Chamilo LMS version 11.x contains an Unserialization vulnerability in the "hash" GET parameter for the api endpoint located at /webservices/api/v2.php that can result in Unauthenticated remote code execution. This attack appear to be exploitable via a simple GET request to the api endpoint. This vulnerability appears to have been fixed in After commit 0de84700648f098c1fbf6b807dee28ec640efe62.
Max CVSS
9.8
EPSS Score
0.79%
Published
2018-07-23
Updated
2019-09-17
Pydio version 8.2.1 and prior contains an Unvalidated user input leading to Remote Code Execution (RCE) vulnerability in plugins/action.antivirus/AntivirusScanner.php: Line 124, scanNow($nodeObject) that can result in An attacker gaining admin access and can then execute arbitrary commands on the underlying OS. This attack appear to be exploitable via The attacker edits the Antivirus Command in the antivirus plugin, and executes the payload by uploading any file within Pydio.
Max CVSS
8.5
EPSS Score
0.22%
Published
2018-07-23
Updated
2018-09-20
FFmpeg before commit 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 contains a Buffer Overflow vulnerability in asf_o format demuxer that can result in heap-buffer-overflow that may result in remote code execution. This attack appears to be exploitable via specially crafted ASF file that has to be provided as input to FFmpeg. This vulnerability appears to have been fixed in 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 and later.
Max CVSS
8.8
EPSS Score
1.79%
Published
2018-07-23
Updated
2019-05-23
October CMS version prior to Build 437 contains a Local File Inclusion vulnerability in modules/system/traits/ViewMaker.php#244 (makeFileContents function) that can result in Sensitive information disclosure and remote code execution. This attack appear to be exploitable remotely if the /backend path is accessible. This vulnerability appears to have been fixed in Build 437.
Max CVSS
8.1
EPSS Score
0.26%
Published
2018-07-23
Updated
2020-08-03

CVE-2018-1000888

Public exploit
PEAR Archive_Tar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the Archive_Tar class. There are several file operations with `$v_header['filename']` as parameter (such as file_exists, is_file, is_dir, etc). When extract is called without a specific prefix path, we can trigger unserialization by crafting a tar file with `phar://[path_to_malicious_phar_file]` as path. Object injection can be used to trigger destruct in the loaded PHP classes, e.g. the Archive_Tar class itself. With Archive_Tar object injection, arbitrary file deletion can occur because `@unlink($this->_temp_tarname)` is called. If another class with useful gadget is loaded, it may possible to cause remote code execution that can result in files being deleted or possibly modified. This vulnerability appears to have been fixed in 1.4.4.
Max CVSS
8.8
EPSS Score
0.51%
Published
2018-12-28
Updated
2020-06-15
PHPipam version 1.3.2 and earlier contains a CWE-79 vulnerability in /app/admin/users/print-user.php that can result in Execute code in the victims browser. This attack appear to be exploitable via Attacker change theme parameter in user settings. Admin(Victim) views user in admin-panel and gets exploited.. This vulnerability appears to have been fixed in 1.4.
Max CVSS
5.4
EPSS Score
0.05%
Published
2018-12-20
Updated
2019-01-08
A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.59 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java, groovy-cps/lib/src/main/java/com/cloudbees/groovy/cps/SandboxCpsTransformer.java that allows attackers with Job/Configure permission, or unauthorized attackers with SCM commit privileges and corresponding pipelines based on Jenkinsfiles set up in Jenkins, to execute arbitrary code on the Jenkins master JVM
Max CVSS
8.8
EPSS Score
0.32%
Published
2018-12-10
Updated
2019-10-03
A sandbox bypass vulnerability exists in Script Security Plugin 1.47 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM, if plugins using the Groovy sandbox are installed.
Max CVSS
8.8
EPSS Score
0.32%
Published
2018-12-10
Updated
2019-10-03
esigate.org esigate version 5.2 and earlier contains a CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in ESI directive with user specified XSLT that can result in Remote Code Execution. This attack appear to be exploitable via Use of another weakness in backend application to reflect ESI directives. This vulnerability appears to have been fixed in 5.3.
Max CVSS
9.8
EPSS Score
0.34%
Published
2018-12-20
Updated
2019-01-07
Alpine Linux version Versions prior to 2.6.10, 2.7.6, and 2.10.1 contains a Other/Unknown vulnerability in apk-tools (Alpine Linux' package manager) that can result in Remote Code Execution. This attack appear to be exploitable via A specially crafted APK-file can cause apk to write arbitrary data to an attacker-specified file, due to bugs in handling long link target name and the way a regular file is extracted.. This vulnerability appears to have been fixed in 2.6.10, 2.7.6, and 2.10.1.
