Show filters
555 topics marked with the following tags:
Displaying 171-180 of 555
Sort by:
Attacker Value
High
CVE-2020-9757
Disclosure Date: March 04, 2020 (last updated November 27, 2024)
The SEOmatic component before 3.3.0 for Craft CMS allows Server-Side Template Injection that leads to RCE via malformed data to the metacontainers controller.
1
Attacker Value
Very Low
CVE-2020-9490
Disclosure Date: August 07, 2020 (last updated November 08, 2023)
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.
1
Attacker Value
High
CVE-2019-19452
Disclosure Date: February 21, 2020 (last updated November 27, 2024)
A buffer overflow was found in Patriot Viper RGB through 1.1 when processing IoControlCode 0x80102040. Local attackers (including low integrity processes) can exploit this to gain NT AUTHORITY\SYSTEM privileges.
0
Attacker Value
Very High
CVE-2016-4437
Disclosure Date: June 07, 2016 (last updated July 25, 2024)
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.
3
Attacker Value
Unknown
CVE-2020-12116
Disclosure Date: May 07, 2020 (last updated November 27, 2024)
Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a crafted request.
3
Attacker Value
Very High
CVE-2020-28188
Disclosure Date: December 24, 2020 (last updated November 28, 2024)
Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= 4.2.06 allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php in Event parameter.
4
Attacker Value
High
CVE-2020-17496
Disclosure Date: August 12, 2020 (last updated November 28, 2024)
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759.
1
Attacker Value
Very High
CVE-2018-16763
Disclosure Date: September 09, 2018 (last updated November 27, 2024)
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution.
1
Attacker Value
High
CVE-2020-10915 Preauth RCE in VEEAM One Agent
Disclosure Date: April 22, 2020 (last updated November 27, 2024)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HandshakeResult method. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-10401.
0
Attacker Value
High
CVE-2020-2883
Disclosure Date: April 15, 2020 (last updated November 27, 2024)
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
4