From 43e747e8bafadc5336a1fe1e4cc20c87df847e9b Mon Sep 17 00:00:00 2001 From: github-actions <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 19 Sep 2024 12:34:55 +0000 Subject: [PATCH] Commit from GitHub Actions (Update List) --- data/data.csv | 224 ++++++++++++++++++++++++------------------------- secpatch.ipynb | 58 ++++++------- 2 files changed, 140 insertions(+), 142 deletions(-) diff --git a/data/data.csv b/data/data.csv index 496eb9b..9b6e004 100644 --- a/data/data.csv +++ b/data/data.csv @@ -258,7 +258,7 @@ CVE-2005-2086,0.0,0.10023,PHP remote file inclusion vulnerability in viewtopic.p CVE-2005-2087,0.0,0.96072,"Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, as demonstrated using the JVIEW Profiler (Javaprxy.dll). NOTE: the researcher says that the vendor could not reproduce this problem.",2005-07-05 04:00:00.000,EPSS CVE-2005-2088,0.0,0.96327,"The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a ""Transfer-Encoding: chunked"" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka ""HTTP Request Smuggling.""",2005-07-05 04:00:00.000,EPSS CVE-2005-2090,0.0,0.97185,"Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a ""Transfer-Encoding: chunked"" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka ""HTTP Request Smuggling.""",2005-07-05 04:00:00.000,EPSS -CVE-2005-2120,0.0,0.03043,"Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of ""\"" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call.",2005-10-13 10:02:00.000,Metasploit +CVE-2005-2120,0.0,0.02683,"Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of ""\"" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call.",2005-10-13 10:02:00.000,Metasploit CVE-2005-2122,0.0,0.95411,"Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to execute arbitrary commands via a shortcut (.lnk) file with long font properties that lead to a buffer overflow in the Client/Server Runtime Server Subsystem (CSRSS), a different vulnerability than CVE-2005-2118.",2005-10-21 18:02:00.000,EPSS CVE-2005-2124,0.0,0.96259,"Unspecified vulnerability in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1, related to ""An unchecked buffer"" and possibly buffer overflows, allows remote attackers to execute arbitrary code via a crafted Windows Metafile (WMF) format image, aka ""Windows Metafile Vulnerability.""",2005-11-29 21:03:00.000,EPSS CVE-2005-2265,0.0,0.96724,"Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 allows remote attackers to cause a denial of service (access violation and crash), and possibly execute arbitrary code, by calling InstallVersion.compareTo with an object instead of a string.",2005-07-13 04:00:00.000,EPSS/Metasploit @@ -287,7 +287,7 @@ CVE-2005-2917,0.0,0.9572,"Squid 2.5.STABLE10 and earlier, while performing NTLM CVE-2005-2968,0.0,0.96155,"Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary commands via shell metacharacters in a URL that is provided to the browser on the command line, which is sent unfiltered to bash.",2005-09-20 22:03:00.000,EPSS CVE-2005-3116,0.0,0.95464,Stack-based buffer overflow in a shared library as used by the Volume Manager daemon (vmd) in VERITAS NetBackup Enterprise Server 5.0 MP1 to MP5 and 5.1 up to MP3A allows remote attackers to execute arbitrary code via a crafted packet.,2005-11-18 06:03:00.000,EPSS CVE-2005-3155,0.0,0.38424,Buffer overflow in the W3C logging for MailEnable Enterprise 1.1 and Professional 1.6 allows remote attackers to execute arbitrary code.,2005-10-05 23:02:00.000,Metasploit -CVE-2005-3190,0.0,0.61685,"Buffer overflow in Computer Associates (CA) iGateway 3.0 and 4.0 before 4.0.050623, when running in debug mode, allows remote attackers to execute arbitrary code via HTTP GET requests.",2005-10-13 22:02:00.000,Metasploit +CVE-2005-3190,0.0,0.6145,"Buffer overflow in Computer Associates (CA) iGateway 3.0 and 4.0 before 4.0.050623, when running in debug mode, allows remote attackers to execute arbitrary code via HTTP GET requests.",2005-10-13 22:02:00.000,Metasploit CVE-2005-3252,0.0,0.94818,Stack-based buffer overflow in the Back Orifice (BO) preprocessor for Snort before 2.4.3 allows remote attackers to execute arbitrary code via a crafted UDP packet.,2005-10-18 21:02:00.000,Metasploit CVE-2005-3314,0.0,0.85319,"Stack-based buffer overflow in the IMAP daemon in Novell Netmail 3.5.2 allows remote attackers to execute arbitrary code via ""long verb arguments.""",2005-11-18 22:03:00.000,Metasploit CVE-2005-3315,0.0,0.95935,"Multiple SQL injection vulnerabilities in Novell ZENworks Patch Management 6.x before 6.2.2.181 allow remote attackers to execute arbitrary SQL commands via the (1) Direction parameter to computers/default.asp, and the (2) SearchText, (3) StatusFilter, and (4) computerFilter parameters to reports/default.asp.",2005-10-30 20:02:00.000,EPSS @@ -551,7 +551,7 @@ CVE-2007-3764,0.0,0.97083,"The Skinny channel driver (chan_skinny) in Asterisk b CVE-2007-3844,0.0,0.95252,"Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting (XSS) attacks with chrome privileges via an addon that inserts a (1) javascript: or (2) data: link into an about:blank document loaded by chrome via (a) the window.open function or (b) a content.location assignment, aka ""Cross Context Scripting."" NOTE: this issue is caused by a CVE-2007-3089 regression.",2007-08-08 01:17:00.000,EPSS CVE-2007-3845,0.0,0.95617,"Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute arbitrary commands via certain vectors associated with launching ""a file handling program based on the file extension at the end of the URI,"" a variant of CVE-2007-4041. NOTE: the vendor states that ""it is still possible to launch a filetype handler based on extension rather than the registered protocol handler.""",2007-08-08 01:17:00.000,EPSS CVE-2007-3872,0.0,0.92409,"Multiple stack-based buffer overflows in the Shared Trace Service (OVTrace) service for HP OpenView Operations A.07.50 for Windows, and possibly earlier versions, allow remote attackers to execute arbitrary code via certain crafted requests.",2007-08-09 20:17:00.000,Metasploit -CVE-2007-3897,0.0,0.95888,"Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption.",2007-10-09 22:17:00.000,EPSS +CVE-2007-3897,0.0,0.9512,"Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption.",2007-10-09 22:17:00.000,EPSS CVE-2007-3901,0.0,0.95366,Stack-based buffer overflow in the DirectShow Synchronized Accessible Media Interchange (SAMI) parser in quartz.dll for Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted SAMI file.,2007-12-12 00:46:00.000,EPSS/Metasploit CVE-2007-3925,0.0,0.97321,Multiple buffer overflows in the IMAP service (imapd32.exe) in Ipswitch IMail Server 2006 before 2006.21 allow remote authenticated users to execute arbitrary code via the (1) Search or (2) Search Charset command.,2007-07-21 00:30:00.000,EPSS/Metasploit CVE-2007-3999,0.0,0.96876,"Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library (librpcsecgss) in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and some third-party applications that use krb5, allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long string in an RPC message.",2007-09-05 10:17:00.000,EPSS @@ -617,9 +617,9 @@ CVE-2008-0226,0.0,0.97381,"Multiple buffer overflows in yaSSL 1.7.5 and earlier, CVE-2008-0237,0.0,0.95306,The Microsoft Rich Textbox ActiveX Control (RICHTX32.OCX) 6.1.97.82 allows remote attackers to execute arbitrary commands by invoking the insecure SaveFile method.,2008-01-11 02:46:00.000,EPSS CVE-2008-0244,0.0,0.96787,"SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to execute arbitrary commands via ""&&"" and other shell metacharacters in exec_sdbinfo and other unspecified commands, which are executed when MaxDB invokes cons.exe.",2008-01-12 02:46:00.000,EPSS/Metasploit CVE-2008-0311,0.0,0.73024,Stack-based buffer overflow in the PGMWebHandler::parse_request function in the StarTeam Multicast Service component (STMulticastService) 6.4 in Borland CaliberRM 2006 allows remote attackers to execute arbitrary code via a large HTTP request.,2008-04-06 23:44:00.000,Metasploit -CVE-2008-0320,0.0,0.92414,Heap-based buffer overflow in the OLE importer in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an OLE file with a crafted DocumentSummaryInformation stream.,2008-04-17 19:05:00.000,Metasploit +CVE-2008-0320,0.0,0.92542,Heap-based buffer overflow in the OLE importer in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an OLE file with a crafted DocumentSummaryInformation stream.,2008-04-17 19:05:00.000,Metasploit CVE-2008-0492,0.0,0.8937,Stack-based buffer overflow in the Persits.XUpload.2 ActiveX control in XUpload.ocx 3.0.0.4 and earlier in Persits XUpload 3.0 allows remote attackers to execute arbitrary code via a long argument to the AddFile method. NOTE: some of these details are obtained from third party information.,2008-01-30 22:00:00.000,Metasploit -CVE-2008-0506,0.0,0.96356,"include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php.",2008-01-31 20:00:00.000,EPSS/Metasploit +CVE-2008-0506,0.0,0.96339,"include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php.",2008-01-31 20:00:00.000,EPSS/Metasploit CVE-2008-0550,0.0,0.11425,"Off-by-one error in Steamcast 0.9.75 and earlier allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a certain HTTP request that leads to a buffer overflow, as demonstrated by a long User-Agent header.",2008-02-01 20:00:00.000,Metasploit CVE-2008-0610,0.0,0.29516,"Stack-based buffer overflow in the ClientConnection::NegotiateProtocolVersion function in vncviewer/ClientConnection.cpp in vncviewer for UltraVNC 1.0.2 and 1.0.4 before 01252008, when in LISTENING mode or when using the DSM plugin, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a modified size value.",2008-02-06 12:00:00.000,Metasploit CVE-2008-0621,0.0,0.80831,"Buffer overflow in SAPLPD 6.28 and earlier included in SAP GUI 7.10 and SAPSprint before 1018 allows remote attackers to execute arbitrary code via long arguments to the (1) 0x01, (2) 0x02, (3) 0x03, (4) 0x04, and (5) 0x05 LPD commands.",2008-02-06 12:00:00.000,Metasploit @@ -673,7 +673,7 @@ CVE-2008-2683,0.0,0.82194,"The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10 CVE-2008-2703,0.0,0.88146,"Multiple stack-based buffer overflows in Novell GroupWise Messenger (GWIM) Client before 2.0.3 HP1 for Windows allow remote attackers to execute arbitrary code via ""spoofed server responses"" that contain a long string after the NM_A_SZ_TRANSACTION_ID field name.",2008-06-13 19:41:00.000,Metasploit CVE-2008-2789,0.0,0.00987,SQL injection vulnerability in pages/index.php in BASIC-CMS allows remote attackers to execute arbitrary SQL commands via the page_id parameter.,2008-06-20 11:48:00.000,Metasploit CVE-2008-2905,0.0,0.28525,"PHP remote file inclusion vulnerability in includes/Cache/Lite/Output.php in the Cache_Lite package in Mambo 4.6.4 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.",2008-06-30 18:24:00.000,Metasploit -CVE-2008-2908,0.0,0.41034,"Multiple stack-based buffer overflows in a certain ActiveX control in ienipp.ocx in Novell iPrint Client for Windows before 4.36 allow remote attackers to execute arbitrary code via a long value of the (1) operation, (2) printer-url, or (3) target-frame parameter. NOTE: some of these details are obtained from third party information.",2008-06-30 18:24:00.000,Metasploit +CVE-2008-2908,0.0,0.47848,"Multiple stack-based buffer overflows in a certain ActiveX control in ienipp.ocx in Novell iPrint Client for Windows before 4.36 allow remote attackers to execute arbitrary code via a long value of the (1) operation, (2) printer-url, or (3) target-frame parameter. NOTE: some of these details are obtained from third party information.",2008-06-30 18:24:00.000,Metasploit CVE-2008-2938,0.0,0.97021,"Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.",2008-08-13 00:41:00.000,EPSS CVE-2008-2992,7.8,0.97274,"Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104.",2008-11-04 18:29:47.667,EPSS/CISA CVE-2008-3004,0.0,0.96068,"Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3; Office Excel Viewer 2003; and Office 2004 and 2008 for Mac do not properly validate index values for AxesSet records when loading Excel files, which allows remote attackers to execute arbitrary code via a crafted Excel file, aka the ""Excel Indexing Validation Vulnerability.""",2008-08-12 23:41:00.000,EPSS @@ -762,11 +762,11 @@ CVE-2008-6982,0.0,0.0038,Cross-site scripting (XSS) vulnerability in index.php i CVE-2008-7232,0.0,0.50522,Buffer overflow in the report function in xtacacsd 4.1.2 and earlier allows remote attackers to execute arbitrary code via a crafted CONNECT TACACS command.,2009-09-14 14:30:00.500,Metasploit CVE-2008-7269,0.0,0.01544,Open redirect vulnerability in api.php in SiteEngine 5.x allows user-assisted remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the forward parameter in a logout action.,2010-12-01 16:06:12.770,Nuclei CVE-2009-0075,0.0,0.97391,"Microsoft Internet Explorer 7 does not properly handle errors during attempted access to deleted objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to CFunctionPointer and the appending of document objects, aka ""Uninitialized Memory Corruption Vulnerability.""",2009-02-10 22:30:00.250,EPSS/Metasploit -CVE-2009-0093,0.0,0.97049,"Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not restrict registration of the ""wpad"" hostname, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) feature, and conduct man-in-the-middle attacks by spoofing a proxy server, via a Dynamic Update request for this hostname, aka ""DNS Server Vulnerability in WPAD Registration Vulnerability,"" a related issue to CVE-2007-1692.",2009-03-11 14:19:15.233,EPSS -CVE-2009-0094,0.0,0.96903,"The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 does not restrict registration of the (1) ""wpad"" and (2) ""isatap"" NetBIOS names, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) features, and conduct man-in-the-middle attacks by spoofing a proxy server or ISATAP route, by registering one of these names in the WINS database, aka ""WPAD WINS Server Registration Vulnerability,"" a related issue to CVE-2007-1692.",2009-03-11 14:19:15.250,EPSS +CVE-2009-0093,0.0,0.96951,"Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not restrict registration of the ""wpad"" hostname, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) feature, and conduct man-in-the-middle attacks by spoofing a proxy server, via a Dynamic Update request for this hostname, aka ""DNS Server Vulnerability in WPAD Registration Vulnerability,"" a related issue to CVE-2007-1692.",2009-03-11 14:19:15.233,EPSS +CVE-2009-0094,0.0,0.96777,"The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 does not restrict registration of the (1) ""wpad"" and (2) ""isatap"" NetBIOS names, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) features, and conduct man-in-the-middle attacks by spoofing a proxy server or ISATAP route, by registering one of these names in the WINS database, aka ""WPAD WINS Server Registration Vulnerability,"" a related issue to CVE-2007-1692.",2009-03-11 14:19:15.250,EPSS CVE-2009-0133,0.0,0.05236,"Buffer overflow in Microsoft HTML Help Workshop 4.74 and earlier allows context-dependent attackers to execute arbitrary code via a .hhp file with a long ""Index file"" field, possibly a related issue to CVE-2006-0564.",2009-01-15 17:30:00.703,Metasploit -CVE-2009-0183,0.0,0.76591,Stack-based buffer overflow in Remote Control Server in Free Download Manager (FDM) 2.5 Build 758 and 3.0 Build 844 allows remote attackers to execute arbitrary code via a long Authorization header in an HTTP request.,2009-02-03 19:30:00.250,Metasploit -CVE-2009-0184,0.0,0.67177,"Multiple buffer overflows in the torrent parsing implementation in Free Download Manager (FDM) 2.5 Build 758 and 3.0 Build 844 allow remote attackers to execute arbitrary code via (1) a long file name within a torrent file, (2) a long tracker URL in a torrent file, or (3) a long comment in a torrent file.",2009-02-03 19:30:00.297,Metasploit +CVE-2009-0183,0.0,0.74212,Stack-based buffer overflow in Remote Control Server in Free Download Manager (FDM) 2.5 Build 758 and 3.0 Build 844 allows remote attackers to execute arbitrary code via a long Authorization header in an HTTP request.,2009-02-03 19:30:00.250,Metasploit +CVE-2009-0184,0.0,0.67259,"Multiple buffer overflows in the torrent parsing implementation in Free Download Manager (FDM) 2.5 Build 758 and 3.0 Build 844 allow remote attackers to execute arbitrary code via (1) a long file name within a torrent file, (2) a long tracker URL in a torrent file, or (3) a long comment in a torrent file.",2009-02-03 19:30:00.297,Metasploit CVE-2009-0187,0.0,0.95678,"Stack-based buffer overflow in Orbit Downloader 2.8.2 and 2.8.3, and possibly other versions before 2.8.5, allows remote attackers to execute arbitrary code via a crafted HTTP URL with a long host name, which is not properly handled when constructing a ""Connecting"" log message.",2009-02-26 16:17:19.827,EPSS/Metasploit CVE-2009-0215,0.0,0.92046,"Stack-based buffer overflow in the GetXMLValue method in the IBM Access Support ActiveX control in IbmEgath.dll, as distributed on IBM and Lenovo computers, allows remote attackers to execute arbitrary code via unspecified vectors.",2009-03-25 15:30:00.217,Metasploit CVE-2009-0217,0.0,0.97281,"The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.",2009-07-14 23:30:00.187,EPSS @@ -806,7 +806,7 @@ CVE-2009-1252,0.0,0.96437,"Stack-based buffer overflow in the crypto_recv functi CVE-2009-1260,0.0,0.85425,Multiple stack-based buffer overflows in UltraISO 9.3.3.2685 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted (1) CCD or (2) IMG file.,2009-04-07 23:30:00.327,Metasploit CVE-2009-1350,0.0,0.96296,"Unspecified vulnerability in xtagent.exe in Novell NetIdentity Client before 1.2.4 allows remote attackers to execute arbitrary code by establishing an IPC$ connection to the XTIERRPCPIPE named pipe, and sending RPC messages that trigger a dereference of an arbitrary pointer.",2009-04-21 16:24:52.280,EPSS/Metasploit CVE-2009-1386,0.0,0.06513,ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.,2009-06-04 16:30:00.313,Metasploit -CVE-2009-1394,0.0,0.90576,Stack-based buffer overflow in Motorola Timbuktu Pro 8.6.5 on Windows allows remote attackers to execute arbitrary code by sending a long malformed string over the PlughNTCommand named pipe.,2009-06-26 18:30:00.780,Metasploit +CVE-2009-1394,0.0,0.90408,Stack-based buffer overflow in Motorola Timbuktu Pro 8.6.5 on Windows allows remote attackers to execute arbitrary code by sending a long malformed string over the PlughNTCommand named pipe.,2009-06-26 18:30:00.780,Metasploit CVE-2009-1429,0.0,0.97008,"The Intel LANDesk Common Base Agent (CBA) in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 before 9.0 MR7, 10.0 and 10.1 before 10.1 MR8, and 10.2 before 10.2 MR2; Symantec Client Security (SCS) 2 before 2.0 MR7 and 3 before 3.1 MR8; and Symantec Endpoint Protection (SEP) before 11.0 MR3, allows remote attackers to execute arbitrary commands via a crafted packet whose contents are interpreted as a command to be launched in a new process by the CreateProcessA function.",2009-04-29 15:30:00.217,EPSS/Metasploit CVE-2009-1430,0.0,0.97031,"Multiple stack-based buffer overflows in IAO.EXE in the Intel Alert Originator Service in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 before 9.0 MR7, 10.0 and 10.1 before 10.1 MR8, and 10.2 before 10.2 MR2; Symantec Client Security (SCS) 2 before 2.0 MR7 and 3 before 3.1 MR8; and Symantec Endpoint Protection (SEP) before 11.0 MR3, allow remote attackers to execute arbitrary code via (1) a crafted packet or (2) data that ostensibly arrives from the MsgSys.exe process.",2009-04-29 15:30:00.250,EPSS/Metasploit CVE-2009-1431,0.0,0.95188,"XFR.EXE in the Intel File Transfer service in the console in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 before 9.0 MR7, 10.0 and 10.1 before 10.1 MR8, and 10.2 before 10.2 MR2; Symantec Client Security (SCS) 2 before 2.0 MR7 and 3 before 3.1 MR8; and Symantec Endpoint Protection (SEP) before 11.0 MR3, allows remote attackers to execute arbitrary code by placing the code on a (1) share or (2) WebDAV server, and then sending the UNC share pathname to this service.",2009-04-29 15:30:00.267,EPSS @@ -834,7 +834,7 @@ CVE-2009-2011,0.0,0.88334,"Worldweaver DX Studio Player 3.0.29.0, 3.0.22.0, 3.0. CVE-2009-2015,0.0,0.01197,Directory traversal vulnerability in includes/file_includer.php in the Ideal MooFAQ (com_moofaq) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.,2009-06-09 19:30:00.250,Nuclei