 20:15:12.610,Metasploit
CVE-2023-33629,7.2,0.01991,H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DeltriggerList interface at /goform/aspForm.,2023-05-31 21:15:09.520,Nuclei
CVE-2023-3368,9.8,0.93387,Command injection in `/main/webservices/additional_webservices.php` in Chamilo LMS <= v1.11.20 allows unauthenticated attackers to obtain remote code execution via improper neutralisation of special characters. This is a bypass of CVE-2023-34960.,2023-11-28 07:15:41.683,Nuclei
CVE-2023-33831,9.8,0.30706,A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request.,2023-09-18 20:15:09.377,Nuclei
CVE-2023-34020,4.7,0.00076,"URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash.This issue affects Uncanny Toolkit for LearnDash: from n/a through 3.6.4.3.

",2024-03-27 14:15:08.683,Nuclei
CVE-2023-34039,9.8,0.94541,Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI.,2023-08-29 18:15:08.680,Metasploit
CVE-2023-34048,9.8,0.04385,vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution.,2023-10-25 18:17:27.897,CISA
CVE-2023-34124,9.8,0.05218,"The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

",2023-07-13 01:15:08.723,Metasploit/Nuclei
CVE-2023-34127,8.8,0.00083,"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SonicWall GMS, SonicWall Analytics enables an authenticated attacker to execute arbitrary code with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.",2023-07-13 01:15:08.893,Metasploit
CVE-2023-34132,9.8,0.00079,Use of password hash instead of password for authentication vulnerability in SonicWall GMS and Analytics allows Pass-the-Hash attacks. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.,2023-07-13 03:15:09.533,Metasploit
CVE-2023-34133,7.5,0.0007,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and Analytics allows an unauthenticated attacker to extract sensitive information from the application database. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.,2023-07-13 03:15:09.590,Metasploit
CVE-2023-34192,9.0,0.42097,Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function.,2023-07-06 16:15:10.047,Nuclei
CVE-2023-34259,4.9,0.00559,"Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow /wlmdeu%2f%2e%2e%2f%2e%2e directory traversal to read arbitrary files on the filesystem, even files that require root privileges. NOTE: this issue exists because of an incomplete fix for CVE-2020-23575.",2023-11-03 04:15:20.853,Nuclei
CVE-2023-34362,9.8,0.9571,"In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g., 2020.0 and 2019x) before the five explicitly mentioned versions are affected, including older unsupported versions.",2023-06-02 14:15:09.487,EPSS/CISA/Metasploit/Nuclei
CVE-2023-34468,8.8,0.90665,"The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution.

The resolution validates the Database URL and rejects H2 JDBC locations.

You are recommended to upgrade to version 1.22.0 or later which fixes this issue.


",2023-06-12 16:15:10.130,Metasploit
CVE-2023-34537,5.4,0.00087,"A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacker can issue malicious code/command on affected webpage's parameter to trick user on browser and/or exfiltrate data.",2023-06-13 21:15:10.210,Nuclei
CVE-2023-34598,9.8,0.03473,Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) where it's possible to include the content of several files present in the installation folder in the server's response.,2023-06-29 15:15:09.530,Nuclei
CVE-2023-34599,6.1,0.00085,"Multiple Cross-Site Scripting (XSS) vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to execute arbitrary Javascript code.",2023-06-29 15:15:09.570,Nuclei
CVE-2023-3460,9.8,0.0756,"The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild.",2023-07-04 08:15:10.573,Nuclei
CVE-2023-34634,7.8,0.92059,Greenshot 1.2.10 and below allows arbitrary code execution because .NET content is insecurely deserialized when a .greenshot file is opened.,2023-08-01 14:15:10.070,Metasploit
CVE-2023-34659,9.8,0.3782,jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id parameter of the /jeecg-boot/jmreport/show interface.,2023-06-16 18:15:09.437,Nuclei
CVE-2023-34751,9.8,0.02408,bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the gid parameter at admin/index.php?mode=user&page=groups&action=edit.,2023-06-14 14:15:10.490,Nuclei
CVE-2023-34752,9.8,0.14424,bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at admin/index.php?mode=settings&page=lang&action=edit.,2023-06-14 14:15:10.533,Nuclei
CVE-2023-34753,9.8,0.02408,bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the tid parameter at admin/index.php?mode=settings&page=tmpl&action=edit.,2023-06-14 14:15:10.573,Nuclei
CVE-2023-34755,9.8,0.02408,bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the userid parameter at admin/index.php?mode=user&action=edit.,2023-06-14 14:15:10.660,Nuclei
CVE-2023-34756,9.8,0.02408,bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=charset&action=edit.,2023-06-14 14:15:10.707,Nuclei
CVE-2023-3479,6.1,0.00076,Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8.,2023-06-30 10:15:09.567,Nuclei
CVE-2023-34843,7.5,0.0043,Traggo Server 0.3.0 is vulnerable to directory traversal via a crafted GET request.,2023-06-29 00:15:09.670,Nuclei
CVE-2023-34960,9.8,0.92226,A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.,2023-08-01 02:15:10.307,Metasploit/Nuclei
CVE-2023-34993,9.8,0.97126,A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters.,2023-10-10 17:15:11.670,EPSS/Nuclei
CVE-2023-35078,9.8,0.96833,An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication.,2023-07-25 07:15:10.897,EPSS/CISA/Nuclei
CVE-2023-35081,7.2,0.67221,"A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3,  11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2) allows an authenticated administrator to write arbitrary files onto the appliance.",2023-08-03 18:15:11.303,CISA
CVE-2023-35082,9.8,0.96787,"An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication. This vulnerability is unique to CVE-2023-35078 announced earlier.",2023-08-15 16:15:11.633,EPSS/CISA/Nuclei
CVE-2023-35158,6.1,0.62445,"XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the restore template to perform a XSS, e.g. by using URL such as: > /xwiki/bin/view/XWiki/Main?xpage=restore&showBatch=true&xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 9.4-rc-1. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1. ",2023-06-23 19:15:09.420,Nuclei
CVE-2023-35162,6.1,0.67018,"XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the previewactions template to perform a XSS, e.g. by using URL such as: > <hostname>/xwiki/bin/get/FlamingoThemes/Cerulean xpage=xpart&vm=previewactions.vm&xcontinue=javascript:alert(document.domain). This vulnerability exists since XWiki 6.1-rc-1. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1.",2023-06-23 19:15:09.720,Nuclei
CVE-2023-3519,9.8,0.91217,"Unauthenticated remote code execution
",2023-07-19 18:15:11.513,CISA/Metasploit
CVE-2023-35311,8.8,0.01471,Microsoft Outlook Security Feature Bypass Vulnerability,2023-07-11 18:15:17.177,CISA
CVE-2023-35674,7.8,0.00064,"In onCreate of WindowState.java, there is a possible way to launch a background activity due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.",2023-09-11 21:15:42.193,CISA
CVE-2023-35813,9.8,0.85097,"Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3.",2023-06-17 23:15:09.137,Nuclei
CVE-2023-35843,7.5,0.06468,"NocoDB through 0.106.0 (or 0.109.1) has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. This vulnerability could allow an attacker to access sensitive files and data on the server, including configuration files, source code, and other sensitive information.",2023-06-19 18:15:09.830,Nuclei
CVE-2023-35844,7.5,0.16114,"packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension (.csv or .png) is used.",2023-06-19 02:15:08.903,Nuclei
CVE-2023-35885,9.8,0.48073,CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication.,2023-06-20 20:15:09.687,Nuclei
CVE-2023-36025,8.8,0.00457,Windows SmartScreen Security Feature Bypass Vulnerability,2023-11-14 18:15:31.867,CISA
CVE-2023-36033,7.8,0.00043,Windows DWM Core Library Elevation of Privilege Vulnerability,2023-11-14 18:15:32.677,CISA
CVE-2023-36036,7.8,0.00043,Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability,2023-11-14 18:15:33.033,CISA
CVE-2023-36144,7.5,0.03381,"An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the device, exposing critical information about the device configuration.",2023-06-30 23:15:10.223,Nuclei
CVE-2023-36284,7.5,0.00721,"An unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameter date_from, date_to, and id_product allows a remote attacker to bypass a web application's authentication and authorization mechanisms and retrieve the contents of an entire database.",2023-06-23 16:15:09.573,Nuclei
CVE-2023-36287,6.1,0.0009,An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST controller parameter.,2023-06-23 16:15:09.630,Nuclei
CVE-2023-36289,6.1,0.0009,An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST email_create and back parameter.,2023-06-23 15:15:10.537,Nuclei
CVE-2023-36306,6.1,0.00385,"A Cross Site Scripting (XSS) vulnerability in Adiscon Aiscon LogAnalyzer through 4.1.13 allows a remote attacker to execute arbitrary code via the asktheoracle.php, details.php, index.php, search.php, export.php, reports.php, and statistics.php components.",2023-08-08 15:15:10.400,Nuclei
CVE-2023-36346,6.1,0.00107,POS Codekop v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the nm_member parameter at print.php.,2023-06-23 20:15:09.473,Nuclei
CVE-2023-36347,7.5,0.01495,A broken authentication mechanism in the endpoint excel.php of POS Codekop v2.0 allows unauthenticated attackers to download selling data.,2023-06-30 02:15:09.347,Nuclei
CVE-2023-36563,6.5,0.00187,Microsoft WordPad Information Disclosure Vulnerability,2023-10-10 18:15:13.003,CISA
CVE-2023-36584,5.4,0.00104,Windows Mark of the Web Security Feature Bypass Vulnerability,2023-10-10 18:15:14.280,CISA
CVE-2023-36661,7.5,0.00063,"Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. (This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows.)",2023-06-25 22:15:21.403,Metasploit
CVE-2023-36761,6.5,0.00384,Microsoft Word Information Disclosure Vulnerability,2023-09-12 17:15:11.987,CISA
CVE-2023-36802,7.8,0.0008,Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability,2023-09-12 17:15:15.487,CISA
CVE-2023-36812,9.8,0.00622,"OpenTSDB is a open source, distributed, scalable Time Series Database (TSDB). OpenTSDB is vulnerable to Remote Code Execution vulnerability by writing user-controlled input to Gnuplot configuration file and running Gnuplot with the generated configuration. This issue has been patched in  commit `07c4641471c` and further refined in commit `fa88d3e4b`. These patches are available in the `2.4.2` release. Users are advised to upgrade. User unable to upgrade may disable Gunuplot via the config option`tsd.core.enable_ui = true` and remove the shell files `mygnuplot.bat` and `mygnuplot.sh`.",2023-06-30 23:15:10.287,Metasploit
CVE-2023-36844,5.3,0.70078,"A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environment variables.

Using a crafted request an attacker is able to modify 

certain PHP environment variables leading to partial loss of integrity, which may allow chaining to other vulnerabilities.
This issue affects Juniper Networks Junos OS on EX Series:



  *  All versions prior to 20.4R3-S9;
  *  21.1 versions 21.1R1 and later;
  *  21.2 versions prior to 21.2R3-S7;
  *  21.3 versions 

prior to 

 21.3R3-S5;
  *  21.4 versions 

prior to 

21.4R3-S5;
  *  22.1 versions 

prior to 

22.1R3-S4;
  *  22.2 versions 

prior to 

22.2R3-S2;
  *  22.3 versions 

prior to 22.3R3-S1;
  *  22.4 versions 

prior to 

22.4R2-S2, 22.4R3;
  *  23.2 versions prior to 

23.2R1-S1, 23.2R2.




",2023-08-17 20:15:10.267,CISA/Nuclei
CVE-2023-36845,9.8,0.96462,"A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series 

and SRX Series 

allows an unauthenticated, network-based attacker to remotely execute code.

Using a crafted request which sets the variable PHPRC an attacker is able to modify the PHP execution environment allowing the injection und execution of code.


This issue affects Juniper Networks Junos OS on EX Series


and 


SRX Series:



  *  All versions prior to 

20.4R3-S9;
  *  21.1 versions 21.1R1 and later;
  *  21.2 versions prior to 21.2R3-S7;
  *  21.3 versions prior to 21.3R3-S5;
  *  21.4 versions prior to 21.4R3-S5;
  *  22.1 versions 

prior to 

22.1R3-S4;
  *  22.2 versions 

prior to 

22.2R3-S2;
  *  22.3 versions 

prior to 

22.3R2-S2, 22.3R3-S1;
  *  22.4 versions 

prior to 

22.4R2-S1, 22.4R3;
  *  23.2 versions prior to 23.2R1-S1, 23.2R2.




",2023-08-17 20:15:10.360,EPSS/CISA/Metasploit/Nuclei
CVE-2023-36846,5.3,0.02685,"A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.



With a specific request to user.php that doesn't require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of 

integrity

for a certain 

part of the file system, which may allow chaining to other vulnerabilities.


