MyBB Group MyBB contains a File Inclusion vulnerability in Admin panel (Tools and Maintenance -> Task Manager -> Add New Task) that can result in Allows Local File Inclusion on modern PHP versions and Remote File Inclusion on ancient PHP versions. This attack appear to be exploitable via Must have access to admin panel. This vulnerability appears to have been fixed in 1.8.15.
Max CVSS
7.2
EPSS Score
0.22%
Published
2018-06-26
Updated
2019-10-03
ruby-ffi version 1.9.23 and earlier has a DLL loading issue which can be hijacked on Windows OS, when a Symbol is used as DLL name instead of a String This vulnerability appears to have been fixed in v1.9.24 and later.
Max CVSS
7.8
EPSS Score
0.07%
Published
2018-06-22
Updated
2018-08-13
An issue was discovered in Joomla! 2.5.0 through 3.8.8 before 3.8.9. The autoload code checks classnames to be valid, using the "class_exists" function in PHP. In PHP 5.3, this function validates invalid names as valid, which can result in a Local File Inclusion.
Max CVSS
8.8
EPSS Score
0.20%
Published
2018-06-26
Updated
2018-08-20
Polaris Office 2017 8.1 allows attackers to execute arbitrary code via a Trojan horse puiframeworkproresenu.dll file in the current working directory.
Max CVSS
7.8
EPSS Score
0.12%
Published
2018-06-28
Updated
2018-08-20
A Local File Inclusion vulnerability in /system/WCore/WHelper.php in Creatiwity wityCMS 0.6.2 allows remote attackers to include local PHP files (execute PHP code) or read non-PHP files by replacing a helper.json file.
Max CVSS
9.8
EPSS Score
0.29%
Published
2018-06-08
Updated
2018-07-23
Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via server/node_upgrade_srv.js directory traversal with the firmware parameter in a downloadFirmware action.
Max CVSS
9.8
EPSS Score
0.79%
Published
2018-06-07
Updated
2018-07-27
AXON PBX 2.02 contains a DLL hijacking vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability exists because a DLL file is loaded by 'pbxsetup.exe' improperly.
Max CVSS
9.3
EPSS Score
0.18%
Published
2018-06-01
Updated
2018-07-03
Local File Inclusion (LFI) in Artica Pandora FMS through version 7.23 allows an attacker to call any php file via the /pandora_console/ajax.php ajax endpoint.
Max CVSS
7.5
EPSS Score
0.31%
Published
2018-06-16
Updated
2018-08-14
Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests.
Max CVSS
7.5
EPSS Score
0.26%
Published
2018-06-25
Updated
2022-06-23
An issue was discovered in DisplayLink Core Software Cleaner Application 8.2.1956. When the drivers are updated to a newer version, the product launches a process as SYSTEM to uninstall the old version: cl_1956.exe is run as SYSTEM on the %systemroot%\Temp folder, where any user can write a DLL (e.g., version.dll) to perform DLL Hijacking and elevate privileges to SYSTEM.
Max CVSS
9.3
EPSS Score
0.06%
Published
2018-06-05
Updated
2018-08-01
In Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, Puppet Agent 5.5.x prior to 5.5.2, Facter on Windows is vulnerable to a DLL preloading attack, which could lead to a privilege escalation.
Max CVSS
7.8
EPSS Score
0.06%
Published
2018-06-11
Updated
2018-08-02
Puppet Enterprise 2016.4.x prior to 2016.4.12, Puppet Enterprise 2017.3.x prior to 2017.3.7, Puppet Enterprise 2018.1.x prior to 2018.1.1, Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, and Puppet Agent 5.5.x prior to 5.5.2, were vulnerable to an attack where an unprivileged user on Windows agents could write custom facts that can escalate privileges on the next puppet run. This was possible through the loading of shared libraries from untrusted paths.
Max CVSS
8.8
EPSS Score
0.10%
Published
2018-06-11
Updated
2022-01-24
Local file inclusion vulnerability in Zenphoto 1.4.14 and earlier allows a remote attacker with an administrative privilege to execute arbitrary code or obtain sensitive information.
Max CVSS
7.2
EPSS Score
0.39%
Published
2018-06-26
Updated
2019-10-03
Untrusted search path vulnerability in LINE for Windows versions before 5.8.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Max CVSS
7.8
EPSS Score
0.07%
Published
2018-06-26
Updated
2018-08-17
Untrusted search path vulnerability in axpdfium v0.01 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Max CVSS
9.3
EPSS Score
0.07%
Published
2018-06-26
Updated
2018-08-17
Untrusted search path vulnerability in the installer of PlayMemories Home for Windows ver.5.5.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Max CVSS
7.8
EPSS Score
0.07%
Published
2018-06-26
Updated
2018-08-17
Untrusted search path vulnerability in the installer of Visual C++ Redistributable allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Max CVSS
9.3
EPSS Score
2.28%
Published
2018-06-26
Updated
2018-08-17
Untrusted search path vulnerability in Self-extracting archive files created by IExpress bundled with Microsoft Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Max CVSS
9.3
EPSS Score
23.86%
Published
2018-06-26
Updated
2023-05-18
Untrusted search path vulnerability in the installer of Visual Studio Code allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Max CVSS
7.8
EPSS Score
9.01%
Published
2018-06-26
Updated
2018-11-23
Untrusted search path vulnerability in the installer of Visual Studio Community allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Max CVSS
7.8
EPSS Score
9.01%
Published
2018-06-26
Updated
2018-08-17
Untrusted search path vulnerability in the installer of Skype for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Max CVSS
7.8
EPSS Score
9.01%
Published
2018-06-26
Updated
2018-08-17
Untrusted search path vulnerability in Skype for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Max CVSS
7.8
EPSS Score
9.01%
Published
2018-06-26
Updated
2018-08-17
Untrusted search path vulnerability in the installer of Microsoft OneDrive allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Max CVSS
7.8
EPSS Score
9.01%
Published
2018-06-26
Updated
2018-08-17
Untrusted search path vulnerability in Microsoft OneDrive allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Max CVSS
7.8
EPSS Score
9.01%
Published
2018-06-26
Updated
2018-08-17
Untrusted search path vulnerability in the installer of FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.13.0 and earlier versions and FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.13.0 and earlier versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Max CVSS
9.3
EPSS Score
0.13%
Published
2018-06-26
Updated
2018-08-30
27 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!