CVE-2009-2055,0.0,0.00955,"Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service (session reset) via a BGP UPDATE message with an invalid attribute, as demonstrated in the wild on 17 August 2009.",2009-08-19 17:30:01.047,CISA CVE-2009-2100,0.0,0.02365,Directory traversal vulnerability in the JoomlaPraise Projectfork (com_projectfork) component 2.0.10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php.,2009-06-17 17:30:00.467,Nuclei -CVE-2009-2227,0.0,0.9248,Stack-based buffer overflow in B Labs Bopup Communication Server 3.2.26.5460 allows remote attackers to execute arbitrary code via a crafted request to TCP port 19810.,2009-06-26 18:30:00.877,Metasploit +CVE-2009-2227,0.0,0.93475,Stack-based buffer overflow in B Labs Bopup Communication Server 3.2.26.5460 allows remote attackers to execute arbitrary code via a crafted request to TCP port 19810.,2009-06-26 18:30:00.877,Metasploit CVE-2009-2261,0.0,0.90658,"PeaZIP 2.6.1, 2.5.1, and earlier on Windows allows user-assisted remote attackers to execute arbitrary commands via a .zip archive with a .txt file whose name contains | (pipe) characters and a command.",2009-06-30 10:30:21.937,Metasploit CVE-2009-2265,0.0,0.97197,"Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory.",2009-07-05 16:30:00.377,EPSS/Metasploit CVE-2009-2288,0.0,0.97009,statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) ping or (2) Traceroute parameters.,2009-07-01 13:00:01.827,EPSS/Metasploit @@ -869,12 +869,12 @@ CVE-2009-3129,7.8,0.97208,"Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 S CVE-2009-3214,0.0,0.73343,"Multiple stack-based buffer overflows in Photodex ProShow Gold 4.0.2549 allow remote attackers to execute arbitrary code via a crafted Slideshow project (.psh) file, related to the (1) cell[n].images[m].image and (2) cell[n].sound.file fields.",2009-09-16 17:30:00.657,Metasploit CVE-2009-3318,0.0,0.01062,Directory traversal vulnerability in the Roland Breedveld Album (com_album) component 1.14 for Joomla! allows remote attackers to access arbitrary directories and have unspecified other impact via a .. (dot dot) in the target parameter to index.php.,2009-09-23 12:08:35.360,Nuclei CVE-2009-3429,0.0,0.95402,Stack-based buffer overflow in Pirate Radio Destiny Media Player 1.61 allows remote attackers to execute arbitrary code via a long string in a .pls playlist file.,2009-09-25 22:30:16.327,EPSS/Metasploit -CVE-2009-3459,0.0,0.97279,"Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption, as exploited in the wild in October 2009. NOTE: some of these details are obtained from third party information.",2009-10-13 10:30:00.577,EPSS +CVE-2009-3459,0.0,0.97327,"Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption, as exploited in the wild in October 2009. NOTE: some of these details are obtained from third party information.",2009-10-13 10:30:00.577,EPSS CVE-2009-3563,0.0,0.96565,"ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.",2009-12-09 18:30:00.390,EPSS/Metasploit CVE-2009-3591,0.0,0.30882,Dopewars 1.5.12 allows remote attackers to cause a denial of service (segmentation fault) via a REQUESTJET message with an invalid location.,2009-10-08 17:30:00.297,Metasploit CVE-2009-3672,0.0,0.76912,"Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory that (1) were not properly initialized or (2) are deleted, which allows remote attackers to execute arbitrary code via vectors involving a call to the getElementsByTagName method for the STYLE tag name, selection of the single element in the returned list, and a change to the outerHTML property of this element, related to Cascading Style Sheets (CSS) and mshtml.dll, aka ""HTML Object Memory Corruption Vulnerability."" NOTE: some of these details are obtained from third party information. NOTE: this issue was originally assigned CVE-2009-4054, but Microsoft assigned a duplicate identifier of CVE-2009-3672. CVE consumers should use this identifier instead of CVE-2009-4054.",2009-12-02 11:30:00.453,Metasploit CVE-2009-3676,0.0,0.95329,"The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that contains (a) an incorrect length value in a NetBIOS header or (b) an additional length field at the end of this response packet, aka ""SMB Client Incomplete Response Vulnerability.""",2009-11-13 15:30:00.733,EPSS -CVE-2009-3693,0.0,0.93482,Directory traversal vulnerability in the Persits.XUpload.2 ActiveX control (XUpload.ocx) in HP LoadRunner 9.5 allows remote attackers to create arbitrary files via \.. (backwards slash dot dot) sequences in the third argument to the MakeHttpRequest method.,2009-10-13 10:30:00.717,Metasploit +CVE-2009-3693,0.0,0.93193,Directory traversal vulnerability in the Persits.XUpload.2 ActiveX control (XUpload.ocx) in HP LoadRunner 9.5 allows remote attackers to create arbitrary files via \.. (backwards slash dot dot) sequences in the third argument to the MakeHttpRequest method.,2009-10-13 10:30:00.717,Metasploit CVE-2009-3699,0.0,0.7527,"Stack-based buffer overflow in libcsa.a (aka the calendar daemon library) in IBM AIX 5.x through 5.3.10 and 6.x through 6.1.3, and VIOS 2.1 and earlier, allows remote attackers to execute arbitrary code via a long XDR string in the first argument to procedure 21 of rpc.cmsd.",2009-10-15 10:30:01.267,Metasploit CVE-2009-3711,0.0,0.74375,"Stack-based buffer overflow in the h_handlepeer function in http.cpp in httpdx 1.4, and possibly 1.4.3, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request.",2009-10-16 16:30:01.000,Metasploit CVE-2009-3733,0.0,0.95536,"Directory traversal vulnerability in VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138 on Linux, VMware ESXi 3.5, and VMware ESX 3.0.3 and 3.5 allows remote attackers to read arbitrary files via unspecified vectors.",2009-11-02 15:30:00.813,EPSS/Metasploit @@ -889,7 +889,7 @@ CVE-2009-3953,8.8,0.9692,"The U3D implementation in Adobe Reader and Acrobat 9.x CVE-2009-3960,6.5,0.94277,"Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are associated with a request, and related to injected tags and external entity references in XML documents.",2010-02-15 18:30:00.407,CISA/Metasploit CVE-2009-3976,0.0,0.01343,Buffer overflow in Labtam ProFTP 2.9 allows remote FTP servers to cause a denial of service (application crash) or execute arbitrary code via a long 220 reply (aka connection greeting or welcome message).,2009-11-18 23:30:00.767,Metasploit CVE-2009-3999,0.0,0.93704,Stack-based buffer overflow in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to execute arbitrary code via a long fileName parameter.,2010-01-20 22:30:00.367,Metasploit -CVE-2009-4006,0.0,0.95148,"Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server 7.0.0.1, 9.0.0.5, and other versions before 9.1.0.0 allows remote attackers to execute arbitrary code via a long hexadecimal string.",2009-11-20 11:30:00.297,EPSS/Metasploit +CVE-2009-4006,0.0,0.94693,"Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server 7.0.0.1, 9.0.0.5, and other versions before 9.1.0.0 allows remote attackers to execute arbitrary code via a long hexadecimal string.",2009-11-20 11:30:00.297,Metasploit CVE-2009-4098,0.0,0.1283,"Unrestricted file upload vulnerability in banner-edit.php in OpenX adserver 2.8.1 and earlier allows remote authenticated users with banner / file upload permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an images directory.",2009-11-29 13:08:29.343,Metasploit CVE-2009-4140,0.0,0.97276,"Unrestricted file upload vulnerability in ofc_upload_image.php in Open Flash Chart v2 Beta 1 through v2 Lug Wyrm Charmer, as used in Piwik 0.2.35 through 0.4.3, Woopra Analytics Plugin before 1.4.3.2, and possibly other products, when register_globals is enabled, allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension through the name parameter with the code in the HTTP_RAW_POST_DATA parameter, then accessing it via a direct request to the file in tmp-upload-images/.",2009-12-22 22:30:00.530,EPSS CVE-2009-4146,0.0,0.00042,"The _rtld function in the Run-Time Link-Editor (rtld) in libexec/rtld-elf/rtld.c in FreeBSD 7.1, 7.2, and 8.0 does not clear the LD_PRELOAD environment variable, which allows local users to gain privileges by executing a setuid or setguid program with a modified LD_PRELOAD variable containing an untrusted search path that points to a Trojan horse library, a different vector than CVE-2009-4147.",2009-12-02 18:30:00.297,Metasploit @@ -903,7 +903,7 @@ CVE-2009-4225,0.0,0.93296,Stack-based buffer overflow in the PestPatrol ActiveX CVE-2009-4265,0.0,0.95752,"Stack-based buffer overflow in Ideal Administration 2009 9.7.1, and possibly other versions, allows remote attackers to execute arbitrary code via a long Computer value in an .ipj project file.",2009-12-10 16:30:00.530,EPSS/Metasploit CVE-2009-4324,7.8,0.96991,"Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009.",2009-12-15 02:30:00.217,EPSS/CISA CVE-2009-4444,0.0,0.95544,"Microsoft Internet Information Services (IIS) 5.x and 6.x uses only the portion of a filename before a ; (semicolon) character to determine the file extension, which allows remote attackers to bypass intended extension restrictions of third-party upload applications via a filename with a (1) .asp, (2) .cer, or (3) .asa first extension, followed by a semicolon and a safe extension, as demonstrated by the use of asp.dll to handle a .asp;.jpg file.",2009-12-29 21:00:24.327,EPSS -CVE-2009-4484,0.0,0.9702,"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9, as used in mysqld in MySQL 5.0.x before 5.0.90, MySQL 5.1.x before 5.1.43, MySQL 5.5.x through 5.5.0-m2, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field, as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.",2009-12-30 21:30:00.547,EPSS/Metasploit +CVE-2009-4484,0.0,0.97156,"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9, as used in mysqld in MySQL 5.0.x before 5.0.90, MySQL 5.1.x before 5.1.43, MySQL 5.5.x through 5.5.0-m2, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field, as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.",2009-12-30 21:30:00.547,EPSS/Metasploit CVE-2009-4498,0.0,0.65485,The node_process_command function in Zabbix Server before 1.8 allows remote attackers to execute arbitrary commands via a crafted request.,2009-12-31 18:30:01.627,Metasploit CVE-2009-4502,0.0,0.6521,"The NET_TCP_LISTEN function in net.c in Zabbix Agent before 1.6.7, when running on FreeBSD or Solaris, allows remote attackers to bypass the EnableRemoteCommands setting and execute arbitrary commands via shell metacharacters in the argument to net.tcp.listen. NOTE: this attack is limited to attacks from trusted IP addresses.",2009-12-31 18:30:01.797,Metasploit CVE-2009-4588,0.0,0.93254,"Heap-based buffer overflow in the WindsPlayerIE.View.1 ActiveX control in WindsPly.ocx 3.5.0.0 Beta, 3.0.0.5, and earlier in AwingSoft Awakening Web3D Player and Winds3D Viewer allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long SceneUrl property value, a different vulnerability than CVE-2009-2386. NOTE: some of these details are obtained from third party information.",2010-01-07 18:30:00.887,Metasploit @@ -1059,7 +1059,7 @@ CVE-2010-1956,0.0,0.06055,Directory traversal vulnerability in the Gadget Factor CVE-2010-1957,0.0,0.01671,Directory traversal vulnerability in the Love Factory (com_lovefactory) component 1.3.4 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.,2010-05-19 12:07:52.820,Nuclei CVE-2010-1960,0.0,0.84162,"Buffer overflow in the error handling functionality in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long, invalid option to jovgraph.exe.",2010-06-10 00:30:07.567,Metasploit CVE-2010-1961,0.0,0.84162,"Buffer overflow in ovutil.dll in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unspecified variables to jovgraph.exe, which are not properly handled in a call to the sprintf function.",2010-06-10 00:30:07.613,Metasploit -CVE-2010-1964,0.0,0.95572,"Buffer overflow in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unspecified parameters to jovgraph.exe, aka ZDI-CAN-683.",2010-06-17 16:30:01.950,EPSS/Metasploit +CVE-2010-1964,0.0,0.95467,"Buffer overflow in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unspecified parameters to jovgraph.exe, aka ZDI-CAN-683.",2010-06-17 16:30:01.950,EPSS/Metasploit CVE-2010-1977,0.0,0.00826,Directory traversal vulnerability in the J!WHMCS Integrator (com_jwhmcs) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.,2010-05-19 20:00:01.270,Nuclei CVE-2010-1979,0.0,0.00826,Directory traversal vulnerability in the Affiliate Datafeeds (com_datafeeds) component build 880 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.,2010-05-19 20:00:01.333,Nuclei CVE-2010-1980,0.0,0.02401,Directory traversal vulnerability in joomlaflickr.php in the Joomla Flickr (com_joomlaflickr) component 1.0.3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.,2010-05-19 20:00:01.397,Nuclei @@ -1073,7 +1073,7 @@ CVE-2010-2036,0.0,0.00718,Directory traversal vulnerability in the Percha Fields CVE-2010-2037,0.0,0.00718,Directory traversal vulnerability in the Percha Downloads Attach (com_perchadownloadsattach) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.,2010-05-25 14:30:01.687,Nuclei CVE-2010-2045,0.0,0.01671,Directory traversal vulnerability in the Dione Form Wizard (aka FDione or com_dioneformwizard) component 1.0.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.,2010-05-25 18:30:01.797,Nuclei CVE-2010-2050,0.0,0.03527,Directory traversal vulnerability in the Moron Solutions MS Comment (com_mscomment) component 0.8.0b for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.,2010-05-25 18:30:01.987,Nuclei -CVE-2010-2063,0.0,0.97055,Buffer overflow in the SMB1 packet chaining implementation in the chain_reply function in process.c in smbd in Samba 3.0.x before 3.3.13 allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted field in a packet.,2010-06-17 16:30:01.983,EPSS/Metasploit +CVE-2010-2063,0.0,0.97205,Buffer overflow in the SMB1 packet chaining implementation in the chain_reply function in process.c in smbd in Samba 3.0.x before 3.3.13 allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted field in a packet.,2010-06-17 16:30:01.983,EPSS/Metasploit CVE-2010-2075,0.0,0.69876,"UnrealIRCd 3.2.8.1, as distributed on certain mirror sites from November 2009 through June 2010, contains an externally introduced modification (Trojan Horse) in the DEBUG3_DOLOG_SYSTEM macro, which allows remote attackers to execute arbitrary commands.",2010-06-15 14:04:26.327,Metasploit CVE-2010-2115,0.0,0.5567,SolarWinds TFTP Server 10.4.0.10 allows remote attackers to cause a denial of service (no new connections) via a crafted read request.,2010-05-28 20:30:01.567,Metasploit CVE-2010-2122,0.0,0.01806,Directory traversal vulnerability in the SimpleDownload (com_simpledownload) component before 0.9.6 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.,2010-06-01 21:30:01.070,Nuclei @@ -1126,7 +1126,6 @@ CVE-2010-3232,0.0,0.95501,"Microsoft Excel 2003 SP3 and 2007 SP2; Office 2004 an CVE-2010-3239,0.0,0.97071,"Microsoft Excel 2002 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka ""Extra Out of Boundary Record Parsing Vulnerability.""",2010-10-13 19:00:46.010,EPSS CVE-2010-3242,0.0,0.95501,"Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka ""Ghost Record Type Parsing Vulnerability.""",2010-10-13 19:00:46.103,EPSS CVE-2010-3275,0.0,0.94107,"libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an AMV file, related to a ""dangling pointer vulnerability.""",2011-03-28 16:55:02.530,Metasploit -CVE-2010-3324,0.0,0.96144,"The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka ""HTML Sanitization Vulnerability,"" a different vulnerability than CVE-2010-1257.",2010-09-17 18:00:03.290,EPSS CVE-2010-3329,0.0,0.96106,"mshtmled.dll in Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code via a crafted Microsoft Office document that causes the HtmlDlgHelper class destructor to access uninitialized memory, aka ""Uninitialized Memory Corruption Vulnerability.""",2010-10-13 19:00:46.353,EPSS CVE-2010-3332,0.0,0.96772,"Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka ""ASP.NET Padding Oracle Vulnerability.""",2010-09-22 19:00:06.213,EPSS CVE-2010-3333,7.8,0.97294,"Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka ""RTF Stack Buffer Overflow Vulnerability.""",2010-11-10 03:00:02.087,EPSS/CISA/Metasploit @@ -1183,7 +1182,7 @@ CVE-2010-4804,0.0,0.09736,"The Android browser in Android before 2.3.4 allows re CVE-2010-4977,0.0,0.0016,SQL injection vulnerability in menu.php in the Canteen (com_canteen) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the mealid parameter to index.php.,2011-11-01 22:55:04.023,Nuclei CVE-2010-5028,0.0,0.00316,SQL injection vulnerability in the JExtensions JE Job (com_jejob) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php.,2011-11-02 21:55:16.997,Nuclei CVE-2010-5081,0.0,0.42885,Stack-based buffer overflow in Mini-Stream RM-MP3 Converter 3.1.2.1 allows remote attackers to execute arbitrary code via a long URL in a .pls file.,2011-12-25 01:55:01.817,Metasploit -CVE-2010-5193,0.0,0.94432,Stack-based buffer overflow in the TIFMergeMultiFiles function in the SCRIBBLE.ScribbleCtrl.1 ActiveX control (ImageViewer2.ocx) in Viscom Image Viewer CP Pro 8.0 and Gold 6.0 allows remote attackers to execute arbitrary code via a long strDelimit parameter.,2012-08-31 21:55:00.980,Metasploit +CVE-2010-5193,0.0,0.94533,Stack-based buffer overflow in the TIFMergeMultiFiles function in the SCRIBBLE.ScribbleCtrl.1 ActiveX control (ImageViewer2.ocx) in Viscom Image Viewer CP Pro 8.0 and Gold 6.0 allows remote attackers to execute arbitrary code via a long strDelimit parameter.,2012-08-31 21:55:00.980,Metasploit CVE-2010-5240,0.0,0.95823,"Multiple untrusted search path vulnerabilities in Corel PHOTO-PAINT and CorelDRAW X5 15.1.0.588 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) CrlRib.dll file in the current working directory, as demonstrated by a directory that contains a .cdr, .cpt, .cmx, or .csl file. NOTE: some of these details are obtained from third party information.",2012-09-07 10:32:21.647,EPSS CVE-2010-5278,0.0,0.04426,"Directory traversal vulnerability in manager/controllers/default/resource/tvs.php in MODx Revolution 2.0.2-pl, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the class_key parameter. NOTE: some of these details are obtained from third party information.",2012-10-07 20:55:00.907,Nuclei CVE-2010-5286,0.0,0.01027,Directory traversal vulnerability in Jstore (com_jstore) component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.,2012-11-26 23:55:01.300,Nuclei @@ -1262,7 +1261,7 @@ CVE-2011-2039,0.0,0.80718,"The helper application in Cisco AnyConnect Secure Mob CVE-2011-2089,0.0,0.50753,Stack-based buffer overflow in the SetActiveXGUID method in the VersionInfo ActiveX control in GenVersion.dll 8.0.138.0 in the WebHMI subsystem in ICONICS BizViz 9.x before 9.22 and GENESIS32 9.x before 9.22 allows remote attackers to execute arbitrary code via a long string in the argument. NOTE: some of these details are obtained from third party information.,2011-05-13 17:05:45.643,Metasploit CVE-2011-2110,0.0,0.97046,"Adobe Flash Player before 10.3.181.26 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.23 and earlier on Android, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in June 2011.",2011-06-16 23:55:02.120,EPSS/Metasploit CVE-2011-2140,0.0,0.94775,"Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2417, and CVE-2011-2425.",2011-08-10 22:55:00.890,Metasploit -CVE-2011-2217,0.0,0.94904,"Certain ActiveX controls in (1) tsgetxu71ex552.dll and (2) tsgetx71ex552.dll in Tom Sawyer GET Extension Factory 5.5.2.237, as used in VI Client (aka VMware Infrastructure Client) 2.0.2 before Build 230598 and 2.5 before Build 204931 in VMware Infrastructure 3, do not properly handle attempted initialization within Internet Explorer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document.",2011-06-06 19:55:03.800,Metasploit +CVE-2011-2217,0.0,0.94117,"Certain ActiveX controls in (1) tsgetxu71ex552.dll and (2) tsgetx71ex552.dll in Tom Sawyer GET Extension Factory 5.5.2.237, as used in VI Client (aka VMware Infrastructure Client) 2.0.2 before Build 230598 and 2.5 before Build 204931 in VMware Infrastructure 3, do not properly handle attempted initialization within Internet Explorer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document.",2011-06-06 19:55:03.800,Metasploit CVE-2011-2261,0.0,0.95519,"Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.3.