Show filters
555 topics marked with the following tags:
Displaying 171-180 of 555
Sort by:
Attacker Value
High

CVE-2020-9757

Disclosure Date: March 04, 2020 (last updated November 27, 2024)
The SEOmatic component before 3.3.0 for Craft CMS allows Server-Side Template Injection that leads to RCE via malformed data to the metacontainers controller.
Attacker Value
Very Low

CVE-2020-9490

Disclosure Date: August 07, 2020 (last updated November 08, 2023)
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.
Attacker Value
High

CVE-2019-19452

Disclosure Date: February 21, 2020 (last updated November 27, 2024)
A buffer overflow was found in Patriot Viper RGB through 1.1 when processing IoControlCode 0x80102040. Local attackers (including low integrity processes) can exploit this to gain NT AUTHORITY\SYSTEM privileges.
Attacker Value
Very High

CVE-2016-4437

Disclosure Date: June 07, 2016 (last updated July 25, 2024)
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.
Attacker Value
Unknown

CVE-2020-12116

Disclosure Date: May 07, 2020 (last updated November 27, 2024)
Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a crafted request.
Attacker Value
Very High

CVE-2020-28188

Disclosure Date: December 24, 2020 (last updated November 28, 2024)
Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= 4.2.06 allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php in Event parameter.
Attacker Value
High

CVE-2020-17496

Disclosure Date: August 12, 2020 (last updated November 28, 2024)
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759.
Attacker Value
Very High

CVE-2018-16763

Disclosure Date: September 09, 2018 (last updated November 27, 2024)
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution.
Attacker Value
High

CVE-2020-10915 Preauth RCE in VEEAM One Agent

Disclosure Date: April 22, 2020 (last updated November 27, 2024)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HandshakeResult method. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-10401.
Attacker Value
High

CVE-2020-2883

Disclosure Date: April 15, 2020 (last updated November 27, 2024)
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).