Show filters
649 topics marked with the following tags:
Displaying 41-50 of 649
Sort by:
Attacker Value
Very Low
CVE-2020-11530
Disclosure Date: May 08, 2020 (last updated October 06, 2023)
A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter supplied to get_script/index.php, and allows an attacker to execute arbitrary SQL queries in the context of the WP database user.
1
Attacker Value
Very Low
CVE-2020-14932
Disclosure Date: June 20, 2020 (last updated October 06, 2023)
compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. This is related to mailto.php.
0
Attacker Value
Very High
CVE-2021-37928
Disclosure Date: October 07, 2021 (last updated October 07, 2023)
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
1
Attacker Value
Moderate
CVE-2019-1436
Disclosure Date: November 12, 2019 (last updated October 06, 2023)
An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1440.
0
Attacker Value
Very High
CVE-2017-15889
Disclosure Date: December 04, 2017 (last updated October 05, 2023)
Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) before 5.2-5967-5 allows remote authenticated users to execute arbitrary commands via disk field.
0
Attacker Value
High
CVE-2021-25646
Disclosure Date: January 29, 2021 (last updated November 08, 2023)
Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. This functionality is intended for use in high-trust environments, and is disabled by default. However, in Druid 0.20.0 and earlier, it is possible for an authenticated user to send a specially-crafted request that forces Druid to run user-provided JavaScript code for that request, regardless of server configuration. This can be leveraged to execute code on the target machine with the privileges of the Druid server process.
1
Attacker Value
Low
CVE-2023-41474
Disclosure Date: January 25, 2024 (last updated February 01, 2024)
Directory Traversal vulnerability in Ivanti Avalanche 6.3.4.153 allows a remote authenticated attacker to obtain sensitive information via the javax.faces.resource component.
2
Attacker Value
High
CVE-2023-1133
Disclosure Date: March 27, 2023 (last updated October 08, 2023)
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which the Device-status service listens on port 10100/ UDP by default. The service accepts the unverified UDP packets and deserializes the content, which could allow an unauthenticated attacker to remotely execute arbitrary code.
3
Attacker Value
High
CVE-2024-20656
Disclosure Date: January 09, 2024 (last updated January 18, 2024)
Visual Studio Elevation of Privilege Vulnerability
2
Attacker Value
High
CVE-2020-10225
Disclosure Date: March 08, 2020 (last updated November 14, 2023)
An unauthenticated file upload vulnerability has been identified in admin/gallery.php in PHPGurukul Job Portal 1.0. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to the server, including PHP files, which could result in command execution.
0
