Total
3303 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-0675 | 1 Hibara | 1 Attachecase | 2018-11-20 | 6.8 MEDIUM | 7.8 HIGH |
| AttacheCase ver.3.3.0.0 and earlier allows an arbitrary script execution via unspecified vectors. | |||||
| CVE-2018-17126 | 1 Chshcms | 1 Cscms | 2018-11-19 | 7.5 HIGH | 9.8 CRITICAL |
| CScms 4.1 allows remote code execution, as demonstrated by 1');eval($_POST[cmd]);# in Web Name to upload\plugins\sys\Install.php. | |||||
| CVE-2018-15886 | 1 Monstra | 1 Monstra | 2018-11-14 | 6.5 MEDIUM | 7.2 HIGH |
| Monstra CMS 3.0.4 does not properly restrict modified Snippet content, as demonstrated by the admin/index.php?id=snippets&action=edit_snippet&filename=google-analytics URI, which allows attackers to execute arbitrary PHP code by placing this code after a <?php substring. | |||||
| CVE-2018-16604 | 1 Nibbleblog | 1 Nibbleblog | 2018-11-14 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in Nibbleblog v4.0.5. With an admin's username and password, an attacker can execute arbitrary PHP code by changing the username because the username is surrounded by double quotes (e.g., "${phpinfo()}"). | |||||
| CVE-2018-16343 | 1 Seacms | 1 Seacms | 2018-11-13 | 6.5 MEDIUM | 7.2 HIGH |
| SeaCMS 6.61 allows remote attackers to execute arbitrary code because parseIf() in include/main.class.php does not block use of $GLOBALS. | |||||
| CVE-2017-5543 | 1 Intelliants | 1 Subrion | 2018-11-08 | 7.5 HIGH | 9.8 CRITICAL |
| includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote attackers to conduct PHP Object Injection attacks via crafted serialized data in a salt cookie in a login request. | |||||
| CVE-2018-17364 | 1 Otcms | 1 Otcms | 2018-11-08 | 6.8 MEDIUM | 8.1 HIGH |
| OTCMS 3.61 allows remote attackers to execute arbitrary PHP code via the accBackupDir parameter. | |||||
| CVE-2018-3686 | 1 Intel | 1 Sa-00086 Detection Tool | 2018-11-07 | 4.6 MEDIUM | 6.7 MEDIUM |
| Code injection vulnerability in INTEL-SA-00086 Detection Tool before version 1.2.7.0 may allow a privileged user to potentially execute arbitrary code via local access. | |||||
| CVE-2018-17030 | 1 Bigtreecms | 1 Bigtree Cms | 2018-11-07 | 6.0 MEDIUM | 7.5 HIGH |
| BigTree CMS 4.2.23 allows remote authenticated users, if possessing privileges to set hooks, to execute arbitrary code via /core/admin/auto-modules/forms/process.php. | |||||
| CVE-2012-1856 | 1 Microsoft | 7 Commerce Server, Host Integration Server, Office and 4 more | 2018-11-07 | 9.3 HIGH | N/A |
| The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL Server 2008 SP2, SP3, R2, R2 SP1, and R2 SP2, Commerce Server 2002 SP4, Commerce Server 2007 SP2, Commerce Server 2009 Gold and R2, Host Integration Server 2004 SP1, Visual FoxPro 8.0 SP1, Visual FoxPro 9.0 SP2, and Visual Basic 6.0 Runtime allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption, aka "MSCOMCTL.OCX RCE Vulnerability." | |||||
| CVE-2008-3441 | 1 Nullsoft | 1 Winamp | 2018-11-01 | 7.5 HIGH | N/A |
| Nullsoft Winamp before 5.24 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. | |||||
| CVE-2018-17131 | 1 Phpmywind | 1 Phpmywind | 2018-11-01 | 6.5 MEDIUM | 7.2 HIGH |
| admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the varvalue field. | |||||
| CVE-2018-17132 | 1 Phpmywind | 1 Phpmywind | 2018-11-01 | 6.5 MEDIUM | 7.2 HIGH |
| admin/goods_update.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the attrvalue[] array parameter. | |||||
| CVE-2018-17133 | 1 Phpmywind | 1 Phpmywind | 2018-11-01 | 6.5 MEDIUM | 7.2 HIGH |
| admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the rewrite url setting. | |||||
| CVE-2018-17134 | 1 Phpmywind | 1 Phpmywind | 2018-11-01 | 6.5 MEDIUM | 7.2 HIGH |
| admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the cfg_author field in conjunction with a crafted cfg_webpath field. | |||||
| CVE-2016-7787 | 2 Kde, Opensuse | 3 Kde-cli-tools, Leap, Opensuse | 2018-10-30 | 4.0 MEDIUM | 4.9 MEDIUM |
| A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user. | |||||
| CVE-2014-3429 | 3 Ipython, Mageia, Opensuse | 3 Ipython Notebook, Mageia, Opensuse | 2018-10-30 | 6.8 MEDIUM | N/A |
| IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, which allows remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a crafted page. | |||||
| CVE-2013-2161 | 2 Openstack, Opensuse | 4 Folsom, Grizzly, Havana and 1 more | 2018-10-30 | 7.5 HIGH | N/A |
| XML injection vulnerability in account/utils.py in OpenStack Swift Folsom, Grizzly, and Havana allows attackers to trigger invalid or spoofed Swift responses via an account name. | |||||
| CVE-2012-4049 | 2 Opensuse, Wireshark | 2 Opensuse, Wireshark | 2018-10-30 | 2.9 LOW | N/A |
| epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (loop and CPU consumption) via a crafted packet. | |||||
| CVE-2013-3384 | 1 Cisco | 4 Content Security Management, Email Security Appliance Firmware, Ironport Asyncos and 1 more | 2018-10-30 | 9.0 HIGH | N/A |
| The web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-550; Email Security Appliance devices before 7.1.5-104, 7.3 before 7.3.2-026, 7.5 before 7.5.2-203, and 7.6 before 7.6.3-019; and Content Security Management Appliance devices before 7.2.2-110, 7.7 before 7.7.0-213, and 7.8 and 7.9 before 7.9.1-102 allows remote authenticated users to execute arbitrary commands via crafted command-line input in a URL, aka Bug IDs CSCzv85726, CSCzv44633, and CSCzv24579. | |||||