| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2019-7653 |
1 Rdflib Project |
1 Rdflib |
2019-02-21 |
7.5 |
| The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CLI tools that can load Python modules from the current working directory, allowing code injection, because "python -m" looks in this directory, as demonstrated by rdf2dot. This... |
| CVE-2018-3700 |
|
|
2019-02-20 |
4.6 |
| Code injection vulnerability in the installer for Intel(R) USB 3.0 eXtensible Host Controller Driver for Microsoft Windows 7 before version 5.0.4.43v2 may allow a user to potentially enable escalation of privilege via local access. |
| CVE-2019-8908 |
1 Wtcms Project |
1 Wtcms |
2019-02-19 |
7.5 |
| An issue was discovered in WTCMS 1.0. It allows remote attackers to execute arbitrary PHP code by going to the "Setting -> Mailbox configuration -> Registration email template" screen, and uploading an image file, as demonstrated by a .php... |
| CVE-2019-8341 |
1 Pocoo |
1 Jinja2 |
2019-02-16 |
7.5 |
| An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with... |
| CVE-2019-6289 |
1 Dedecms |
1 Dedecms |
2019-02-13 |
6.5 |
| uploads/include/dialog/select_soft.php in DedeCMS V57_UTF8_SP2 allows remote attackers to execute arbitrary PHP code by uploading with a safe file extension and then renaming with a mixed-case variation of the .php extension, as demonstrated by... |
| CVE-2019-7720 |
1 Taogogo |
1 Taocms |
2019-02-13 |
7.5 |
| taocms through 2014-05-24 allows eval injection by placing PHP code in the install.php db_name parameter and then making a config.php request. |
| CVE-2018-20768 |
|
|
2019-02-13 |
7.5 |
| An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. An attacker can execute PHP code by leveraging a... |
| CVE-2018-0461 |
1 Cisco |
1 Ip Phone 8800 Series Firmware |
2019-02-12 |
6.8 |
| A vulnerability in the Cisco IP Phone 8800 Series Software could allow an unauthenticated, remote attacker to conduct an arbitrary script injection attack on an affected device. The vulnerability exists because the software running on an affected... |
| CVE-2019-7731 |
1 Mywebsql |
1 Mywebsql |
2019-02-12 |
7.5 |
| MyWebSQL 3.7 has a remote code execution (RCE) vulnerability after an attacker writes shell code into the database, and executes the Backup Database function with a .php filename for the backup's archive file. |
| CVE-2019-7719 |
1 Nibbleblog |
1 Nibbleblog |
2019-02-11 |
7.5 |
| Nibbleblog 4.0.5 allows eval injection by placing PHP code in the install.php username parameter and then making a content/private/shadow.php request. |
| CVE-2018-20775 |
1 Frog Cms Project |
1 Frog Cms |
2019-02-11 |
6.5 |
| admin/?/plugin/file_manager in Frog CMS 0.9.5 allows PHP code execution by creating a new .php file containing PHP code, and then visiting this file under the public/ URI. |
| CVE-2018-20773 |
1 Frog Cms Project |
1 Frog Cms |
2019-02-11 |
6.5 |
| Frog CMS 0.9.5 allows PHP code execution by visiting admin/?/page/edit/1 and inserting additional <?php lines. |
| CVE-2018-20772 |
1 Frog Cms Project |
1 Frog Cms |
2019-02-11 |
6.5 |
| Frog CMS 0.9.5 allows PHP code execution via <?php to the admin/?/layout/edit/1 URI. |
| CVE-2019-7580 |
1 Thinkcmf |
1 Thinkcmf |
2019-02-08 |
6.5 |
| ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP code via the portal/admin_category/addpost.html alias parameter because the mishandling of a single quote character allows data/conf/route.php injection. |
| CVE-2017-18356 |
|
|
2019-02-07 |
6.5 |
| In the Automattic WooCommerce plugin before 3.2.4 for WordPress, an attack is possible after gaining access to the target site with a user account that has at least Shop manager privileges. The attacker then constructs a specifically crafted... |
| CVE-2018-19002 |
|
|
2019-02-06 |
8.3 |
| LCDS Laquis SCADA prior to version 4.1.0.4150 allows improper control of generation of code when opening a specially crafted project file, which may allow remote code execution, data exfiltration, or cause a system crash. |
| CVE-2018-20129 |
1 Dedecms |
1 Dedecms |
2019-02-05 |
6.5 |
| An issue was discovered in DedeCMS V5.7 SP2. uploads/include/dialog/select_images_post.php allows remote attackers to upload and execute arbitrary PHP code via a double extension and a modified ".php" substring, in conjunction with the image/jpeg... |
| CVE-2018-20300 |
1 Phome |
1 Empirecms |
2019-02-05 |
7.5 |
| Empire CMS 7.5 allows remote attackers to execute arbitrary PHP code via the ftemp parameter in an enews=EditMemberForm action because this code is injected into a memberform.$fid.php file. |
| CVE-2018-19127 |
1 Phpcms |
1 Phpcms |
2019-02-04 |
7.5 |
| A code injection vulnerability in /type.php in PHPCMS 2008 allows attackers to write arbitrary content to a website cache file with a controllable filename, leading to arbitrary code execution. The PHP code is sent via the template parameter, and... |
| CVE-2018-19520 |
2 Php, Sdcms |
2 Php, Sdcms |
2019-02-04 |
6.5 |
| An issue was discovered in SDCMS 1.6 with PHP 5.x. app/admin/controller/themecontroller.php uses a check_bad function in an attempt to block certain PHP functions such as eval, but does not prevent use of preg_replace 'e' calls, allowing users to... |
