Show filters
200 Total Results
Displaying 111-120 of 200
Sort by:
Attacker Value
Unknown

CVE-2019-19826

Disclosure Date: December 16, 2019 (last updated November 27, 2024)
The Views Dynamic Fields module through 7.x-1.0-alpha4 for Drupal makes insecure unserialize calls in handlers/views_handler_filter_dynamic_fields.inc, as demonstrated by PHP object injection, involving a field_names object and an Archive_Tar object, for file deletion. Code execution might also be possible.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2019-0134

Disclosure Date: December 16, 2019 (last updated November 27, 2024)
Improper permissions in the Intel(R) Dynamic Platform and Thermal Framework v8.3.10208.5643 and before may allow an authenticated user to potentially execute code at an elevated level of privilege.
Attack Vector: LocalPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2019-17503

Disclosure Date: October 11, 2019 (last updated November 27, 2024)
An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5. An unauthenticated user can access /osm/REGISTER.cmd (aka /osm_tiles/REGISTER.cmd) directly: it contains sensitive information about the database through the SQL queries within this batch file. This file exposes SQL database information such as database version, table name, column name, etc.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2019-17504

Disclosure Date: October 11, 2019 (last updated November 27, 2024)
An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5. A reflected Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script via the /osm/report/ password parameter.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2019-0381

Disclosure Date: October 08, 2019 (last updated November 27, 2024)
A binary planting in SAP SQL Anywhere, before version 17.0, SAP IQ, before version 16.1, and SAP Dynamic Tier, before versions 1.0 and 2.0, can result in the inadvertent access of files located in directories outside of the paths specified by the user.
Attack Vector: LocalPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2015-9437

Disclosure Date: September 26, 2019 (last updated November 28, 2024)
The dynamic-widgets plugin before 1.5.11 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=dynwid-config page_limit parameter.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2015-9436

Disclosure Date: September 26, 2019 (last updated November 28, 2024)
The dynamic-widgets plugin before 1.5.11 for WordPress has XSS via the wp-admin/admin-ajax.php?action=term_tree prefix or widget_id parameter.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2017-18604

Disclosure Date: September 10, 2019 (last updated November 27, 2024)
The sitebuilder-dynamic-components plugin through 1.0 for WordPress has PHP object injection via an AJAX request.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2018-1796

Disclosure Date: August 20, 2019 (last updated November 27, 2024)
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user to load malicious libraries and gain root privileges. IBM X-Force ID: 149426.
Attack Vector: LocalPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2018-1636

Disclosure Date: August 20, 2019 (last updated November 27, 2024)
Stack-based buffer overflow in oninit in IBM Informix Dynamic Server Enterprise Edition 12.1 allows an authenticated user to execute predefined code with root privileges, such as escalating to a root shell. IBM X-Force ID: 144441.
Attack Vector: LocalPrivileges: HighUser Interaction: None
0
0
View More Topics  < Previous  Next >