Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive. This attack appear to be exploitable via Passage of unfiltered user input to the function. This vulnerability appears to have been fixed in after commit add531a1e55b0a739b0f42582f1c9747e5649ace.
Max CVSS
9.8
EPSS Score
0.96%
Published
2018-09-18
Updated
2023-03-09
zephyr-rtos version 1.12.0 contains a NULL base pointer reference vulnerability in sys_ring_buf_put(), sys_ring_buf_get() that can result in CPU Page Fault (error code 0x00000010). This attack appear to be exploitable via a malicious application call the vulnerable kernel APIs (system sys_ring_buf_get() and sys_ring_buf_put).
Max CVSS
9.8
EPSS Score
0.21%
Published
2018-09-06
Updated
2020-05-13
GIG Technology NV JumpScale Portal 7 version before commit 15443122ed2b1cbfd7bdefc048bf106f075becdb contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in method: notifySpaceModification; that can result in Improper validation of parameters results in command execution. This attack appear to be exploitable via Network connectivity, required minimal auth privileges (everyone can register an account). This vulnerability appears to have been fixed in After commit 15443122ed2b1cbfd7bdefc048bf106f075becdb.
Max CVSS
10.0
EPSS Score
0.94%
Published
2018-09-06
Updated
2019-03-07
An issue was discovered in MRCMS (aka mushroom) through 3.1.2. The WebParam.java file directly accepts the FIELD_T parameter in a request and uses it as a hash of SQL statements without filtering, resulting in a SQL injection vulnerability in getChannel() in the ChannelService.java file.
Max CVSS
9.8
EPSS Score
0.17%
Published
2018-09-30
Updated
2018-11-21
Telegram Desktop (aka tdesktop) 1.3.16 alpha, when "Use proxy" is enabled, sends credentials and application data in cleartext over the SOCKS5 protocol.
Max CVSS
9.8
EPSS Score
0.22%
Published
2018-09-28
Updated
2019-10-03
Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects.
Max CVSS
9.8
EPSS Score
0.39%
Published
2018-09-28
Updated
2018-11-14
Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects.
Max CVSS
9.8
EPSS Score
0.39%
Published
2018-09-28
Updated
2018-11-14
Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects.
Max CVSS
9.8
EPSS Score
0.39%
Published
2018-09-28
Updated
2018-11-14
Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects.
Max CVSS
9.8
EPSS Score
0.39%
Published
2018-09-28
Updated
2018-11-14
Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects.
Max CVSS
9.8
EPSS Score
0.39%
Published
2018-09-28
Updated
2018-11-14
SWA SWA.JACAD 3.1.37 Build 024 has SQL Injection via the /academico/aluno/esqueci-minha-senha/ studentId parameter.
Max CVSS
9.8
EPSS Score
0.21%
Published
2018-09-28
Updated
2018-11-21
The Wp-Insert plugin through 2.4.2 for WordPress allows upload of arbitrary PHP code because of the exposure and configuration of FCKeditor under fckeditor/editor/filemanager/browser/default/browser.html, fckeditor/editor/filemanager/connectors/test.html, and fckeditor/editor/filemanager/connectors/uploadtest.html.
Max CVSS
9.8
EPSS Score
2.76%
Published
2018-09-28
Updated
2018-11-23
utils/ut_ws_svr.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption.
Max CVSS
9.8
EPSS Score
0.14%
Published
2018-09-26
Updated
2018-11-26
network/nw_buf.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption.
Max CVSS
9.8
EPSS Score
0.14%
Published
2018-09-26
Updated
2018-11-26
utils/ut_rpc.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption.
Max CVSS
9.8
EPSS Score
0.13%
Published
2018-09-26
Updated
2018-11-20
In ThinkPHP 5.1.24, the inner function delete can be used for SQL injection when its WHERE condition's value can be controlled by a user's request.
Max CVSS
9.8
EPSS Score
0.17%
Published
2018-09-26
Updated
2018-11-20
Axon (formerly TASER International) Evidence Sync 3.15.89 is vulnerable to process injection. NOTE: the vendor's position is that this CVE is not associated with information that supports any finding of any type of vulnerability
Max CVSS
9.8
EPSS Score
2.93%
Published
2018-09-26
Updated
2024-03-21
An XML External Entity (XXE) vulnerability exists in iWay Data Quality Suite Web Console 10.6.1.ga-2016-11-20.
Max CVSS
10.0
EPSS Score
0.66%
Published
2018-09-26
Updated
2018-12-17
Horus CMS allows SQL Injection, as demonstrated by a request to the /busca or /home URI.
Max CVSS
9.8
EPSS Score
0.13%
Published
2018-09-26
Updated
2020-04-14
SQL Injection exists in the AlphaIndex Dictionaries 1.0 component for Joomla! via the letter parameter.
Max CVSS
9.8
EPSS Score
0.29%
Published
2018-09-28
Updated
2018-11-14
SQL Injection exists in the Timetable Schedule 3.6.8 component for Joomla! via the eid parameter.
Max CVSS
9.8
EPSS Score
0.29%
Published
2018-09-28
Updated
2018-11-14
SQL Injection exists in authors_post.php in Super Cms Blog Pro 1.0 via the author parameter.
Max CVSS
9.8
EPSS Score
0.27%
Published
2018-09-28
Updated
2018-11-14
SQL Injection exists in the Social Factory 3.8.3 component for Joomla! via the radius[lat], radius[lng], or radius[radius] parameter.
Max CVSS
9.8
EPSS Score
0.29%
Published
2018-09-28
Updated
2018-11-14
SQL Injection exists in the Swap Factory 2.2.1 component for Joomla! via the filter_order_Dir or filter_order parameter.
Max CVSS
9.8
EPSS Score
0.29%
Published
2018-09-28
Updated
2018-11-14
SQL Injection exists in the Collection Factory 4.1.9 component for Joomla! via the filter_order or filter_order_Dir parameter.
Max CVSS
9.8
EPSS Score
0.29%
Published
2018-09-28
Updated
2018-11-15
226 vulnerabilities found
1 2 3 4 5 6 7 8 9 10
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!