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2011-2252.",2011-07-20 23:55:01.753,EPSS CVE-2011-2371,0.0,0.95687,"Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript Array object.",2011-06-30 16:55:05.333,EPSS/Metasploit CVE-2011-2386,0.0,0.84598,"VisiWaveReport.exe in AZO Technologies, Inc. VisiWave Site Survey before 2.1.9 allows user-assisted remote attackers to execute arbitrary code via a (1) vws and (2) vwr file with an invalid Type property, which triggers an untrusted pointer dereference.",2011-06-08 10:36:14.573,Metasploit @@ -1412,7 +1411,7 @@ CVE-2012-0507,0.0,0.96717,"Unspecified vulnerability in the Java Runtime Environ CVE-2012-0518,4.7,0.00866,"Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware 10.1.4.3.0 allows remote attackers to affect integrity via unknown vectors related to Redirects, a different vulnerability than CVE-2012-3175.",2012-10-16 23:55:03.087,CISA CVE-2012-0549,0.0,0.95595,"Unspecified vulnerability in the Oracle AutoVue Office component in Oracle Supply Chain Products Suite 20.1.1 allows remote attackers to affect confidentiality, integrity, and availability, related to Desktop API.",2012-05-03 18:55:01.513,EPSS/Metasploit CVE-2012-0663,0.0,0.96475,Multiple stack-based buffer overflows in Apple QuickTime before 7.7.2 on Windows allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TeXML file.,2012-05-16 10:12:56.990,EPSS/Metasploit -CVE-2012-0694,9.8,0.92036,"SugarCRM CE <= 6.3.1 contains scripts that use ""unserialize()"" with user controlled input which allows remote attackers to execute arbitrary PHP code.",2019-10-29 21:15:10.747,Metasploit +CVE-2012-0694,9.8,0.91325,"SugarCRM CE <= 6.3.1 contains scripts that use ""unserialize()"" with user controlled input which allows remote attackers to execute arbitrary PHP code.",2019-10-29 21:15:10.747,Metasploit CVE-2012-0708,0.0,0.9655,"Heap-based buffer overflow in the Ole API in the CQOle ActiveX control in cqole.dll in IBM Rational ClearQuest 7.1.1 before 7.1.1.9, 7.1.2 before 7.1.2.6, and 8.0.0 before 8.0.0.2 allows remote attackers to execute arbitrary code via a crafted web page that leverages a RegisterSchemaRepoFromFileByDbSet function-prototype mismatch.",2012-04-22 18:55:03.750,EPSS/Metasploit CVE-2012-0754,0.0,0.97334,"Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.",2012-02-16 19:55:01.130,EPSS/CISA/Metasploit CVE-2012-0767,0.0,0.00278,"Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka ""Universal XSS (UXSS),"" as exploited in the wild in February 2012.",2012-02-16 19:55:01.303,CISA @@ -1433,16 +1432,16 @@ CVE-2012-1184,0.0,0.9691,Stack-based buffer overflow in the ast_parse_digest fun CVE-2012-1195,0.0,0.15183,"Unrestricted file upload vulnerability in andesk/managementsuite/core/core.anonymous/ServerSetup.asmx in the ServerSetup web service in Lenovo ThinkManagement Console 9.0.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension via a PutUpdateFileCore command in a RunAMTCommand SOAP request, then accessing the file via a direct request to the file in the web root.",2012-02-18 00:55:02.543,Metasploit CVE-2012-1196,0.0,0.12701,Directory traversal vulnerability in the VulCore web service (WSVulnerabilityCore/VulCore.asmx) in Lenovo ThinkManagement Console 9.0.3 allows remote attackers to delete arbitrary files via a .. (dot dot) in the filename parameter in a SetTaskLogByFile SOAP request.,2012-02-18 00:55:02.590,Metasploit CVE-2012-1226,0.0,0.11494,Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 Alpha allow remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the (1) file parameter to document.php or (2) backtopage parameter in a create action to comm/action/fiche.php.,2012-02-21 13:31:47.830,Nuclei -CVE-2012-1420,0.0,0.97018,"The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \7fELF character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.",2012-03-21 10:11:47.130,EPSS -CVE-2012-1421,0.0,0.97212,"The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Norman Antivirus 6.06.12, Rising Antivirus 22.83.00.03, and AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial MSCF character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.",2012-03-21 10:11:47.177,EPSS -CVE-2012-1422,0.0,0.9709,"The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial ITSF character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.",2012-03-21 10:11:47.253,EPSS +CVE-2012-1420,0.0,0.969,"The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \7fELF character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.",2012-03-21 10:11:47.130,EPSS +CVE-2012-1421,0.0,0.97121,"The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Norman Antivirus 6.06.12, Rising Antivirus 22.83.00.03, and AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial MSCF character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.",2012-03-21 10:11:47.177,EPSS +CVE-2012-1422,0.0,0.96969,"The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial ITSF character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.",2012-03-21 10:11:47.253,EPSS CVE-2012-1423,0.0,0.96195,"The TAR file parser in Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, K7 AntiVirus 9.77.3565, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.",2012-03-21 10:11:47.317,EPSS -CVE-2012-1424,0.0,0.9727,"The TAR file parser in Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka Cat QuickHeal) 11.00, Jiangmin Antivirus 13.0.900, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a POSIX TAR file with a \19\04\00\10 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.",2012-03-21 10:11:47.347,EPSS +CVE-2012-1424,0.0,0.97192,"The TAR file parser in Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka Cat QuickHeal) 11.00, Jiangmin Antivirus 13.0.900, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a POSIX TAR file with a \19\04\00\10 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.",2012-03-21 10:11:47.347,EPSS CVE-2012-1425,0.0,0.97402,"The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka Cat QuickHeal) 11.00, Emsisoft Anti-Malware 5.1.0.1, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, and Trend Micro HouseCall 9.120.0.1004 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \50\4B\03\04 character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.",2012-03-21 10:11:47.397,EPSS CVE-2012-1426,0.0,0.96663,"The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, K7 AntiVirus 9.77.3565, Norman Antivirus 6.06.12, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \42\5A\68 character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.",2012-03-21 10:11:47.443,EPSS -CVE-2012-1427,0.0,0.96885,"The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Norman Antivirus 6.06.12, and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a POSIX TAR file with a \57\69\6E\5A\69\70 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.",2012-03-21 10:11:47.473,EPSS -CVE-2012-1428,0.0,0.96885,"The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Norman Antivirus 6.06.12, and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a POSIX TAR file with a \4a\46\49\46 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.",2012-03-21 10:11:47.520,EPSS -CVE-2012-1429,0.0,0.97429,"The ELF file parser in Bitdefender 7.2, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, and nProtect Anti-Virus 2011-01-17.01 allows remote attackers to bypass malware detection via an ELF file with a ustar character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.",2012-03-21 10:11:47.550,EPSS +CVE-2012-1427,0.0,0.96715,"The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Norman Antivirus 6.06.12, and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a POSIX TAR file with a \57\69\6E\5A\69\70 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.",2012-03-21 10:11:47.473,EPSS +CVE-2012-1428,0.0,0.96715,"The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Norman Antivirus 6.06.12, and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a POSIX TAR file with a \4a\46\49\46 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.",2012-03-21 10:11:47.520,EPSS +CVE-2012-1429,0.0,0.97388,"The ELF file parser in Bitdefender 7.2, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, and nProtect Anti-Virus 2011-01-17.01 allows remote attackers to bypass malware detection via an ELF file with a ustar character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.",2012-03-21 10:11:47.550,EPSS CVE-2012-1430,0.0,0.97473,"The ELF file parser in Bitdefender 7.2, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, nProtect Anti-Virus 2011-01-17.01, Sophos Anti-Virus 4.61.0, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via an ELF file with a \19\04\00\10 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.",2012-03-21 10:11:47.583,EPSS CVE-2012-1431,0.0,0.97472,"The ELF file parser in Bitdefender 7.2, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, McAfee Gateway (formerly Webwasher) 2010.1C, nProtect Anti-Virus 2011-01-17.01, Sophos Anti-Virus 4.61.0, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via an ELF file with a \4a\46\49\46 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.",2012-03-21 10:11:47.630,EPSS CVE-2012-1432,0.0,0.97283,"The Microsoft EXE file parser in Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \57\69\6E\5A\69\70 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.",2012-03-21 10:11:47.660,EPSS @@ -1450,27 +1449,25 @@ CVE-2012-1433,0.0,0.97283,"The Microsoft EXE file parser in AhnLab V3 Internet S CVE-2012-1434,0.0,0.9529,"The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \19\04\00\10 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.",2012-03-21 10:11:47.723,EPSS CVE-2012-1435,0.0,0.97283,"The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \50\4B\4C\49\54\45 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.",2012-03-21 10:11:47.770,EPSS CVE-2012-1436,0.0,0.97283,"The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \2D\6C\68 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.",2012-03-21 10:11:47.800,EPSS -CVE-2012-1439,0.0,0.97423,"The ELF file parser in eSafe 7.0.17.0, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified padding field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.",2012-03-21 10:11:47.927,EPSS +CVE-2012-1439,0.0,0.9738,"The ELF file parser in eSafe 7.0.17.0, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified padding field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.",2012-03-21 10:11:47.927,EPSS CVE-2012-1440,0.0,0.9681,"The ELF file parser in Norman Antivirus 6.06.12, eSafe 7.0.17.0, CA eTrust Vet Antivirus 36.1.8511, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified identsize field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.",2012-03-21 10:11:47.957,EPSS -CVE-2012-1442,0.0,0.97457,"The ELF file parser in Quick Heal (aka Cat QuickHeal) 11.00, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, eSafe 7.0.17.0, Kaspersky Anti-Virus 7.0.0.125, F-Secure Anti-Virus 9.0.16160.0, Sophos Anti-Virus 4.61.0, Antiy Labs AVL SDK 2.0.3.7, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified class field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.",2012-03-21 10:11:48.037,EPSS -CVE-2012-1443,0.0,0.97451,"The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations.",2012-03-21 10:11:48.083,EPSS -CVE-2012-1444,0.0,0.95144,"The ELF file parser in eSafe 7.0.17.0, Prevx 3.0, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified abiversion field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.",2012-03-21 10:11:48.130,EPSS -CVE-2012-1445,0.0,0.97423,"The ELF file parser in eSafe 7.0.17.0, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified abi field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.",2012-03-21 10:11:48.207,EPSS -CVE-2012-1446,0.0,0.97305,"The ELF file parser in Quick Heal (aka Cat QuickHeal) 11.00, McAfee Anti-Virus Scanning Engine 5.400.0.1158, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Norman Antivirus 6.06.12, eSafe 7.0.17.0, Kaspersky Anti-Virus 7.0.0.125, McAfee Gateway (formerly Webwasher) 2010.1C, Sophos Anti-Virus 4.61.0, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified encoding field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.",2012-03-21 10:11:48.270,EPSS -CVE-2012-1447,0.0,0.9527,"The ELF file parser in Fortinet Antivirus 4.2.254.0, eSafe 7.0.17.0, Dr.Web 5.0.2.03300, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified e_version field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.",2012-03-21 10:11:48.333,EPSS -CVE-2012-1448,0.0,0.96501,"The CAB file parser in Quick Heal (aka Cat QuickHeal) 11.00, Trend Micro AntiVirus 9.120.0.1004, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Trend Micro HouseCall 9.120.0.1004, and Emsisoft Anti-Malware 5.1.0.1 allows remote attackers to bypass malware detection via a CAB file with a modified cbCabinet field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations.",2012-03-21 10:11:48.613,EPSS -CVE-2012-1450,0.0,0.96274,"The CAB file parser in Emsisoft Anti-Malware 5.1.0.1, Sophos Anti-Virus 4.61.0, and Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0 allows remote attackers to bypass malware detection via a CAB file with a modified reserved3 field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations.",2012-03-21 10:11:48.693,EPSS +CVE-2012-1442,0.0,0.9744,"The ELF file parser in Quick Heal (aka Cat QuickHeal) 11.00, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, eSafe 7.0.17.0, Kaspersky Anti-Virus 7.0.0.125, F-Secure Anti-Virus 9.0.16160.0, Sophos Anti-Virus 4.61.0, Antiy Labs AVL SDK 2.0.3.7, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified class field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.",2012-03-21 10:11:48.037,EPSS +CVE-2012-1443,0.0,0.97477,"The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations.",2012-03-21 10:11:48.083,EPSS +CVE-2012-1445,0.0,0.9738,"The ELF file parser in eSafe 7.0.17.0, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified abi field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.",2012-03-21 10:11:48.207,EPSS +CVE-2012-1446,0.0,0.97355,"The ELF file parser in Quick Heal (aka Cat QuickHeal) 11.00, McAfee Anti-Virus Scanning Engine 5.400.0.1158, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Norman Antivirus 6.06.12, eSafe 7.0.17.0, Kaspersky Anti-Virus 7.0.0.125, McAfee Gateway (formerly Webwasher) 2010.1C, Sophos Anti-Virus 4.61.0, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified encoding field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.",2012-03-21 10:11:48.270,EPSS +CVE-2012-1448,0.0,0.96235,"The CAB file parser in Quick Heal (aka Cat QuickHeal) 11.00, Trend Micro AntiVirus 9.120.0.1004, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Trend Micro HouseCall 9.120.0.1004, and Emsisoft Anti-Malware 5.1.0.1 allows remote attackers to bypass malware detection via a CAB file with a modified cbCabinet field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations.",2012-03-21 10:11:48.613,EPSS +CVE-2012-1450,0.0,0.95951,"The CAB file parser in Emsisoft Anti-Malware 5.1.0.1, Sophos Anti-Virus 4.61.0, and Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0 allows remote attackers to bypass malware detection via a CAB file with a modified reserved3 field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations.",2012-03-21 10:11:48.693,EPSS CVE-2012-1451,0.0,0.9529,The CAB file parser in Emsisoft Anti-Malware 5.1.0.1 and Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0 allows remote attackers to bypass malware detection via a CAB file with a modified reserved2 field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations.,2012-03-21 10:11:48.740,EPSS -CVE-2012-1452,0.0,0.96533,"The CAB file parser in Emsisoft Anti-Malware 5.1.0.1, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Quick Heal (aka Cat QuickHeal) 11.00 allows remote attackers to bypass malware detection via a CAB file with a modified reserved1 field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations.",2012-03-21 10:11:48.770,EPSS +CVE-2012-1452,0.0,0.96275,"The CAB file parser in Emsisoft Anti-Malware 5.1.0.1, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Quick Heal (aka Cat QuickHeal) 11.00 allows remote attackers to bypass malware detection via a CAB file with a modified reserved1 field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations.",2012-03-21 10:11:48.770,EPSS CVE-2012-1453,0.0,0.97462,"The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Sophos Anti-Virus 4.61.0, Trend Micro AntiVirus 9.120.0.1004, McAfee Gateway (formerly Webwasher) 2010.1C, Emsisoft Anti-Malware 5.1.0.1, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Rising Antivirus 22.83.00.03, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via a CAB file with a modified coffFiles field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations.",2012-03-21 10:11:48.847,EPSS -CVE-2012-1454,0.0,0.97432,"The ELF file parser in Dr.Web 5.0.2.03300, eSafe 7.0.17.0, McAfee Gateway (formerly Webwasher) 2010.1C, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified ei_version field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.",2012-03-21 10:11:49.160,EPSS -CVE-2012-1456,0.0,0.97127,"The TAR file parser in AVG Anti-Virus 10.0.0.1190, Quick Heal (aka Cat QuickHeal) 11.00, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, and Trend Micro HouseCall 9.120.0.1004 allows remote attackers to bypass malware detection via a TAR file with an appended ZIP file. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.",2012-03-21 10:11:49.240,EPSS -CVE-2012-1457,0.0,0.97372,"The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.",2012-03-21 10:11:49.287,EPSS -CVE-2012-1459,0.0,0.97465,"The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.",2012-03-21 10:11:49.597,EPSS -CVE-2012-1460,0.0,0.96716,"The Gzip file parser in Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, and VBA32 3.12.14.2 allows remote attackers to bypass malware detection via a .tar.gz file with stray bytes at the end. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different Gzip parser implementations.",2012-03-21 10:11:49.630,EPSS -CVE-2012-1461,0.0,0.97246,"The Gzip file parser in AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, and VBA32 3.12.14.2 allows remote attackers to bypass malware detection via a .tar.gz file with multiple compressed streams. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different Gzip parser implementations.",2012-03-21 10:11:49.677,EPSS -CVE-2012-1462,0.0,0.96015,"The ZIP file parser in AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, Quick Heal (aka Cat QuickHeal) 11.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, Norman Antivirus 6.06.12, Sophos Anti-Virus 4.61.0, and AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11 allows remote attackers to bypass malware detection via a ZIP file containing an invalid block of data at the beginning. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ZIP parser implementations.",2012-03-21 10:11:49.707,EPSS -CVE-2012-1463,0.0,0.97312,"The ELF file parser in AhnLab V3 Internet Security 2011.01.18.00, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified endianness field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.",2012-03-21 10:11:49.740,EPSS +CVE-2012-1454,0.0,0.97391,"The ELF file parser in Dr.Web 5.0.2.03300, eSafe 7.0.17.0, McAfee Gateway (formerly Webwasher) 2010.1C, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified ei_version field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.",2012-03-21 10:11:49.160,EPSS +CVE-2012-1456,0.0,0.97206,"The TAR file parser in AVG Anti-Virus 10.0.0.1190, Quick Heal (aka Cat QuickHeal) 11.00, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, and Trend Micro HouseCall 9.120.0.1004 allows remote attackers to bypass malware detection via a TAR file with an appended ZIP file. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.",2012-03-21 10:11:49.240,EPSS +CVE-2012-1457,0.0,0.9741,"The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.",2012-03-21 10:11:49.287,EPSS +CVE-2012-1459,0.0,0.97489,"The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.",2012-03-21 10:11:49.597,EPSS +CVE-2012-1460,0.0,0.96504,"The Gzip file parser in Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, and VBA32 3.12.14.2 allows remote attackers to bypass malware detection via a .tar.gz file with stray bytes at the end. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different Gzip parser implementations.",2012-03-21 10:11:49.630,EPSS +CVE-2012-1461,0.0,0.97305,"The Gzip file parser in AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, and VBA32 3.12.14.2 allows remote attackers to bypass malware detection via a .tar.gz file with multiple compressed streams. