| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2018-19595 |
1 Pbootcms |
1 Pbootcms |
2019-04-17 |
7.5 |
| PbootCMS V1.3.1 build 2018-11-14 allows remote attackers to execute arbitrary code via use of "eval" with mixed case, as demonstrated by an index.php/list/5/?current={pboot:if(evAl($_GET[a]))}1{/pboot:if}&a=phpinfo(); URI, because of an incorrect... |
| CVE-2017-16871 |
1 Updraftplus |
1 Updraftplus |
2019-04-16 |
6.8 |
| ** DISPUTED ** The UpdraftPlus plugin through 1.13.12 for WordPress allows remote PHP code execution because the plupload_action function in /wp-content/plugins/updraftplus/admin.php has a race condition before deleting a file associated with the... |
| CVE-2019-6713 |
1 Thinkcmf |
1 Thinkcmf |
2019-04-12 |
7.5 |
| app\admin\controller\RouteController.php in ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP code by using vectors involving portal/List/index and list/:id to inject this code into data\conf\route.php, as demonstrated by a... |
| CVE-2019-10125 |
1 Linux |
1 Linux Kernel |
2019-04-11 |
10.0 |
| An issue was discovered in aio_poll() in fs/aio.c in the Linux kernel through 5.0.4. A file may be released by aio_poll_wake() if an expected event is triggered immediately (e.g., by the close of a pair of pipes) after the return of vfs_poll(),... |
| CVE-2019-10124 |
1 Linux |
1 Linux Kernel |
2019-04-11 |
7.8 |
| An issue was discovered in the hwpoison implementation in mm/memory-failure.c in the Linux kernel before 5.0.4. When soft_offline_in_use_page() runs on a thp tail page after pmd is split, an attacker can cause a denial of service (BUG). |
| CVE-2019-10842 |
1 Getbootstrap |
1 Bootstrap-sass |
2019-04-11 |
10.0 |
| Arbitrary code execution (via backdoor code) was discovered in bootstrap-sass 3.2.0.3, when downloaded from rubygems.org. An unauthenticated attacker can craft the ___cfduid cookie value with base64 arbitrary code to be executed via eval(), which... |
| CVE-2019-10633 |
1 Zyxel |
1 Nas326 Firmware |
2019-04-10 |
6.5 |
| An eval injection vulnerability in the Python web server routing on the Zyxel NAS 326 version 5.21 and below allows a remote authenticated attacker to execute arbitrary code via the tjp6jp6y4, simZysh, and ck6fup6 APIs. |
| CVE-2019-10905 |
|
|
2019-04-10 |
6.8 |
| Parsedown before 1.7.2, when safe mode is used and HTML markup is disabled, might allow attackers to execute arbitrary JavaScript code if a script (already running on the affected page) executes the contents of any element with a specific class.... |
| CVE-2019-10867 |
1 Pimcore |
1 Pimcore |
2019-04-08 |
6.5 |
| An issue was discovered in Pimcore before 5.7.1. An attacker with classes permission can send a POST request to /admin/class/bulk-commit, which will make it possible to exploit the unserialize function when passing untrusted values in the data... |
| CVE-2019-7539 |
1 Ipycache Project |
1 Ipycache |
2019-03-25 |
6.8 |
| A code injection issue was discovered in ipycache through 2016-05-31. |
| CVE-2019-9752 |
1 Otrs |
1 Otrs |
2019-03-21 |
6.5 |
| An issue was discovered in Open Ticket Request System (OTRS) 5.x before 5.0.34, 6.x before 6.0.16, and 7.x before 7.0.4. An attacker who is logged into OTRS as an agent or a customer user may upload a carefully crafted resource in order to cause... |
| CVE-2019-7653 |
1 Rdflib Project |
1 Rdflib |
2019-03-21 |
7.5 |
| The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CLI tools that can load Python modules from the current working directory, allowing code injection, because "python -m" looks in this directory, as demonstrated by rdf2dot. This... |
| CVE-2014-0111 |
1 Apache |
1 Syncope |
2019-03-21 |
6.5 |
| Apache Syncope 1.0.0 before 1.0.9 and 1.1.0 before 1.1.7 allows remote administrators to execute arbitrary Java code via vectors related to Apache Commons JEXL expressions, "derived schema definition," "user / role templates," and "account links... |
| CVE-2019-8942 |
2 Wordpress, Debian |
2 Wordpress, Debian Linux |
2019-03-20 |
6.5 |
| WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can... |
| CVE-2003-0498 |
1 Intersystems |
1 Cache Database |
2019-03-18 |
7.2 |
| Cach? Database 5.x installs the /cachesys/csp directory with insecure permissions, which allows local users to execute arbitrary code by adding server-side scripts that are executed with root privileges. |
| CVE-2018-10517 |
1 Cmsmadesimple |
1 Cms Made Simple |
2019-03-15 |
6.5 |
| In CMS Made Simple (CMSMS) through 2.2.7, the "module import" operation in the admin dashboard contains a remote code execution vulnerability, exploitable by an admin user, because an XML Package can contain base64-encoded PHP code in a data element. |
| CVE-2019-9829 |
1 Maccms |
1 Maccms |
2019-03-15 |
6.5 |
| Maccms 10 allows remote attackers to execute arbitrary PHP code by entering this code in a template/default_pc/html/art Edit action. This occurs because template rendering uses an include operation on a cache file, which bypasses the prohibition... |
| CVE-2018-1260 |
2 Pivotal, Pivotal Software |
2 Spring Security Oauth, Spring Security Oauth |
2019-03-13 |
7.5 |
| Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization... |
| CVE-2018-5158 |
4 Mozilla, Debian, Redhat and 1 more |
11 Firefox, Firefox Esr, Debian Linux and 8 more |
2019-03-13 |
6.8 |
| The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This... |
| CVE-2017-10844 |
1 Basercms |
1 Basercms |
2019-03-12 |
6.5 |
| baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows an attacker to execute arbitrary PHP code on the server via unspecified vectors. |
