Export limit exceeded: 367078 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 367078 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (367078 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-9627 | 1 Cyberark | 1 Endpoint Privilege Manager | 2024-11-21 | 7.0 High |
| A buffer overflow in the kernel driver CybKernelTracker.sys in CyberArk Endpoint Privilege Manager versions prior to 10.7 allows an attacker (without Administrator privileges) to escalate privileges or crash the machine by loading an image, such as a DLL, with a long path. | ||||
| CVE-2019-9626 | 1 Phpshe | 1 Phpshe | 2024-11-21 | N/A |
| PHPSHE 1.7 allows module/index/cart.php pintuan_id SQL Injection to index.php. | ||||
| CVE-2019-9625 | 1 Directadmin | 1 Directadmin | 2024-11-21 | N/A |
| JBMC DirectAdmin 1.55 allows CSRF via the /CMD_ACCOUNT_ADMIN URI to create a new admin account. | ||||
| CVE-2019-9624 | 1 Webmin | 1 Webmin | 2024-11-21 | N/A |
| Webmin 1.900 allows remote attackers to execute arbitrary code by leveraging the "Java file manager" and "Upload and Download" privileges to upload a crafted .cgi file via the /updown/upload.cgi URI. | ||||
| CVE-2019-9623 | 1 Fengoffice | 1 Feng Office | 2024-11-21 | N/A |
| Feng Office 3.7.0.5 allows remote attackers to execute arbitrary code via "<!--#exec cmd=" in a .shtml file to ck_upload_handler.php. | ||||
| CVE-2019-9622 | 1 Ebrigade | 1 Ebrigade | 2024-11-21 | N/A |
| eBrigade through 4.5 allows Arbitrary File Download via ../ directory traversal in the showfile.php file parameter, as demonstrated by reading the user-data/save/backup.sql file. | ||||
| CVE-2019-9618 | 1 Gracemedia Media Player Project | 1 Gracemedia Media Player | 2024-11-21 | N/A |
| The GraceMedia Media Player plugin 1.0 for WordPress allows Local File Inclusion via the "cfg" parameter. | ||||
| CVE-2019-9617 | 1 Ofcms Project | 1 Ofcms | 2024-11-21 | N/A |
| An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadFile URI. | ||||
| CVE-2019-9616 | 1 Ofcms Project | 1 Ofcms | 2024-11-21 | N/A |
| An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadScrawl URI. | ||||
| CVE-2019-9615 | 1 Ofcms Project | 1 Ofcms | 2024-11-21 | N/A |
| An issue was discovered in OFCMS before 1.1.3. It allows admin/system/generate/create?sql= SQL injection, related to SystemGenerateController.java. | ||||
| CVE-2019-9614 | 1 Ofcms Project | 1 Ofcms | 2024-11-21 | N/A |
| An issue was discovered in OFCMS before 1.1.3. A command execution vulnerability exists via a template file with '<#assign ex="freemarker.template.utility.Execute"?new()> ${ ex("' followed by the command. | ||||
| CVE-2019-9613 | 1 Ofcms Project | 1 Ofcms | 2024-11-21 | N/A |
| An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadVideo URI. | ||||
| CVE-2019-9612 | 1 Ofcms Project | 1 Ofcms | 2024-11-21 | N/A |
| An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/comn/service/upload URI. | ||||
| CVE-2019-9611 | 1 Ofcms Project | 1 Ofcms | 2024-11-21 | N/A |
| An issue was discovered in OFCMS before 1.1.3. It allows admin/cms/template/getTemplates.html?res_path=res directory traversal, with ../ in the dir parameter, to write arbitrary content (in the file_content parameter) into an arbitrary file (specified by the file_name parameter). This is related to the save function in TemplateController.java. | ||||
| CVE-2019-9610 | 1 Ofcms Project | 1 Ofcms | 2024-11-21 | N/A |
| An issue was discovered in OFCMS before 1.1.3. It has admin/cms/template/getTemplates.html?res_path=res&up_dir=../ directory traversal, related to the getTemplates function in TemplateController.java. | ||||
| CVE-2019-9609 | 1 Ofcms Project | 1 Ofcms | 2024-11-21 | N/A |
| An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/comn/service/editUploadImage URI. | ||||
| CVE-2019-9608 | 1 Ofcms Project | 1 Ofcms | 2024-11-21 | N/A |
| An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadImage URI. | ||||
| CVE-2019-9607 | 1 Medical Store Script Project | 1 Medical Store Script | 2024-11-21 | N/A |
| PHP Scripts Mall Medical Store Script 3.0.3 allows Path Traversal by navigating to the parent directory of a jpg or png file. | ||||
| CVE-2019-9606 | 1 Personal Video Collection Script Project | 1 Personal Video Collection Script | 2024-11-21 | N/A |
| PHP Scripts Mall Personal Video Collection Script 4.0.4 has Stored XSS via the "Update profile" feature. | ||||
| CVE-2019-9605 | 1 Online Lottery Php Readymade Script Project | 1 Online Lottery Php Readymade Script | 2024-11-21 | N/A |
| PHP Scripts Mall Online Lottery PHP Readymade Script 1.7.0 has Reflected Cross-site Scripting (XSS) via the err value in a .ico picture upload. | ||||