Total
3865 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-20099 | 1 Analytics Stats Counter Statistics Project | 1 Analytics Stats Counter Statistics | 2024-08-05 | 7.3 High |
| A vulnerability was found in Analytics Stats Counter Statistics Plugin 1.2.2.5 and classified as critical. This issue affects some unknown processing. The manipulation leads to code injection. The attack may be initiated remotely. | ||||
| CVE-2017-20095 | 1 Simple Ads Manager Project | 1 Simple Ads Manager | 2024-08-05 | 6.3 Medium |
| A vulnerability classified as critical was found in Simple Ads Manager Plugin. This vulnerability affects unknown code. The manipulation leads to code injection. The attack can be initiated remotely. | ||||
| CVE-2017-20086 | 1 Automattic | 1 Vaultpress | 2024-08-05 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in VaultPress Plugin 1.8.4. This affects an unknown part. The manipulation leads to code injection. It is possible to initiate the attack remotely. | ||||
| CVE-2017-20064 | 1 Elefantcms | 1 Elefant Cms | 2024-08-05 | 6.3 Medium |
| A vulnerability was found in Elefant CMS 1.3.12-RC. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /designer/add/layout. The manipulation leads to code injection. The attack can be launched remotely. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2017-18468 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 62.0.17 allows demo accounts to execute code via the Htaccess::setphppreference API (SEC-232). | ||||
| CVE-2017-16871 | 1 Updraftplus | 1 Updraftplus | 2024-08-05 | N/A |
| The UpdraftPlus plugin through 1.13.12 for WordPress allows remote PHP code execution because the plupload_action function in /wp-content/plugins/updraftplus/admin.php has a race condition before deleting a file associated with the name parameter. NOTE: the vendor reports that this does not cross a privilege boundary | ||||
| CVE-2017-17649 | 1 Readymade Video Sharing Script Project | 1 Readymade Video Sharing Script | 2024-08-05 | N/A |
| Readymade Video Sharing Script 3.2 has HTML Injection via the single-video-detail.php comment parameter. | ||||
| CVE-2017-17098 | 1 Gps-server | 1 Gps Tracking Software | 2024-08-05 | N/A |
| The writeLog function in fn_common.php in gps-server.net GPS Tracking Software (self hosted) through 3.0 allows remote attackers to inject arbitrary PHP code via a crafted request that is mishandled during admin log viewing, as demonstrated by <?php system($_GET[cmd]); ?> in a login request. | ||||
| CVE-2017-16905 | 2 Duolingo, Google | 2 Tinycards, Android | 2024-08-05 | N/A |
| The DuoLingo TinyCards application before 1.0 for Android has one use of unencrypted HTTP, which allows remote attackers to spoof content, and consequently achieve remote code execution, via a man-in-the-middle attack. | ||||
| CVE-2017-16783 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-08-05 | 9.8 Critical |
| In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate parameter. | ||||
| CVE-2017-16664 | 2 Debian, Otrs | 2 Debian Linux, Otrs | 2024-08-05 | N/A |
| Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System (OTRS) 5 before 5.0.24, 4 before 4.0.26, and 3.3 before 3.3.20. In the agent interface, an authenticated remote attacker can execute shell commands as the webserver user via URL manipulation. | ||||
| CVE-2017-16670 | 1 Smartbear | 1 Soapui | 2024-08-05 | N/A |
| The project import functionality in SoapUI 5.3.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL project file. | ||||
| CVE-2017-16544 | 5 Busybox, Canonical, Debian and 2 more | 8 Busybox, Ubuntu Linux, Debian Linux and 5 more | 2024-08-05 | 8.8 High |
| In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks. | ||||
| CVE-2017-15935 | 1 Artica | 1 Pandora Fms | 2024-08-05 | N/A |
| Artica Pandora FMS version 7.0 is vulnerable to remote PHP code execution through the manager files function. This is only exploitable by administrators who upload a PHP file. | ||||
| CVE-2017-15806 | 1 Zetacomponents | 1 Mail | 2024-08-05 | N/A |
| The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow remote attackers to execute arbitrary code via a crafted email address, as demonstrated by one containing "-X/path/to/wwwroot/file.php." | ||||
| CVE-2017-14853 | 1 Orpak | 1 Siteomat | 2024-08-05 | N/A |
| The Orpak SiteOmat OrCU component is vulnerable to code injection, for all versions prior to 2017-09-25, due to a search query that uses a direct shell command. By tampering with the request, an attacker is able to run shell commands and receive valid output from the device. | ||||
| CVE-2017-14764 | 1 Genixcms | 1 Genixcms | 2024-08-05 | N/A |
| In the Upload Modules page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a module. | ||||
| CVE-2017-14353 | 1 Hp | 1 Ucmdb Foundation Software | 2024-08-05 | N/A |
| A remote code execution vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33, could be remotely exploited to allow code execution. | ||||
| CVE-2017-14198 | 1 Squiz | 1 Matrix | 2024-08-05 | N/A |
| An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. Authenticated users with permissions to edit design assets can cause Remote Code Execution (RCE) via a maliciously crafted time_format tag. | ||||
| CVE-2017-14077 | 1 Phpcaptcha | 1 Securimage | 2024-08-05 | N/A |
| HTML Injection in Securimage 3.6.4 and earlier allows remote attackers to inject arbitrary HTML into an e-mail message body via the $_SERVER['HTTP_USER_AGENT'] parameter to example_form.ajax.php or example_form.php. | ||||