Show filters
534 topics marked with the following tags:
Displaying 11-20 of 534
Sort by:
Attacker Value
Very Low
CVE-2019-9848
Disclosure Date: July 17, 2019 (last updated November 08, 2023)
LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into executing arbitrary python commands. By using the document event feature to trigger LibreLogo to execute python contained within a document a malicious document could be constructed which would execute arbitrary python commands silently without warning. In the fixed versions, LibreLogo cannot be called from a document event handler. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5.
0
Attacker Value
High
CVE-2024-31819
Disclosure Date: April 10, 2024 (last updated April 11, 2024)
An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker to execute arbitrary code via the systemRootPath parameter of the submitIndex.php component.
1
Attacker Value
Very Low
CVE-2020-9266
Disclosure Date: February 18, 2020 (last updated October 06, 2023)
SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary changing of the admin password via process/xajax_server.php.
0
Attacker Value
Unknown
CVE-2021-41349
Disclosure Date: November 10, 2021 (last updated January 18, 2024)
Microsoft Exchange Server Spoofing Vulnerability
1
Attacker Value
High
CVE-2020-7373
Disclosure Date: October 30, 2020 (last updated October 07, 2023)
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. ALSO NOTE: CVE-2020-7373 is a duplicate of CVE-2020-17496. CVE-2020-17496 is the preferred CVE ID to track this vulnerability.
1
Attacker Value
High
CVE-2024-2044
Disclosure Date: March 07, 2024 (last updated March 14, 2024)
pgAdmin <= 8.3 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling code. If the server is running on Windows, an unauthenticated attacker can load and deserialize remote pickle objects and gain code execution. If the server is running on POSIX/Linux, an authenticated attacker can upload pickle objects, deserialize them, and gain code execution.
2
Attacker Value
Very High
CVE-2020-8010 Nimbus protocol allows unauth read/write/execute
Disclosure Date: February 18, 2020 (last updated October 06, 2023)
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains an improper ACL handling vulnerability in the robot (controller) component. A remote attacker can execute commands, read from, or write to the target system.
1
Attacker Value
Very High
CVE-2020-9338
Disclosure Date: February 22, 2020 (last updated October 06, 2023)
SOPlanning 1.45 allows XSS via the "Your SoPlanning url" field.
0
Attacker Value
Very High
CVE-2020-26352
Disclosure Date: December 02, 2022 (last updated November 08, 2023)
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.
1
Attacker Value
High
CVE-2023-38490
Disclosure Date: July 27, 2023 (last updated October 08, 2023)
Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 only affects Kirby sites that use the `Xml` data handler (e.g. `Data::decode($string, 'xml')`) or the `Xml::parse()` method in site or plugin code. The Kirby core does not use any of the affected methods.
XML External Entities (XXE) is a little used feature in the XML markup language that allows to include data from external files in an XML structure. If the name of the external file can be controlled by an attacker, this becomes a vulnerability that can be abused for various system impacts like the disclosure of internal or confidential data that is stored on the server (arbitrary file disclosure) or to perform network requests on behalf of the server (server-side request forgery, SSRF).
Kirby's `Xml::parse()` method used PHP's `LIBXML_NOENT` constant, which enabled the processing of XML external entities during the parsing operation. The `Xml::parse()` method is…
2