This issue affects Juniper Networks Junos OS on SRX Series:



  *  All versions prior to 20.4R3-S8;
  *  21.1 versions 21.1R1 and later;
  *  21.2 versions prior to 21.2R3-S6;
  *  21.3 versions 

prior to 

 21.3R3-S5;
  *  21.4 versions 

prior to 

21.4R3-S5;
  *  22.1 versions 

prior to 

22.1R3-S3;
  *  22.2 versions 

prior to 

22.2R3-S2;
  *  22.3 versions 

prior to 

22.3R2-S2, 22.3R3;
  *  22.4 versions 

prior to 

22.4R2-S1, 22.4R3.




",2023-08-17 20:15:10.457,CISA
CVE-2023-36847,5.3,0.02685,"A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.





With a specific request to installAppPackage.php that doesn't require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of 

integrity

for a certain 

part of the file system, which may allow chaining to other vulnerabilities.


This issue affects Juniper Networks Junos OS on EX Series:



  *  All versions prior to 20.4R3-S8;
  *  21.1 versions 21.1R1 and later;
  *  21.2 versions prior to 21.2R3-S6;
  *  21.3 versions 

prior to 

 21.3R3-S5;
  *  21.4 versions 

prior to 

21.4R3-S4;
  *  22.1 versions 

prior to 

22.1R3-S3;
  *  22.2 versions 

prior to 

22.2R3-S1;
  *  22.3 versions 

prior to 

22.3R2-S2, 22.3R3;
  *  22.4 versions 

prior to 

22.4R2-S1, 22.4R3.




",2023-08-17 20:15:10.553,CISA
CVE-2023-36851,5.3,0.00618,"A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.



With a specific request to 

webauth_operation.php

that doesn't require authentication, an attacker is able to upload and download arbitrary files via J-Web, leading to a loss of 

integrity or confidentiality, which may allow chaining to other vulnerabilities.


This issue affects Juniper Networks Junos OS on SRX Series:



  *  

21.2 versions prior to 21.2R3-S8;
  *  21.4 

versions prior to 

21.4R3-S6;
  *  22.1 

versions prior to 

22.1R3-S5;
  *  22.2 

versions prior to 

22.2R3-S3;
  *  22.3 

versions prior to 

22.3R3-S2;
  *  22.4 versions prior to 22,4R2-S2, 22.4R3;
  *  23.2 versions prior to 

23.2R1-S2, 23.2R2.


",2023-09-27 15:18:54.877,CISA
CVE-2023-36874,7.8,0.00209,Windows Error Reporting Service Elevation of Privilege Vulnerability,2023-07-11 18:15:20.733,CISA/Metasploit
CVE-2023-36884,7.5,0.2269,Windows Search Remote Code Execution Vulnerability,2023-07-11 19:15:09.623,CISA
CVE-2023-36934,9.1,0.15264,"In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.",2023-07-05 16:15:09.793,Nuclei
CVE-2023-3710,9.8,0.70969,"Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injection.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).

",2023-09-12 20:15:09.387,Nuclei
CVE-2023-37265,9.8,0.0361,"CasaOS is an open-source Personal Cloud system. Due to a lack of IP address verification an unauthenticated attackers can execute arbitrary commands as `root` on CasaOS instances. The problem was addressed by improving the detection of client IP addresses in `391dd7f`. This patch is part of CasaOS 0.4.4. Users should upgrade to CasaOS 0.4.4. If they can't, they should temporarily restrict access to CasaOS to untrusted users, for instance by not exposing it publicly. ",2023-07-17 21:15:09.653,Nuclei
CVE-2023-37266,9.8,0.03649,"CasaOS is an open-source Personal Cloud system. Unauthenticated attackers can craft arbitrary JWTs and access features that usually require authentication and execute arbitrary commands as `root` on CasaOS instances. This problem was addressed by improving the validation of JWTs in commit `705bf1f`. This patch is part of CasaOS 0.4.4. Users should upgrade to CasaOS 0.4.4. If they can't, they should temporarily restrict access to CasaOS to untrusted users, for instance by not exposing it publicly.",2023-07-17 21:15:09.733,Nuclei
CVE-2023-37270,8.8,0.03065,"Piwigo is open source photo gallery software. Prior to version 13.8.0, there is a SQL Injection vulnerability in the login of the administrator screen. The SQL statement that acquires the HTTP Header `User-Agent` is vulnerable at the endpoint that records user information when logging in to the administrator screen. It is possible to execute arbitrary SQL statements. Someone who wants to exploit the vulnerability must be log in to the administrator screen, even with low privileges. Any SQL statement can be executed. Doing so may leak information from the database. Version 13.8.0 contains a fix for this issue. As another mitigation, those who want to execute a SQL statement verbatim with user-enterable parameters should be sure to escape the parameter contents appropriately.",2023-07-07 22:15:09.570,Nuclei
CVE-2023-37450,8.8,0.00157,"The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, Safari 16.5.2, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.",2023-07-27 00:15:15.497,CISA
CVE-2023-37462,8.8,0.52332,"XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Improper escaping in the document `SkinsCode.XWikiSkinsSheet` leads to an injection vector from view right on that document to programming rights, or in other words, it is possible to execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. The attack works by opening a non-existing page with a name crafted to contain a dangerous payload. It is possible to check if an existing installation is vulnerable. See the linked GHSA for instructions on testing an installation. This issue has been patched in XWiki 14.4.8, 14.10.4 and 15.0-rc-1. Users are advised to upgrade. The fix commit `d9c88ddc` can also be applied manually to the impacted document `SkinsCode.XWikiSkinsSheet` and users unable to upgrade are advised to manually patch their installations.",2023-07-14 21:15:08.820,Nuclei
CVE-2023-37474,7.5,0.05541,"Copyparty is a portable file server. Versions prior to 1.8.2 are subject to a path traversal vulnerability detected in the `.cpr` subfolder. The Path Traversal attack technique allows an attacker access to files, directories, and commands that reside outside the web document root directory. This issue has been addressed in commit `043e3c7d` which has been included in release 1.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.",2023-07-14 20:15:09.083,Nuclei
CVE-2023-37580,6.1,0.30056,Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client.,2023-07-31 16:15:10.327,CISA/Nuclei
CVE-2023-37629,9.8,0.10408,"Online Piggery Management System 1.0 is vulnerable to File Upload. An unauthenticated user can upload a php file by sending a POST request to ""add-pig.php.""",2023-07-12 17:15:08.777,Nuclei
CVE-2023-37645,5.3,0.00986,eyoucms v1.6.3 was discovered to contain an information disclosure vulnerability via the component /custom_model_path/recruit.filelist.txt.,2023-07-20 22:15:10.307,Nuclei
CVE-2023-3765,10.0,0.01217,Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0.,2023-07-19 01:15:10.847,Nuclei
CVE-2023-37679,9.8,0.03822,A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server.,2023-08-03 03:15:10.697,Metasploit/Nuclei
CVE-2023-37728,6.1,0.00331,IceWarp v10.2.1 was discovered to contain cross-site scripting (XSS) vulnerability via the color parameter.,2023-07-20 18:15:12.110,Nuclei
CVE-2023-37941,6.6,0.00225,"If an attacker gains write access to the Apache Superset metadata database, they could persist a specifically crafted Python object that may lead to remote code execution on Superset's web backend.

The Superset metadata db is an 'internal' component that is typically 
only accessible directly by the system administrator and the superset 
process itself. Gaining access to that database should
 be difficult and require significant privileges.

This vulnerability impacts Apache Superset versions 1.5.0 up to and including 2.1.0. Users are recommended to upgrade to version 2.1.1 or later.

",2023-09-06 14:15:10.483,Metasploit
CVE-2023-37979,6.1,0.00099,Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Saturday Drive Ninja Forms Contact Form plugin <= 3.6.25 versions.,2023-07-27 15:15:11.507,Nuclei
CVE-2023-38035,9.8,0.97487,"A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration. ",2023-08-21 17:15:47.457,EPSS/CISA/Metasploit/Nuclei
CVE-2023-38096,0.0,0.00047,"NETGEAR ProSAFE Network Management System MyHandlerInterceptor Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of NETGEAR ProSAFE Network Management System. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the MyHandlerInterceptor class. The issue results from improper implementation of the authentication mechanism. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19718.",2024-05-03 02:15:52.070,Metasploit
CVE-2023-38098,0.0,0.00046,"NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.

The specific flaw exists within the UpLoadServlet class. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-19720.",2024-05-03 02:15:52.453,Metasploit
CVE-2023-38146,8.8,0.90521,Windows Themes Remote Code Execution Vulnerability,2023-09-12 17:15:17.807,Metasploit
CVE-2023-38180,7.5,0.0071,.NET and Visual Studio Denial of Service Vulnerability,2023-08-08 19:15:10.367,CISA
CVE-2023-38194,6.1,0.00071,An issue was discovered in SuperWebMailer 9.00.0.01710. It allows keepalive.php XSS via a GET parameter.,2023-10-21 01:15:08.047,Nuclei
CVE-2023-38203,9.8,0.96882,"Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.",2023-07-20 16:15:12.180,EPSS/CISA/Nuclei
CVE-2023-38205,7.5,0.94544,"Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction.",2023-09-14 08:15:07.767,CISA/Nuclei
CVE-2023-3836,9.8,0.02862,A vulnerability classified as critical was found in Dahua Smart Park Management up to 20230713. This vulnerability affects unknown code of the file /emap/devicePoint_addImgIco?hasSubsystem=true. The manipulation of the argument upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-235162 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.,2023-07-22 18:15:10.887,Nuclei
CVE-2023-3843,6.1,0.00382,A vulnerability was found in mooSocial mooDating 1.2. It has been classified as problematic. Affected is an unknown function of the file /matchmakings/question of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-235194 is the identifier assigned to this vulnerability. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.,2023-07-23 05:15:08.837,Nuclei
CVE-2023-38433,7.5,0.00286,"Fujitsu Real-time Video Transmission Gear ""IP series"" use hard-coded credentials, which may allow a remote unauthenticated attacker to initialize or reboot the products, and as a result, terminate the video transmission. Affected products and versions are as follows: IP-HE950E firmware versions V01L001 to V01L053, IP-HE950D firmware versions V01L001 to V01L053, IP-HE900E firmware versions V01L001 to V01L010, IP-HE900D firmware versions V01L001 to V01L004, IP-900E / IP-920E firmware versions V01L001 to V02L061, IP-900D / IP-900ⅡD / IP-920D firmware versions V01L001 to V02L061, IP-90 firmware versions V01L001 to V01L013, and IP-9610 firmware versions V01L001 to V02L007.",2023-07-26 08:15:10.227,Nuclei
CVE-2023-3844,6.1,0.00382,A vulnerability was found in mooSocial mooDating 1.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /friends of the component URL Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-235195. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.,2023-07-23 06:15:09.637,Nuclei
CVE-2023-3845,6.1,0.00382,A vulnerability was found in mooSocial mooDating 1.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /friends/ajax_invite of the component URL Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-235196. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.,2023-07-23 06:15:09.837,Nuclei
CVE-2023-3846,6.1,0.00382,A vulnerability classified as problematic has been found in mooSocial mooDating 1.2. This affects an unknown part of the file /pages of the component URL Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-235197 was assigned to this vulnerability. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.,2023-07-23 07:15:09.247,Nuclei
CVE-2023-3847,6.1,0.00382,A vulnerability classified as problematic was found in mooSocial mooDating 1.2. This vulnerability affects unknown code of the file /users of the component URL Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. VDB-235198 is the identifier assigned to this vulnerability. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.,2023-07-23 08:15:09.243,Nuclei
CVE-2023-3848,6.1,0.00382,"A vulnerability, which was classified as problematic, has been found in mooSocial mooDating 1.2. This issue affects some unknown processing of the file /users/view of the component URL Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-235199. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.",2023-07-23 08:15:09.323,Nuclei
CVE-2023-3849,6.1,0.00382,"A vulnerability, which was classified as problematic, was found in mooSocial mooDating 1.2. Affected is an unknown function of the file /find-a-match of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-235200. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.",2023-07-23 09:15:09.713,Nuclei
CVE-2023-38501,6.1,0.00213,"copyparty is file server software. Prior to version 1.8.7, the application contains a reflected cross-site scripting via URL-parameter `?k304=...` and `?setck=...`. The worst-case outcome of this is being able to move or delete existing files on the server, or upload new files, using the account of the person who clicks the malicious link. It is recommended to change the passwords of one's copyparty accounts, unless one have inspected one's logs and found no trace of attacks. Version 1.8.7 contains a patch for the issue.",2023-07-25 22:15:10.600,Nuclei
CVE-2023-38606,5.5,0.00255,"This issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to modify sensitive kernel state. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.",2023-07-27 00:15:16.173,CISA
CVE-2023-38646,9.8,0.89858,"Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.",2023-07-21 15:15:10.003,Metasploit/Nuclei
CVE-2023-38831,7.8,0.34609,"RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through October 2023.",2023-08-23 17:15:43.863,CISA/Metasploit
CVE-2023-38836,8.8,0.67266,File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code by adding a GIF header to bypass MIME type checks.,2023-08-21 17:15:47.633,Metasploit
CVE-2023-38964,6.1,0.00071,Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting (XSS) vulnerability.,2023-08-04 16:15:10.697,Nuclei
CVE-2023-39002,6.1,0.0007,A cross-site scripting (XSS) vulnerability in the act parameter of system_certmanager.php in OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.,2023-08-09 19:15:14.900,Nuclei
CVE-2023-39026,7.5,0.04366,Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive information via a crafted request to the /mgmt/ component.,2023-08-22 22:15:08.640,Nuclei
CVE-2023-39108,8.8,0.04707,rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_b parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs.,2023-08-01 14:15:10.137,Nuclei
CVE-2023-39109,8.8,0.04707,rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_a parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs.,2023-08-01 14:15:10.193,Nuclei
CVE-2023-39110,8.8,0.04707,rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path parameter at /ajaxGetFileByPath.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs.,2023-08-01 14:15:10.247,Nuclei
CVE-2023-39141,7.5,0.00675,webui-aria2 commit 4fe2e was discovered to contain a path traversal vulnerability.,2023-08-22 19:16:39.563,Nuclei
CVE-2023-39143,9.8,0.94476,"PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traversal, enabling attackers to upload, read, or delete arbitrary files. This leads to remote code execution when external device integration is enabled (a very common configuration).",2023-08-04 17:15:11.510,Nuclei
CVE-2023-39265,6.5,0.00126,"Apache Superset would allow for SQLite database connections to be incorrectly registered when an attacker uses alternative driver names like sqlite+pysqlite or by using database imports. This could allow for unexpected file creation on Superset webservers. Additionally, if Apache Superset is using a SQLite database for its metadata (not advised for production use) it could result in more severe vulnerabilities related to confidentiality and integrity. This vulnerability exists in Apache Superset versions up to and including 2.1.0.",2023-09-06 14:15:10.687,Metasploit
CVE-2023-3936,6.1,0.00071,"The Blog2Social WordPress plugin before 7.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin",2023-08-21 17:15:49.967,Nuclei
CVE-2023-39361,9.8,0.52118,"Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graph_view.php. Since guest users can access graph_view.php without authentication by default, if guest users are being utilized in an enabled state, there could be the potential for significant damage. Attackers may exploit this vulnerability, and there may be possibilities for actions such as the usurpation of administrative privileges or remote code execution. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.",2023-09-05 21:15:46.880,Nuclei
CVE-2023-39598,6.1,0.08752,Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote attacker to execute arbitrary code via a crafted payload to the mid parameter.,2023-09-05 18:15:10.900,Nuclei
CVE-2023-39600,6.1,0.00071,IceWarp 11.4.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter.,2023-08-25 20:15:08.380,Nuclei
CVE-2023-39676,6.1,0.0021,FieldPopupNewsletter Prestashop Module v1.0.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the callback parameter at ajax.php.,2023-09-08 14:15:11.293,Nuclei
CVE-2023-39677,7.5,0.04011,MyPrestaModules Prestashop Module v6.2.9 and UpdateProducts Prestashop Module v3.6.9 were discovered to contain a PHPInfo information disclosure vulnerability via send.php.,2023-09-20 21:15:11.627,Nuclei
CVE-2023-39700,6.1,0.00103,IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the color parameter.,2023-08-25 00:15:09.693,Nuclei
CVE-2023-39796,9.8,0.05063,SQL injection vulnerability in the miniform module in WBCE CMS v.1.6.0 allows remote unauthenticated attacker to execute arbitrary code via the DB_RECORD_TABLE parameter.,2023-11-10 06:15:30.410,Nuclei
CVE-2023-40044,8.8,0.88627,"
In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system.  

