Total
1786 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-8901 | 1 B2evolution | 1 B2evolution | 2019-05-28 | 7.5 HIGH | 9.8 CRITICAL |
| b2evolution 6.7.6 suffer from an Object Injection vulnerability in /htsrv/call_plugin.php. | |||||
| CVE-2016-8899 | 1 Exponentcms | 1 Exponent Cms | 2019-05-24 | 7.5 HIGH | 9.8 CRITICAL |
| Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expCatController.php related to change_cats. | |||||
| CVE-2017-1000493 | 1 Rocket.chat | 1 Rocket.chat | 2019-05-01 | 7.5 HIGH | 9.8 CRITICAL |
| Rocket.Chat Server version 0.59 and prior is vulnerable to a NoSQL injection leading to administrator account takeover | |||||
| CVE-2017-17511 | 2 Debian, Kildclient | 2 Debian Linux, Kildclient | 2019-04-26 | 6.8 MEDIUM | 8.8 HIGH |
| KildClient 3.1.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to prefs.c and worldgui.c. | |||||
| CVE-2015-5462 | 1 Axiomsl | 1 Axiom | 2019-04-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| AxiomSL's Axiom Google Web Toolkit module 9.5.3 and earlier allows remote attackers to inject HTML into the scoping dashboard features. | |||||
| CVE-2018-4153 | 1 Apple | 1 Mac Os X | 2019-04-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| An injection issue was addressed with improved validation. This issue affected versions prior to macOS Mojave 10.14. | |||||
| CVE-2018-1000130 | 1 Jolokia | 1 Webarchive Agent | 2019-03-08 | 6.8 MEDIUM | 8.1 HIGH |
| A JNDI Injection vulnerability exists in Jolokia agent version 1.3.7 in the proxy mode that allows a remote attacker to run arbitrary Java code on the server. | |||||
| CVE-2018-16627 | 1 Getkirby | 1 Kirby | 2019-02-26 | 5.8 MEDIUM | 6.1 MEDIUM |
| panel/login in Kirby v2.5.12 allows Host header injection via the "forget password" feature. | |||||
| CVE-2019-8948 | 1 Papercut | 2 Papercut Mf, Papercut Ng | 2019-02-21 | 7.5 HIGH | 9.8 CRITICAL |
| PaperCut MF before 18.3.6 and PaperCut NG before 18.3.6 allow script injection via the user interface, aka PC-15163. | |||||
| CVE-2019-7351 | 1 Zoneminder | 1 Zoneminder | 2019-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| Log Injection exists in ZoneMinder through 1.32.3, as an attacker can entice the victim to visit a specially crafted link, which in turn will inject a custom Log message provided by the attacker in the 'log' view page, as demonstrated by the message=User%20'admin'%20Logged%20in value. | |||||
| CVE-2018-1000854 | 1 Esigate | 1 Esigate | 2019-01-07 | 7.5 HIGH | 9.8 CRITICAL |
| esigate.org esigate version 5.2 and earlier contains a CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in ESI directive with user specified XSLT that can result in Remote Code Execution. This attack appear to be exploitable via Use of another weakness in backend application to reflect ESI directives. This vulnerability appears to have been fixed in 5.3. | |||||
| CVE-2018-18207 | 1 Virtualmin | 1 Virtualmin | 2018-11-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Virtualmin 6.03 allows Frame Injection via the settings-editor_read.cgi file parameter. | |||||
| CVE-2015-2180 | 1 Roundcube | 1 Webmail | 2018-10-30 | 9.0 HIGH | 8.8 HIGH |
| The DBMail driver in the Password plugin in Roundcube before 1.1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the password. | |||||
| CVE-2016-5701 | 2 Opensuse, Phpmyadmin | 3 Leap, Opensuse, Phpmyadmin | 2018-10-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| setup/frames/index.inc.php in phpMyAdmin 4.0.10.x before 4.0.10.16, 4.4.15.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to conduct BBCode injection attacks against HTTP sessions via a crafted URI. | |||||
| CVE-2015-1762 | 1 Microsoft | 1 Sql Server | 2018-10-12 | 7.1 HIGH | N/A |
| Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014, when transactional replication is configured, does not prevent use of uninitialized memory in unspecified function calls, which allows remote authenticated users to execute arbitrary code by leveraging certain permissions and making a crafted query, as demonstrated by the VIEW SERVER STATE permission, aka "SQL Server Remote Code Execution Vulnerability." | |||||
| CVE-2016-9832 | 1 Pwc | 1 Ace-advanced Business Application Programming | 2018-10-09 | 6.5 MEDIUM | 9.9 CRITICAL |
| PricewaterhouseCoopers (PwC) ACE-ABAP 8.10.304 for SAP Security allows remote authenticated users to conduct ABAP injection attacks and execute arbitrary code via (1) SAPGUI or (2) Internet Communication Framework (ICF) over HTTP or HTTPS, as demonstrated by WEBGUI or Report. | |||||
| CVE-2014-7952 | 1 Google | 1 Android | 2018-10-09 | 4.6 MEDIUM | 7.8 HIGH |
| The backup mechanism in the adb tool in Android might allow attackers to inject additional applications (APKs) and execute arbitrary code by leveraging failure to filter application data streams. | |||||
| CVE-2018-6519 | 2 Debian, Simplesamlphp | 2 Debian Linux, Saml2 | 2018-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability for fraction-of-seconds data in a timestamp. | |||||
| CVE-2017-7788 | 1 Mozilla | 1 Firefox | 2018-08-09 | 7.5 HIGH | 9.8 CRITICAL |
| When an "iframe" has a "sandbox" attribute and its content is specified using "srcdoc", that content does not inherit the containing page's Content Security Policy (CSP) as it should unless the sandbox attribute included "allow-same-origin". This vulnerability affects Firefox < 55. | |||||
| CVE-2017-7848 | 3 Debian, Mozilla, Redhat | 8 Debian Linux, Thunderbird, Enterprise Linux and 5 more | 2018-08-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| RSS fields can inject new lines into the created email structure, modifying the message body. This vulnerability affects Thunderbird < 52.5.2. | |||||