Total
3411 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-3545 | 1 Moodle | 1 Moodle | 2020-12-01 | 6.0 MEDIUM | N/A |
| Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to execute arbitrary code via a calculated question in a quiz. | |||||
| CVE-2014-3541 | 1 Moodle | 1 Moodle | 2020-12-01 | 7.5 HIGH | N/A |
| The Repositories component in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via serialized data associated with an add-on. | |||||
| CVE-2013-5674 | 1 Moodle | 1 Moodle | 2020-12-01 | 7.5 HIGH | N/A |
| badges/external.php in Moodle 2.5.x before 2.5.2 does not properly handle an object obtained by unserializing a description of an external badge, which allows remote attackers to conduct PHP object injection attacks via unspecified vectors, as demonstrated by overwriting the value of the userid parameter. | |||||
| CVE-2011-4203 | 1 Moodle | 1 Moodle | 2020-12-01 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in calendar/set.php in the Calendar component in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, 2.1.x before 2.1.3, and 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors involving the url variable. | |||||
| CVE-2014-9521 | 1 Infinitewp | 1 Infinitewp | 2020-11-30 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in uploadScript.php in InfiniteWP Admin Panel before 2.4.4, when the allWPFiles query parameter is set, allows remote attackers to execute arbitrary code by uploading a file with a double extension, then accessing it via a direct request to the file in the uploads directory, as demonstrated by the .php.swp filename. | |||||
| CVE-2008-0075 | 1 Microsoft | 1 Internet Information Server | 2020-11-23 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages. | |||||
| CVE-2013-2617 | 1 Curl Project | 1 Curl | 2020-11-16 | 7.5 HIGH | N/A |
| lib/curl.rb in the Curl Gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL. | |||||
| CVE-2017-16783 | 1 Cmsmadesimple | 1 Cms Made Simple | 2020-11-10 | 7.5 HIGH | 9.8 CRITICAL |
| In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate parameter. | |||||
| CVE-2020-8349 | 1 Lenovo | 10 Cloud Networking Operating System, Rackswitch G8272, Rackswitch G8296 and 7 more | 2020-10-29 | 6.8 MEDIUM | 9.8 CRITICAL |
| An internal security review has identified an unauthenticated remote code execution vulnerability in Cloud Networking Operating System (CNOS)’ optional REST API management interface. This interface is disabled by default and not vulnerable unless enabled. When enabled, it is only vulnerable where attached to a VRF and as allowed by defined ACLs. Lenovo strongly recommends upgrading to a non-vulnerable CNOS release. Where not possible, Lenovo recommends disabling the REST API management interface or restricting access to the management VRF and further limiting access to authorized management stations via ACL. | |||||
| CVE-2014-5194 | 1 Sphider | 1 Sphider | 2020-10-27 | 6.5 MEDIUM | N/A |
| Static code injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote authenticated users to inject arbitrary PHP code into settings/conf.php via the _word_upper_bound parameter. | |||||
| CVE-2019-9140 | 1 Happypointcard | 1 Happypoint | 2020-10-22 | 5.8 MEDIUM | 8.1 HIGH |
| When processing Deeplink scheme, Happypoint mobile app 6.3.19 and earlier versions doesn't check Deeplink URL correctly. This could lead to javascript code execution, url redirection, sensitive information disclosure. An attacker can exploit this issue by enticing an unsuspecting user to open a specific malicious URL. | |||||
| CVE-2020-7745 | 1 Mintegral | 1 Mintegraladsdk | 2020-10-21 | 10.0 HIGH | 7.1 HIGH |
| This affects the package MintegralAdSDK before 6.6.0.0. The SDK distributed by the company contains malicious functionality that acts as a backdoor. Mintegral and their partners (advertisers) can remotely execute arbitrary code on a user device. | |||||
| CVE-2020-7013 | 2 Elastic, Redhat | 2 Kibana, Openshift Container Platform | 2020-10-19 | 6.5 MEDIUM | 7.2 HIGH |
| Kibana versions before 6.8.9 and 7.7.0 contain a prototype pollution flaw in TSVB. An authenticated attacker with privileges to create TSVB visualizations could insert data that would cause Kibana to execute arbitrary code. This could possibly lead to an attacker executing code with the permissions of the Kibana process on the host system. | |||||
| CVE-2019-20920 | 1 Handlebarsjs | 1 Handlebars | 2020-10-15 | 6.8 MEDIUM | 8.1 HIGH |
| Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution. The lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript. This can be used to run arbitrary code on a server processing Handlebars templates or in a victim's browser (effectively serving as XSS). | |||||
| CVE-2020-24628 | 1 Hpe | 2 Kvm Ip Console Switch G2, Kvm Ip Console Switch G2 Firmware | 2020-10-14 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code injection vulnerability was discovered in HPE KVM IP Console Switches version(s): G2 4x1Ex32 Prior to 2.8.3. | |||||
| CVE-2020-18185 | 1 Pluxml | 1 Pluxml | 2020-10-08 | 7.5 HIGH | 9.8 CRITICAL |
| class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrary PHP code by modify the configuration file in a linux environment. | |||||
| CVE-2019-16774 | 1 Phpfastcache | 1 Phpfastcache | 2020-10-07 | 7.5 HIGH | 9.8 CRITICAL |
| In phpfastcache before 5.1.3, there is a possible object injection vulnerability in cookie driver. | |||||
| CVE-2019-7177 | 1 Pexip | 1 Pexip Infinity | 2020-10-02 | 9.0 HIGH | 7.2 HIGH |
| Pexip Infinity before 20.1 allows Code Injection onto nodes via an admin. | |||||
| CVE-2018-8540 | 1 Microsoft | 9 .net Framework, Windows 10, Windows 7 and 6 more | 2020-09-28 | 10.0 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 4.6.2. | |||||
| CVE-2013-2115 | 1 Apache | 1 Struts | 2020-09-24 | 9.3 HIGH | 8.1 HIGH |
| Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966. | |||||