",2023-09-27 15:18:57.307,CISA/Metasploit
CVE-2023-40208,6.1,0.00071,Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Aleksandar Urošević Stock Ticker plugin <= 3.23.3 versions.,2023-09-04 11:15:41.227,Nuclei
CVE-2023-40315,8.0,0.00043,"In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 and related Meridian versions, any user that has the ROLE_FILESYSTEM_EDITOR can easily escalate their privileges to ROLE_ADMIN or any other role. The solution is to upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. OpenNMS thanks Erik Wynter for reporting this issue.",2023-08-17 20:15:11.287,Metasploit
CVE-2023-40355,5.4,0.00587,"Cross Site Scripting (XSS) vulnerability in Axigen versions 10.3.3.0 before 10.3.3.59, 10.4.0 before 10.4.19, and 10.5.0 before 10.5.5, allows authenticated attackers to execute arbitrary code and obtain sensitive information via the logic for switching between the Standard and Ajax versions.",2024-02-07 08:15:40.973,Nuclei
CVE-2023-40498,0.0,0.00128,"LG Simple Editor cp Command Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the cp command implemented in the makeDetailContent method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-19925.",2024-05-03 03:15:24.027,Metasploit
CVE-2023-40779,6.1,0.13105,An issue in IceWarp Mail Server Deep Castle 2 v.13.0.1.2 allows a remote attacker to execute arbitrary code via a crafted request to the URL.,2023-09-14 18:15:09.253,Nuclei
CVE-2023-41061,7.8,0.0007,"A validation issue was addressed with improved logic. This issue is fixed in watchOS 9.6.2, iOS 16.6.1 and iPadOS 16.6.1. A maliciously crafted attachment may result in arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.",2023-09-07 18:15:07.617,CISA
CVE-2023-41064,7.8,0.0033,"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 16.6.1 and iPadOS 16.6.1, macOS Monterey 12.6.9, macOS Ventura 13.5.2, iOS 15.7.9 and iPadOS 15.7.9, macOS Big Sur 11.7.10. Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.",2023-09-07 18:15:07.727,CISA
CVE-2023-4110,6.1,0.00261,A vulnerability has been found in PHP Jabbers Availability Booking Calendar 5.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument session_id leads to cross site scripting. The attack can be launched remotely. The identifier VDB-235957 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.,2023-08-03 03:15:10.830,Nuclei
CVE-2023-41109,9.8,0.35773,SmartNode SN200 (aka SN200) 3.21.2-23021 allows unauthenticated OS Command Injection.,2023-08-28 20:15:08.273,Nuclei
CVE-2023-4111,6.1,0.00261,A vulnerability was found in PHP Jabbers Bus Reservation System 1.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument index/pickup_id leads to cross site scripting. The attack may be launched remotely. VDB-235958 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.,2023-08-03 04:15:10.977,Nuclei
CVE-2023-4112,6.1,0.00229,A vulnerability was found in PHP Jabbers Shuttle Booking Software 1.0. It has been classified as problematic. This affects an unknown part of the file /index.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-235959. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.,2023-08-03 05:15:10.817,Nuclei
CVE-2023-4113,6.1,0.0027,A vulnerability was found in PHP Jabbers Service Booking Script 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-235960. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.,2023-08-03 05:15:10.930,Nuclei
CVE-2023-4114,6.1,0.00401,A vulnerability was found in PHP Jabbers Night Club Booking Software 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-235961 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.,2023-08-03 06:15:10.547,Nuclei
CVE-2023-4115,6.1,0.0027,A vulnerability classified as problematic has been found in PHP Jabbers Cleaning Business 1.0. Affected is an unknown function of the file /index.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the attack remotely. VDB-235962 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.,2023-08-03 06:15:10.710,Nuclei
CVE-2023-4116,6.1,0.0027,A vulnerability classified as problematic was found in PHP Jabbers Taxi Booking 2.0. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-235963. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.,2023-08-03 07:15:13.290,Nuclei
CVE-2023-41179,7.2,0.00657,"A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation.

Note that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability.",2023-09-19 14:15:21.343,CISA
CVE-2023-41265,9.9,0.92032,"An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their privilege by tunneling HTTP requests in the raw HTTP request. This allows them to send requests that get executed by the backend server hosting the repository application. This is fixed in August 2023 IR, May 2023 Patch 4, February 2023 Patch 8, November 2022 Patch 11, and August 2022 Patch 13.",2023-08-29 23:15:09.170,CISA/Nuclei
CVE-2023-41266,6.5,0.87409,"A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows an unauthenticated remote attacker to generate an anonymous session. This allows them to transmit HTTP requests to unauthorized endpoints. This is fixed in August 2023 IR, May 2023 Patch 4, February 2023 Patch 8, November 2022 Patch 11, and August 2022 Patch 13.",2023-08-29 23:15:09.380,CISA/Nuclei
CVE-2023-4148,6.1,0.00071,"The Ditty WordPress plugin before 3.1.25 does not sanitise and escape some parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.",2023-09-25 16:15:14.760,Nuclei
CVE-2023-41538,6.1,0.00098,phpjabbers PHP Forum Script 3.0 is vulnerable to Cross Site Scripting (XSS) via the keyword parameter.,2023-08-30 14:15:11.023,Nuclei
CVE-2023-41642,6.1,0.00069,Multiple reflected cross-site scripting (XSS) vulnerabilities in the ErroreNonGestito.aspx component of GruppoSCAI RealGimm 1.1.37p38 allow attackers to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload injected into the VIEWSTATE parameter.,2023-08-31 14:15:09.033,Nuclei
CVE-2023-4168,7.5,0.09433,A vulnerability was found in Templatecookie Adlisting 2.14.0. It has been classified as problematic. Affected is an unknown function of the file /ad-list of the component Redirect Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-236184. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.,2023-08-05 18:15:09.563,Nuclei
CVE-2023-4169,8.8,0.00941,A vulnerability was found in Ruijie RG-EW1200G 1.0(1)B1P5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/sys/set_passwd of the component Administrator Password Handler. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-236185 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.,2023-08-05 18:15:17.850,Nuclei
CVE-2023-4173,6.1,0.00189,"A vulnerability, which was classified as problematic, was found in mooSocial mooStore 3.1.6. Affected is an unknown function of the file /search/index. The manipulation of the argument q leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-236208.",2023-08-06 00:15:10.103,Nuclei
CVE-2023-4174,6.1,0.00305,A vulnerability has been found in mooSocial mooStore 3.1.6 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. The identifier VDB-236209 was assigned to this vulnerability.,2023-08-06 01:15:08.820,Nuclei
CVE-2023-41763,5.3,0.04262,Skype for Business Elevation of Privilege Vulnerability,2023-10-10 18:15:18.150,CISA/Nuclei
CVE-2023-41892,9.8,0.87286,"Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector. Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15.",2023-09-13 20:15:08.187,Metasploit/Nuclei
CVE-2023-41990,7.8,0.00073,"The issue was addressed with improved handling of caches. This issue is fixed in tvOS 16.3, iOS 16.3 and iPadOS 16.3, macOS Monterey 12.6.8, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Ventura 13.2, watchOS 9.3. Processing a font file may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.",2023-09-12 00:15:09.463,CISA
CVE-2023-41991,5.5,0.01724,"A certificate validation issue was addressed. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.",2023-09-21 19:15:11.283,CISA
CVE-2023-41992,7.8,0.00062,"The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, iOS 16.7 and iPadOS 16.7, macOS Ventura 13.6. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.",2023-09-21 19:15:11.520,CISA
CVE-2023-41993,9.8,0.00313,The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.,2023-09-21 19:15:11.660,CISA
CVE-2023-4211,5.5,0.21262,"A local non-privileged user can make improper GPU memory processing operations  to gain access to already freed memory.

