The Log module in SECUDOS DOMOS before 5.6 allows local file inclusion.
Max CVSS
7.5
EPSS Score
8.50%
Published
2019-11-02
Updated
2019-11-04
An issue was discovered in Eracent EPA Agent through 10.2.26. The agent executable, when installed for non-root operations (scanning), can be used to start external programs with elevated permissions because of an Untrusted Search Path.
Max CVSS
7.8
EPSS Score
0.04%
Published
2019-11-22
Updated
2019-12-04
A remote file include (RFI) issue was discovered in Enghouse Web Chat 6.2.284.34. One can replace the localhost attribute with one's own domain name. When the product calls this domain after the POST request is sent, it retrieves an attacker's data and displays it. Also worth mentioning is the amount of information sent in the request from this product to the attacker: it reveals information the public should not have. This includes pathnames and internal ip addresses.
Max CVSS
5.3
EPSS Score
0.13%
Published
2019-11-13
Updated
2021-07-21
Code42 server through 7.0.2 for Windows has an Untrusted Search Path. In certain situations, a non-administrative attacker on the local server could create or modify a dynamic-link library (DLL). The Code42 service could then load it at runtime, and potentially execute arbitrary code at an elevated privilege on the local server.
Max CVSS
7.3
EPSS Score
0.04%
Published
2019-11-19
Updated
2019-11-21
Code42 app through version 7.0.2 for Windows has an Untrusted Search Path. In certain situations, a non-administrative attacker on the local machine could create or modify a dynamic-link library (DLL). The Code42 service could then load it at runtime, and potentially execute arbitrary code at an elevated privilege on the local machine.
Max CVSS
7.3
EPSS Score
0.04%
Published
2019-11-19
Updated
2019-11-21
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to modify product catalogs can trigger PHP file inclusion through a crafted XML file that specifies product design update.
Max CVSS
8.8
EPSS Score
0.25%
Published
2019-11-06
Updated
2020-08-24
A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an administrative user to load an unsigned DLL.
Max CVSS
7.8
EPSS Score
0.06%
Published
2019-11-20
Updated
2019-11-22
A Privilege Escalation vulnerability in the Microsoft Windows client in McAfee Total Protection 16.0.R22 and earlier allows administrators to execute arbitrary code via carefully placing malicious files in specific locations protected by administrator permission.
Max CVSS
7.2
EPSS Score
0.04%
Published
2019-11-13
Updated
2020-08-24
GLPI 0.83.7 has Local File Inclusion in common.tabs.php.
Max CVSS
7.5
EPSS Score
0.35%
Published
2019-11-01
Updated
2019-11-04
A local file inclusion flaw was found in the way the phpLDAPadmin before 0.9.8 processed certain values of the "Accept-Language" HTTP header. A remote attacker could use this flaw to cause a denial of service via specially-crafted request.
Max CVSS
7.5
EPSS Score
0.23%
Published
2019-11-26
Updated
2020-08-18
10 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!