Total
3865 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-22169 | 1 Westerndigital | 1 Wd Discovery | 2024-08-05 | N/A |
| WD Discovery versions prior to 5.0.589 contain a misconfiguration in the Node.js environment settings that could allow code execution by utilizing the 'ELECTRON_RUN_AS_NODE' environment variable. Any malicious application operating with standard user permissions can exploit this vulnerability, enabling code execution within WD Discovery application's context. WD Discovery version 5.0.589 addresses this issue by disabling certain features and fuses in Electron. The attack vector for this issue requires the victim to have the WD Discovery app installed on their device. | ||||
| CVE-2017-11715 | 1 Metinfo Project | 1 Metinfo | 2024-08-05 | N/A |
| job/uploadfile_save.php in MetInfo through 5.3.17 blocks the .php extension but not related extensions, which might allow remote authenticated admins to execute arbitrary PHP code by uploading a .phtml file after certain actions involving admin/system/safe.php and job/cv.php. | ||||
| CVE-2017-11675 | 1 Zen-cart | 1 Zen Cart | 2024-08-05 | N/A |
| The traverseStrictSanitize function in admin_dir/includes/classes/AdminRequestSanitizer.php in ZenCart 1.5.5e mishandles key strings, which allows remote authenticated users to execute arbitrary PHP code by placing that code into an invalid array index of the admin_name array parameter to admin_dir/login.php, if there is an export of an error-log entry for that invalid array index. | ||||
| CVE-2017-11585 | 1 Finecms | 1 Finecms | 2024-08-05 | N/A |
| dayrui FineCms 5.0.9 has remote PHP code execution via the param parameter in an action=cache request to libraries/Template.php, aka Eval Injection. | ||||
| CVE-2017-11459 | 1 Sap | 1 Trex | 2024-08-05 | N/A |
| SAP TREX 7.10 allows remote attackers to (1) read arbitrary files via an fget command or (2) write to arbitrary files and consequently execute arbitrary code via an fdir command, aka SAP Security Note 2419592. | ||||
| CVE-2017-11421 | 1 Gnome-exe-thumbnailer Project | 1 Gnome-exe-thumbnailer | 2024-08-05 | N/A |
| gnome-exe-thumbnailer before 0.9.5 is prone to a VBScript Injection when generating thumbnails for MSI files, aka the "Bad Taste" issue. There is a local attack if the victim uses the GNOME Files file manager, and navigates to a directory containing a .msi file with VBScript code in its filename. | ||||
| CVE-2017-11167 | 1 Finecms Project | 1 Finecms | 2024-08-05 | N/A |
| FineCMS 2.1.0 allows remote attackers to execute arbitrary PHP code by using a URL Manager "Add Site" action to enter this code after a ', sequence in a domain name, as demonstrated by the ',phpinfo() input value. | ||||
| CVE-2017-10968 | 1 Finecms Project | 1 Finecms | 2024-08-05 | N/A |
| In FineCMS through 2017-07-07, application\core\controller\template.php allows remote PHP code execution by placing the code after "<?php" in a route=template request. | ||||
| CVE-2017-10844 | 1 Basercms | 1 Basercms | 2024-08-05 | N/A |
| baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows an attacker to execute arbitrary PHP code on the server via unspecified vectors. | ||||
| CVE-2017-10835 | 1 Nippon-antenna | 2 Scr02hd, Scr02hd Firmware | 2024-08-05 | N/A |
| "Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows authenticated attackers to conduct code injection attacks via unspecified vectors. | ||||
| CVE-2024-27627 | 2024-08-05 | 6.1 Medium | ||
| A reflected cross-site scripting (XSS) vulnerability exists in SuperCali version 1.1.0, allowing remote attackers to execute arbitrary JavaScript code via the email parameter in the bad_password.php page. | ||||
| CVE-2017-9841 | 2 Oracle, Phpunit Project | 2 Communications Diameter Signaling Router, Phpunit | 2024-08-05 | 9.8 Critical |
| Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI. | ||||
| CVE-2017-9807 | 1 Openwebif Project | 1 Openwebif | 2024-08-05 | N/A |
| An issue was discovered in the OpenWebif plugin through 1.2.4 for E2 open devices. The saveConfig function of "plugin/controllers/models/config.py" performs an eval() call on the contents of the "key" HTTP GET parameter. This allows an unauthenticated remote attacker to execute arbitrary Python code or OS commands via api/saveconfig. | ||||
| CVE-2017-9771 | 1 Websitebaker | 1 Websitebaker | 2024-08-05 | N/A |
| install\save.php in WebsiteBaker v2.10.0 allows remote attackers to execute arbitrary PHP code via the database_username, database_host, or database_password parameter. | ||||
| CVE-2017-9774 | 1 Horde | 1 Horde Image Api | 2024-08-05 | N/A |
| Remote Code Execution was found in Horde_Image 2.x before 2.5.0 via a crafted GET request. Exploitation requires authentication. | ||||
| CVE-2017-8912 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-08-05 | 7.2 High |
| CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to admin/editusertag.php, related to the CreateTagFunction and CallUserTag functions. NOTE: the vendor reportedly has stated this is "a feature, not a bug. | ||||
| CVE-2017-8402 | 1 Pivotx | 1 Pivotx | 2024-08-05 | N/A |
| PivotX 2.3.11 allows remote authenticated users to execute arbitrary PHP code via vectors involving an upload of a .htaccess file. | ||||
| CVE-2017-7911 | 1 Cybervision | 1 Kaa Iot Platform | 2024-08-05 | N/A |
| A Code Injection issue was discovered in CyberVision Kaa IoT Platform, Version 0.7.4. An insufficient-encapsulation vulnerability has been identified, which may allow remote code execution. | ||||
| CVE-2017-7798 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2024-08-05 | N/A |
| The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool. This vulnerability affects Firefox ESR < 52.3 and Firefox < 55. | ||||
| CVE-2017-7694 | 1 Getsymphony | 1 Symphony | 2024-08-05 | N/A |
| Remote Code Execution vulnerability in symphony/content/content.blueprintsdatasources.php in Symphony CMS through 2.6.11 allows remote attackers to execute code and get a webshell from the back-end. The attacker must be authenticated and enter PHP code in the datasource editor or event editor. | ||||