",2023-10-01 18:15:09.927,CISA
CVE-2023-42442,5.3,0.83059,"JumpServer is an open source bastion host and a professional operation and maintenance security audit system. Starting in version 3.0.0 and prior to versions 3.5.5 and 3.6.4, session replays can download without authentication. Session replays stored in S3, OSS, or other cloud storage are not affected. The api `/api/v1/terminal/sessions/` permission control is broken and can be accessed anonymously. SessionViewSet permission classes set to `[RBACPermission | IsSessionAssignee]`, relation is or, so any permission matched will be allowed. Versions 3.5.5 and 3.6.4 have a fix. After upgrading, visit the api `$HOST/api/v1/terminal/sessions/?limit=1`. The expected http response code is 401 (`not_authenticated`).
",2023-09-15 21:15:11.867,Nuclei
CVE-2023-42793,9.8,0.97043,In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible,2023-09-19 17:15:08.330,EPSS/CISA/Metasploit/Nuclei
CVE-2023-42824,7.8,0.00062,The issue was addressed with improved checks. This issue is fixed in iOS 16.7.1 and iPadOS 16.7.1. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6.,2023-10-04 19:15:10.490,CISA
CVE-2023-42916,6.5,0.00112,"An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.",2023-11-30 23:15:07.223,CISA
CVE-2023-42917,8.8,0.00144,"A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.",2023-11-30 23:15:07.280,CISA
CVE-2023-43177,9.8,0.9593,CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes.,2023-11-18 00:15:07.073,EPSS/Metasploit/Nuclei
CVE-2023-43187,9.8,0.28744,A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC requests.,2023-09-27 15:19:33.370,Nuclei
CVE-2023-43208,9.8,0.95605,NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that this vulnerability is caused by the incomplete patch of CVE-2023-37679.,2023-10-26 17:15:09.033,EPSS/CISA/Metasploit/Nuclei
CVE-2023-43261,7.5,0.00685,"An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components.",2023-10-04 12:15:10.627,Nuclei
CVE-2023-43325,6.1,0.15483,A reflected cross-site scripting (XSS) vulnerability in the data[redirect_url] parameter of mooSocial v3.1.8 allows attackers to steal user's session cookies and impersonate their account via a crafted URL.,2023-09-26 00:15:10.593,Nuclei
CVE-2023-43326,6.1,0.00632,A reflected cross-site scripting (XSS) vulnerability exisits in multiple url of mooSocial v3.1.8 allows attackers to steal user's session cookies and impersonate their account via a crafted URL.,2023-09-25 22:15:10.943,Nuclei
CVE-2023-43374,9.8,0.00931,Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the id_utente_log parameter at /hoteldruid/personalizza.php.,2023-09-20 19:15:12.350,Nuclei
CVE-2023-43472,7.5,0.01194,An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST API.,2023-12-05 07:15:07.667,Nuclei
CVE-2023-43654,9.8,0.00144,"TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage of to compromise the integrity of the system and sensitive data. This issue is present in versions 0.1.0 to 0.8.1. A user is able to load the model of their choice from any URL that they would like to use. The user of TorchServe is responsible for configuring both the allowed_urls and specifying the model URL to be used. A pull request to warn the user when the default value for allowed_urls is used has been merged in PR #2534. TorchServe release 0.8.2 includes this change. Users are advised to upgrade. There are no known workarounds for this issue.",2023-09-28 23:15:09.627,Metasploit
CVE-2023-43770,6.1,0.11341,"Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior.",2023-09-22 06:15:10.090,CISA
CVE-2023-43795,9.8,0.13586,GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service (WPS) specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request Forgery. This vulnerability has been patched in version 2.22.5 and 2.23.2.,2023-10-25 18:17:32.180,Nuclei
CVE-2023-4415,8.8,0.00464,A vulnerability was found in Ruijie RG-EW1200G 07161417 r483. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/sys/login. The manipulation leads to improper authentication. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-237518 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.,2023-08-18 16:15:11.163,Nuclei
CVE-2023-44352,6.1,0.00612,"Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an unauthenticated attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.",2023-11-17 14:15:21.693,Nuclei
CVE-2023-44353,9.8,0.00548,Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.,2023-11-17 14:15:21.890,Nuclei
CVE-2023-44487,7.5,0.73185,"The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.",2023-10-10 14:15:10.883,CISA
CVE-2023-4451,6.1,0.00157,Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4.,2023-08-20 15:15:29.760,Nuclei
CVE-2023-44812,6.1,0.00888,Cross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the admin_redirect_url parameter of the user login function.,2023-10-09 21:15:10.227,Nuclei
CVE-2023-44813,6.1,0.00888,Cross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the mode parameter of the invite friend login function.,2023-10-09 21:15:10.273,Nuclei
CVE-2023-45136,9.6,0.59796,"XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When document names are validated according to a name strategy (disabled by default), XWiki starting in version 12.0-rc-1 and prior to versions 12.10.12 and 15.5-rc-1 is vulnerable to a reflected cross-site scripting attack in the page creation form. This allows an attacker to execute arbitrary actions with the rights of the user opening the malicious link. Depending on the rights of the user, this may allow remote code execution and full read and write access to the whole XWiki installation. This has been patched in XWiki 14.10.12 and 15.5-rc-1 by adding appropriate escaping. The vulnerable template file `createinline.vm` is part of XWiki's WAR and can be patched by manually applying the changes from the fix.",2023-10-25 20:15:12.007,Nuclei
CVE-2023-4521,9.8,0.0506,"The Import XML and RSS Feeds WordPress plugin before 2.1.5 contains a web shell, allowing unauthenticated attackers to perform RCE. The plugin/vendor was not compromised and the files are the result of running a PoC for a previously reported issue (https://wpscan.com/vulnerability/d4220025-2272-4d5f-9703-4b2ac4a51c42) and not deleting the created files when releasing the new version.",2023-09-25 16:15:15.297,Nuclei
CVE-2023-45375,8.8,0.05769,"In the module ""PireosPay"" (pireospay) before version 1.7.10 from 01generator.com for PrestaShop, a guest can perform SQL injection via `PireosPayValidationModuleFrontController::postProcess().`",2023-10-17 05:15:50.733,Nuclei
CVE-2023-4542,9.8,0.9242,A vulnerability was found in D-Link DAR-8000-10 up to 20230809. It has been classified as critical. This affects an unknown part of the file /app/sys1.php. The manipulation of the argument cmd with the input id leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-238047. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.,2023-08-25 22:15:11.457,Nuclei
CVE-2023-4547,6.1,0.0025,A vulnerability was found in SPA-Cart eCommerce CMS 1.9.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /search. The manipulation of the argument filter[brandid]/filter[price] leads to cross site scripting. The attack may be launched remotely. VDB-238058 is the identifier assigned to this vulnerability.,2023-08-26 09:15:09.057,Nuclei
CVE-2023-45498,9.8,0.00297,"VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain a command injection vulnerability.",2023-10-27 04:15:10.487,Metasploit
CVE-2023-45499,9.8,0.00137,"VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain hardcoded credentials.",2023-10-27 04:15:10.617,Metasploit
CVE-2023-45542,6.1,0.00109,Cross Site Scripting vulnerability in mooSocial 3.1.8 allows a remote attacker to obtain sensitive information via a crafted script to the q parameter in the Search function.,2023-10-16 21:15:11.517,Nuclei
CVE-2023-45671,4.7,0.01447,"Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, there is a reflected cross-site scripting vulnerability in any API endpoints reliant on the `/<camera_name>` base path as values provided for the path are not sanitized. Exploiting this vulnerability requires the attacker to both know very specific information about a user's Frigate server and requires an authenticated user to be tricked into clicking a specially crafted link to their Frigate instance. This vulnerability could exploited by an attacker under the following circumstances: Frigate publicly exposed to the internet (even with authentication); attacker knows the address of a user's Frigate instance; attacker crafts a specialized page which links to the user's Frigate instance; attacker finds a way to get an authenticated user to visit their specialized page and click the button/link. As the reflected values included in the URL are not sanitized or escaped, this permits execution arbitrary Javascript payloads. Version 0.13.0 Beta 3 contains a patch for this issue.",2023-10-30 23:15:08.620,Nuclei
CVE-2023-4568,6.5,0.02206,"PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and below are confirmed to be affected, but later versions may also be affected due to lack of a vendor supplied patch.",2023-09-13 21:15:07.807,Nuclei
CVE-2023-45852,9.8,0.08001,"In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method.",2023-10-14 02:15:09.270,Nuclei
CVE-2023-45855,7.5,0.00318,qdPM 9.2 allows Directory Traversal to list files and directories by navigating to the /uploads URI.,2023-10-14 05:15:55.313,Nuclei
CVE-2023-4596,9.8,0.10621,"The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been uploaded to the server in the upload_post_image() function in versions up to, and including, 1.24.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.",2023-08-30 02:15:09.353,Nuclei
CVE-2023-46214,8.8,0.36329,"In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. This means that an attacker can upload malicious XSLT which can result in remote code execution on the Splunk Enterprise instance.",2023-11-16 21:15:08.630,Metasploit
CVE-2023-4634,9.8,0.0216,"The Media Library Assistant plugin for WordPress is vulnerable to Local File Inclusion and Remote Code Execution in versions up to, and including, 3.09. This is due to insufficient controls on file paths being supplied to the 'mla_stream_file' parameter from the ~/includes/mla-stream-image.php file, where images are processed via Imagick(). This makes it possible for unauthenticated attackers to supply files via FTP that will make directory lists, local file inclusion, and remote code execution possible.",2023-09-06 09:15:08.873,Nuclei
CVE-2023-46347,9.8,0.06613,"In the module ""Step by Step products Pack"" (ndk_steppingpack) version 1.5.6 and before from NDK Design for PrestaShop, a guest can perform SQL injection. The method `NdkSpack::getPacks()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.",2023-10-25 18:17:37.697,Nuclei
CVE-2023-46359,9.8,0.12781,"An OS command injection vulnerability in Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier, may allow an unauthenticated remote attacker to execute arbitrary commands on the system via a specifically crafted arguments passed to the connectivity check feature.",2024-02-06 01:15:07.877,Nuclei
CVE-2023-46574,9.8,0.39319,An issue in TOTOLINK A3700R v.9.1.2u.6165_20211012 allows a remote attacker to execute arbitrary code via the FileName parameter of the UploadFirmwareFile function.,2023-10-25 18:17:39.780,Nuclei
CVE-2023-46604,9.8,0.93136,"The Java OpenWire protocol marshaller is vulnerable to Remote Code 
Execution. This vulnerability may allow a remote attacker with network 
access to either a Java-based OpenWire broker or client to run arbitrary
 shell commands by manipulating serialized class types in the OpenWire 
protocol to cause either the client or the broker (respectively) to 
instantiate any class on the classpath.

Users are recommended to upgrade
 both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 
which fixes this issue.

",2023-10-27 15:15:14.017,CISA/Metasploit
CVE-2023-46732,6.1,0.00486,"XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki is vulnerable to reflected cross-site scripting (RXSS) via the `rev` parameter that is used in the content of the content menu without escaping. If an attacker can convince a user to visit a link with a crafted parameter, this allows the attacker to execute arbitrary actions in the name of the user, including remote code (Groovy) execution in the case of a user with programming right, compromising the confidentiality, integrity and availability of the whole XWiki installation. This has been patched in XWiki 15.6 RC1, 15.5.1 and 14.10.14. The patch in commit `04e325d57` can be manually applied without upgrading (or restarting) the instance. Users are advised to upgrade or to manually apply the patch. There are no known workarounds for this vulnerability.",2023-11-06 19:15:09.397,Nuclei
CVE-2023-46747,9.8,0.9721,"


Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

",2023-10-26 21:15:08.097,EPSS/CISA/Metasploit/Nuclei
CVE-2023-46748,8.8,0.00731,"An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which 

may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands.

 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated",2023-10-26 21:15:08.177,CISA
CVE-2023-46805,8.2,0.95867,"An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.",2024-01-12 17:15:09.530,EPSS/CISA/Metasploit/Nuclei
CVE-2023-46944,7.8,0.00266,An issue in GitKraken GitLens before v.14.0.0 allows an attacker to execute arbitrary code via a crafted file to the Visual Studio Codes workspace trust component.,2023-11-28 22:15:06.937,Metasploit
CVE-2023-47115,5.4,0.02336,"Label Studio is an a popular open source data labeling tool. Versions prior to 1.9.2 have a cross-site scripting (XSS) vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the website. Executing arbitrary JavaScript could result in an attacker performing malicious actions on Label Studio users if they visit the crafted avatar image. For an example, an attacker can craft a JavaScript payload that adds a new Django Super Administrator user if a Django administrator visits the image.

The file `users/functions.py` lines 18-49 show that the only verification check is that the file is an image by extracting the dimensions from the file. Label Studio serves avatar images using Django's built-in `serve` view, which is not secure for production use according to Django's documentation. The issue with the Django `serve` view is that it determines the `Content-Type` of the response by the file extension in the URL path. Therefore, an attacker can upload an image that contains malicious HTML code and name the file with a `.html` extension to be rendered as a HTML page. The only file extension validation is performed on the client-side, which can be easily bypassed.

Version 1.9.2 fixes this issue. Other remediation strategies include validating the file extension on the server side, not in client-side code; removing the use of Django's `serve` view and implement a secure controller for viewing uploaded avatar images; saving file content in the database rather than on the filesystem to mitigate against other file related vulnerabilities; and avoiding trusting user controlled inputs.",2024-01-23 23:15:08.100,Nuclei
CVE-2023-4714,7.5,0.60454,A vulnerability was found in PlayTube 3.0.1 and classified as problematic. This issue affects some unknown processing of the component Redirect Handler. The manipulation leads to information disclosure. The attack may be initiated remotely. The identifier VDB-238577 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.,2023-09-01 20:15:08.890,Nuclei
CVE-2023-47211,8.6,0.00085,A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability.,2024-01-08 15:15:25.287,Nuclei
CVE-2023-47218,5.8,0.00305,"An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.

