Total
5456 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-12995 | 1 Onefilecms | 1 Onefilecms | 2024-11-21 | N/A |
| onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the Upload screen. | ||||
| CVE-2018-12994 | 1 Onefilecms | 1 Onefilecms | 2024-11-21 | N/A |
| onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the New File screen. | ||||
| CVE-2018-12533 | 1 Redhat | 3 Jboss Enterprise Application Platform, Jboss Operations Network, Richfaces | 2024-11-21 | N/A |
| JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via a /DATA/ substring in a path with an org.richfaces.renderkit.html.Paint2DResource$ImageData object, aka RF-14310. | ||||
| CVE-2018-12532 | 1 Redhat | 1 Richfaces | 2024-11-21 | N/A |
| JBoss RichFaces 4.5.3 through 4.5.17 allows unauthenticated remote attackers to inject an arbitrary expression language (EL) variable mapper and execute arbitrary Java code via a MediaOutputResource's resource request, aka RF-14309. | ||||
| CVE-2018-12531 | 1 Metinfo | 1 Metinfo | 2024-11-21 | N/A |
| An issue was discovered in MetInfo 6.0.0. install\index.php allows remote attackers to write arbitrary PHP code into config_db.php, a different vulnerability than CVE-2018-7271. | ||||
| CVE-2018-11781 | 4 Apache, Canonical, Debian and 1 more | 8 Spamassassin, Ubuntu Linux, Debian Linux and 5 more | 2024-11-21 | N/A |
| Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax. | ||||
| CVE-2018-11780 | 4 Apache, Canonical, Debian and 1 more | 4 Spamassassin, Ubuntu Linux, Debian Linux and 1 more | 2024-11-21 | N/A |
| A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3.4.2. | ||||
| CVE-2018-11587 | 1 Centreon | 2 Centreon, Centreon Web | 2024-11-21 | N/A |
| There is Remote Code Execution in Centreon 3.4.6 including Centreon Web 2.8.23 via the RPN value in the Virtual Metric form in centreonGraph.class.php. | ||||
| CVE-2018-11228 | 1 Crestron | 8 Crestron Toolbox Protocol Firmware, Dmc-str, Tsw-1060 and 5 more | 2024-11-21 | N/A |
| Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via a Bash shell service in Crestron Toolbox Protocol (CTP). | ||||
| CVE-2018-10740 | 1 Axublog | 1 Axublog | 2024-11-21 | N/A |
| Axublog 1.1.0 allows remote Code Execution as demonstrated by injection of PHP code (contained in the webkeywords parameter) into the cmsconfig.php file. | ||||
| CVE-2018-10642 | 1 Combodo | 1 Itop | 2024-11-21 | N/A |
| Command injection vulnerability in Combodo iTop 2.4.1 allows remote authenticated administrators to execute arbitrary commands by changing the platform configuration, because web/env-production/itop-config/config.php contains a function called TestConfig() that calls the vulnerable function eval(). | ||||
| CVE-2018-10574 | 1 Bigtreecms | 1 Bigtree Cms | 2024-11-21 | N/A |
| site/index.php/admin/trees/add/ in BigTree 4.2.22 and earlier allows remote attackers to upload and execute arbitrary PHP code because the BigTreeStorage class in core/inc/bigtree/apis/storage.php does not prevent uploads of .htaccess files. | ||||
| CVE-2018-10517 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | N/A |
| In CMS Made Simple (CMSMS) through 2.2.7, the "module import" operation in the admin dashboard contains a remote code execution vulnerability, exploitable by an admin user, because an XML Package can contain base64-encoded PHP code in a data element. | ||||
| CVE-2018-10515 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | N/A |
| In CMS Made Simple (CMSMS) through 2.2.7, the "file unpack" operation in the admin dashboard contains a remote code execution vulnerability exploitable by an admin user because a .php file can be present in the extracted ZIP archive. | ||||
| CVE-2018-10429 | 1 Cosmocms | 1 Cosmo | 2024-11-21 | N/A |
| Cosmo 1.0.0Beta6 allows attackers to execute arbitrary PHP code via the Database Prefix field on the Database Info screen of install.php. | ||||
| CVE-2018-10236 | 1 Poscms | 1 Poscms | 2024-11-21 | N/A |
| POSCMS 3.2.18 allows remote attackers to execute arbitrary PHP code via the diy\dayrui\controllers\admin\Syscontroller.php 'add' function because an attacker can control the value of $data['name'] with no restrictions, and this value is written to the FCPATH.$file file. | ||||
| CVE-2018-10235 | 1 Poscms | 1 Poscms | 2024-11-21 | N/A |
| POSCMS 3.2.10 allows remote attackers to execute arbitrary PHP code via the diy\module\member\controllers\admin\Setting.php 'index' function because an attacker can control the value of $cache['setting']['ucssocfg'] in diy\module\member\models\Member_model.php and write this code into the api/ucsso/config.php file. | ||||
| CVE-2018-10133 | 1 Pbootcms | 1 Pbootcms | 2024-11-21 | N/A |
| PbootCMS v0.9.8 allows PHP code injection via an IF label in index.php/About/6.html or admin.php/Site/index.html, related to the parserIfLabel function in \apps\home\controller\ParserController.php. | ||||
| CVE-2018-10086 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | N/A |
| CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary code execution vulnerability in the admin dashboard because the implementation uses "eval('function testfunction'.rand()" and it is possible to bypass certain restrictions on these "testfunction" functions. | ||||
| CVE-2018-1000881 | 1 Traccar | 1 Server | 2024-11-21 | N/A |
| Traccar Traccar Server version 4.0 and earlier contains a CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability in ComputedAttributesHandler.java that can result in Remote Command Execution. This attack appear to be exploitable via Remote: web application request by a self-registered user. This vulnerability appears to have been fixed in 4.1 and later. | ||||