| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2018-18835 |
1 Doccms |
1 Doccms |
2018-12-06 |
7.5 |
| upload_template() in system/changeskin.php in DocCms 2016.5.12 allows remote attackers to execute arbitrary PHP code via a template file. |
| CVE-2018-11781 |
4 Apache, Canonical, Debian and 1 more |
7 Spamassassin, Ubuntu Linux, Debian Linux and 4 more |
2018-12-06 |
4.6 |
| Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax. |
| CVE-2018-11780 |
4 Apache, Pdfinfo Project, Canonical and 1 more |
4 Spamassassin, Pdfinfo, Ubuntu Linux and 1 more |
2018-12-06 |
7.5 |
| A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3.4.2. |
| CVE-2018-14630 |
1 Moodle |
1 Moodle |
2018-12-04 |
6.5 |
| moodle before versions 3.5.2, 3.4.5, 3.3.8, 3.1.14 is vulnerable to an XML import of ddwtos could lead to intentional remote code execution. When importing legacy 'drag and drop into text' (ddwtos) type quiz questions, it was possible to inject... |
| CVE-2018-18892 |
1 1234n |
1 Minicms |
2018-12-03 |
7.5 |
| MiniCMS 1.10 allows execution of arbitrary PHP code via the install.php sitename parameter, which affects the site_name field in mc_conf.php. |
| CVE-2018-18426 |
1 S-cms |
1 S-cms |
2018-12-03 |
9.0 |
| s-cms 3.0 allows remote attackers to execute arbitrary PHP code by placing this code in a crafted User-agent Disallow value in the robots.php txt parameter. |
| CVE-2018-18461 |
1 Kibokolabs |
1 Arigato Autoresponder And Newsletter |
2018-11-30 |
7.5 |
| The Arigato Autoresponder and Newsletter (aka bft-autoresponder) v2.5.1.7 plugin for WordPress allows remote attackers to execute arbitrary code via PHP code in attachments[] data to models/attachment.php. |
| CVE-2018-18258 |
1 Bagesoft |
1 Bagecms |
2018-11-29 |
7.5 |
| An issue was discovered in BageCMS 3.1.3. The attacker can execute arbitrary PHP code on the web server and can read any file on the web server via an index.php?r=admini/template/updateTpl&filename= URI. |
| CVE-2018-18083 |
1 Comsenz |
1 Duomicms |
2018-11-29 |
7.5 |
| An issue was discovered in DuomiCMS 3.0. Remote PHP code execution is possible via the search.php searchword parameter because "eval" is used during "if" processing. |
| CVE-2018-14804 |
1 Emerson |
1 Ams Device Manager |
2018-11-28 |
7.5 |
| Emerson AMS Device Manager v12.0 to v13.5. A specially crafted script may be run that allows arbitrary remote code execution. |
| CVE-2015-9272 |
1 Videowhisper |
1 Video Presentation |
2018-11-23 |
7.5 |
| The videowhisper-video-presentation plugin 3.31.17 for WordPress allows remote attackers to execute arbitrary code because vp/vw_upload.php considers a file safe when "html" are the last four characters, as demonstrated by a .phtml file... |
| CVE-2013-2134 |
1 Apache |
1 Struts |
2018-11-23 |
9.3 |
| Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135. |
| CVE-2013-2135 |
1 Apache |
1 Struts |
2018-11-23 |
9.3 |
| Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice. |
| CVE-2013-1966 |
1 Apache |
1 Struts |
2018-11-23 |
9.3 |
| Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. |
| CVE-2013-1965 |
1 Apache |
2 Struts2-showcase, Struts |
2018-11-23 |
9.3 |
| Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect. |
| CVE-2018-0674 |
1 Hibara |
1 Attachecase |
2018-11-20 |
6.8 |
| AttacheCase ver.2.8.4.0 and earlier allows an arbitrary script execution via unspecified vectors. |
| CVE-2018-0675 |
1 Hibara |
1 Attachecase |
2018-11-20 |
6.8 |
| AttacheCase ver.3.3.0.0 and earlier allows an arbitrary script execution via unspecified vectors. |
| CVE-2018-17126 |
1 Chshcms |
1 Cscms |
2018-11-19 |
7.5 |
| CScms 4.1 allows remote code execution, as demonstrated by 1');eval($_POST[cmd]);# in Web Name to upload\plugins\sys\Install.php. |
| CVE-2018-15886 |
1 Monstra |
1 Monstra |
2018-11-14 |
6.5 |
| Monstra CMS 3.0.4 does not properly restrict modified Snippet content, as demonstrated by the admin/index.php?id=snippets&action=edit_snippet&filename=google-analytics URI, which allows attackers to execute arbitrary PHP code by placing this code... |
| CVE-2018-17173 |
1 Lg |
1 Supersign Cms |
2018-11-14 |
7.5 |
| LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getThumbnail. |