We have already fixed the vulnerability in the following versions:
QTS 5.1.5.2645 build 20240116 and later
QuTS hero h5.1.5.2647 build 20240118 and later
QuTScloud c5.1.5.2651 and later
",2024-02-13 03:15:07.700,Metasploit/Nuclei
CVE-2023-47246,9.8,0.94303,"In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.",2023-11-10 06:15:30.510,CISA/Nuclei
CVE-2023-47565,8.8,0.01453,"An OS command injection vulnerability has been found to affect legacy QNAP VioStor NVR models running QVR Firmware 4.x. If exploited, the vulnerability could allow authenticated users to execute commands via a network.

We have already fixed the vulnerability in the following versions:

QVR Firmware 5.0.0 and later

",2023-12-08 16:15:16.367,CISA
CVE-2023-4762,8.8,0.77068,Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High),2023-09-05 22:15:09.677,CISA
CVE-2023-47643,5.3,0.4037,"SuiteCRM is a Customer Relationship Management (CRM) software application. Prior to version 8.4.2, Graphql Introspection is enabled without authentication, exposing the scheme defining all object types, arguments, and functions. An attacker can obtain the GraphQL schema and understand the entire attack surface of the API, including sensitive fields such as UserHash. This issue is patched in version 8.4.2. There are no known workarounds.",2023-11-21 20:15:07.270,Nuclei
CVE-2023-48023,9.1,0.32584,"Anyscale Ray 2.6.3 and 2.8.0 allows /log_proxy SSRF. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment",2023-11-28 08:15:07.060,Nuclei
CVE-2023-48084,9.8,0.08059,Nagios XI before version 5.11.3 was discovered to contain a SQL injection vulnerability via the bulk modification tool.,2023-12-14 07:15:08.890,Nuclei
CVE-2023-48241,7.5,0.50787,"XWiki Platform is a generic wiki platform. Starting in version 6.3-milestone-2 and prior to versions 14.10.15, 15.5.1, and 15.6RC1, the Solr-based search suggestion provider that also duplicates as generic JavaScript API for search results in XWiki exposes the content of all documents of all wikis to anybody who has access to it, by default it is public. This exposes all information stored in the wiki (but not some protected information like password hashes). While there is a right check normally, the right check can be circumvented by explicitly requesting fields from Solr that don't include the data for the right check. This has been fixed in XWiki 15.6RC1, 15.5.1 and 14.10.15 by not listing documents whose rights cannot be checked. No known workarounds are available.",2023-11-20 18:15:07.440,Nuclei
CVE-2023-4863,8.8,0.6501,Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical),2023-09-12 15:15:24.327,CISA
CVE-2023-48777,9.9,0.00054,"Unrestricted Upload of File with Dangerous Type vulnerability in Elementor.Com Elementor Website Builder.This issue affects Elementor Website Builder: from 3.3.0 through 3.18.1.

",2024-03-26 21:15:52.350,Nuclei
CVE-2023-48788,9.8,0.71085,"A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets.",2024-03-12 15:15:46.973,CISA/Metasploit
CVE-2023-48795,5.9,0.96252,"The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.",2023-12-18 16:15:10.897,EPSS
CVE-2023-49070,9.8,0.79804,"
Pre-auth RCE in Apache Ofbiz 18.12.09.

It's due to XML-RPC no longer maintained still present.
This issue affects Apache OFBiz: before 18.12.10. 
Users are recommended to upgrade to version 18.12.10

",2023-12-05 08:15:07.443,Metasploit/Nuclei
CVE-2023-49084,8.8,0.00071,"Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server. Exploitation of the vulnerability is possible for an authorized user. The vulnerable component is the `link.php`. Impact of the vulnerability execution of arbitrary code on the server. ",2023-12-21 23:15:09.337,Metasploit
CVE-2023-49085,8.8,0.00117,"Cacti provides an operational monitoring and fault management framework. In versions 1.2.25 and prior, it is possible to execute arbitrary SQL code through the `pollers.php` script. An authorized user may be able to execute arbitrary SQL code. The vulnerable component is the `pollers.php`. Impact of the vulnerability - arbitrary SQL code execution. As of time of publication, a patch does not appear to exist.",2023-12-22 17:15:07.990,Metasploit
CVE-2023-49103,7.5,0.85996,"An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo). This information includes all the environment variables of the webserver. In containerized deployments, these environment variables may include sensitive data such as the ownCloud admin password, mail server credentials, and license key. Simply disabling the graphapi app does not eliminate the vulnerability. Additionally, phpinfo exposes various other potentially sensitive configuration details that could be exploited by an attacker to gather information about the system. Therefore, even if ownCloud is not running in a containerized environment, this vulnerability should still be a cause for concern. Note that Docker containers from before February 2023 are not vulnerable to the credential disclosure.",2023-11-21 22:15:08.277,CISA/Metasploit/Nuclei
CVE-2023-4911,7.8,0.01388,A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.,2023-10-03 18:15:10.463,CISA/Metasploit
CVE-2023-4966,7.5,0.97129,"Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server. 



",2023-10-10 14:15:10.977,EPSS/CISA/Metasploit/Nuclei
CVE-2023-4973,6.1,0.00235,A vulnerability was found in Academy LMS 6.2 on Windows. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument searched_word/searched_tution_class_type[]/searched_price_type[]/searched_duration[] leads to cross site scripting. The attack can be launched remotely. The identifier VDB-239749 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.,2023-09-15 02:15:08.367,Nuclei
CVE-2023-4974,9.8,0.02973,A vulnerability was found in Academy LMS 6.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument price_min/price_max leads to sql injection. The attack may be launched remotely. VDB-239750 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.,2023-09-15 03:15:09.393,Nuclei
CVE-2023-49785,9.1,0.00049,"NextChat, also known as ChatGPT-Next-Web, is a cross-platform chat user interface for use with ChatGPT. Versions 2.11.2 and prior are vulnerable to server-side request forgery and cross-site scripting. This vulnerability enables read access to internal HTTP endpoints but also write access using HTTP POST, PUT, and other methods. Attackers can also use this vulnerability to mask their source IP by forwarding malicious traffic intended for other Internet targets through these open proxies. As of time of publication, no patch is available, but other mitigation strategies are available. Users may avoid exposing the application to the public internet or, if exposing the application to the internet, ensure it is an isolated network with no access to any other internal resources.
",2024-03-12 00:15:26.383,Nuclei
CVE-2023-49897,8.8,0.00976,"An OS command injection vulnerability exists in AE1021PE firmware version 2.0.9 and earlier and AE1021 firmware version 2.0.9 and earlier. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in to the product.",2023-12-06 07:15:41.883,CISA
CVE-2023-5003,7.5,0.00464,"The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.10 stores sensitive LDAP logs in a buffer file when an administrator wants to export said logs. Unfortunately, this log file is never removed, and remains accessible to any users knowing the URL to do so.",2023-10-16 20:15:17.490,Nuclei
CVE-2023-50290,6.5,0.06308,"Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr.
The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users are able to specify which environment variables to hide, however, the default list is designed to work for known secret Java system properties. Environment variables cannot be strictly defined in Solr, like Java system properties can be, and may be set for the entire host, unlike Java system properties which are set per-Java-proccess.

The Solr Metrics API is protected by the ""metrics-read"" permission.
Therefore, Solr Clouds with Authorization setup will only be vulnerable via users with the ""metrics-read"" permission.
This issue affects Apache Solr: from 9.0.0 before 9.3.0.

Users are recommended to upgrade to version 9.3.0 or later, in which environment variables are not published via the Metrics API.

",2024-01-15 10:15:26.527,Nuclei
CVE-2023-50386,8.8,0.87086,"Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1.

In the affected versions, Solr ConfigSets accepted Java jar and class files to be uploaded through the ConfigSets API.
When backing up Solr Collections, these configSet files would be saved to disk when using the LocalFileSystemRepository (the default for backups).
If the backup was saved to a directory that Solr uses in its ClassPath/ClassLoaders, then the jar and class files would be available to use with any ConfigSet, trusted or untrusted.

When Solr is run in a secure way (Authorization enabled), as is strongly suggested, this vulnerability is limited to extending the Backup permissions with the ability to add libraries.
Users are recommended to upgrade to version 8.11.3 or 9.4.1, which fix the issue.
In these versions, the following protections have been added:

  *  Users are no longer able to upload files to a configSet that could be executed via a Java ClassLoader.
  *  The Backup API restricts saving backups to directories that are used in the ClassLoader.

",2024-02-09 18:15:08.540,Metasploit
CVE-2023-50445,7.8,0.00042,"Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6, MT2500 v4.4.6, MT6000 v4.5.0, MT1300 v4.3.7, MT300N-V2 v4.3.7, AR750S v4.3.7, AR750 v4.3.7, AR300M v4.3.7, and B1300 v4.3.7., allows local attackers to execute arbitrary code via the get_system_log and get_crash_log functions of the logread module, as well as the upgrade_online function of the upgrade module.",2023-12-28 05:15:08.427,Metasploit
CVE-2023-50719,7.5,0.33317,"XWiki Platform is a generic wiki platform. Starting in 7.2-milestone-2 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the password hashes of all users to anyone with view right on the respective user profiles. By default, all user profiles are public. This vulnerability also affects any configurations used by extensions that contain passwords like API keys that are viewable for the attacker. Normally, such passwords aren't accessible but this vulnerability would disclose them as plain text.  This has been patched in XWiki 14.10.15, 15.5.2 and 15.7RC1. There are no known workarounds for this vulnerability.
",2023-12-15 19:15:09.247,Nuclei
CVE-2023-50720,5.3,0.00749,"XWiki Platform is a generic wiki platform. Prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the email addresses of users even when obfuscation of email addresses is enabled. To demonstrate the vulnerability, search for `objcontent:email*` using XWiki's regular search interface. This has been fixed in XWiki 14.10.15, 15.5.2 and 15.7RC1 by not indexing email address properties when obfuscation is enabled. There are no known workarounds for this vulnerability.
",2023-12-15 19:15:09.463,Nuclei
CVE-2023-5074,9.8,0.01832,Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28,2023-09-20 16:15:12.750,Nuclei
CVE-2023-5089,5.3,0.00231,"The Defender Security WordPress plugin before 4.1.0 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the login page, even when the hide login page functionality of the plugin is enabled.",2023-10-16 20:15:17.737,Nuclei
CVE-2023-50917,9.8,0.70435,MajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE: this is unrelated to the Majordomo mailing-list manager.,2023-12-15 17:15:12.840,Metasploit/Nuclei
CVE-2023-50919,9.8,0.00106,"An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string pattern matching. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7.",2024-01-12 08:15:43.533,Metasploit
CVE-2023-50968,7.5,0.26928,"Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations.

The same uri can be operated to realize a SSRF attack also  without  authorizations.

Users are recommended to upgrade to version 18.12.11, which fixes this issue.",2023-12-26 12:15:07.287,Nuclei
CVE-2023-51449,7.5,0.0308,"Gradio is an open-source Python package that allows you to quickly build a demo or web application for your machine learning model, API, or any arbitary Python function. Versions of `gradio` prior to 4.11.0 contained a vulnerability in the `/file` route which made them susceptible to file traversal attacks in which an attacker could access arbitrary files on a machine running a Gradio app with a public URL (e.g. if the demo was created with `share=True`, or on Hugging Face Spaces) if they knew the path of files to look for. This issue has been patched in version 4.11.0.",2023-12-22 21:15:09.000,Nuclei
CVE-2023-51467,9.8,0.57138,"The vulnerability permits attackers to circumvent authentication processes, enabling them to remotely execute arbitrary code

",2023-12-26 15:15:08.853,Metasploit/Nuclei
CVE-2023-52085,5.4,0.00267,"Winter is a free, open-source content management system. Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be included without further processing in the compilation of custom stylesheets via LESS. This had the potential to lead to a Local File Inclusion vulnerability. This issue has been patched in v1.2.4.",2023-12-29 00:15:50.300,Nuclei
CVE-2023-5217,8.8,0.24503,Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High),2023-09-28 16:15:10.980,CISA
CVE-2023-52251,8.8,0.02649,An issue discovered in provectus kafka-ui 0.4.0 through 0.7.1 allows remote attackers to execute arbitrary code via the q parameter of /api/clusters/local/topics/{topic}/messages.,2024-01-25 21:15:08.787,Metasploit
CVE-2023-5244,6.1,0.0019,Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 2.0.,2023-09-28 01:15:09.060,Nuclei
CVE-2023-5360,9.8,0.91126,"The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE.",2023-10-31 14:15:12.773,Metasploit/Nuclei
CVE-2023-5375,6.1,0.00092,Open Redirect in GitHub repository mosparo/mosparo prior to 1.0.2.,2023-10-04 09:15:31.980,Nuclei
CVE-2023-5556,6.1,0.00071,Cross-site Scripting (XSS) - Reflected in GitHub repository structurizr/onpremises prior to 3194.,2023-10-12 11:15:23.873,Nuclei
CVE-2023-5612,5.3,0.00463,"An issue has been discovered in GitLab affecting all versions before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. It was possible to read the user email address via tags feed although the visibility in the user profile has been disabled.",2024-01-26 02:15:07.357,Metasploit
CVE-2023-5631,5.4,0.0068,"
Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior. This could allow a remote attacker

to load arbitrary JavaScript code.