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different Gzip parser implementations.",2012-03-21 10:11:49.677,EPSS +CVE-2012-1462,0.0,0.95824,"The ZIP file parser in AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, Quick Heal (aka Cat QuickHeal) 11.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, Norman Antivirus 6.06.12, Sophos Anti-Virus 4.61.0, and AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11 allows remote attackers to bypass malware detection via a ZIP file containing an invalid block of data at the beginning. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ZIP parser implementations.",2012-03-21 10:11:49.707,EPSS +CVE-2012-1463,0.0,0.97244,"The ELF file parser in AhnLab V3 Internet Security 2011.01.18.00, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified endianness field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.",2012-03-21 10:11:49.740,EPSS CVE-2012-1493,0.0,0.30633,"F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x before 11.0.0-HF2, and 11.1.x before 11.1.0-HF3, and Enterprise Manager before 2.1.0-HF2, 2.2.x before 2.2.0-HF1, and 2.3.x before 2.3.0-HF3, use a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins via the PubkeyAuthentication option.",2012-07-09 22:55:00.887,Metasploit CVE-2012-1495,9.8,0.97019,install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter.,2020-01-27 15:15:11.027,EPSS/Metasploit CVE-2012-1527,0.0,0.96663,"Integer underflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka ""Windows Briefcase Integer Underflow Vulnerability.""",2012-11-14 00:55:01.060,EPSS @@ -1863,7 +1860,7 @@ CVE-2014-0315,0.0,0.96733,"Untrusted search path vulnerability in Microsoft Wind CVE-2014-0322,8.8,0.97231,"Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via vectors involving crafted JavaScript code, CMarkup, and the onpropertychange attribute of a script element, as exploited in the wild in January and February 2014.",2014-02-14 16:55:07.500,EPSS/CISA/Metasploit CVE-2014-0476,0.0,0.0009,"The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option.",2014-10-25 22:55:04.070,Metasploit CVE-2014-0496,0.0,0.02405,Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors.,2014-01-15 16:13:04.100,CISA -CVE-2014-0497,8.8,0.97249,"Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors.",2014-02-05 05:15:29.897,EPSS/CISA/Metasploit +CVE-2014-0497,8.8,0.97234,"Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors.",2014-02-05 05:15:29.897,EPSS/CISA/Metasploit CVE-2014-0502,8.8,0.85931,"Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2014.",2014-02-21 05:07:00.017,CISA CVE-2014-0514,0.0,0.77264,"The Adobe Reader Mobile application before 11.2 for Android does not properly restrict use of JavaScript, which allows remote attackers to execute arbitrary code via a crafted PDF document, a related issue to CVE-2012-6636.",2014-04-15 23:13:14.743,Metasploit CVE-2014-0515,0.0,0.9696,"Buffer overflow in Adobe Flash Player before 11.7.700.279 and 11.8.x through 13.0.x before 13.0.0.206 on Windows and OS X, and before 11.2.202.356 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in April 2014.",2014-04-29 10:37:03.733,EPSS/Metasploit @@ -2043,7 +2040,7 @@ CVE-2014-8424,0.0,0.87928,"ARRIS VAP2500 before FW08.41 does not properly valida CVE-2014-8439,0.0,0.87573,"Adobe Flash Player before 13.0.0.258 and 14.x and 15.x before 15.0.0.239 on Windows and OS X and before 11.2.202.424 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference) via unspecified vectors.",2014-11-25 23:59:00.053,CISA CVE-2014-8440,0.0,0.97287,"Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0576, CVE-2014-0581, and CVE-2014-8441.",2014-11-11 23:55:02.690,EPSS/Metasploit CVE-2014-8499,0.0,0.01226,Multiple SQL injection vulnerabilities in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allow remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parameter to (1) SQLAdvancedALSearchResult.cc or (2) AdvancedSearchResult.cc.,2014-11-17 16:59:04.010,Metasploit -CVE-2014-8516,9.8,0.96529,"Unrestricted file upload vulnerability in Visual Mining NetCharts Server allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors.",2020-01-03 21:15:11.690,EPSS/Metasploit +CVE-2014-8516,9.8,0.96897,"Unrestricted file upload vulnerability in Visual Mining NetCharts Server allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors.",2020-01-03 21:15:11.690,EPSS/Metasploit CVE-2014-8517,0.0,0.95588,"The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect.",2014-11-17 16:59:05.213,EPSS/Metasploit CVE-2014-8586,0.0,0.0984,SQL injection vulnerability in the CP Multi View Event Calendar plugin 1.01 for WordPress allows remote attackers to execute arbitrary SQL commands via the calid parameter.,2014-11-04 15:55:06.357,Metasploit CVE-2014-8598,0.0,0.00662,"The XML Import/Export plugin in MantisBT 1.2.x does not restrict access, which allows remote attackers to (1) upload arbitrary XML files via the import page or (2) obtain sensitive information via the export page. NOTE: this issue can be combined with CVE-2014-7146 to execute arbitrary PHP code.",2014-11-18 15:59:06.750,Metasploit @@ -2089,7 +2086,7 @@ CVE-2015-0016,7.8,0.88772,"Directory traversal vulnerability in the TS WebProxy CVE-2015-0064,0.0,0.95604,"Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Automation Services in SharePoint Server 2010, Web Applications 2010 SP2, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka ""Office Remote Code Execution Vulnerability.""",2015-02-11 03:01:07.200,EPSS CVE-2015-0065,0.0,0.95468,"Microsoft Word 2007 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka ""OneTableDocumentStream Remote Code Execution Vulnerability.""",2015-02-11 03:01:07.967,EPSS CVE-2015-0071,6.5,0.08371,"Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka ""Internet Explorer ASLR Bypass Vulnerability.""",2015-02-11 03:01:12.497,CISA -CVE-2015-0072,0.0,0.97208,"Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy and inject arbitrary web script or HTML via vectors involving an IFRAME element that triggers a redirect, a second IFRAME element that does not trigger a redirect, and an eval of a WindowProxy object, aka ""Universal XSS (UXSS).""",2015-02-07 19:59:07.723,EPSS/Metasploit +CVE-2015-0072,0.0,0.97257,"Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy and inject arbitrary web script or HTML via vectors involving an IFRAME element that triggers a redirect, a second IFRAME element that does not trigger a redirect, and an eval of a WindowProxy object, aka ""Universal XSS (UXSS).""",2015-02-07 19:59:07.723,EPSS/Metasploit CVE-2015-0096,0.0,0.97254,"Untrusted search path vulnerability in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, leading to DLL loading during Windows Explorer access to the icon of a crafted shortcut, aka ""DLL Planting Remote Code Execution Vulnerability.""",2015-03-11 10:59:22.760,EPSS CVE-2015-0235,0.0,0.97496,"Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka ""GHOST.""",2015-01-28 19:59:00.063,EPSS CVE-2015-0240,0.0,0.97426,"The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c.",2015-02-24 01:59:00.050,EPSS/Metasploit @@ -2233,7 +2230,7 @@ CVE-2015-5123,9.8,0.56191,"Use-after-free vulnerability in the BitmapData class CVE-2015-5287,0.0,0.0009,"The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users with certain permissions to gain privileges via a symlink attack on a file with a predictable name, as demonstrated by /var/tmp/abrt/abrt-hax-coredump or /var/spool/abrt/abrt-hax-coredump.",2015-12-07 18:59:02.230,Metasploit CVE-2015-5317,0.0,0.04876,The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name information via a direct request.,2015-11-25 20:59:07.680,CISA CVE-2015-5354,0.0,0.00166,Open redirect vulnerability in Novius OS 5.0.1 (Elche) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter to admin/nos/login.,2015-07-01 16:59:01.130,Nuclei -CVE-2015-5371,0.0,0.97122,The AuthenticationFilter class in SolarWinds Storage Manager allows remote attackers to upload and execute arbitrary scripts via unspecified vectors.,2015-07-06 14:59:06.157,EPSS/Metasploit +CVE-2015-5371,0.0,0.97164,The AuthenticationFilter class in SolarWinds Storage Manager allows remote attackers to upload and execute arbitrary scripts via unspecified vectors.,2015-07-06 14:59:06.157,EPSS/Metasploit CVE-2015-5453,0.0,0.02328,Watchguard XCS 9.2 and 10.0 before build 150522 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the id parameter to ADMIN/mailqueue.spl.,2015-07-08 15:59:05.647,Metasploit CVE-2015-5461,0.0,0.0055,Open redirect vulnerability in the Redirect function in stageshow_redirect.php in the StageShow plugin before 5.0.9 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter.,2015-07-08 16:59:04.147,Nuclei CVE-2015-5469,0.0,0.02243,Absolute path traversal vulnerability in the MDC YouTube Downloader plugin 2.1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter to includes/download.php.,2017-05-23 04:29:00.837,Nuclei @@ -2300,8 +2297,9 @@ CVE-2015-9312,0.0,0.00088,The newstatpress plugin before 1.0.5 for WordPress has CVE-2015-9323,9.8,0.00673,The 404-to-301 plugin before 2.0.3 for WordPress has SQL injection.,2019-08-16 21:15:10.487,Nuclei CVE-2015-9414,6.1,0.00111,The wp-symposium plugin through 15.8.1 for WordPress has XSS via the wp-content/plugins/wp-symposium/get_album_item.php?size parameter.,2019-09-26 00:15:10.570,Nuclei CVE-2015-9480,7.5,0.24001,The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter.,2019-10-10 17:15:16.233,Nuclei +CVE-2016-0003,0.0,0.95183,"Microsoft Edge allows remote attackers to execute arbitrary code via unspecified vectors, aka ""Microsoft Edge Memory Corruption Vulnerability.""",2016-01-13 05:59:02.683,EPSS CVE-2016-0015,0.0,0.96023,"DirectShow in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted file, aka ""DirectShow Heap Corruption Remote Code Execution Vulnerability.""",2016-01-13 05:59:12.997,EPSS -CVE-2016-0034,8.8,0.71645,"Microsoft Silverlight 5 before 5.1.41212.0 mishandles negative offsets during decoding, which allows remote attackers to execute arbitrary code or cause a denial of service (object-header corruption) via a crafted web site, aka ""Silverlight Runtime Remote Code Execution Vulnerability.""",2016-01-13 05:59:22.657,CISA +CVE-2016-0034,8.8,0.69876,"Microsoft Silverlight 5 before 5.1.41212.0 mishandles negative offsets during decoding, which allows remote attackers to execute arbitrary code or cause a denial of service (object-header corruption) via a crafted web site, aka ""Silverlight Runtime Remote Code Execution Vulnerability.""",2016-01-13 05:59:22.657,CISA CVE-2016-0040,7.8,0.15457,"The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka ""Windows Elevation of Privilege Vulnerability.""",2016-02-10 11:59:06.440,CISA/Metasploit CVE-2016-0041,0.0,0.91047,"Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold and 1511, and Internet Explorer 10 and 11 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka ""DLL Loading Remote Code Execution Vulnerability.""",2016-02-10 11:59:07.423,Metasploit CVE-2016-0050,0.0,0.95071,"Network Policy Server (NPS) in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold and R2 misparses username queries, which allows remote attackers to cause a denial of service (RADIUS authentication outage) via crafted requests, aka ""Network Policy Server RADIUS Implementation Denial of Service Vulnerability.""",2016-02-10 11:59:14.567,EPSS @@ -2353,7 +2351,7 @@ CVE-2016-1000155,0.0,0.00103,Reflected XSS in wordpress plugin wpsolr-search-eng CVE-2016-1000282,0.0,0.00761,Haraka version 2.8.8 and earlier comes with a plugin for processing attachments for zip files. Versions 2.8.8 and earlier can be vulnerable to command injection.,2019-02-05 17:29:00.233,Metasploit CVE-2016-10033,9.8,0.9709,"The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \"" (backslash double quote) in a crafted Sender property.",2016-12-30 19:59:00.137,EPSS/Nuclei CVE-2016-10034,0.0,0.96408,"The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \"" (backslash double quote) in a crafted e-mail address.",2016-12-30 19:59:00.217,EPSS -CVE-2016-10045,9.8,0.96686,The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-10033.,2016-12-30 19:59:00.247,EPSS/Metasploit +CVE-2016-10045,9.8,0.96725,The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-10033.,2016-12-30 19:59:00.247,EPSS/Metasploit CVE-2016-10073,0.0,0.00797,"The from method in library/core/class.email.php in Vanilla Forums before 2.3.1 allows remote attackers to spoof the email domain in sent messages and potentially obtain sensitive information via a crafted HTTP Host header, as demonstrated by a password reset request.",2017-05-23 04:29:01.180,Metasploit CVE-2016-1008,0.0,0.96115,"Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.",2016-03-09 11:59:38.390,EPSS CVE-2016-1010,8.8,0.94129,"Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0963 and CVE-2016-0993.",2016-03-12 15:59:25.090,CISA @@ -2624,7 +2622,7 @@ CVE-2017-15222,9.8,0.56154,Buffer Overflow vulnerability in Ayukov NFTPD 2.0 and CVE-2017-15287,0.0,0.00129,"There is XSS in the BouquetEditor WebPlugin for Dream Multimedia Dreambox devices, as demonstrated by the ""Name des Bouquets"" field, or the file parameter to the /file URI.",2017-10-12 15:29:00.373,Nuclei CVE-2017-15363,7.5,0.09311,"Directory traversal vulnerability in public/examples/resources/getsource.php in Luracast Restler through 3.0.0, as used in the restler extension before 1.7.1 for TYPO3, allows remote attackers to read arbitrary files via the file parameter.",2017-10-15 19:29:00.217,Nuclei CVE-2017-15647,0.0,0.02,"On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value.",2017-10-19 22:29:00.357,Nuclei -CVE-2017-15715,0.0,0.95912,"In Apache httpd 2.4.0 to 2.4.29, the expression specified in could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename.",2018-03-26 15:29:00.287,EPSS/Nuclei +CVE-2017-15715,0.0,0.95493,"In Apache httpd 2.4.0 to 2.4.29, the expression specified in could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename.",2018-03-26 15:29:00.287,EPSS/Nuclei CVE-2017-15889,0.0,0.14984,Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) before 5.2-5967-5 allows remote authenticated users to execute arbitrary commands via disk field.,2017-12-04 19:29:00.297,Metasploit CVE-2017-15908,7.5,0.95505,"In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the 'systemd-resolved' service and cause a DoS of the affected service.",2017-10-26 14:29:00.207,EPSS CVE-2017-15944,9.8,0.97439,"Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to execute arbitrary code via vectors involving the management interface.",2017-12-11 17:29:00.490,EPSS/CISA/Metasploit/Nuclei @@ -2706,7 +2704,7 @@ CVE-2017-3629,0.0,0.00067,"Vulnerability in the Solaris component of Oracle Sun CVE-2017-3630,0.0,0.00047,"Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data as well as unauthorized read access to a subset of Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).",2017-06-22 13:29:00.237,Metasploit CVE-2017-3631,0.0,0.00047,"Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data as well as unauthorized read access to a subset of Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).",2017-06-22 13:29:00.267,Metasploit CVE-2017-3730,0.0,0.95419,"In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack.",2017-05-04 19:29:00.320,EPSS -CVE-2017-3823,0.0,0.87888,"An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plugin before 10031.6.2017.0126 on Internet Explorer, and the Download Manager ActiveX control plugin before 2.1.0.10 on Internet Explorer. A vulnerability in these Cisco WebEx browser extensions could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server and Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center) when they are running on Microsoft Windows. The vulnerability is a design defect in an application programing interface (API) response parser within the extension. An attacker that can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser.",2017-02-01 11:59:00.133,Metasploit +CVE-2017-3823,0.0,0.8703,"An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plugin before 10031.6.2017.0126 on Internet Explorer, and the Download Manager ActiveX control plugin before 2.1.0.10 on Internet Explorer. A vulnerability in these Cisco WebEx browser extensions could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server and Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center) when they are running on Microsoft Windows. The vulnerability is a design defect in an application programing interface (API) response parser within the extension. An attacker that can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser.",2017-02-01 11:59:00.133,Metasploit CVE-2017-3881,9.8,0.97481,"A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges. The Cluster Management Protocol utilizes Telnet internally as a signaling and command protocol between cluster members. The vulnerability is due to the combination of two factors: (1) the failure to restrict the use of CMP-specific Telnet options only to internal, local communications between cluster members and instead accept and process such options over any Telnet connection to an affected device; and (2) the incorrect processing of malformed CMP-specific Telnet options. An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device. This affects Catalyst switches, Embedded Service 2020 switches, Enhanced Layer 2 EtherSwitch Service Module, Enhanced Layer 2/3 EtherSwitch Service Module, Gigabit Ethernet Switch Module (CGESM) for HP, IE Industrial Ethernet switches, ME 4924-10GE switch, RF Gateway 10, and SM-X Layer 2/3 EtherSwitch Service Module. Cisco Bug IDs: CSCvd48893.",2017-03-17 22:59:00.640,EPSS/CISA/Metasploit/Nuclei CVE-2017-4011,0.0,0.00142,Embedding Script (XSS) in HTTP Headers vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to get session/cookie information via modification of the HTTP request.,2017-05-17 21:29:00.210,Nuclei CVE-2017-4915,0.0,0.00107,VMware Workstation Pro/Player contains an insecure library loading vulnerability via ALSA sound driver configuration files. Successful exploitation of this issue may allow unprivileged host users to escalate their privileges to root in a Linux host machine.,2017-05-22 14:29:00.183,Metasploit @@ -2920,7 +2918,7 @@ CVE-2018-1271,5.9,0.00371,"Spring Framework, versions 5.0 prior to 5.0.5 and ver CVE-2018-1273,9.8,0.97241,"Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack.",2018-04-11 13:29:00.290,EPSS/CISA/Nuclei CVE-2018-12909,0.0,0.01119,"Webgrind 1.5 relies on user input to display a file, which lets anyone view files from the local filesystem (that the webserver user has access to) via an index.php?op=fileviewer&file= URI. NOTE: the vendor indicates that the product is not intended for a ""publicly accessible environment.",2018-06-27 16:29:00.300,Nuclei CVE-2018-12998,6.1,0.96752,"A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote attackers to inject arbitrary web script or HTML via the parameter 'operation' to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet.",2018-06-29 12:29:00.500,EPSS/Nuclei -CVE-2018-1303,0.0,0.95931,"A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache. The vulnerability is considered as low risk since mod_cache_socache is not widely used, mod_cache_disk is not concerned by this vulnerability.",2018-03-26 15:29:00.523,EPSS +CVE-2018-1303,0.0,0.95786,"A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache. The vulnerability is considered as low risk since mod_cache_socache is not widely used, mod_cache_disk is not concerned by this vulnerability.",2018-03-26 15:29:00.523,EPSS CVE-2018-13330,0.0,0.96942,"System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands during group creation via the ""groupname"" parameter.",2018-11-27 21:29:00.290,EPSS CVE-2018-13336,0.0,0.95207,"System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the ""pwd"" parameter during user creation.",2018-11-27 21:29:00.510,EPSS CVE-2018-13338,0.0,0.95207,"System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the ""username"" parameter during user creation.",2018-11-27 21:29:00.570,EPSS @@ -3140,7 +3138,7 @@ CVE-2018-8405,0.0,0.00117,"An elevation of privilege vulnerability exists when t CVE-2018-8406,0.0,0.00117,"An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka ""DirectX Graphics Kernel Elevation of Privilege Vulnerability."" This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8400, CVE-2018-8401, CVE-2018-8405.",2018-08-15 17:29:10.157,CISA CVE-2018-8414,0.0,0.76707,"A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths, aka ""Windows Shell Remote Code Execution Vulnerability."" This affects Windows 10 Servers, Windows 10.",2018-08-15 17:29:10.393,CISA CVE-2018-8440,0.0,0.96832,"An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka ""Windows ALPC Elevation of Privilege Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.",2018-09-13 00:29:04.333,EPSS/CISA/Metasploit -CVE-2018-8453,7.8,0.95061,"An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka ""Win32k Elevation of Privilege Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.",2018-10-10 13:29:02.557,EPSS/CISA/Metasploit +CVE-2018-8453,7.8,0.94747,"An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka ""Win32k Elevation of Privilege Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.",2018-10-10 13:29:02.557,CISA/Metasploit CVE-2018-8466,0.0,0.95475,"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ""Chakra Scripting Engine Memory Corruption Vulnerability."" