Show filters
688 topics marked with the following tags:
Displaying 1-10 of 688
Sort by:
Attacker Value
Moderate
CVE-2024-27199
Disclosure Date: March 04, 2024 (last updated March 05, 2024)
In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible
3
Attacker Value
Very High
CVE-2021-28544
Disclosure Date: April 12, 2022 (last updated October 07, 2023)
Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable.
2
Attacker Value
High
CVE-2019-1068
Disclosure Date: July 15, 2019 (last updated October 06, 2023)
A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions, aka 'Microsoft SQL Server Remote Code Execution Vulnerability'.
1
Attacker Value
Very High
CVE-2020-9463
Disclosure Date: February 28, 2020 (last updated October 06, 2023)
Centreon 19.10 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the server_ip field in JSON data in an api/internal.php?object=centreon_configuration_remote request.
0
Attacker Value
Low
CVE-2022-0739
Disclosure Date: March 21, 2022 (last updated October 07, 2023)
The BookingPress WordPress plugin before 1.0.11 fails to properly sanitize user supplied POST data before it is used in a dynamically constructed SQL query via the bookingpress_front_get_category_services AJAX action (available to unauthenticated users), leading to an unauthenticated SQL Injection
1
Attacker Value
Moderate
CVE-2020-12004
Disclosure Date: June 09, 2020 (last updated October 06, 2023)
The affected product lacks proper authentication required to query the server on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information.
1
Attacker Value
High
CVE-2024-2044
Disclosure Date: March 07, 2024 (last updated March 14, 2024)
pgAdmin <= 8.3 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling code. If the server is running on Windows, an unauthenticated attacker can load and deserialize remote pickle objects and gain code execution. If the server is running on POSIX/Linux, an authenticated attacker can upload pickle objects, deserialize them, and gain code execution.
2
Attacker Value
High
CVE-2021-26897
Disclosure Date: March 11, 2021 (last updated December 30, 2023)
Windows DNS Server Remote Code Execution Vulnerability
5
Attacker Value
Moderate
CVE-2019-20361
Disclosure Date: January 08, 2020 (last updated October 06, 2023)
There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed SQL statements to be passed to the database in the hash parameter (a blind SQL injection vulnerability).
1
Attacker Value
Moderate
CVE-2020-3158
Disclosure Date: February 20, 2020 (last updated October 06, 2023)
A vulnerability in the High Availability (HA) service of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to access a sensitive part of the system with a high-privileged account. The vulnerability is due to a system account that has a default and static password and is not under the control of the system administrator. An attacker could exploit this vulnerability by using this default account to connect to the affected system. A successful exploit could allow the attacker to obtain read and write access to system data, including the configuration of an affected device. The attacker would gain access to a sensitive portion of the system, but the attacker would not have full administrative rights to control the device.
0