",2023-10-18 15:15:08.727,CISA
CVE-2023-5830,9.8,0.00465,A vulnerability classified as critical has been found in ColumbiaSoft Document Locator. This affects an unknown part of the file /api/authentication/login of the component WebTools. The manipulation of the argument Server leads to improper authentication. It is possible to initiate the attack remotely. Upgrading to version 7.2 SP4 and 2021.1 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-243729 was assigned to this vulnerability.,2023-10-27 21:15:10.003,Nuclei
CVE-2023-5914,6.1,0.00095,  Cross-site scripting (XSS),2024-01-17 21:15:11.413,Nuclei
CVE-2023-5991,9.8,0.17214,"The Hotel Booking Lite WordPress plugin before 4.8.5 does not validate file paths provided via user input, as well as does not have proper CSRF and authorisation checks, allowing unauthenticated users to download and delete arbitrary files on the server",2023-12-26 19:15:08.213,Nuclei
CVE-2023-6018,9.8,0.86232,An attacker can overwrite any file on the server hosting MLflow without any authentication.,2023-11-16 16:15:34.880,Nuclei
CVE-2023-6020,7.5,0.07142,LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication.,2023-11-16 21:15:09.443,Nuclei
CVE-2023-6021,7.5,0.00374,LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here: https://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cve-2023-6021-cve-2023-48022-cve-2023-48023,2023-11-16 17:15:09.020,Nuclei
CVE-2023-6023,7.5,0.003,An attacker can read any file on the filesystem on the server hosting ModelDB through an LFI in the artifact_path URL parameter.,2023-11-16 16:15:35.057,Nuclei
CVE-2023-6038,7.5,0.07142,"A Local File Inclusion (LFI) vulnerability exists in the h2o-3 REST API, allowing unauthenticated remote attackers to read arbitrary files on the server with the permissions of the user running the h2o-3 instance. This issue affects the default installation and does not require user interaction. The vulnerability can be exploited by making specific GET or POST requests to the ImportFiles and ParseSetup endpoints, respectively. This issue was identified in version 3.40.0.4 of h2o-3.",2023-11-16 17:15:09.373,Nuclei
CVE-2023-6063,7.5,0.02974,"The WP Fastest Cache WordPress plugin before 1.2.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users.",2023-12-04 22:15:08.337,Nuclei
CVE-2023-6065,5.3,0.00118,"The Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 doesn't restrict access to detailed scan logs, which allows a malicious actor to discover local paths and portions of the site's code",2023-12-18 20:15:08.750,Nuclei
CVE-2023-6114,7.5,0.01252,"The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the `backups-dup-lite/tmp` directory (or the `backups-dup-pro/tmp` directory in the Pro version), which temporarily stores files containing sensitive data. When directory listing is enabled in the web server, this allows unauthenticated attackers to discover and access these sensitive files, which include a full database dump and a zip archive of the site.",2023-12-26 19:15:08.260,Nuclei
CVE-2023-6345,9.6,0.07353,Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High),2023-11-29 12:15:07.077,CISA
CVE-2023-6360,9.8,0.01137,"The 'My Calendar' WordPress Plugin, version < 3.4.22 is affected by an unauthenticated SQL injection vulnerability in the 'from' and 'to' parameters in the '/my-calendar/v1/events' rest route.",2023-11-30 16:15:11.820,Nuclei
CVE-2023-6379,6.1,0.00075,"Cross-site scripting (XSS) vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to a victim and partially take control of their browsing session.",2023-12-13 11:15:07.100,Nuclei
CVE-2023-6380,6.1,0.00985,Open redirect vulnerability has been found in the Open CMS product affecting versions 14 and 15 of the 'Mercury' template. An attacker could create a specially crafted URL and send it to a specific user to redirect them to a malicious site and compromise them. Exploitation of this vulnerability is possible due to the fact that there is no proper sanitization of the 'URI' parameter.,2023-12-13 11:15:07.630,Nuclei
CVE-2023-6389,6.1,0.00287,"The WordPress Toolbar WordPress plugin through 2.2.6 redirects to any URL via the ""wptbto"" parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.",2024-01-29 15:15:09.410,Nuclei
CVE-2023-6448,9.8,0.06843,"Unitronics VisiLogic before version 9.9.00, used in Vision and Samba PLCs and HMIs, uses a default administrative password. An unauthenticated attacker with network access can take administrative control of a vulnerable system.
",2023-12-05 18:15:12.643,CISA
CVE-2023-6505,7.5,0.00266,The Migrate WordPress Website & Backups WordPress plugin before 1.9.3 does not prevent directory listing in sensitive directories containing export files.,2024-01-08 19:15:10.230,Nuclei
CVE-2023-6548,8.8,0.01568,"Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface.",2024-01-17 20:15:50.627,CISA
CVE-2023-6549,7.5,0.00773,"Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service and Out-Of-Bounds Memory Read
",2024-01-17 21:15:11.690,CISA
CVE-2023-6553,9.8,0.92851,"The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote code execution. This makes it possible for unauthenticated attackers to easily execute code on the server.",2023-12-15 11:15:47.837,Metasploit/Nuclei
CVE-2023-6567,7.5,0.15494,"The LearnPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order_by’ parameter in all versions up to, and including, 4.2.5.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.",2024-01-11 09:15:49.407,Nuclei
CVE-2023-6623,9.8,0.09254,"The Essential Blocks WordPress plugin before 4.4.3 does not prevent unauthenticated attackers from overwriting local variables when rendering templates over the REST API, which may lead to Local File Inclusion attacks.",2024-01-15 16:15:12.573,Nuclei
CVE-2023-6634,9.8,0.29824,"The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4.2.5.7 via the get_content function. This is due to the plugin making use of the call_user_func function with user input. This makes it possible for unauthenticated attackers to execute any public function with one parameter, which could result in remote code execution.",2024-01-11 09:15:50.437,Nuclei
CVE-2023-6831,8.1,0.00207,Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.,2023-12-15 01:15:08.140,Nuclei
CVE-2023-6875,9.8,0.03287,"The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to reset the API key used to authenticate to the mailer and view logs, including password reset emails, allowing site takeover.",2024-01-11 09:15:52.773,Nuclei
CVE-2023-6895,9.8,0.92039,A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). It has been declared as critical. This vulnerability affects unknown code of the file /php/ping.php. The manipulation of the argument jsondata[ip] with the input netstat -ano leads to os command injection. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.0 is able to address this issue. It is recommended to upgrade the affected component. VDB-248254 is the identifier assigned to this vulnerability.,2023-12-17 08:15:07.173,Nuclei
CVE-2023-6909,7.5,0.00494,Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.,2023-12-18 04:15:52.367,Nuclei
CVE-2023-6977,7.5,0.00494,This vulnerability enables malicious users to read sensitive files on the server.,2023-12-20 06:15:45.907,Nuclei
CVE-2023-6989,9.8,0.15393,"The Shield Security – Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the render_action_template parameter. This makes it possible for unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files.",2024-02-05 22:15:58.603,Nuclei
CVE-2023-7024,8.8,0.00696,Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High),2023-12-21 23:15:11.213,CISA
CVE-2023-7028,7.5,0.96023,"An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.",2024-01-12 14:15:49.420,EPSS/CISA/Metasploit/Nuclei
CVE-2023-7101,7.8,0.05321,"Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing logic. 
",2023-12-24 22:15:07.983,CISA
CVE-2024-0195,9.8,0.85253,"A vulnerability, which was classified as critical, was found in spider-flow 0.4.3. Affected is the function FunctionService.saveFunction of the file src/main/java/org/spiderflow/controller/FunctionController.java. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249510 is the identifier assigned to this vulnerability.",2024-01-02 21:15:10.003,Nuclei
CVE-2024-0200,9.8,0.04605,"An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the GHES instance with the organization owner role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.13, 3.9.8, 3.10.5, and 3.11.3. This vulnerability was reported via the GitHub Bug Bounty program.

",2024-01-16 19:15:08.667,Nuclei
CVE-2024-0204,9.8,0.50096,Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.,2024-01-22 18:15:20.137,Metasploit/Nuclei
CVE-2024-0235,5.3,0.00506,"The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog",2024-01-16 16:15:14.327,Nuclei
CVE-2024-0250,0.0,0.00053,The Analytics Insights for Google Analytics 4 (AIWP) WordPress plugin before 6.3 is vulnerable to Open Redirect due to insufficient validation on the redirect oauth2callback.php file. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.,2024-02-12 16:15:08.500,Nuclei
CVE-2024-0305,7.5,0.0103,A vulnerability was found in Guangzhou Yingke Electronic Technology Ncast up to 2017 and classified as problematic. Affected by this issue is some unknown functionality of the file /manage/IPSetup.php of the component Guest Login. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249872.,2024-01-08 09:15:21.240,Nuclei
CVE-2024-0337,0.0,0.00053,The Travelpayouts: All Travel Brands in One Place WordPress plugin through 1.1.15 is vulnerable to Open Redirect due to insufficient validation on the travelpayouts_redirect variable. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.,2024-03-20 05:15:45.387,Nuclei
CVE-2024-0352,9.8,0.00714,A vulnerability classified as critical was found in Likeshop up to 2.5.7.20210311. This vulnerability affects the function FileServer::userFormImage of the file server/application/api/controller/File.php of the component HTTP POST Request Handler. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250120.,2024-01-09 23:15:10.403,Nuclei
CVE-2024-0519,8.8,0.00179,Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High),2024-01-16 22:15:37.753,CISA
CVE-2024-0713,0.0,0.00872,Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-28871. Reason: This candidate is a reservation duplicate of CVE-2020-28871. Notes: All CVE users should reference CVE-2020-28871 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.,2024-01-19 14:15:13.277,Nuclei
CVE-2024-0881,0.0,0.00053,"The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel  WordPress plugin before 2.2.76 does not prevent password protected posts from being displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to read such posts",2024-04-11 16:15:24.800,Nuclei
CVE-2024-0939,9.8,0.02744,A vulnerability has been found in Byzoro Smart S210 Management Platform up to 20240117 and classified as critical. This vulnerability affects unknown code of the file /Tool/uploadfile.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252184. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.,2024-01-26 19:15:08.103,Nuclei
CVE-2024-1021,9.8,0.00939,"A vulnerability, which was classified as critical, has been found in Rebuild up to 3.5.5. Affected by this issue is the function readRawText of the component HTTP Request Handler. The manipulation of the argument url leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252290 is the identifier assigned to this vulnerability.",2024-01-29 22:15:08.553,Nuclei
CVE-2024-1061,9.8,0.00832,"The 'HTML5 Video Player' WordPress Plugin, version < 2.5.25 is affected by an unauthenticated SQL injection vulnerability in the 'id' parameter in the  'get_view' function.
",2024-01-30 09:15:48.367,Nuclei
CVE-2024-1071,9.8,0.00063,"The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the 'sorting' parameter in versions 2.1.3 to 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.",2024-03-13 16:15:16.293,Nuclei
CVE-2024-1086,7.8,0.01089,"A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.

The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT.

We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.

",2024-01-31 13:15:10.827,CISA
CVE-2024-1183,0.0,0.00076,"An SSRF (Server-Side Request Forgery) vulnerability exists in the gradio-app/gradio repository, allowing attackers to scan and identify open ports within an internal network. By manipulating the 'file' parameter in a GET request, an attacker can discern the status of internal ports based on the presence of a 'Location' header or a 'File not allowed' error in the response.",2024-04-16 00:15:07.990,Nuclei
CVE-2024-1208,5.3,0.00968,"The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.2 via API. This makes it possible for unauthenticated attackers to obtain access to quiz questions.",2024-02-05 22:16:07.977,Nuclei
CVE-2024-1209,5.3,0.00953,"The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via direct file access due to insufficient protection of uploaded assignments. This makes it possible for unauthenticated attackers to obtain those uploads.",2024-02-05 22:16:08.143,Nuclei
CVE-2024-1210,5.3,0.00953,"The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via API. This makes it possible for unauthenticated attackers to obtain access to quizzes.",2024-02-05 22:16:08.310,Nuclei
CVE-2024-1212,10.0,0.00213,"Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.


