Total
1094 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-6971 | 2 Alienvault, Nfsen | 3 Ossim, Unified Security Management, Nfsen | 2024-08-05 | N/A |
| AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow remote authenticated users to execute arbitrary commands in a privileged context, or launch a reverse shell, via vectors involving the PHP session ID and the NfSen PHP code, aka AlienVault ID ENG-104862. | ||||
| CVE-2017-6748 | 1 Cisco | 2 Web Security Appliance, Web Security Virtual Appliance | 2024-08-05 | N/A |
| A vulnerability in the CLI parser of the Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid operator-level or administrator-level credentials. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88855. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270 10.1.1-234. | ||||
| CVE-2017-6031 | 1 Certec Edv Gmbh | 1 Atvise Scada | 2024-08-05 | N/A |
| A Header Injection issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. An "improper neutralization of HTTP headers for scripting syntax" issue has been identified, which may allow remote code execution. | ||||
| CVE-2017-5636 | 1 Apache | 1 Nifi | 2024-08-05 | N/A |
| In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, the proxy chain serialization/deserialization is vulnerable to an injection attack where a carefully crafted username could impersonate another user and gain their permissions on a replicated request to another node. | ||||
| CVE-2017-5630 | 1 Php | 1 Pear | 2024-08-05 | 7.5 High |
| PECL in the download utility class in the Installer in PEAR Base System v1.10.1 does not validate file types and filenames after a redirect, which allows remote HTTP servers to overwrite files via crafted responses, as demonstrated by a .htaccess overwrite. | ||||
| CVE-2017-5585 | 1 Opentext | 1 Documentum Content Server | 2024-08-05 | N/A |
| OpenText Documentum Content Server (formerly EMC Documentum Content Server) 7.3, when PostgreSQL Database is used and return_top_results_row_based config option is false, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and execute arbitrary DML or DDL commands via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2520. | ||||
| CVE-2017-5246 | 1 Biscom | 1 Secure File Transfer | 2024-08-05 | N/A |
| Biscom Secure File Transfer is vulnerable to AngularJS expression injection in the Display Name field. An authenticated user can populate this field with a valid AngularJS expression, wrapped in double curly-braces ({{ }}). This expression will be evaluated by any other authenticated user who views the attacker's display name. Affected versions are 5.0.0000 through 5.1.1026. The Issue is fixed in 5.1.1028. | ||||
| CVE-2017-2140 | 1 Gaku | 1 Tablacus Explorer | 2024-08-05 | N/A |
| Tablacus Explorer 17.3.30 and earlier allows arbitrary scripts to be executed in the context of the application due to specially crafted directory. | ||||
| CVE-2017-0154 | 1 Microsoft | 3 Internet Explorer, Windows 10, Windows Server 2016 | 2024-08-05 | N/A |
| Microsoft Internet Explorer 11 on Windows 10, 1511, and 1606 and Windows Server 2016 does not enforce cross-domain policies, allowing attackers to access information from one domain and inject it into another via a crafted application, aka, "Internet Explorer Elevation of Privilege Vulnerability." | ||||
| CVE-2018-1000193 | 2 Jenkins, Oracle | 2 Jenkins, Communications Cloud Native Core Automated Test Suite | 2024-08-05 | 4.3 Medium |
| A improper neutralization of control sequences vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in HudsonPrivateSecurityRealm.java that allows users to sign up using user names containing control characters that can then appear to have the same name as other users, and cannot be deleted via the UI. | ||||
| CVE-2018-1000130 | 2 Jolokia, Redhat | 2 Webarchive Agent, Jboss Fuse | 2024-08-05 | N/A |
| A JNDI Injection vulnerability exists in Jolokia agent version 1.3.7 in the proxy mode that allows a remote attacker to run arbitrary Java code on the server. | ||||
| CVE-2018-21268 | 1 Traceroute Project | 1 Traceroute | 2024-08-05 | 10 Critical |
| The traceroute (aka node-traceroute) package through 1.0.0 for Node.js allows remote command injection via the host parameter. This occurs because the Child.exec() method, which is considered to be not entirely safe, is used. In particular, an OS command can be placed after a newline character. | ||||
| CVE-2018-21258 | 1 Mattermost | 1 Mattermost Server | 2024-08-05 | 7.5 High |
| An issue was discovered in Mattermost Server before 5.1. It allows attackers to cause a denial of service via the invite_people slash command. | ||||
| CVE-2018-21227 | 1 Netgear | 24 D7800, D7800 Firmware, R6400 and 21 more | 2024-08-05 | 6.8 Medium |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.34, R6400v2 before 1.0.2.34, R6700 before 1.0.1.30, R6900 before 1.0.1.30, R6900P before 1.0.0.62, R7000 before 1.0.9.12, R7000P before 1.0.0.62, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R9000 before 1.0.3.10, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50. | ||||
| CVE-2018-25016 | 1 Greenbone | 2 Greenbone Os, Greenbone Security Assistant | 2024-08-05 | 9.8 Critical |
| Greenbone Security Assistant (GSA) before 7.0.3 and Greenbone OS (GOS) before 5.0.0 allow Host Header Injection. | ||||
| CVE-2018-21228 | 1 Netgear | 26 D7800, D7800 Firmware, Ex6100 and 23 more | 2024-08-05 | 6.8 Medium |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.34, EX6100v2 before 1.0.1.50, EX6150v2 before 1.0.1.50, EX6200v2 before 1.0.1.44, EX6400 before 1.0.1.60, EX7300 before 1.0.1.60, R6100 before 1.0.1.16, R7500 before 1.0.0.110, R7800 before 1.0.2.32, R9000 before 1.0.2.30, WN3000RPv3 before 1.0.2.50, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50. | ||||
| CVE-2018-21208 | 1 Netgear | 10 D6100, D6100 Firmware, R6100 and 7 more | 2024-08-05 | 8.8 High |
| Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7500v2 before 1.0.3.24, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50. | ||||
| CVE-2018-21146 | 1 Netgear | 12 D7800, D7800 Firmware, R7800 and 9 more | 2024-08-05 | 6.8 Medium |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.34, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR4300v2 before 1.0.0.54, and WNDR4500v3 before 1.0.0.54. | ||||
| CVE-2018-21114 | 1 Netgear | 26 D7800, D7800 Firmware, Ex6100 and 23 more | 2024-08-05 | 6.8 Medium |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.44, EX6150v2 before 1.0.1.70, EX6100v2 before 1.0.1.70, EX6200v2 before 1.0.1.64, EX7300 before 1.0.2.136, EX6400 before 1.0.2.136, R6100 before 1.0.1.16, R7500 before 1.0.0.110, R7800 before 1.0.2.32, R9000 before 1.0.4.12, WN3000RPv2 before 1.0.0.56, WN3000RPv3 before 1.0.2.52, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50. | ||||
| CVE-2018-21123 | 1 Netgear | 6 Wc7500, Wc7500 Firmware, Wc7520 and 3 more | 2024-08-05 | 8.8 High |
| Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WC7500 before 6.5.3.9, WC7520 before 6.5.3.9, WC7600v1 before 6.5.3.9, and WC7600v2 before 6.5.3.9. | ||||