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8367, CVE-2018-8465, CVE-2018-8467.",2018-09-13 00:29:06.507,EPSS CVE-2018-8467,0.0,0.95475,"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ""Chakra Scripting Engine Memory Corruption Vulnerability."" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8367, CVE-2018-8465, CVE-2018-8466.",2018-09-13 00:29:06.613,EPSS CVE-2018-8544,0.0,0.95283,"A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka ""Windows VBScript Engine Remote Code Execution Vulnerability."" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.",2018-11-14 01:29:00.927,EPSS @@ -3204,7 +3202,7 @@ CVE-2019-1003005,8.8,0.00441,A sandbox bypass vulnerability exists in Jenkins Sc CVE-2019-1003029,9.9,0.00768,"A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM.",2019-03-08 21:29:00.297,CISA/Metasploit CVE-2019-1003030,9.9,0.08978,"A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java that allows attackers able to control pipeline scripts to execute arbitrary code on the Jenkins master JVM.",2019-03-08 21:29:00.343,CISA CVE-2019-10068,9.8,0.97238,"An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions. Due to a failure to validate security headers, it was possible for a specially crafted request to the staging service to bypass the initial authentication and proceed to deserialize user-controlled .NET object input. This deserialization then led to unauthenticated remote code execution on the server where the Kentico instance was hosted.",2019-03-26 18:29:00.403,EPSS/CISA/Metasploit/Nuclei -CVE-2019-10092,6.1,0.0625,"In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.",2019-09-26 16:15:10.613,Nuclei +CVE-2019-10092,6.1,0.06408,"In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.",2019-09-26 16:15:10.613,Nuclei CVE-2019-10098,6.1,0.16675,"In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL.",2019-09-25 17:15:10.353,Nuclei CVE-2019-1010287,0.0,0.00129,"Timesheet Next Gen 1.5.3 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via a ""redirect"" parameter. The component is: Web login form: login.php, lines 40 and 54. The attack vector is: reflected XSS, victim may click the malicious url.",2019-07-17 21:15:11.093,Nuclei CVE-2019-1010290,0.0,0.00215,"Babel: Multilingual site Babel All is affected by: Open Redirection. The impact is: Redirection to any URL, which is supplied to redirect.php in a ""newurl"" parameter. The component is: redirect.php. The attack vector is: The victim must open a link created by an attacker. Attacker may use any legitimate site using Babel to redirect user to a URL of his/her choosing.",2019-07-16 14:15:11.903,Nuclei @@ -3222,7 +3220,7 @@ CVE-2019-10692,9.8,0.97058,"In the wp-google-maps plugin before 7.11.18 for Word CVE-2019-10717,0.0,0.0048,BlogEngine.NET 3.3.7.0 allows /api/filemanager Directory Traversal via the path parameter.,2019-07-03 16:15:10.770,Nuclei CVE-2019-10758,9.9,0.97448,mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method. A misuse of the `vm` dependency to perform `exec` commands in a non-safe environment.,2019-12-24 22:15:11.183,EPSS/CISA/Nuclei CVE-2019-10867,0.0,0.86043,"An issue was discovered in Pimcore before 5.7.1. An attacker with classes permission can send a POST request to /admin/class/bulk-commit, which will make it possible to exploit the unserialize function when passing untrusted values in the data parameter to bundles/AdminBundle/Controller/Admin/DataObject/ClassController.php.",2019-04-04 18:29:00.713,Metasploit -CVE-2019-11013,0.0,0.04187,Nimble Streamer 3.0.2-2 through 3.5.4-9 has a ../ directory traversal vulnerability. Successful exploitation could allow an attacker to traverse the file system to access files or directories that are outside of the restricted directory on the remote server.,2019-08-22 15:15:12.093,Nuclei +CVE-2019-11013,0.0,0.05811,Nimble Streamer 3.0.2-2 through 3.5.4-9 has a ../ directory traversal vulnerability. Successful exploitation could allow an attacker to traverse the file system to access files or directories that are outside of the restricted directory on the remote server.,2019-08-22 15:15:12.093,Nuclei CVE-2019-11043,9.8,0.97217,"In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.",2019-10-28 15:15:13.863,EPSS/CISA/Metasploit CVE-2019-11231,0.0,0.52547,"An issue was discovered in GetSimple CMS through 3.3.15. insufficient input sanitation in the theme-edit.php file allows upload of files with arbitrary content (PHP code, for example). This vulnerability is triggered by an authenticated user; however, authentication can be bypassed. According to the official documentation for installation step 10, an admin is required to upload all the files, including the .htaccess files, and run a health check. However, what is overlooked is that the Apache HTTP Server by default no longer enables the AllowOverride directive, leading to data/users/admin.xml password exposure. The passwords are hashed but this can be bypassed by starting with the data/other/authorization.xml API key. This allows one to target the session state, since they decided to roll their own implementation. The cookie_name is crafted information that can be leaked from the frontend (site name and version). If a someone leaks the API key and the admin username, then they can bypass authentication. To do so, they need to supply a cookie based on an SHA-1 computation of this known information. The vulnerability exists in the admin/theme-edit.php file. This file checks for forms submissions via POST requests, and for the csrf nonce. If the nonce sent is correct, then the file provided by the user is uploaded. There is a path traversal allowing write access outside the jailed themes directory root. Exploiting the traversal is not necessary because the .htaccess file is ignored. A contributing factor is that there isn't another check on the extension before saving the file, with the assumption that the parameter content is safe. This allows the creation of web accessible and executable files with arbitrary content.",2019-05-22 18:29:00.490,Metasploit CVE-2019-11248,8.2,0.6282,"The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. The go pprof endpoint is exposed over the Kubelet's healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for limited denial of service. Versions prior to 1.15.0, 1.14.4, 1.13.8, and 1.12.10 are affected. The issue is of medium severity, but not exposed by the default configuration.",2019-08-29 01:15:11.367,Nuclei @@ -3320,7 +3318,7 @@ CVE-2019-15976,9.8,0.96661,"Multiple vulnerabilities in the authentication mecha CVE-2019-15977,7.5,0.96652,"Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",2020-01-06 08:15:10.893,EPSS CVE-2019-16057,9.8,0.97559,The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection.,2019-09-16 12:15:10.910,EPSS/CISA/Nuclei CVE-2019-16097,6.5,0.96556,"core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API, when Harbor is setup with DB as authentication backend and allow user to do self-registration. Fixed version: v1.7.6 v1.8.3. v.1.9.0. Workaround without applying the fix: configure Harbor to use non-DB authentication backend such as LDAP.",2019-09-08 16:15:11.820,EPSS/Nuclei -CVE-2019-16113,8.8,0.91974,"Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname.",2019-09-08 21:15:10.617,Metasploit +CVE-2019-16113,8.8,0.90258,"Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname.",2019-09-08 21:15:10.617,Metasploit CVE-2019-16119,9.8,0.9537,SQL injection in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via the admin/controllers/Albumsgalleries.php album_id parameter.,2019-09-08 23:15:10.203,EPSS CVE-2019-16123,7.5,0.61253,"In Kartatopia PilusCart 1.4.1, the parameter filename in the file catalog.php is mishandled, leading to ../ Local File Disclosure.",2019-09-09 02:15:10.267,Nuclei CVE-2019-1620,9.8,0.51728,"A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to upload arbitrary files on an affected device. The vulnerability is due to incorrect permission settings in affected DCNM software. An attacker could exploit this vulnerability by uploading specially crafted data to the affected device. A successful exploit could allow the attacker to write arbitrary files on the filesystem and execute code with root privileges on the affected device.",2019-06-27 03:15:09.480,Metasploit @@ -3368,7 +3366,7 @@ CVE-2019-18665,7.5,0.06891,The Log module in SECUDOS DOMOS before 5.6 allows loc CVE-2019-18818,9.8,0.89135,strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js.,2019-11-07 22:15:10.570,Nuclei CVE-2019-18922,7.5,0.1773,A Directory Traversal in the Web interface of the Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 [1.00.047] allows unauthenticated attackers to read arbitrary system files via a GET request. NOTE: This is an End-of-Life product.,2019-11-29 19:15:11.980,Nuclei CVE-2019-18935,9.8,0.90557,"Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution. (As of 2020.1.114, a default setting prevents the exploit. In 2019.3.1023, but not earlier versions, a non-default setting can prevent exploitation.)",2019-12-11 13:15:11.767,CISA/Metasploit -CVE-2019-18957,6.1,0.00375,Microstrategy Library in MicroStrategy before 2019 before 11.1.3 has reflected XSS.,2019-11-14 14:15:11.803,Nuclei +CVE-2019-18957,6.1,0.00264,Microstrategy Library in MicroStrategy before 2019 before 11.1.3 has reflected XSS.,2019-11-14 14:15:11.803,Nuclei CVE-2019-1898,5.3,0.04827,"A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to access the syslog file on an affected device. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing the URL for the syslog file. A successful exploit could allow the attacker to access the information contained in the file.",2019-06-20 03:15:12.433,Nuclei CVE-2019-18988,7.0,0.00358,"TeamViewer Desktop through 14.7.1965 allows a bypass of remote-login access control because the same key is used for different customers' installations. It used a shared AES key for all installations since at least as far back as v7.0.43148, and used it for at least OptionsPasswordAES in the current version of the product. If an attacker were to know this key, they could decrypt protect information stored in the registry or configuration files of TeamViewer. With versions before v9.x , this allowed for attackers to decrypt the Unattended Access password to the system (which allows for remote login to the system as well as headless file browsing). The latest version still uses the same key for OptionPasswordAES but appears to have changed how the Unattended Access password is stored. While in most cases an attacker requires an existing session on a system, if the registry/configuration keys were stored off of the machine (such as in a file share or online), an attacker could then decrypt the required password to login to the system.",2020-02-07 16:15:10.033,CISA/Metasploit CVE-2019-19134,6.1,0.00184,The Hero Maps Premium plugin 2.2.1 and prior for WordPress is prone to unauthenticated XSS via the views/dashboard/index.php p parameter because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to inject HTML or arbitrary JavaScript within the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based tokens or to launch other attacks.,2020-02-26 15:15:11.617,Nuclei @@ -3504,7 +3502,7 @@ CVE-2019-9978,6.1,0.96566,"The social-warfare plugin before 3.5.3 for WordPress CVE-2020-0041,7.8,0.00081,"In binder_transaction of binder.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-145988638References: Upstream kernel",2020-03-10 20:15:21.383,CISA CVE-2020-0069,7.8,0.00145,"In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing SELinux restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147882143References: M-ALPS04356754",2020-03-10 20:15:21.947,CISA CVE-2020-0601,8.1,0.96964,"A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'.",2020-01-14 23:15:30.207,EPSS/CISA -CVE-2020-0618,8.8,0.97335,"A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability'.",2020-02-11 22:15:13.400,EPSS/CISA/Metasploit/Nuclei +CVE-2020-0618,8.8,0.97323,"A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability'.",2020-02-11 22:15:13.400,EPSS/CISA/Metasploit/Nuclei CVE-2020-0638,7.8,0.00069,"An elevation of privilege vulnerability exists in the way the Update Notification Manager handles files.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Update Notification Manager Elevation of Privilege Vulnerability'.",2020-01-14 23:15:32.503,CISA CVE-2020-0646,9.8,0.97418,"A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka '.NET Framework Remote Code Execution Injection Vulnerability'.",2020-01-14 23:15:33.143,EPSS/CISA/Metasploit CVE-2020-0668,7.8,0.00836,"An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0669, CVE-2020-0670, CVE-2020-0671, CVE-2020-0672.",2020-02-11 22:15:14.430,Metasploit @@ -3641,7 +3639,7 @@ CVE-2020-1464,7.8,0.26303,"A spoofing vulnerability exists when Windows incorrec In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures. ",2020-08-17 19:15:14.867,CISA -CVE-2020-14644,9.8,0.04636,"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",2020-07-15 18:15:29.457,CISA +CVE-2020-14644,9.8,0.24285,"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",2020-07-15 18:15:29.457,CISA CVE-2020-1472,5.5,0.42199,"An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. To exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access. Microsoft is addressing the vulnerability in a phased two-part rollout. These updates address the vulnerability by modifying how Netlogon handles the usage of Netlogon secure channels. @@ -3713,7 +3711,7 @@ CVE-2020-1956,8.8,0.96879,"Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0. CVE-2020-19625,9.8,0.82447,"Remote Code Execution Vulnerability in tests/support/stores/test_grid_filter.php in oria gridx 1.3, allows remote attackers to execute arbitrary code, via crafted value to the $query parameter.",2021-03-26 15:15:12.130,Nuclei CVE-2020-2021,10.0,0.00451,"When Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled (unchecked), improper verification of signatures in PAN-OS SAML authentication enables an unauthenticated network-based attacker to access protected resources. The attacker must have network access to the vulnerable server to exploit this vulnerability. This issue affects PAN-OS 9.1 versions earlier than PAN-OS 9.1.3; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9; PAN-OS 8.1 versions earlier than PAN-OS 8.1.15, and all versions of PAN-OS 8.0 (EOL). This issue does not affect PAN-OS 7.1. This issue cannot be exploited if SAML is not used for authentication. This issue cannot be exploited if the 'Validate Identity Provider Certificate' option is enabled (checked) in the SAML Identity Provider Server Profile. Resources that can be protected by SAML-based single sign-on (SSO) authentication are: GlobalProtect Gateway, GlobalProtect Portal, GlobalProtect Clientless VPN, Authentication and Captive Portal, PAN-OS next-generation firewalls (PA-Series, VM-Series) and Panorama web interfaces, Prisma Access In the case of GlobalProtect Gateways, GlobalProtect Portal, Clientless VPN, Captive Portal, and Prisma Access, an unauthenticated attacker with network access to the affected servers can gain access to protected resources if allowed by configured authentication and Security policies. There is no impact on the integrity and availability of the gateway, portal or VPN server. An attacker cannot inspect or tamper with sessions of regular users. In the worst case, this is a critical severity vulnerability with a CVSS Base Score of 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N). In the case of PAN-OS and Panorama web interfaces, this issue allows an unauthenticated attacker with network access to the PAN-OS or Panorama web interfaces to log in as an administrator and perform administrative actions. In the worst-case scenario, this is a critical severity vulnerability with a CVSS Base Score of 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). If the web interfaces are only accessible to a restricted management network, then the issue is lowered to a CVSS Base Score of 9.6 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). Palo Alto Networks is not aware of any malicious attempts to exploit this vulnerability.",2020-06-29 15:15:12.733,CISA CVE-2020-20285,5.4,0.00186,There is a XSS in the user login page in zzcms 2019. Users can inject js code by the referer header via user/login.php,2020-12-18 19:15:14.157,Nuclei -CVE-2020-20300,9.8,0.14623,SQL injection vulnerability in the wp_where function in WeiPHP 5.0.,2020-12-18 19:15:14.297,Nuclei +CVE-2020-20300,9.8,0.0986,SQL injection vulnerability in the wp_where function in WeiPHP 5.0.,2020-12-18 19:15:14.297,Nuclei CVE-2020-2036,8.8,0.03113,A reflected cross-site scripting (XSS) vulnerability exists in the PAN-OS management web interface. A remote attacker able to convince an administrator with an active authenticated session on the firewall management interface to click on a crafted link to that management web interface could potentially execute arbitrary JavaScript code in the administrator's browser and perform administrative actions. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9.,2020-09-09 17:15:25.587,Nuclei CVE-2020-2038,7.2,0.90008,An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts: PAN-OS 9.0 versions earlier than 9.0.10; PAN-OS 9.1 versions earlier than 9.1.4; PAN-OS 10.0 versions earlier than 10.0.1.,2020-09-09 17:15:25.760,Metasploit CVE-2020-2096,6.1,0.9687,"Jenkins Gitlab Hook Plugin 1.4.2 and earlier does not escape project names in the build_now endpoint, resulting in a reflected XSS vulnerability.",2020-01-15 16:15:14.853,EPSS/Nuclei @@ -3735,7 +3733,7 @@ CVE-2020-23972,7.5,0.59528,"In Joomla Component GMapFP Version J3.5 and J3.5free CVE-2020-24148,9.1,0.21329,Server-side request forgery (SSRF) in the Import XML and RSS Feeds (import-xml-feed) plugin 2.0.1 for WordPress via the data parameter in a moove_read_xml action.,2021-07-07 14:15:09.853,Nuclei CVE-2020-24186,10.0,0.97483,"A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX action.",2020-08-24 14:15:12.143,EPSS/Metasploit/Nuclei CVE-2020-24223,6.1,0.01247,Mara CMS 7.5 allows cross-site scripting (XSS) in contact.php via the theme or pagetheme parameters.,2020-08-30 18:15:10.753,Nuclei -CVE-2020-24312,7.5,0.02043,"mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to the fm_backups directory with a .htaccess file. This results in the ability for unauthenticated users to browse and download any site backups, which sometimes include full database backups, that the plugin has taken.",2020-08-26 13:15:10.860,Nuclei +CVE-2020-24312,7.5,0.01697,"mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to the fm_backups directory with a .htaccess file. This results in the ability for unauthenticated users to browse and download any site backups, which sometimes include full database backups, that the plugin has taken.",2020-08-26 13:15:10.860,Nuclei CVE-2020-24391,9.8,0.47889,mongo-express before 1.0.0 offers support for certain advanced syntax but implements this in an unsafe way. NOTE: this may overlap CVE-2019-10769.,2021-03-30 21:15:13.890,Nuclei CVE-2020-24550,6.1,0.00144,"An Open Redirect vulnerability in EpiServer Find before 13.2.7 allows an attacker to redirect users to untrusted websites via the _t_redirect parameter in a crafted URL, such as a /find_v2/_click URL.",2021-03-31 22:15:14.307,Nuclei CVE-2020-24557,7.8,0.00088,"A vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 on Microsoft Windows may allow an attacker to manipulate a particular product folder to disable the security temporarily, abuse a specific Windows function and attain privilege escalation. