Total
981 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-14094 | 1 Trendmicro | 1 Smart Protection Server | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a cron job injection on a vulnerable system. | |||||
| CVE-2015-1592 | 2 Debian, Sixapart | 2 Debian Linux, Movable Type | 2019-10-09 | 7.5 HIGH | N/A |
| Movable Type Pro, Open Source, and Advanced before 5.2.12 and Pro and Advanced 6.0.x before 6.0.7 does not properly use the Perl Storable::thaw function, which allows remote attackers to include and execute arbitrary local Perl files and possibly execute arbitrary code via unspecified vectors. | |||||
| CVE-2017-6971 | 2 Alienvault, Nfsen | 3 Ossim, Unified Security Management, Nfsen | 2019-10-03 | 9.0 HIGH | 8.8 HIGH |
| AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow remote authenticated users to execute arbitrary commands in a privileged context, or launch a reverse shell, via vectors involving the PHP session ID and the NfSen PHP code, aka AlienVault ID ENG-104862. | |||||
| CVE-2017-8458 | 1 Brave | 1 Brave | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| Brave 0.12.4 has a URI Obfuscation issue in which a string such as https://safe.example.com@unsafe.example.com/ is displayed without a clear UI indication that it is not a resource on the safe.example.com web site. | |||||
| CVE-2017-7459 | 1 Ntop | 1 Ntopng | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| ntopng before 3.0 allows HTTP Response Splitting. | |||||
| CVE-2018-20167 | 1 Enlightenment | 1 Terminology | 2019-10-03 | 6.8 MEDIUM | 7.8 HIGH |
| Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as demonstrated by an unsafe "cat README.md" command when \e}pn is used. A popmedia control sequence can allow the malicious execution of executable file formats registered in the X desktop share MIME types (/usr/share/applications). The control sequence defers unknown file types to the handle_unknown_media() function, which executes xdg-open against the filename specified in the sequence. The use of xdg-open for all unknown file types allows executable file formats with a registered shared MIME type to be executed. An attacker can achieve remote code execution by introducing an executable file and a plain text file containing the control sequence through a fake software project (e.g., in Git or a tarball). When the control sequence is rendered (such as with cat), the executable file will be run. | |||||
| CVE-2017-7239 | 1 Ninka Project | 1 Ninka | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| Ninka before 1.3.2 might allow remote attackers to obtain sensitive information, manipulate license compliance scan results, or cause a denial of service (process hang) via a crafted filename. | |||||
| CVE-2017-6748 | 1 Cisco | 2 Web Security Appliance, Web Security Virtual Appliance | 2019-10-03 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the CLI parser of the Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid operator-level or administrator-level credentials. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88855. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270 10.1.1-234. | |||||
| CVE-2017-3547 | 1 Oracle | 1 Peoplesoft Enterprise Peopletools | 2019-10-03 | 7.1 HIGH | 7.4 HIGH |
| Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: MultiChannel Framework). Supported versions that are affected are 8.54 and 8.55. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 7.4 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N). | |||||
| CVE-2018-4995 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an XFA '\n' POST injection vulnerability. Successful exploitation could lead to a security bypass. | |||||
| CVE-2019-16532 | 1 Yzmcms | 1 Yzmcms | 2019-09-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| An HTTP Host header injection vulnerability exists in YzmCMS V5.3. A malicious user can poison a web cache or trigger redirections. | |||||
| CVE-2017-18634 | 1 Tagdiv | 1 Newspaper | 2019-09-16 | 7.5 HIGH | 9.8 CRITICAL |
| The newspaper theme before 6.7.2 for WordPress has script injection via td_ads[header] to admin-ajax.php. | |||||
| CVE-2019-5977 | 1 Cybozu | 1 Garoon | 2019-09-13 | 4.0 MEDIUM | 4.3 MEDIUM |
| Mail header injection vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 may allow a remote authenticated attackers to alter mail header via the application 'E-Mail'. | |||||
| CVE-2017-18604 | 1 Sitebuilder Dynamic Components Project | 1 Sitebuilder Dynamic Components | 2019-09-11 | 5.0 MEDIUM | 7.5 HIGH |
| The sitebuilder-dynamic-components plugin through 1.0 for WordPress has PHP object injection via an AJAX request. | |||||
| CVE-2017-18605 | 1 Gravitatedesign | 1 Gravitate Qa Tracker | 2019-09-10 | 7.5 HIGH | 9.8 CRITICAL |
| The gravitate-qa-tracker plugin through 1.2.1 for WordPress has PHP Object Injection. | |||||
| CVE-2014-10394 | 1 Saschart | 1 Rich Counter | 2019-08-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| The rich-counter plugin before 1.2.0 for WordPress has JavaScript injection via a User-Agent header. | |||||
| CVE-2014-10391 | 1 Wpsupportplus | 1 Wp Support Plus Responsive Ticket System | 2019-08-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-support-plus-responsive-ticket-system plugin before 4.1 for WordPress has JavaScript injection. | |||||
| CVE-2017-18583 | 1 Post Pay Counter Project | 1 Post Pay Counter | 2019-08-26 | 7.5 HIGH | 9.8 CRITICAL |
| The post-pay-counter plugin before 2.731 for WordPress has PHP Object Injection. | |||||
| CVE-2019-5404 | 1 Hp | 1 3par Storeserv Management Console | 2019-08-16 | 8.7 HIGH | 8.8 HIGH |
| A remote script injection vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1. | |||||
| CVE-2016-10801 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 6.5 MEDIUM | 8.8 HIGH |
| cPanel before 58.0.4 has improper session handling for shared users (SEC-139). | |||||