",2024-02-21 18:15:50.417,Metasploit/Nuclei
CVE-2024-1380,5.3,0.00053,"The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relevanssi_export_log_check() function in all versions up to, and including, 4.22.0. This makes it possible for unauthenticated attackers to export the query log data. The vendor has indicated that they may look into adding a capability check for proper authorization control, however, this vulnerability is theoretically patched as is.",2024-03-13 16:15:20.903,Nuclei
CVE-2024-1561,0.0,0.00087,"An issue was discovered in gradio-app/gradio, where the `/component_server` endpoint improperly allows the invocation of any method on a `Component` class with attacker-controlled arguments. Specifically, by exploiting the `move_resource_to_block_cache()` method of the `Block` class, an attacker can copy any file on the filesystem to a temporary directory and subsequently retrieve it. This vulnerability enables unauthorized local file read access, posing a significant risk especially when the application is exposed to the internet via `launch(share=True)`, thereby allowing remote attackers to read files on the host machine. Furthermore, gradio apps hosted on `huggingface.co` are also affected, potentially leading to the exposure of sensitive information such as API keys and credentials stored in environment variables.",2024-04-16 00:15:08.887,Nuclei
CVE-2024-1698,9.8,0.00087,"The NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor plugin for WordPress is vulnerable to SQL Injection via the 'type' parameter in all versions up to, and including, 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.",2024-02-27 06:15:46.140,Nuclei
CVE-2024-1708,8.4,0.00049,"ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker 

the ability to execute remote code or directly impact confidential data or critical systems.

",2024-02-21 16:15:50.233,Metasploit
CVE-2024-1709,10.0,0.94612,"ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel

 vulnerability, which may allow an attacker direct access to confidential information or 

critical systems.

",2024-02-21 16:15:50.420,CISA/Metasploit/Nuclei
CVE-2024-1728,0.0,0.00053,"gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied input in the UploadButton component. Attackers can exploit this vulnerability to read arbitrary files on the filesystem, such as private SSH keys, by manipulating the file path in the request to the `/queue/join` endpoint. This issue could potentially lead to remote code execution. The vulnerability is present in the handling of file upload paths, allowing attackers to redirect file uploads to unintended locations on the server.",2024-04-10 17:15:53.097,Nuclei
CVE-2024-1800,9.9,0.00046,"
In Progress® Telerik® Report Server versions prior to 2024 Q1 (10.0.24.130), a remote code execution attack is possible through an insecure deserialization vulnerability.",2024-03-20 13:15:11.980,Metasploit
CVE-2024-20353,8.6,0.00226,"A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.

 This vulnerability is due to incomplete error checking when parsing an HTTP header. An attacker could exploit this vulnerability by sending a crafted HTTP request to a targeted web server on a device. A successful exploit could allow the attacker to cause a DoS condition when the device reloads.",2024-04-24 19:15:46.723,CISA
CVE-2024-20359,6.0,0.00128,"A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level privileges are required to exploit this vulnerability.

 This vulnerability is due to improper validation of a file when it is read from system flash memory. An attacker could exploit this vulnerability by copying a crafted file to the disk0: file system of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the affected device after the next reload of the device, which could alter system behavior. Because the injected code could persist across device reboots, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High.",2024-04-24 19:15:46.943,CISA
CVE-2024-2044,9.9,0.00163,"pgAdmin <= 8.3 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling code. If the server is running on Windows, an unauthenticated attacker can load and deserialize remote pickle objects and gain code execution. If the server is running on POSIX/Linux, an authenticated attacker can upload pickle objects, deserialize them, and gain code execution.
",2024-03-07 21:15:08.767,Metasploit
CVE-2024-2054,0.0,0.00508,"The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the ""www-data"" user.",2024-03-21 02:52:27.320,Metasploit
CVE-2024-20767,8.2,0.08221,"ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to sensitive files and perform arbitrary file system write. Exploitation of this issue does not require user interaction.",2024-03-18 12:15:06.870,Metasploit/Nuclei
CVE-2024-21338,7.8,0.01426,Windows Kernel Elevation of Privilege Vulnerability,2024-02-13 18:15:49.083,CISA
CVE-2024-21351,7.6,0.00351,Windows SmartScreen Security Feature Bypass Vulnerability,2024-02-13 18:15:51.333,CISA
CVE-2024-21410,9.8,0.07383,Microsoft Exchange Server Elevation of Privilege Vulnerability,2024-02-13 18:15:59.680,CISA
CVE-2024-21412,8.1,0.00226,Internet Shortcut Files Security Feature Bypass Vulnerability,2024-02-13 18:15:59.903,CISA
CVE-2024-21626,8.6,0.05062,"runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem (""attack 2""). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run (""attack 1""). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes (""attack 3a"" and ""attack 3b""). runc 1.1.12 includes patches for this issue. ",2024-01-31 22:15:53.780,Metasploit
CVE-2024-21644,7.5,0.11812,"pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the `SECRET_KEY` variable. This issue has been patched in version 0.5.0b3.dev77.",2024-01-08 14:15:47.217,Nuclei
CVE-2024-21645,5.3,0.00611,"pyLoad is the free and open-source Download Manager written in pure Python. A log injection vulnerability was identified in `pyload` allowing any unauthenticated actor to inject arbitrary messages into the logs gathered by `pyload`. Forged or otherwise, corrupted log files can be used to cover an attacker’s tracks or even to implicate another party in the commission of a malicious act. This vulnerability has been patched in version 0.5.0b3.dev77.
",2024-01-08 14:15:47.420,Nuclei
CVE-2024-21683,8.8,0.51143,"This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server.

This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. 

Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions. See the release notes https://confluence.atlassian.com/doc/confluence-release-notes-327.html

You can download the latest version of Confluence Data Center and Server from the download center https://www.atlassian.com/software/confluence/download-archives.

This vulnerability was found internally.",2024-05-21 23:15:07.923,Nuclei
CVE-2024-21762,9.8,0.01842,"A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests",2024-02-09 09:15:08.087,CISA
CVE-2024-21887,9.1,0.96851,"A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x)  allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.",2024-01-12 17:15:10.017,EPSS/CISA/Nuclei
CVE-2024-21893,8.2,0.96139,"A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.",2024-01-31 18:15:47.437,EPSS/CISA/Metasploit/Nuclei
CVE-2024-22024,8.3,0.00595,"An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication.",2024-02-13 04:15:07.943,Nuclei
CVE-2024-22319,9.8,0.34739,"


IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, 8.11.1 and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 279145.



",2024-02-02 03:15:10.573,Nuclei
CVE-2024-22320,8.8,0.48907,"IBM Operational Decision Manager 8.10.3 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of SYSTEM.  IBM X-Force ID:  279146.",2024-02-02 03:15:10.780,Nuclei
CVE-2024-22729,9.8,0.00479,NETIS SYSTEMS MW5360 V1.0.1.3031 was discovered to contain a command injection vulnerability via the password parameter on the login page.,2024-01-25 15:15:08.133,Metasploit
CVE-2024-22927,6.1,0.10809,Cross Site Scripting (XSS) vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.,2024-02-01 23:15:10.960,Nuclei
CVE-2024-23222,8.8,0.00133,"A type confusion issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.",2024-01-23 01:15:11.500,CISA
CVE-2024-23225,7.8,0.00207,"A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.",2024-03-05 20:16:01.370,CISA
CVE-2024-23296,7.8,0.00156,A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.,2024-03-05 20:16:01.553,CISA
CVE-2024-23334,7.5,0.05171,"aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'follow_symlinks' can be used to determine whether to follow symbolic links outside the static root directory. When 'follow_symlinks' is set to True, there is no validation to check if reading a file is within the root directory. This can lead to directory traversal vulnerabilities, resulting in unauthorized access to arbitrary files on the system, even when symlinks are not present.  Disabling follow_symlinks and using a reverse proxy are encouraged mitigations.  Version 3.9.2 fixes this issue.",2024-01-29 23:15:08.563,Nuclei
CVE-2024-2340,5.3,0.00053,"The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.11.6 via the '/wp-content/uploads/fusion-forms/' directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via an Avada created form with a file upload mechanism.",2024-04-09 19:15:32.520,Nuclei
CVE-2024-23692,9.8,0.0021,"Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported.",2024-05-31 10:15:09.330,Metasploit/Nuclei
CVE-2024-23759,9.8,0.37442,"Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via ""search"" parameter of the Parcelshopfinder/AddAddressBookEntry"" function.",2024-02-12 22:15:08.087,Metasploit
CVE-2024-2389,10.0,0.00305,"In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection vulnerability has been identified.  An unauthenticated user can gain entry to the system via the Flowmon management interface, allowing for the execution of arbitrary system commands.

",2024-04-02 13:15:51.693,Metasploit/Nuclei
CVE-2024-23897,9.8,0.9609,"Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.",2024-01-24 18:15:09.370,EPSS/Metasploit
CVE-2024-23917,9.8,0.04384,In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible,2024-02-06 10:15:09.280,Nuclei
CVE-2024-24112,9.8,0.00317,xmall v1.1 was discovered to contain a SQL injection vulnerability via the orderDir parameter.,2024-02-06 01:15:09.700,Nuclei
CVE-2024-24131,6.1,0.00076,SuperWebMailer v9.31.0.01799 was discovered to contain a reflected cross-site scripting (XSS) vulenrability via the component api.php.,2024-02-07 14:15:52.770,Nuclei
CVE-2024-24565,6.5,0.05161,"CrateDB is a distributed SQL database that makes it simple to store and analyze massive amounts of data in real-time. There is a COPY FROM function in the CrateDB database that is used to import file data into database tables. This function has a flaw, and authenticated attackers can use the COPY FROM function to import arbitrary file content into database tables, resulting in information leakage. This vulnerability is patched in 5.3.9, 5.4.8, 5.5.4, and 5.6.1.",2024-01-30 17:15:12.110,Nuclei
CVE-2024-24725,0.0,0.179,Gibbon through 26.0.00 allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the modules/System%20Admin/import_run.php&type=externalAssessment&step=4 URI.,2024-03-23 23:15:07.193,Metasploit
CVE-2024-24919,8.6,0.94504,Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.,2024-05-28 19:15:10.060,CISA/Nuclei
CVE-2024-25600,10.0,0.0013,Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6.,2024-06-04 13:15:51.183,Metasploit/Nuclei
CVE-2024-25641,9.1,0.00198,"Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the ""Package Import"" feature, allows authenticated users having the ""Import Templates"" permission to execute arbitrary PHP code on the web server. The vulnerability is located within the `import_package()` function defined into the `/lib/import.php` script. The function blindly trusts the filename and file content provided within the XML data, and writes such files into the Cacti base path (or even outside, since path traversal sequences are not filtered). This can be exploited to write or overwrite arbitrary files on the web server, leading to execution of arbitrary PHP code or other security impacts. Version 1.2.27 contains a patch for this issue.",2024-05-14 15:05:50.423,Metasploit
CVE-2024-25735,0.0,0.00381,An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext passwords via a SoftAP /device/config GET request.,2024-03-27 03:15:12.150,Nuclei
CVE-2024-26169,7.8,0.00059,Windows Error Reporting Service Elevation of Privilege Vulnerability,2024-03-12 17:15:56.173,CISA
CVE-2024-2621,6.3,0.00065,A vulnerability was found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240318 and classified as critical. Affected by this issue is some unknown functionality of the file api/client/user/pwd_update.php. The manipulation of the argument uuid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257198 is the identifier assigned to this vulnerability.,2024-03-19 01:15:45.180,Nuclei
CVE-2024-26331,0.0,0.00053,"ReCrystallize Server 5.10.0.0 uses a authorization mechanism that relies on the value of a cookie, but it does not bind the cookie value to a session ID. Attackers can easily modify the cookie value, within a browser or by implementing client-side code outside of a browser. Attackers can bypass the authentication mechanism by modifying the cookie to contain an expected value.",2024-04-30 19:15:23.200,Nuclei
CVE-2024-27198,9.8,0.9719,In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible,2024-03-04 18:15:09.040,EPSS/CISA/Metasploit/Nuclei
CVE-2024-27199,7.3,0.00896,In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions  was possible,2024-03-04 18:15:09.377,Nuclei
CVE-2024-27348,0.0,0.00087,"RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11

Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue.

",2024-04-22 14:15:07.420,Nuclei
CVE-2024-27497,0.0,0.00053,Linksys E2000 Ver.1.0.06 build 1 is vulnerable to authentication bypass via the position.js file.,2024-03-01 15:15:08.580,Nuclei
CVE-2024-27564,0.0,0.00053,A Server-Side Request Forgery (SSRF) in pictureproxy.php of ChatGPT commit f9f4bbc allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the urlparameter.,2024-03-05 17:15:06.997,Nuclei
CVE-2024-27718,0.0,0.00053,SQL Injection vulnerability in Baizhuo Network Smart s200 Management Platform v.S200 allows a local attacker to obtain sensitive information and escalate privileges via the /importexport.php component.,2024-03-05 00:15:52.507,Nuclei
CVE-2024-27954,9.3,0.00053,"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Automatic Automatic allows Path Traversal, Server Side Request Forgery.This issue affects Automatic: from n/a through 3.92.0.",2024-05-17 09:15:26.810,Nuclei
CVE-2024-27956,9.9,0.0005,"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Automatic allows SQL Injection.This issue affects Automatic: from n/a through 3.92.0.