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected.",2020-09-01 19:15:11.870,CISA @@ -3801,11 +3799,11 @@ CVE-2020-28653,9.8,0.63712,Zoho ManageEngine OpManager Stable build before 12520 CVE-2020-2883,9.8,0.97425,"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",2020-04-15 14:15:33.513,EPSS/Metasploit CVE-2020-28871,9.8,0.96788,Remote code execution in Monitorr v1.7.6m in upload.php allows an unauthorized person to execute arbitrary code on the server-side via an insecure file upload.,2021-02-10 01:15:14.627,EPSS/Metasploit/Nuclei CVE-2020-28949,7.8,0.93455,"Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.",2020-11-19 19:15:11.937,CISA/Metasploit -CVE-2020-28976,5.3,0.00616,The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/detail.php?subdomain=SSRF.,2020-11-30 14:15:11.160,Nuclei +CVE-2020-28976,5.3,0.00736,The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/detail.php?subdomain=SSRF.,2020-11-30 14:15:11.160,Nuclei CVE-2020-29164,6.1,0.00205,PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by cross-site scripting (XSS).,2021-02-03 13:15:13.107,Nuclei CVE-2020-29227,9.8,0.01244,"An issue was discovered in Car Rental Management System 1.0. An unauthenticated user can perform a file inclusion attack against the /index.php file with a partial filename in the ""page"" parameter, to cause local file inclusion resulting in code execution.",2020-12-14 14:15:10.713,Nuclei CVE-2020-29390,9.8,0.95575,Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that could allow an unauthenticated attacker to execute a system command by using shell metacharacters and the %0a character.,2020-11-30 18:15:11.610,EPSS -CVE-2020-29395,6.1,0.04394,The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field.,2020-11-30 20:15:11.807,Nuclei +CVE-2020-29395,6.1,0.07631,The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field.,2020-11-30 20:15:11.807,Nuclei CVE-2020-29453,5.3,0.01399,"The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center before version 8.5.11, from 8.6.0 before 8.13.3, and from 8.14.0 before 8.15.0 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.",2021-02-22 21:15:19.553,Nuclei CVE-2020-29557,9.8,0.07642,An issue was discovered on D-Link DIR-825 R1 devices through 3.0.1 before 2020-11-20. A buffer overflow in the web interface allows attackers to achieve pre-authentication remote code execution.,2021-01-29 20:15:12.933,CISA CVE-2020-29583,9.8,0.96319,Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges.,2020-12-22 22:15:14.443,EPSS/CISA/Nuclei @@ -3924,7 +3922,7 @@ CVE-2020-8243,7.2,0.00486,A vulnerability in the Pulse Connect Secure < 9.1R8.2 CVE-2020-8260,7.2,0.03534,A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction.,2020-10-28 13:15:13.027,CISA/Metasploit CVE-2020-8467,8.8,0.02721,A migration tool component of Trend Micro Apex One (2019) and OfficeScan XG contains a vulnerability which could allow remote attackers to execute arbitrary code on affected installations (RCE). An attempted attack requires user authentication.,2020-03-18 01:15:11.927,CISA CVE-2020-8468,8.8,0.00452,"Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication.",2020-03-18 01:15:12.003,CISA -CVE-2020-8497,5.3,0.00284,"In Artica Pandora FMS through 7.42, an unauthenticated attacker can read the chat history. The file is in JSON format and it contains user names, user IDs, private messages, and timestamps.",2020-03-23 15:15:14.830,Nuclei +CVE-2020-8497,5.3,0.00217,"In Artica Pandora FMS through 7.42, an unauthenticated attacker can read the chat history. The file is in JSON format and it contains user names, user IDs, private messages, and timestamps.",2020-03-23 15:15:14.830,Nuclei CVE-2020-8512,6.1,0.0078,"In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter.",2020-02-01 00:15:10.773,Nuclei CVE-2020-8515,9.8,0.97276,"DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI. This issue has been fixed in Vigor3900/2960/300B v1.5.1.",2020-02-01 13:15:12.623,EPSS/CISA/Nuclei CVE-2020-8518,9.8,0.96488,"Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution.",2020-02-17 15:15:11.853,EPSS/Metasploit @@ -4005,7 +4003,7 @@ CVE-2021-20092,7.5,0.01598,The web interfaces of Buffalo WSR-2533DHPL2 firmware CVE-2021-20114,7.5,0.00818,"When installed following the default/recommended settings, TCExam <= 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which included sensitive database backup files.",2021-07-30 14:15:14.370,Nuclei CVE-2021-20123,7.5,0.49447,A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.,2021-10-13 16:15:07.350,CISA/Nuclei CVE-2021-20124,7.5,0.49184,A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.,2021-10-13 16:15:07.397,CISA/Nuclei -CVE-2021-20137,6.1,0.23633,"A reflected cross-site scripting vulnerability exists in the url parameter of the /cgi-bin/luci/site_access/ page on the Gryphon Tower router's web interface. An attacker could exploit this issue by tricking a user into following a specially crafted link, granting the attacker javascript execution in the context of the victim's browser.",2021-12-09 16:15:07.753,Nuclei +CVE-2021-20137,6.1,0.27645,"A reflected cross-site scripting vulnerability exists in the url parameter of the /cgi-bin/luci/site_access/ page on the Gryphon Tower router's web interface. An attacker could exploit this issue by tricking a user into following a specially crafted link, granting the attacker javascript execution in the context of the victim's browser.",2021-12-09 16:15:07.753,Nuclei CVE-2021-20150,5.3,0.11834,Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses information via redirection from the setup wizard. Authentication can be bypassed and a user may view information as Admin by manually browsing to the setup wizard and forcing it to redirect to the desired page.,2021-12-30 22:15:08.623,Nuclei CVE-2021-20158,9.8,0.01406,"Trendnet AC2600 TEW-827DRU version 2.08B01 contains an authentication bypass vulnerability. It is possible for an unauthenticated, malicous actor to force the change of the admin password due to a hidden administrative command.",2021-12-30 22:15:08.990,Nuclei CVE-2021-20167,8.0,0.94822,Netgear RAX43 version 1.0.3.96 contains a command injection vulnerability. The readycloud cgi application is vulnerable to command injection in the name parameter.,2021-12-30 22:15:09.457,Nuclei @@ -4143,7 +4141,7 @@ CVE-2021-24762,9.8,0.24804,"The Perfect Survey WordPress plugin before 1.5.2 doe CVE-2021-24791,7.2,0.25143,"The Header Footer Code Manager WordPress plugin before 1.1.14 does not validate and escape the ""orderby"" and ""order"" request parameters before using them in a SQL statement when viewing the Snippets admin dashboard, leading to SQL injections",2021-11-08 18:15:09.867,Nuclei CVE-2021-24827,9.8,0.11853,"The Asgaros Forum WordPress plugin before 1.15.13 does not validate and escape user input when subscribing to a topic before using it in a SQL statement, leading to an unauthenticated SQL injection issue",2021-11-08 18:15:10.187,Nuclei CVE-2021-24838,6.1,0.00111,"The AnyComment WordPress plugin before 0.3.5 has an API endpoint which passes user input via the redirect parameter to the wp_redirect() function without being validated first, leading to an Open Redirect issue, which according to the vendor, is a feature.",2022-01-17 13:15:07.577,Nuclei -CVE-2021-24849,9.8,0.02924,"The wcfm_ajax_controller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL injections",2021-12-21 09:15:07.090,Nuclei +CVE-2021-24849,9.8,0.02189,"The wcfm_ajax_controller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL injections",2021-12-21 09:15:07.090,Nuclei CVE-2021-24862,7.2,0.76495,"The RegistrationMagic WordPress plugin before 5.0.1.6 does not escape user input in its rm_chronos_ajax AJAX action before using it in a SQL statement when duplicating tasks in batches, which could lead to a SQL injection issue",2022-01-10 16:15:08.677,Metasploit/Nuclei CVE-2021-24875,6.1,0.00127,"The eCommerce Product Catalog Plugin for WordPress plugin before 3.0.39 does not escape the ic-settings-search parameter before outputting it back in the page in an attribute, leading to a Reflected Cross-Site Scripting issue",2021-11-23 20:15:10.140,Nuclei CVE-2021-24891,6.1,0.00123,"The Elementor Website Builder WordPress plugin before 3.4.8 does not sanitise or escape user input appended to the DOM via a malicious hash, resulting in a DOM Cross-Site Scripting issue.",2021-11-23 20:15:10.397,Nuclei @@ -4313,7 +4311,7 @@ CVE-2021-30883,7.8,0.00222,"A memory corruption issue was addressed with improve CVE-2021-30900,7.8,0.00238,"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 14.8.1 and iPadOS 14.8.1, iOS 15.1 and iPadOS 15.1. A malicious application may be able to execute arbitrary code with kernel privileges.",2021-08-24 19:15:18.083,CISA CVE-2021-30983,7.8,0.00138,A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 15.2 and iPadOS 15.2. An application may be able to execute arbitrary code with kernel privileges.,2021-08-24 19:15:23.507,CISA CVE-2021-31010,7.5,0.00372,"A deserialization issue was addressed through improved validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 12.5.5, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. A sandboxed process may be able to circumvent sandbox restrictions. Apple was aware of a report that this issue may have been actively exploited at the time of release..",2021-08-24 19:15:24.967,CISA -CVE-2021-3110,9.8,0.83896,The store system in PrestaShop 1.7.7.0 allows time-based boolean SQL injection via the module=productcomments controller=CommentGrade id_products[] parameter.,2021-01-20 13:15:13.033,Nuclei +CVE-2021-3110,9.8,0.83889,The store system in PrestaShop 1.7.7.0 allows time-based boolean SQL injection via the module=productcomments controller=CommentGrade id_products[] parameter.,2021-01-20 13:15:13.033,Nuclei CVE-2021-31166,9.8,0.97159,HTTP Protocol Stack Remote Code Execution Vulnerability,2021-05-11 19:15:09.300,EPSS/CISA/Metasploit CVE-2021-31181,8.8,0.34041,Microsoft SharePoint Remote Code Execution Vulnerability,2021-05-11 19:15:09.837,Metasploit CVE-2021-31195,6.5,0.91597,Microsoft Exchange Server Remote Code Execution Vulnerability,2021-05-11 19:15:10.227,Nuclei @@ -4496,7 +4494,7 @@ CVE-2021-40149,5.9,0.0369,The web server of the E1 Zoom camera through 3.0.0.716 CVE-2021-40150,7.5,0.01019,The web server of the E1 Zoom camera through 3.0.0.716 discloses its configuration via the /conf/ directory that is mapped to a publicly accessible path. In this way an attacker can download the entire NGINX/FastCGI configurations by querying the /conf/nginx.conf or /conf/fastcgi.conf URI.,2022-07-17 23:15:08.347,Nuclei CVE-2021-40323,9.8,0.0479,"Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.",2021-10-04 06:15:07.187,Nuclei CVE-2021-4034,7.8,0.00122,A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.,2022-01-28 20:15:12.193,CISA/Metasploit -CVE-2021-40438,9.0,0.9678,A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.,2021-09-16 15:15:07.633,EPSS/CISA/Nuclei +CVE-2021-40438,9.0,0.967,A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.,2021-09-16 15:15:07.633,EPSS/CISA/Nuclei CVE-2021-40444,8.8,0.97097,"

Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents.

An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Microsoft Defender Antivirus and Microsoft Defender for Endpoint both provide detection and protections for the known vulnerability. Customers should keep antimalware products up to date. Customers who utilize automatic updates do not need to take additional action. Enterprise customers who manage updates should select the detection build 1.349.22.0 or newer and deploy it across their environments. Microsoft Defender for Endpoint alerts will be displayed as: “Suspicious Cpl File Execution”.

@@ -4517,7 +4515,7 @@ CVE-2021-40859,9.8,0.03265,"Backdoors were discovered in Auerswald COMpact 5500R CVE-2021-40868,6.1,0.00532,"In Cloudron 6.2, the returnTo parameter on the login page is vulnerable to Reflected XSS.",2021-09-21 17:15:09.947,Nuclei CVE-2021-40870,9.8,0.93851,"An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal.",2021-09-13 08:15:13.913,CISA/Nuclei CVE-2021-40875,7.5,0.43581,"Improper Access Control in Gurock TestRail versions < 7.2.0.3014 resulted in sensitive information exposure. A threat actor can access the /files.md5 file on the client side of a Gurock TestRail application, disclosing a full list of application files and the corresponding file paths. The corresponding file paths can be tested, and in some cases, result in the disclosure of hardcoded credentials, API keys, or other sensitive data.",2021-09-22 15:15:09.677,Nuclei -CVE-2021-40960,9.8,0.02468,Galera WebTemplate 1.0 is affected by a directory traversal vulnerability that could reveal information from /etc/passwd and /etc/shadow.,2021-10-01 14:15:08.577,Nuclei +CVE-2021-40960,9.8,0.03457,Galera WebTemplate 1.0 is affected by a directory traversal vulnerability that could reveal information from /etc/passwd and /etc/shadow.,2021-10-01 14:15:08.577,Nuclei CVE-2021-40968,6.1,0.00141,Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword2 parameter.,2021-10-01 16:15:07.610,Nuclei CVE-2021-40969,6.1,0.00141,Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the firstname parameter.,2021-10-01 16:15:07.653,Nuclei CVE-2021-40970,6.1,0.00141,Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the username parameter.,2021-10-01 16:15:07.697,Nuclei @@ -4538,11 +4536,11 @@ CVE-2021-41357,7.8,0.00073,Win32k Elevation of Privilege Vulnerability,2021-10-1 CVE-2021-41379,5.5,0.00319,Windows Installer Elevation of Privilege Vulnerability,2021-11-10 01:19:32.127,CISA CVE-2021-41381,7.5,0.34983,Payara Micro Community 5.2021.6 and below allows Directory Traversal.,2021-09-23 15:15:08.100,Nuclei CVE-2021-41432,5.4,0.00067,A stored cross-site scripting (XSS) vulnerability exists in FlatPress 1.2.1 that allows for arbitrary execution of JavaScript commands through blog content.,2022-06-23 17:15:11.600,Nuclei -CVE-2021-41460,7.5,0.00965,"ECShop 4.1.0 has SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information.",2022-06-28 13:15:10.030,Nuclei +CVE-2021-41460,7.5,0.01932,"ECShop 4.1.0 has SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information.",2022-06-28 13:15:10.030,Nuclei CVE-2021-41467,6.1,0.0012,Cross-site scripting (XSS) vulnerability in application/controllers/dropbox.php in JustWriting 1.0.0 and below allow remote attackers to inject arbitrary web script or HTML via the challenge parameter.,2021-10-01 16:15:08.140,Nuclei CVE-2021-41569,7.5,0.00968,"SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. The samples library (included by default) in the appstart.sas file, allows end-users of the application to access the sample.webcsf1.sas program, which contains user-controlled macro variables that are passed to the DS2CSF macro. Users can escape the context of the configured user-controllable variable and append additional functions native to the macro but not included as variables within the library. This includes a function that retrieves files from the host OS.",2021-11-19 18:15:09.677,Nuclei -CVE-2021-41648,7.5,0.07187,An un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced through the /action.php prId parameter. Using a post request does not sanitize the user input.,2021-10-01 14:15:08.627,Nuclei -CVE-2021-41649,9.8,0.06405,An un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced through the /homeaction.php cat_id parameter. Using a post request does not sanitize the user input.,2021-10-01 14:15:08.673,Nuclei +CVE-2021-41648,7.5,0.09432,An un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced through the /action.php prId parameter. Using a post request does not sanitize the user input.,2021-10-01 14:15:08.627,Nuclei +CVE-2021-41649,9.8,0.07185,An un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced through the /homeaction.php cat_id parameter. Using a post request does not sanitize the user input.,2021-10-01 14:15:08.673,Nuclei CVE-2021-41653,9.8,0.94717,The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field.,2021-11-13 15:15:08.110,Nuclei CVE-2021-41749,9.8,0.46329,"In the SEOmatic plugin up to 3.4.11 for Craft CMS 3, it is possible for unauthenticated attackers to perform a Server-Side Template Injection, allowing for remote code execution.",2022-06-12 11:15:07.663,Nuclei CVE-2021-41773,7.5,0.97477,"A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration ""require all denied"", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.",2021-10-05 09:15:07.593,EPSS/CISA/Nuclei @@ -4632,7 +4630,7 @@ CVE-2021-46107,7.5,0.01419,Ligeo Archives Ligeo Basics as of 02_01-2022 is vulne CVE-2021-46379,6.1,0.00437,DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through URL redirection to untrusted site.,2022-03-04 16:15:09.383,Nuclei CVE-2021-46381,7.5,0.02555,Local File Inclusion due to path traversal in D-Link DAP-1620 leads to unauthorized internal files reading [/etc/passwd] and [/etc/shadow].,2022-03-04 16:15:09.987,Nuclei CVE-2021-46387,6.1,0.12221,"ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by Cross Site Scripting (XSS). Insecure URI handling leads to bypass security restriction to achieve Cross Site Scripting, which allows an attacker able to execute arbitrary JavaScript codes to perform multiple attacks such as clipboard hijacking and session hijacking.",2022-03-01 15:15:07.887,Nuclei -CVE-2021-46417,7.5,0.6049,Insecure handling of a download function leads to disclosure of internal files due to path traversal with root privileges in Franklin Fueling Systems Colibri Controller Module 1.8.19.8580.,2022-04-07 11:15:10.183,Nuclei +CVE-2021-46417,7.5,0.57417,Insecure handling of a download function leads to disclosure of internal files due to path traversal with root privileges in Franklin Fueling Systems Colibri Controller Module 1.8.19.8580.,2022-04-07 11:15:10.183,Nuclei CVE-2021-46418,7.5,0.06941,An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 via PUT method can allow creation of CGI scripts.,2022-04-07 12:15:07.780,Nuclei CVE-2021-46419,9.1,0.35419,An unauthorized file deletion vulnerability in Telesquare TLR-2855KS6 via DELETE method can allow deletion of system files and scripts.,2022-04-07 12:15:07.837,Nuclei CVE-2021-46422,9.8,0.95987,Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication.,2022-04-27 13:15:09.173,EPSS/Nuclei @@ -4791,8 +4789,8 @@ CVE-2022-20821,6.5,0.00367,"A vulnerability in the health check RPM of Cisco IOS CVE-2022-20828,7.2,0.10892,"A vulnerability in the CLI parser of Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected ASA FirePOWER module as the root user. This vulnerability is due to improper handling of undefined command parameters. An attacker could exploit this vulnerability by using a crafted command on the CLI or by submitting a crafted HTTPS request to the web-based management interface of the Cisco ASA that is hosting the ASA FirePOWER module. Note: To exploit this vulnerability, the attacker must have administrative access to the Cisco ASA. A user who has administrative access to a particular Cisco ASA is also expected to have administrative access to the ASA FirePOWER module that is hosted by that Cisco ASA.",2022-06-24 16:15:08.523,Metasploit CVE-2022-21371,7.5,0.96449,"Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",2022-01-19 12:15:16.047,EPSS/Nuclei CVE-2022-2143,9.8,0.20431,"The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code.",2022-07-22 15:15:08.463,Metasploit -CVE-2022-21445,9.8,0.00705,"Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",2022-04-19 21:15:15.907,CISA -CVE-2022-21500,7.5,0.93654,"Vulnerability in Oracle E-Business Suite (component: Manage Proxies). The supported version that is affected is 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle E-Business Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle E-Business Suite accessible data. Note: Authentication is required for successful attack, however the user may be self-registered.

Oracle E-Business Suite 12.1 is not impacted by this vulnerability. Customers should refer to the Patch Availability Document for details. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",2022-05-20 00:15:07.793,Nuclei +CVE-2022-21445,9.8,0.07863,"Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",2022-04-19 21:15:15.907,CISA +CVE-2022-21500,7.5,0.94271,"Vulnerability in Oracle E-Business Suite (component: Manage Proxies). The supported version that is affected is 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle E-Business Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle E-Business Suite accessible data. Note: Authentication is required for successful attack, however the user may be self-registered.

