Topics

Sort by:
Attacker Value
Very High
Multiple vulnerabilities have been discovered in Citrix ADC (formerly known as NetScaler ADC), Citrix Gateway (formerly known as NetScaler Gateway) and Citrix SD-WAN WANOP appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could result in a number of security issues .
4
Attacker Value
Very High

CVE-2020-1350 Windows DNS Server Remote Code Execution (SigRed)

Disclosure Date: July 14, 2020 (last updated July 27, 2020)
A remote code execution vulnerability codenamed "SigRed" exists in Windows Domain Name System servers when they fail to properly handle requests. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. Windows servers that are configured as DNS servers are at risk from this vulnerability. To exploit the vulnerability, an unauthenticated attacker could send malicious requests to a Windows DNS server. The update addresses the vulnerability by modifying how Windows DNS servers handle requests.
Attacker Value
Unknown

Symantec Web Gateway upload_file Remote Code Execution Vulnerability

Disclosure Date: May 21, 2012 (last updated February 13, 2020)
The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to upload arbitrary code to a designated pathname, and possibly execute this code, via unspecified vectors.
0
Attacker Value
Unknown

HP iMC 5.0 TFTP WRQ "Remote Code Execution" Vulnerability

Disclosure Date: May 13, 2011 (last updated February 13, 2020)
HP Intelligent Management Center contains a flaw related to thetftpserver.exe component allowing the creation or upload of arbitrary files when handling Write Request packets. This may allow a remote attacker to upload arbitrary files which will allow for the execution of arbitrary code as the SYSTEM user.
0
Attacker Value
High

Confluence Unauthorized RCE Vulnerability

Disclosure Date: March 25, 2019 (last updated March 03, 2020)
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection.
0
Attacker Value
Unknown

Shunra Network Virtualization for Hewlett-Packard toServerObject() Remote Code …

Disclosure Date: July 26, 2014 (last updated February 13, 2020)
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Network Visualization. Authentication is not required to exploit this vulnerability.
0
Attacker Value
Unknown
Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted SWF content, as exploited in the wild in August 2012 with SWF content in a Word document.
0
Attacker Value
Unknown

CVE-2012-0297 Symantec Web Gateway Vulnerability

Disclosure Date: May 21, 2012 (last updated February 13, 2020)
The management GUI in Symantec Web Gateway 5.0.x before 5.0.3 does not properly restrict access to application scripts, which allows remote attackers to execute arbitrary code by (1) injecting crafted data or (2) including crafted data.
0
Attacker Value
Very High

CVE-2020-15505

Disclosure Date: July 07, 2020 (last updated September 18, 2020)
A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0; and Sentry versions 9.7.2 and earlier, and 9.8.0; and Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier that allows remote attackers to execute arbitrary code via unspecified vectors.
Attacker Value
Very High

CVE-2020-5902 — TMUI RCE vulnerability

Disclosure Date: July 01, 2020 (last updated August 04, 2020)
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.