",2024-03-21 17:15:08.437,Nuclei
CVE-2024-28255,9.8,0.00087,"OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The `JwtFilter` handles the API authentication by requiring and verifying JWT tokens. When a new request comes in, the request's path is checked against this list. When the request's path contains any of the excluded endpoints the filter returns without validating the JWT. Unfortunately, an attacker may use Path Parameters to make any path contain any arbitrary strings. For example, a request to `GET /api/v1;v1%2fusers%2flogin/events/subscriptions/validation/condition/111` will match the excluded endpoint condition and therefore will be processed with no JWT validation allowing an attacker to bypass the authentication mechanism and reach any arbitrary endpoint, including the ones listed above that lead to arbitrary SpEL expression injection. This bypass will not work when the endpoint uses the `SecurityContext.getUserPrincipal()` since it will return `null` and will throw an NPE. This issue may lead to authentication bypass and has been addressed in version 1.2.4. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as `GHSL-2023-237`.",2024-03-15 20:15:10.270,Nuclei
CVE-2024-28734,0.0,0.00065,Cross Site Scripting vulnerability in Unit4 Financials by Coda prior to 2023Q4 allows a remote attacker to run arbitrary code via a crafted GET request using the cols parameter.,2024-03-19 14:15:07.687,Nuclei
CVE-2024-28741,0.0,0.00163,Cross Site Scripting vulnerability in EginDemirbilek NorthStar C2 v1 allows a remote attacker to execute arbitrary code via the login.php component.,2024-04-06 19:15:07.247,Metasploit
CVE-2024-2876,9.8,0.01153,"The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'run' function of the 'IG_ES_Subscribers_Query' class in all versions up to, and including, 5.7.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.",2024-05-02 17:15:20.463,Nuclei
CVE-2024-2879,7.5,0.00362,The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the ls_get_popup_markup action in versions 7.9.11 and 7.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.,2024-04-03 04:15:11.960,Nuclei
CVE-2024-28995,7.5,0.34343,"











SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.    







",2024-06-06 09:15:14.167,Metasploit/Nuclei
CVE-2024-29059,7.5,0.00931,.NET Framework Information Disclosure Vulnerability,2024-03-23 00:15:09.150,Nuclei
CVE-2024-29269,0.0,0.00054,An issue discovered in Telesquare TLR-2005Ksh 1.0.0 and 1.1.4 allows attackers to run arbitrary system commands via the Cmd parameter.,2024-04-10 20:15:07.440,Nuclei
CVE-2024-29745,5.5,0.00094,there is a possible Information Disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.,2024-04-05 20:15:08.253,CISA
CVE-2024-29748,7.8,0.00083,there is a possible way to bypass  due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.,2024-04-05 20:15:08.407,CISA
CVE-2024-29824,0.0,0.0005,An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.,2024-05-31 18:15:11.177,Nuclei
CVE-2024-29973,9.8,0.93664,"** UNSUPPORTED WHEN ASSIGNED **
The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.",2024-06-04 02:15:48.290,Nuclei
CVE-2024-29988,8.8,0.00363,SmartScreen Prompt Security Feature Bypass Vulnerability,2024-04-09 17:16:01.830,CISA
CVE-2024-30040,8.8,0.00752,Windows MSHTML Platform Security Feature Bypass Vulnerability,2024-05-14 17:17:12.410,CISA
CVE-2024-30051,7.8,0.00048,Windows DWM Core Library Elevation of Privilege Vulnerability,2024-05-14 17:17:21.763,CISA
CVE-2024-30850,0.0,0.00043,An issue in tiagorlampert CHAOS v5.0.1 allows a remote attacker to execute arbitrary code via the BuildClient function within client_service.go,2024-04-12 06:15:06.943,Metasploit
CVE-2024-30851,0.0,0.00508,Directory Traversal vulnerability in codesiddhant Jasmin Ransomware v.1.0.1 allows an attacker to obtain sensitive information via the download_file.php component.,2024-05-03 17:15:07.630,Metasploit
CVE-2024-3097,5.3,0.08235,"The WordPress Gallery Plugin – NextGEN Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_item function in versions up to, and including, 3.59. This makes it possible for unauthenticated attackers to extract sensitive data including EXIF and other metadata of any image uploaded through the plugin.",2024-04-09 19:15:39.553,Nuclei
CVE-2024-3136,9.8,0.00065,"The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.",2024-04-09 19:15:39.720,Nuclei
CVE-2024-31621,0.0,0.00381,An issue in FlowiseAI Inc Flowise v.1.6.2 and before allows a remote attacker to execute arbitrary code via a crafted script to the api/v1 component.,2024-04-29 17:15:19.057,Nuclei
CVE-2024-31750,0.0,0.00053,SQL injection vulnerability in f-logic datacube3 v.1.0 allows a remote attacker to obtain sensitive information via the req_id parameter.,2024-04-19 00:15:10.690,Nuclei
CVE-2024-31819,0.0,0.00253,An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker to execute arbitrary code via the systemRootPath parameter of the submitIndex.php component.,2024-04-10 20:15:08.027,Metasploit
CVE-2024-31839,0.0,0.00043,Cross Site Scripting vulnerability in tiagorlampert CHAOS v.5.0.1 allows a remote attacker to escalate privileges via the sendCommandHandler function in the handler.go component.,2024-04-12 14:15:07.947,Metasploit
CVE-2024-31848,9.8,0.00054,"A path traversal vulnerability exists in the Java version of CData API Server < 23.4.8844 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application.",2024-04-05 18:15:09.360,Nuclei
CVE-2024-31849,9.8,0.00053,"A path traversal vulnerability exists in the Java version of CData Connect < 23.4.8846 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application.",2024-04-05 18:15:09.563,Nuclei
CVE-2024-31850,8.6,0.00053,"A path traversal vulnerability exists in the Java version of CData Arc < 23.4.8839 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain access to sensitive information and perform limited actions.",2024-04-05 18:15:09.753,Nuclei
CVE-2024-31851,8.6,0.00054,"A path traversal vulnerability exists in the Java version of CData Sync < 23.4.8843 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain access to sensitive information and perform limited actions.",2024-04-05 18:15:09.953,Nuclei
CVE-2024-31982,10.0,0.00064,"XWiki Platform is a generic wiki platform. Starting in version 2.4-milestone-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, XWiki's database search allows remote code execution through the search text. This allows remote code execution for any visitor of a public wiki or user of a closed wiki as the database search is by default accessible for all users. This impacts the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.20, 15.5.4 and 15.10RC1. As a workaround, one may manually apply the patch to the page `Main.DatabaseSearch`. Alternatively, unless database search is explicitly used by users, this page can be deleted as this is not the default search interface of XWiki.",2024-04-10 20:15:08.463,Nuclei
CVE-2024-32113,0.0,0.07801,"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13.

Users are recommended to upgrade to version 18.12.13, which fixes the issue.

",2024-05-08 15:15:10.227,Metasploit/Nuclei
CVE-2024-32399,0.0,0.00053,Directory Traversal vulnerability in RaidenMAILD Mail Server v.4.9.4 and before allows a remote attacker to obtain sensitive information via the /webeditor/ component.,2024-04-22 20:15:07.683,Nuclei
CVE-2024-32651,10.0,0.00066,"changedetection.io is an open source web page change detection, website watcher, restock monitor and notification service. There is a Server Side Template Injection (SSTI) in Jinja2 that allows Remote Command Execution on the server host. Attackers can run any system command without any restriction and they could use a reverse shell. The impact is critical as the attacker can completely takeover the server machine. This can be reduced if changedetection is behind a login page, but this isn't required by the application (not by default and not enforced).",2024-04-26 00:15:08.550,Nuclei
CVE-2024-3272,9.8,0.04941,"** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. This issue affects some unknown processing of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument user with the input messagebus leads to hard-coded credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259283. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.",2024-04-04 01:15:50.123,CISA
CVE-2024-3273,9.8,0.93467,"** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.",2024-04-04 01:15:50.387,CISA/Nuclei
CVE-2024-3274,5.3,0.0009,"** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DNS-320L, DNS-320LW and DNS-327L up to 20240403 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/info.cgi of the component HTTP GET Request Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259285 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.",2024-04-04 02:15:07.627,Nuclei
CVE-2024-32896,7.8,0.00083,there is a possible way to bypass  due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.,2024-06-13 21:15:54.080,CISA
CVE-2024-33575,5.3,0.00053,"Exposure of Sensitive Information to an Unauthorized Actor vulnerability in User Meta user-meta.This issue affects User Meta: from n/a through 3.0.

",2024-04-29 08:15:06.987,Nuclei
CVE-2024-3400,10.0,0.95703,"A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.

Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.",2024-04-12 08:15:06.230,EPSS/CISA/Metasploit/Nuclei
CVE-2024-34470,0.0,0.00054,"An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An Unauthenticated Path Traversal vulnerability exists in the /public/loader.php file. The path parameter does not properly filter whether the file and directory passed are part of the webroot, allowing an attacker to read arbitrary files on the server.",2024-05-06 15:15:24.520,Nuclei
CVE-2024-3495,9.8,0.01153,"The Country State City Dropdown CF7 plugin for WordPress is vulnerable to SQL Injection via the ‘cnt’ and 'sid' parameters in versions up to, and including, 2.7.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.",2024-05-22 09:15:12.073,Nuclei
CVE-2024-3552,0.0,0.00054,"The Web Directory Free WordPress plugin before 1.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and Error-Based.",2024-06-13 06:15:11.633,Nuclei
CVE-2024-36837,7.5,0.00492,SQL Injection vulnerability in CRMEB v.5.2.2 allows a remote attacker to obtain sensitive information via the getProductList function in the ProductController.php file.,2024-06-05 15:15:11.803,Nuclei
CVE-2024-37393,7.5,0.01321,"Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. An unauthenticated remote attacker could exfiltrate data from Active Directory through blind LDAP injection attacks against the DESKTOP service exposed on the /secserver HTTP endpoint. This may include ms-Mcs-AdmPwd, which has a cleartext password for the Local Administrator Password Solution (LAPS) feature.",2024-06-10 20:15:15.293,Nuclei
CVE-2024-3822,0.0,0.00053,"The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin",2024-05-15 06:15:14.377,Nuclei
CVE-2024-4040,10.0,0.96607,"A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.
",2024-04-22 20:15:07.803,EPSS/CISA/Metasploit/Nuclei
CVE-2024-4348,4.3,0.00065,"A vulnerability, which was classified as problematic, was found in osCommerce 4. Affected is an unknown function of the file /catalog/all-products. The manipulation of the argument cat leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-262488. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.",2024-04-30 22:15:07.870,Nuclei
CVE-2024-4358,9.8,0.93837,"In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability.",2024-05-29 15:16:06.477,CISA/Nuclei
CVE-2024-4577,9.8,0.96683,"In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use ""Best-Fit"" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.",2024-06-09 20:15:09.550,EPSS/CISA/Metasploit/Nuclei
CVE-2024-4610,5.5,0.21262,"Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r34p0 through r40p0; Valhall GPU Kernel Driver: from r34p0 through r40p0.",2024-06-07 12:15:09.077,CISA
CVE-2024-4671,9.6,0.00103,Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High),2024-05-14 15:44:15.573,CISA
CVE-2024-4761,8.8,0.00265,Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High),2024-05-14 16:17:35.810,CISA
CVE-2024-4947,8.8,0.00229,Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High),2024-05-15 21:15:09.273,CISA
CVE-2024-4956,7.5,0.01266,Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1.,2024-05-16 16:15:10.887,Nuclei
CVE-2024-4978,8.4,0.02833,"Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an unexpected authenticode signature. A remote, privileged threat actor may exploit this vulnerability to execute of unauthorized PowerShell commands.",2024-05-23 02:15:09.257,CISA
CVE-2024-5084,9.8,0.0353,"The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'file_upload_action' function in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.",2024-05-23 15:15:15.970,Metasploit
CVE-2024-5230,5.3,0.00065,A vulnerability has been found in EnvaySoft FleetCart up to 4.1.1 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument razorpayKeyId leads to information disclosure. The attack can be launched remotely. It is recommended to upgrade the affected component. The identifier VDB-265981 was assigned to this vulnerability.,2024-05-23 02:15:09.503,Nuclei
CVE-2024-5274,8.8,0.00299,Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High),2024-05-28 15:15:10.443,CISA