Oracle E-Business Suite 12.1 is not impacted by this vulnerability. Customers should refer to the Patch Availability Document for details. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",2022-05-20 00:15:07.793,Nuclei CVE-2022-21587,9.8,0.97034,"Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",2022-10-18 21:15:10.960,EPSS/CISA/Metasploit/Nuclei CVE-2022-21661,7.5,0.92177,"WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WP_Query, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this vulnerability.",2022-01-06 23:15:07.933,Nuclei CVE-2022-21705,7.2,0.00522,"Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. In affected versions user input was not properly sanitized before rendering. An authenticated user with the permissions to create, modify and delete website pages can exploit this vulnerability to bypass `cms.safe_mode` / `cms.enableSafeMode` in order to execute arbitrary code. This issue only affects admin panels that rely on safe mode and restricted permissions. To exploit this vulnerability, an attacker must first have access to the backend area. The issue has been patched in Build 474 (v1.0.474) and v1.1.10. Users unable to upgrade should apply https://github.com/octobercms/library/commit/c393c5ce9ca2c5acc3ed6c9bb0dab5ffd61965fe to your installation manually.",2022-02-23 19:15:08.583,Nuclei @@ -4871,9 +4869,9 @@ CVE-2022-24266,7.5,0.05297,Cuppa CMS v1.0 was discovered to contain a SQL inject CVE-2022-24288,8.8,0.94867,"In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI.",2022-02-25 09:15:06.957,Nuclei CVE-2022-24384,6.1,0.00084,Cross-site Scripting (XSS) vulnerability in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.,2022-03-14 13:15:07.770,Nuclei CVE-2022-24521,7.8,0.00044,Windows Common Log File System Driver Elevation of Privilege Vulnerability,2022-04-15 19:15:11.107,CISA -CVE-2022-2462,5.3,0.04904,"The Transposh WordPress Translation plugin for WordPress is vulnerable to sensitive information disclosure to unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient permissions checking on the 'tp_history' AJAX action and insufficient restriction on the data returned in the response. This makes it possible for unauthenticated users to exfiltrate usernames of individuals who have translated text.",2022-09-06 18:15:13.950,Nuclei +CVE-2022-2462,5.3,0.12577,"The Transposh WordPress Translation plugin for WordPress is vulnerable to sensitive information disclosure to unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient permissions checking on the 'tp_history' AJAX action and insufficient restriction on the data returned in the response. This makes it possible for unauthenticated users to exfiltrate usernames of individuals who have translated text.",2022-09-06 18:15:13.950,Nuclei CVE-2022-24627,9.8,0.01652,An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unauthenticated SQL injection in the p parameter of the process_login.php login form.,2023-05-29 21:15:09.423,Nuclei -CVE-2022-24637,9.8,0.84852,"Open Web Analytics (OWA) before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with ' leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-219596.",2023-01-27 11:15:12.240,Nuclei -CVE-2023-0552,5.4,0.00079,"The Registration Forms WordPress plugin before 3.8.2.3 does not properly validate the redirection URL when logging in and login out, leading to an Open Redirect vulnerability",2023-02-27 16:15:12.610,Nuclei +CVE-2023-0552,5.4,0.00069,"The Registration Forms WordPress plugin before 3.8.2.3 does not properly validate the redirection URL when logging in and login out, leading to an Open Redirect vulnerability",2023-02-27 16:15:12.610,Nuclei CVE-2023-0562,9.8,0.30013,A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php of the component Login. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-219716.,2023-01-28 23:15:08.810,Nuclei CVE-2023-0563,4.8,0.00669,A vulnerability classified as problematic has been found in PHPGurukul Bank Locker Management System 1.0. This affects an unknown part of the file add-locker-form.php of the component Assign Locker. The manipulation of the argument ahname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-219717 was assigned to this vulnerability.,2023-01-28 23:15:08.897,Nuclei CVE-2023-0600,9.8,0.04363,"The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 6.9 does not escape user input which is concatenated to an SQL query, allowing unauthenticated visitors to conduct SQL Injection attacks.",2023-05-15 13:15:09.867,Nuclei @@ -5418,7 +5416,7 @@ CVE-2023-22480,9.8,0.24702,"KubeOperator is an open source Kubernetes distributi CVE-2023-22515,9.8,0.97316,"Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue. ",2023-10-04 14:15:10.440,EPSS/CISA/Nuclei -CVE-2023-22518,9.8,0.9618,"All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Improper Authorization vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account. Using this account, an attacker can then perform all administrative actions that are available to Confluence instance administrator leading to - but not limited to - full loss of confidentiality, integrity and availability.  +CVE-2023-22518,9.8,0.95787,"All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Improper Authorization vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account. Using this account, an attacker can then perform all administrative actions that are available to Confluence instance administrator leading to - but not limited to - full loss of confidentiality, integrity and availability.  Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.",2023-10-31 15:15:08.573,EPSS/CISA/Metasploit/Nuclei CVE-2023-2252,2.7,0.00103,The Directorist WordPress plugin before 7.5.4 is vulnerable to Local File Inclusion as it does not validate the file parameter when importing CSV files.,2024-01-16 16:15:10.773,Nuclei @@ -5441,7 +5439,7 @@ CVE-2023-23488,9.8,0.11578,"The Paid Memberships Pro WordPress Plugin, version < CVE-2023-23489,9.8,0.1085,"The Easy Digital Downloads WordPress Plugin, versions 3.1.0.2 & 3.1.0.3, is affected by an unauthenticated SQL injection vulnerability in the 's' parameter of its 'edd_download_search' action.",2023-01-20 18:15:10.530,Nuclei CVE-2023-23491,6.1,0.00106,"The Quick Event Manager WordPress Plugin, version < 9.7.5, is affected by a reflected cross-site scripting vulnerability in the 'category' parameter of its 'qem_ajax_calendar' action.",2023-01-20 19:15:18.493,Nuclei CVE-2023-23492,8.8,0.05948,"The Login with Phone Number WordPress Plugin, version < 1.4.2, is affected by an authenticated SQL injection vulnerability in the 'ID' parameter of its 'lwp_forgot_password' action.",2023-01-20 19:15:18.543,Nuclei -CVE-2023-23529,8.8,0.002,"A type confusion issue was addressed with improved checks. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.",2023-02-27 20:15:14.710,CISA +CVE-2023-23529,8.8,0.00179,"A type confusion issue was addressed with improved checks. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.",2023-02-27 20:15:14.710,CISA CVE-2023-2356,7.5,0.01247,Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1.,2023-04-28 00:15:08.890,Nuclei CVE-2023-23752,5.3,0.95146,An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.,2023-02-16 17:15:10.603,EPSS/CISA/Metasploit/Nuclei CVE-2023-24044,6.1,0.00185,"A Host Header Injection issue on the Login page of Plesk Obsidian through 18.0.49 allows attackers to redirect users to malicious websites via a Host request header. NOTE: the vendor's position is ""the ability to use arbitrary domain names to access the panel is an intended feature.""",2023-01-22 03:15:09.967,Nuclei @@ -5603,8 +5601,8 @@ CVE-2023-31446,9.8,0.01604,"In Cassia Gateway firmware XC1000_2.1.1.2303082218 a CVE-2023-31465,9.8,0.01785,"An issue was discovered in FSMLabs TimeKeeper 8.0.17 through 8.0.28. By intercepting requests from various timekeeper streams, it is possible to find the getsamplebacklog call. Some query parameters are passed directly in the URL and named arg[x], with x an integer starting from 1; it is possible to modify arg[2] to insert Bash code that will be executed directly by the server.",2023-07-26 20:15:12.500,Nuclei CVE-2023-31548,5.4,0.00098,A stored Cross-site scripting (XSS) vulnerability in the FundRaiserEditor.php component of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.,2023-05-31 14:15:10.187,Nuclei CVE-2023-3188,6.5,0.00138,Server-Side Request Forgery (SSRF) in GitHub repository owncast/owncast prior to 0.1.0.,2023-06-10 02:15:09.157,Nuclei -CVE-2023-32046,7.8,0.00187,Windows MSHTML Platform Elevation of Privilege Vulnerability,2023-07-11 18:15:13.313,CISA -CVE-2023-32049,8.8,0.0216,Windows SmartScreen Security Feature Bypass Vulnerability,2023-07-11 18:15:13.430,CISA +CVE-2023-32046,7.8,0.00223,Windows MSHTML Platform Elevation of Privilege Vulnerability,2023-07-11 18:15:13.313,CISA +CVE-2023-32049,8.8,0.02097,Windows SmartScreen Security Feature Bypass Vulnerability,2023-07-11 18:15:13.430,CISA CVE-2023-32068,6.1,0.29955,"XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions prior to 14.10.4 it's possible to exploit well known parameters in XWiki URLs to perform redirection to untrusted site. This vulnerability was partially fixed in the past for XWiki 12.10.7 and 13.3RC1 but there is still the possibility to force specific URLs to skip some checks, e.g. using URLs like `http:example.com` in the parameter would allow the redirect. The issue has now been patched against all patterns that are known for performing redirects. This issue has been patched in XWiki 14.10.4 and 15.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.",2023-05-15 21:15:09.367,Nuclei CVE-2023-32077,7.5,0.12921,"Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. The issue is patched in 0.17.1 and fixed in 0.18.6. If users are using 0.17.1, they should run `docker pull gravitl/netmaker:v0.17.1` and `docker-compose up -d`. This will switch them to the patched users. If users are using v0.18.0-0.18.5, they should upgrade to v0.18.6 or later. As a workaround, someone who is using version 0.17.1 can pull the latest docker image of the backend and restart the server.",2023-08-24 22:15:08.077,Nuclei CVE-2023-3219,5.3,0.11264,"The EventON WordPress plugin before 2.1.2 does not validate that the event_id parameter in its eventon_ics_download ajax action is a valid Event, allowing unauthenticated visitors to access any Post (including unpublished or protected posts) content via the ics export functionality by providing the numeric id of the post.",2023-07-10 16:15:55.250,Nuclei @@ -5716,7 +5714,7 @@ CVE-2023-35162,6.1,0.5005,"XWiki Platform is a generic wiki platform offering ru CVE-2023-3519,9.8,0.96591,"Unauthenticated remote code execution ",2023-07-19 18:15:11.513,EPSS/CISA/Metasploit CVE-2023-3521,6.1,0.0014,Cross-site Scripting (XSS) - Reflected in GitHub repository fossbilling/fossbilling prior to 0.5.4.,2023-07-06 02:15:09.510,Nuclei -CVE-2023-35311,7.5,0.57838,Microsoft Outlook Security Feature Bypass Vulnerability,2023-07-11 18:15:17.177,CISA +CVE-2023-35311,7.5,0.60316,Microsoft Outlook Security Feature Bypass Vulnerability,2023-07-11 18:15:17.177,CISA CVE-2023-35674,7.8,0.00064,"In onCreate of WindowState.java, there is a possible way to launch a background activity due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.",2023-09-11 21:15:42.193,CISA CVE-2023-35813,9.8,0.73593,"Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3.",2023-06-17 23:15:09.137,Nuclei CVE-2023-35843,7.5,0.06574,"NocoDB through 0.106.0 (or 0.109.1) has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. This vulnerability could allow an attacker to access sensitive files and data on the server, including configuration files, source code, and other sensitive information.",2023-06-19 18:15:09.830,Nuclei @@ -5997,7 +5995,7 @@ versions prior to ",2023-09-27 15:18:54.877,CISA -CVE-2023-36874,7.8,0.04776,Windows Error Reporting Service Elevation of Privilege Vulnerability,2023-07-11 18:15:20.733,CISA/Metasploit +CVE-2023-36874,7.8,0.03457,Windows Error Reporting Service Elevation of Privilege Vulnerability,2023-07-11 18:15:20.733,CISA/Metasploit CVE-2023-36884,7.5,0.06769,Windows Search Remote Code Execution Vulnerability,2023-07-11 19:15:09.623,CISA CVE-2023-36934,9.1,0.1153,"In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.",2023-07-05 16:15:09.793,Nuclei CVE-2023-3710,9.8,0.79743,"Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injection.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006). @@ -6107,13 +6105,13 @@ CVE-2023-41538,6.1,0.00138,phpjabbers PHP Forum Script 3.0 is vulnerable to Cros CVE-2023-41597,6.1,0.00147,EyouCms v1.6.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /admin/twitter.php?active_t.,2023-11-15 06:15:27.893,Nuclei CVE-2023-41599,5.3,0.00101,An issue in the component /common/DownController.java of JFinalCMS v5.0.0 allows attackers to execute a directory traversal.,2023-09-19 02:15:58.607,Nuclei CVE-2023-41621,6.1,0.00071,A Cross Site Scripting (XSS) vulnerability was discovered in Emlog Pro v2.1.14 via the component /admin/store.php.,2023-12-13 23:15:07.217,Nuclei -CVE-2023-41642,6.1,0.00097,Multiple reflected cross-site scripting (XSS) vulnerabilities in the ErroreNonGestito.aspx component of GruppoSCAI RealGimm 1.1.37p38 allow attackers to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload injected into the VIEWSTATE parameter.,2023-08-31 14:15:09.033,Nuclei +CVE-2023-41642,6.1,0.001,Multiple reflected cross-site scripting (XSS) vulnerabilities in the ErroreNonGestito.aspx component of GruppoSCAI RealGimm 1.1.37p38 allow attackers to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload injected into the VIEWSTATE parameter.,2023-08-31 14:15:09.033,Nuclei CVE-2023-4168,7.5,0.13627,A vulnerability was found in Templatecookie Adlisting 2.14.0. It has been classified as problematic. Affected is an unknown function of the file /ad-list of the component Redirect Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-236184. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.,2023-08-05 18:15:09.563,Nuclei CVE-2023-4169,8.8,0.00925,A vulnerability was found in Ruijie RG-EW1200G 1.0(1)B1P5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/sys/set_passwd of the component Administrator Password Handler. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-236185 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.,2023-08-05 18:15:17.850,Nuclei CVE-2023-4173,6.1,0.00266,"A vulnerability, which was classified as problematic, was found in mooSocial mooStore 3.1.6. Affected is an unknown function of the file /search/index. The manipulation of the argument q leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-236208.",2023-08-06 00:15:10.103,Nuclei CVE-2023-4174,6.1,0.0047,A vulnerability has been found in mooSocial mooStore 3.1.6 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. The identifier VDB-236209 was assigned to this vulnerability.,2023-08-06 01:15:08.820,Nuclei CVE-2023-41763,5.3,0.61843,Skype for Business Elevation of Privilege Vulnerability,2023-10-10 18:15:18.150,CISA/Nuclei -CVE-2023-41892,9.8,0.87437,"Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector. Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15.",2023-09-13 20:15:08.187,Metasploit/Nuclei +CVE-2023-41892,9.8,0.89525,"Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector. Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15.",2023-09-13 20:15:08.187,Metasploit/Nuclei CVE-2023-41990,7.8,0.00073,"The issue was addressed with improved handling of caches. This issue is fixed in tvOS 16.3, iOS 16.3 and iPadOS 16.3, macOS Monterey 12.6.8, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Ventura 13.2, watchOS 9.3. Processing a font file may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.",2023-09-12 00:15:09.463,CISA CVE-2023-41991,5.5,0.01447,"A certificate validation issue was addressed. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.",2023-09-21 19:15:11.283,CISA CVE-2023-41992,7.8,0.00062,"The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, iOS 16.7 and iPadOS 16.7, macOS Ventura 13.6. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.",2023-09-21 19:15:11.520,CISA @@ -6137,7 +6135,7 @@ CVE-2023-43325,6.1,0.37632,A reflected cross-site scripting (XSS) vulnerability CVE-2023-43326,6.1,0.02034,A reflected cross-site scripting (XSS) vulnerability exisits in multiple url of mooSocial v3.1.8 allows attackers to steal user's session cookies and impersonate their account via a crafted URL.,2023-09-25 22:15:10.943,Nuclei CVE-2023-43374,9.8,0.00876,Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the id_utente_log parameter at /hoteldruid/personalizza.php.,2023-09-20 19:15:12.350,Nuclei CVE-2023-43472,7.5,0.01358,An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST API.,2023-12-05 07:15:07.667,Nuclei -CVE-2023-43654,9.8,0.00173,"TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage of to compromise the integrity of the system and sensitive data. This issue is present in versions 0.1.0 to 0.8.1. A user is able to load the model of their choice from any URL that they would like to use. The user of TorchServe is responsible for configuring both the allowed_urls and specifying the model URL to be used. A pull request to warn the user when the default value for allowed_urls is used has been merged in PR #2534. TorchServe release 0.8.2 includes this change. Users are advised to upgrade. There are no known workarounds for this issue.",2023-09-28 23:15:09.627,Metasploit/Nuclei +CVE-2023-43654,9.8,0.13299,"TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage of to compromise the integrity of the system and sensitive data. This issue is present in versions 0.1.0 to 0.8.1. A user is able to load the model of their choice from any URL that they would like to use. The user of TorchServe is responsible for configuring both the allowed_urls and specifying the model URL to be used. A pull request to warn the user when the default value for allowed_urls is used has been merged in PR #2534. TorchServe release 0.8.2 includes this change. Users are advised to upgrade. There are no known workarounds for this issue.",2023-09-28 23:15:09.627,Metasploit/Nuclei CVE-2023-43662,8.6,0.03585,"ShokoServer is a media server which specializes in organizing anime. In affected versions the `/api/Image/WithPath` endpoint is accessible without authentication and is supposed to return default server images. The endpoint accepts the parameter `serverImagePath`, which is not sanitized in any way before being passed to `System.IO.File.OpenRead`, which results in an arbitrary file read. This issue may lead to an arbitrary file read which is exacerbated in the windows installer which installs the ShokoServer as administrator. Any unauthenticated attacker may be able to access sensitive information and read files stored on the server. The `/api/Image/WithPath` endpoint has been removed in commit `6c57ba0f0` which will be included in subsequent releases. Users should limit access to the `/api/Image/WithPath` endpoint or manually patch their installations until a patched release is made. This issue was discovered by the GitHub Security lab and is also indexed as GHSL-2023-191.",2023-09-28 22:15:10.270,Nuclei CVE-2023-43770,6.1,0.16561,"Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior.",2023-09-22 06:15:10.090,CISA CVE-2023-43795,9.8,0.28896,GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service (WPS) specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request Forgery. This vulnerability has been patched in version 2.22.5 and 2.23.2.,2023-10-25 18:17:32.180,Nuclei @@ -6161,7 +6159,7 @@ CVE-2023-45498,9.8,0.00297,"VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, an CVE-2023-45499,9.8,0.00137,"VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain hardcoded credentials.",2023-10-27 04:15:10.617,Metasploit CVE-2023-45542,6.1,0.00121,Cross Site Scripting vulnerability in mooSocial 3.1.8 allows a remote attacker to obtain sensitive information via a crafted script to the q parameter in the Search function.,2023-10-16 21:15:11.517,Nuclei CVE-2023-45671,4.7,0.01035,"Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, there is a reflected cross-site scripting vulnerability in any API endpoints reliant on the `/` base path as values provided for the path are not sanitized. Exploiting this vulnerability requires the attacker to both know very specific information about a user's Frigate server and requires an authenticated user to be tricked into clicking a specially crafted link to their Frigate instance. This vulnerability could exploited by an attacker under the following circumstances: Frigate publicly exposed to the internet (even with authentication); attacker knows the address of a user's Frigate instance; attacker crafts a specialized page which links to the user's Frigate instance; attacker finds a way to get an authenticated user to visit their specialized page and click the button/link. As the reflected values included in the URL are not sanitized or escaped, this permits execution arbitrary Javascript payloads. Version 0.13.0 Beta 3 contains a patch for this issue.",2023-10-30 23:15:08.620,Nuclei -CVE-2023-4568,6.5,0.01243,"PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and below are confirmed to be affected, but later versions may also be affected due to lack of a vendor supplied patch.",2023-09-13 21:15:07.807,Nuclei +CVE-2023-4568,6.5,0.01335,"PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and below are confirmed to be affected, but later versions may also be affected due to lack of a vendor supplied patch.",2023-09-13 21:15:07.807,Nuclei CVE-2023-45852,9.8,0.03797,"In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method.",2023-10-14 02:15:09.270,Nuclei CVE-2023-45855,7.5,0.00586,qdPM 9.2 allows Directory Traversal to list files and directories by navigating to the /uploads URI.,2023-10-14 05:15:55.313,Nuclei CVE-2023-4596,9.8,0.11527,"The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been uploaded to the server in the upload_post_image() function in versions up to, and including, 1.24.