Max CVSS
8.8
EPSS Score
0.70%
Published
2018-12-20
Updated
2020-03-18
LH-EHR version REL-2_0_0 contains a Arbitrary File Upload vulnerability in Profile picture upload that can result in Remote Code Execution. This attack appear to be exploitable via Uploading a PHP file with image MIME type.
Max CVSS
8.8
EPSS Score
0.24%
Published
2018-12-20
Updated
2019-02-01
ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution.
Max CVSS
9.8
EPSS Score
0.38%
Published
2018-12-20
Updated
2019-02-06
ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution.
Max CVSS
10.0
EPSS Score
0.33%
Published
2018-12-20
Updated
2019-10-03
Ubilling version <= 0.9.2 contains a Other/Unknown vulnerability in user-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution.
Max CVSS
9.8
EPSS Score
0.33%
Published
2018-12-20
Updated
2019-02-01
MegaMek version < v0.45.1 contains a Other/Unknown vulnerability in Object Stream Connection that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution.
Max CVSS
9.8
EPSS Score
0.38%
Published
2018-12-20
Updated
2019-02-01
Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitable via Depends on the calling application and if it retains a reference to the memory.. This vulnerability appears to have been fixed in 17.5.0.
Max CVSS
8.1
EPSS Score
9.39%
Published
2018-10-08
Updated
2023-11-17
contiki-ng version 4 contains a Buffer Overflow vulnerability in AQL (Antelope Query Language) database engine that can result in Attacker can perform Remote Code Execution on device using Contiki-NG operating system. This attack appear to be exploitable via Attacker must be able to run malicious AQL code (e.g. via SQL-like Injection attack).
Max CVSS
10.0
EPSS Score
0.30%
Published
2018-10-08
Updated
2019-09-27
WordPress version 4.9.8 and earlier contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution due to an incomplete fix for CVE-2017-1000600. This attack appears to be exploitable via thumbnail upload by an authenticated user and may require additional plugins in order to be exploited however this has not been confirmed at this time.
Max CVSS
8.8
EPSS Score
0.99%
Published
2018-09-06
Updated
2018-11-14
LimeSurvey version 3.14.4 and earlier contains a directory traversal in file upload that allows upload of webshell vulnerability in file upload functionality that can result in remote code execution as authenticated user. This attack appear to be exploitable via An authenticated user can upload a specially crafted zip file to get remote code execution. This vulnerability appears to have been fixed in after commit 72a02ebaaf95a80e26127ee7ee2b123cccce05a7 / version 3.14.4.
Max CVSS
8.8
EPSS Score
0.29%
Published
2018-09-06
Updated
2018-10-26
LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write in letter.php (2) vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled input.
Max CVSS
8.8
EPSS Score
0.23%
Published
2018-08-20
Updated
2019-10-03
LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled parameters.
Max CVSS
8.8
EPSS Score
0.31%
Published
2018-08-20
Updated
2019-10-03
LibreHealthIO LH-EHR version REL-2.0.0 contains an Authenticated Unrestricted File Write vulnerability in Import template that can result in write files with malicious content and may lead to remote code execution.
Max CVSS
8.8
EPSS Score
0.31%
Published
2018-08-20
Updated
2018-10-16
JFrog JFrog Artifactory version Prior to version 6.0.3, since version 4.0.0 contains a Directory Traversal vulnerability in The "Import Repository from Zip" feature, available through the Admin menu -> Import & Export -> Repositories, triggers a vulnerable UI REST endpoint (/ui/artifactimport/upload) that can result in Directory traversal / file overwrite and remote code execution. This attack appear to be exploitable via An attacker with Admin privileges may use the aforementioned UI endpoint and exploit the publicly known "Zip Slip" vulnerability, to add/overwrite files outside the target directory. This vulnerability appears to have been fixed in 6.0.3.
Max CVSS
7.2
EPSS Score
0.21%
Published
2018-07-09
Updated
2018-09-11
Ovidentia version 8.4.3 and earlier contains a Unsanitized User Input vulnerability in utilit.php, bab_getAddonFilePathfromTg that can result in Authenticated Remote Code Execution. This attack appear to be exploitable via The attacker must have permission to upload addons.
Max CVSS
8.8
EPSS Score
0.51%
Published
2018-07-09
Updated
2018-09-11
Triplea version <= 1.9.0.0.10291 contains a XML External Entity (XXE) vulnerability in Importing game data that can result in Possible information disclosure, server-side request forgery, or remote code execution. This attack appear to be exploitable via Specially crafted game data file (XML).
Max CVSS
7.8
EPSS Score
0.30%
Published
2018-06-26
Updated
2018-08-20
1728 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!