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.",2023-08-30 02:15:09.353,Nuclei @@ -6202,7 +6200,7 @@ CVE-2023-47115,5.4,0.02378,"Label Studio is an a popular open source data labeli The file `users/functions.py` lines 18-49 show that the only verification check is that the file is an image by extracting the dimensions from the file. Label Studio serves avatar images using Django's built-in `serve` view, which is not secure for production use according to Django's documentation. The issue with the Django `serve` view is that it determines the `Content-Type` of the response by the file extension in the URL path. Therefore, an attacker can upload an image that contains malicious HTML code and name the file with a `.html` extension to be rendered as a HTML page. The only file extension validation is performed on the client-side, which can be easily bypassed. Version 1.9.2 fixes this issue. Other remediation strategies include validating the file extension on the server side, not in client-side code; removing the use of Django's `serve` view and implement a secure controller for viewing uploaded avatar images; saving file content in the database rather than on the filesystem to mitigate against other file related vulnerabilities; and avoiding trusting user controlled inputs.",2024-01-23 23:15:08.100,Nuclei -CVE-2023-47117,7.5,0.12952,"Label Studio is an open source data labeling tool. In all current versions of Label Studio prior to 1.9.2post0, the application allows users to insecurely set filters for filtering tasks. An attacker can construct a filter chain to filter tasks based on sensitive fields for all user accounts on the platform by exploiting Django's Object Relational Mapper (ORM). Since the results of query can be manipulated by the ORM filter, an attacker can leak these sensitive fields character by character. In addition, Label Studio had a hard coded secret key that an attacker can use to forge a session token of any user by exploiting this ORM Leak vulnerability to leak account password hashes. This vulnerability has been addressed in commit `f931d9d129` which is included in the 1.9.2post0 release. Users are advised to upgrade. There are no known workarounds for this vulnerability.",2023-11-13 21:15:08.317,Nuclei +CVE-2023-47117,7.5,0.11943,"Label Studio is an open source data labeling tool. In all current versions of Label Studio prior to 1.9.2post0, the application allows users to insecurely set filters for filtering tasks. An attacker can construct a filter chain to filter tasks based on sensitive fields for all user accounts on the platform by exploiting Django's Object Relational Mapper (ORM). Since the results of query can be manipulated by the ORM filter, an attacker can leak these sensitive fields character by character. In addition, Label Studio had a hard coded secret key that an attacker can use to forge a session token of any user by exploiting this ORM Leak vulnerability to leak account password hashes. This vulnerability has been addressed in commit `f931d9d129` which is included in the 1.9.2post0 release. Users are advised to upgrade. There are no known workarounds for this vulnerability.",2023-11-13 21:15:08.317,Nuclei CVE-2023-4714,7.5,0.72,A vulnerability was found in PlayTube 3.0.1 and classified as problematic. This issue affects some unknown processing of the component Redirect Handler. The manipulation leads to information disclosure. The attack may be initiated remotely. The identifier VDB-238577 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.,2023-09-01 20:15:08.890,Nuclei CVE-2023-47211,8.6,0.00085,A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability.,2024-01-08 15:15:25.287,Nuclei CVE-2023-47218,5.8,0.00361,"An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. @@ -6304,7 +6302,7 @@ CVE-2023-5217,8.8,0.30608,Heap buffer overflow in vp8 encoding in libvpx in Goog CVE-2023-5222,9.8,0.17892,A vulnerability classified as critical was found in Viessmann Vitogate 300 up to 2.1.3.0. This vulnerability affects the function isValidUser of the file /cgi-bin/vitogate.cgi of the component Web Management Interface. The manipulation leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240364. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.,2023-09-27 15:19:43.387,Nuclei CVE-2023-52251,8.8,0.94548,An issue discovered in provectus kafka-ui 0.4.0 through 0.7.1 allows remote attackers to execute arbitrary code via the q parameter of /api/clusters/local/topics/{topic}/messages.,2024-01-25 21:15:08.787,Metasploit/Nuclei CVE-2023-5244,6.1,0.0018,Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 2.0.,2023-09-28 01:15:09.060,Nuclei -CVE-2023-5360,9.8,0.90278,"The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE.",2023-10-31 14:15:12.773,Metasploit/Nuclei +CVE-2023-5360,9.8,0.78732,"The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE.",2023-10-31 14:15:12.773,Metasploit/Nuclei CVE-2023-5375,6.1,0.00102,Open Redirect in GitHub repository mosparo/mosparo prior to 1.0.2.,2023-10-04 09:15:31.980,Nuclei CVE-2023-5556,6.1,0.00078,Cross-site Scripting (XSS) - Reflected in GitHub repository structurizr/onpremises prior to 3194.,2023-10-12 11:15:23.873,Nuclei CVE-2023-5612,5.3,0.00463,"An issue has been discovered in GitLab affecting all versions before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. It was possible to read the user email address via tags feed although the visibility in the user profile has been disabled.",2024-01-26 02:15:07.357,Metasploit @@ -6333,7 +6331,7 @@ CVE-2023-6038,7.5,0.07263,"A Local File Inclusion (LFI) vulnerability exists in CVE-2023-6063,7.5,0.12685,"The WP Fastest Cache WordPress plugin before 1.2.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users.",2023-12-04 22:15:08.337,Nuclei CVE-2023-6065,5.3,0.00108,"The Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 doesn't restrict access to detailed scan logs, which allows a malicious actor to discover local paths and portions of the site's code",2023-12-18 20:15:08.750,Nuclei CVE-2023-6114,7.5,0.01146,"The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the `backups-dup-lite/tmp` directory (or the `backups-dup-pro/tmp` directory in the Pro version), which temporarily stores files containing sensitive data. When directory listing is enabled in the web server, this allows unauthenticated attackers to discover and access these sensitive files, which include a full database dump and a zip archive of the site.",2023-12-26 19:15:08.260,Nuclei -CVE-2023-6275,6.1,0.00075,"A vulnerability was found in TOTVS Fluig Platform 1.6.x/1.7.x/1.8.0/1.8.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /mobileredir/openApp.jsp of the component mobileredir. The manipulation of the argument redirectUrl/user with the input ""> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.7.1-231128, 1.8.0-231127 and 1.8.1-231127 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-246104.",2023-11-24 15:15:07.783,Nuclei +CVE-2023-6275,6.1,0.002,"A vulnerability was found in TOTVS Fluig Platform 1.6.x/1.7.x/1.8.0/1.8.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /mobileredir/openApp.jsp of the component mobileredir. The manipulation of the argument redirectUrl/user with the input ""> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.7.1-231128, 1.8.0-231127 and 1.8.1-231127 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-246104.",2023-11-24 15:15:07.783,Nuclei CVE-2023-6329,9.8,0.61326,"An authentication bypass vulnerability exists in Control iD iDSecure v4.7.32.0. The login routine used by iDS-Core.dll contains a ""passwordCustom"" option that allows an unauthenticated attacker to compute valid credentials that can be used to bypass authentication and act as an administrative user.",2023-11-27 17:15:09.860,Metasploit/Nuclei CVE-2023-6345,9.6,0.09932,Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High),2023-11-29 12:15:07.077,CISA CVE-2023-6360,9.8,0.007,"The 'My Calendar' WordPress Plugin, version < 3.4.22 is affected by an unauthenticated SQL injection vulnerability in the 'from' and 'to' parameters in the '/my-calendar/v1/events' rest route.",2023-11-30 16:15:11.820,Nuclei @@ -6353,7 +6351,7 @@ CVE-2023-6623,9.8,0.09891,"The Essential Blocks WordPress plugin before 4.4.3 do CVE-2023-6634,9.8,0.39982,"The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4.2.5.7 via the get_content function. This is due to the plugin making use of the call_user_func function with user input. This makes it possible for unauthenticated attackers to execute any public function with one parameter, which could result in remote code execution.",2024-01-11 09:15:50.437,Nuclei CVE-2023-6831,8.1,0.00425,Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.,2023-12-15 01:15:08.140,Nuclei CVE-2023-6875,9.8,0.03491,"The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to reset the API key used to authenticate to the mailer and view logs, including password reset emails, allowing site takeover.",2024-01-11 09:15:52.773,Nuclei -CVE-2023-6895,9.8,0.92116,A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). It has been declared as critical. This vulnerability affects unknown code of the file /php/ping.php. The manipulation of the argument jsondata[ip] with the input netstat -ano leads to os command injection. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.0 is able to address this issue. It is recommended to upgrade the affected component. VDB-248254 is the identifier assigned to this vulnerability.,2023-12-17 08:15:07.173,Nuclei +CVE-2023-6895,9.8,0.92733,A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). It has been declared as critical. This vulnerability affects unknown code of the file /php/ping.php. The manipulation of the argument jsondata[ip] with the input netstat -ano leads to os command injection. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.0 is able to address this issue. It is recommended to upgrade the affected component. VDB-248254 is the identifier assigned to this vulnerability.,2023-12-17 08:15:07.173,Nuclei CVE-2023-6909,7.5,0.00546,Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.,2023-12-18 04:15:52.367,Nuclei CVE-2023-6977,7.5,0.00546,This vulnerability enables malicious users to read sensitive files on the server.,2023-12-20 06:15:45.907,Nuclei CVE-2023-6989,9.8,0.24154,"The Shield Security – Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the render_action_template parameter. This makes it possible for unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files.",2024-02-05 22:15:58.603,Nuclei @@ -6396,7 +6394,7 @@ CVE-2024-1212,10.0,0.00253,"Unauthenticated remote attackers can access the syst ",2024-02-21 18:15:50.417,Metasploit/Nuclei CVE-2024-1380,5.3,0.00053,"The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relevanssi_export_log_check() function in all versions up to, and including, 4.22.0. This makes it possible for unauthenticated attackers to export the query log data. The vendor has indicated that they may look into adding a capability check for proper authorization control, however, this vulnerability is theoretically patched as is.",2024-03-13 16:15:20.903,Nuclei CVE-2024-1512,9.8,0.00054,"The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to union based SQL Injection via the 'user' parameter of the /lms/stm-lms/order/items REST route in all versions up to, and including, 3.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.",2024-02-17 08:15:08.093,Nuclei -CVE-2024-1561,0.0,0.00087,"An issue was discovered in gradio-app/gradio, where the `/component_server` endpoint improperly allows the invocation of any method on a `Component` class with attacker-controlled arguments. Specifically, by exploiting the `move_resource_to_block_cache()` method of the `Block` class, an attacker can copy any file on the filesystem to a temporary directory and subsequently retrieve it. This vulnerability enables unauthorized local file read access, posing a significant risk especially when the application is exposed to the internet via `launch(share=True)`, thereby allowing remote attackers to read files on the host machine. Furthermore, gradio apps hosted on `huggingface.co` are also affected, potentially leading to the exposure of sensitive information such as API keys and credentials stored in environment variables.",2024-04-16 00:15:08.887,Nuclei +CVE-2024-1561,0.0,0.00074,"An issue was discovered in gradio-app/gradio, where the `/component_server` endpoint improperly allows the invocation of any method on a `Component` class with attacker-controlled arguments. Specifically, by exploiting the `move_resource_to_block_cache()` method of the `Block` class, an attacker can copy any file on the filesystem to a temporary directory and subsequently retrieve it. This vulnerability enables unauthorized local file read access, posing a significant risk especially when the application is exposed to the internet via `launch(share=True)`, thereby allowing remote attackers to read files on the host machine. Furthermore, gradio apps hosted on `huggingface.co` are also affected, potentially leading to the exposure of sensitive information such as API keys and credentials stored in environment variables.",2024-04-16 00:15:08.887,Nuclei CVE-2024-1698,9.8,0.00074,"The NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor plugin for WordPress is vulnerable to SQL Injection via the 'type' parameter in all versions up to, and including, 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.",2024-02-27 06:15:46.140,Nuclei CVE-2024-1708,8.4,0.00049,"ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker @@ -6469,7 +6467,7 @@ IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, 8.11. ",2024-02-02 03:15:10.573,Nuclei CVE-2024-22320,8.8,0.4422,"IBM Operational Decision Manager 8.10.3 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of SYSTEM. IBM X-Force ID: 279146.",2024-02-02 03:15:10.780,Nuclei CVE-2024-22729,9.8,0.01483,NETIS SYSTEMS MW5360 V1.0.1.3031 was discovered to contain a command injection vulnerability via the password parameter on the login page.,2024-01-25 15:15:08.133,Metasploit -CVE-2024-22927,6.1,0.09212,Cross Site Scripting (XSS) vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.,2024-02-01 23:15:10.960,Nuclei +CVE-2024-22927,6.1,0.12349,Cross Site Scripting (XSS) vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.,2024-02-01 23:15:10.960,Nuclei CVE-2024-23222,8.8,0.00111,"A type confusion issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.",2024-01-23 01:15:11.500,CISA CVE-2024-23225,7.8,0.00207,"A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.",2024-03-05 20:16:01.370,CISA CVE-2024-23296,7.8,0.00207,A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.,2024-03-05 20:16:01.553,CISA @@ -6500,7 +6498,7 @@ CVE-2024-26331,7.5,0.00053,"ReCrystallize Server 5.10.0.0 uses a authorization m CVE-2024-27198,9.8,0.96926,In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible,2024-03-04 18:15:09.040,EPSS/CISA/Metasploit/Nuclei CVE-2024-27199,7.3,0.00896,In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible,2024-03-04 18:15:09.377,Nuclei CVE-2024-27292,7.5,0.00053,Docassemble is an expert system for guided interviews and document assembly. The vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation. It affects versions 1.4.53 to 1.4.96. The vulnerability has been patched in version 1.4.97 of the master branch.,2024-03-21 02:52:19.560,Nuclei -CVE-2024-27348,9.8,0.0021,"RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 +CVE-2024-27348,9.8,0.00894,"RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue. @@ -6514,7 +6512,7 @@ CVE-2024-27956,9.9,0.0005,"Improper Neutralization of Special Elements used in a ",2024-03-21 17:15:08.437,Nuclei CVE-2024-28254,8.8,0.00046,"OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The `‎AlertUtil::validateExpression` method evaluates an SpEL expression using `getValue` which by default uses the `StandardEvaluationContext`, allowing the expression to reach and interact with Java classes such as `java.lang.Runtime`, leading to Remote Code Execution. The `/api/v1/events/subscriptions/validation/condition/` endpoint passes user-controlled data `AlertUtil::validateExpession` allowing authenticated (non-admin) users to execute arbitrary system commands on the underlaying operating system. In addition, there is a missing authorization check since `Authorizer.authorize()` is never called in the affected path and, therefore, any authenticated non-admin user is able to trigger this endpoint and evaluate arbitrary SpEL expressions leading to arbitrary command execution. This vulnerability was discovered with the help of CodeQL's Expression language injection (Spring) query and is also tracked as `GHSL-2023-235`. This issue may lead to Remote Code Execution and has been addressed in version 1.2.4. Users are advised to upgrade. There are no known workarounds for this vulnerability.",2024-03-15 20:15:10.057,Metasploit CVE-2024-28255,9.8,0.00065,"OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The `JwtFilter` handles the API authentication by requiring and verifying JWT tokens. When a new request comes in, the request's path is checked against this list. When the request's path contains any of the excluded endpoints the filter returns without validating the JWT. Unfortunately, an attacker may use Path Parameters to make any path contain any arbitrary strings. For example, a request to `GET /api/v1;v1%2fusers%2flogin/events/subscriptions/validation/condition/111` will match the excluded endpoint condition and therefore will be processed with no JWT validation allowing an attacker to bypass the authentication mechanism and reach any arbitrary endpoint, including the ones listed above that lead to arbitrary SpEL expression injection. This bypass will not work when the endpoint uses the `SecurityContext.getUserPrincipal()` since it will return `null` and will throw an NPE. This issue may lead to authentication bypass and has been addressed in version 1.2.4. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as `GHSL-2023-237`.",2024-03-15 20:15:10.270,Metasploit/Nuclei -CVE-2024-28397,5.3,0.00043,An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call.,2024-06-20 17:15:50.527,Nuclei +CVE-2024-28397,5.3,0.00054,An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call.,2024-06-20 17:15:50.527,Nuclei CVE-2024-28734,6.1,0.00065,Cross Site Scripting vulnerability in Unit4 Financials by Coda prior to 2023Q4 allows a remote attacker to run arbitrary code via a crafted GET request using the cols parameter.,2024-03-19 14:15:07.687,Nuclei CVE-2024-28741,8.8,0.00163,Cross Site Scripting vulnerability in EginDemirbilek NorthStar C2 v1 allows a remote attacker to execute arbitrary code via the login.php component.,2024-04-06 19:15:07.247,Metasploit CVE-2024-2876,9.8,0.00888,"The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'run' function of the 'IG_ES_Subscribers_Query' class in all versions up to, and including, 5.7.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.",2024-05-02 17:15:20.463,Nuclei @@ -6562,9 +6560,9 @@ Users are recommended to upgrade to version 0.95.0, which fixes the issue. ",2024-06-24 10:15:09.387,Nuclei CVE-2024-29889,7.1,0.00049,"GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability in the saved searches feature to alter another user account data take control of it. This vulnerability is fixed in 10.0.15.",2024-05-07 14:15:10.330,Nuclei CVE-2024-29895,10.0,0.00066,"Cacti provides an operational monitoring and fault management framework. A command injection vulnerability on the 1.3.x DEV branch allows any unauthenticated user to execute arbitrary command on the server when `register_argc_argv` option of PHP is `On`. In `cmd_realtime.php` line 119, the `$poller_id` used as part of the command execution is sourced from `$_SERVER['argv']`, which can be controlled by URL when `register_argc_argv` option of PHP is `On`. And this option is `On` by default in many environments such as the main PHP Docker image for PHP. Commit 53e8014d1f082034e0646edc6286cde3800c683d contains a patch for the issue, but this commit was reverted in commit 99633903cad0de5ace636249de16f77e57a3c8fc.",2024-05-14 15:17:15.593,Nuclei -CVE-2024-29972,9.8,0.92775,"** UNSUPPORTED WHEN ASSIGNED ** +CVE-2024-29972,9.8,0.93,"** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the CGI program ""remote_help-cgi"" in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.",2024-06-04 02:15:47.960,Nuclei -CVE-2024-29973,9.8,0.92775,"** UNSUPPORTED WHEN ASSIGNED ** +CVE-2024-29973,9.8,0.93,"** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.",2024-06-04 02:15:48.290,Nuclei CVE-2024-29988,8.8,0.00298,SmartScreen Prompt Security Feature Bypass Vulnerability,2024-04-09 17:16:01.830,CISA CVE-2024-30038,7.8,0.00112,Win32k Elevation of Privilege Vulnerability,2024-05-14 17:17:10.303,Metasploit @@ -6656,7 +6654,7 @@ This old bug became visible after the blamed commit, using UDP sockets.",2024-06 CVE-2024-36991,7.5,0.09787,"In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows.",2024-07-01 17:15:07.860,Nuclei CVE-2024-37032,0.0,0.00066,"Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path, and thus mishandles the TestGetBlobsPath test cases such as fewer than 64 hex digits, more than 64 hex digits, or an initial ../ substring.",2024-05-31 04:15:09.617,Nuclei CVE-2024-37085,7.2,0.01412,VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD.,2024-06-25 15:15:12.377,CISA -CVE-2024-37152,7.5,0.00054,"Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The vulnerability allows unauthorized access to the sensitive settings exposed by /api/v1/settings endpoint without authentication. All sensitive settings are hidden except passwordPattern. This vulnerability is fixed in 2.11.3, 2.10.12, and 2.9.17.",2024-06-06 16:15:13.190,Nuclei +CVE-2024-37152,7.5,0.22439,"Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The vulnerability allows unauthorized access to the sensitive settings exposed by /api/v1/settings endpoint without authentication. All sensitive settings are hidden except passwordPattern. This vulnerability is fixed in 2.11.3, 2.10.12, and 2.9.17.",2024-06-06 16:15:13.190,Nuclei CVE-2024-37393,7.5,0.01301,"Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. An unauthenticated remote attacker could exfiltrate data from Active Directory through blind LDAP injection attacks against the DESKTOP service exposed on the /secserver HTTP endpoint. This may include ms-Mcs-AdmPwd, which has a cleartext password for the Local Administrator Password Solution (LAPS) feature.",2024-06-10 20:15:15.293,Nuclei CVE-2024-3742,7.5,0.00054,Electrolink transmitters store credentials in clear-text. Use of these credentials could allow an attacker to access the system.,2024-04-18 23:15:07.650,Nuclei CVE-2024-37843,9.8,0.69284,Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint.,2024-06-25 21:15:59.770,Nuclei @@ -6726,12 +6724,12 @@ Users are recommended to upgrade to version 18.12.16, which fixes the issue.",20 CVE-2024-45241,7.5,0.00065,"A traversal vulnerability in GeneralDocs.aspx in CentralSquare CryWolf (False Alarm Management) through 2024-08-09 allows unauthenticated attackers to read files outside of the working web directory via the rpt parameter, leading to the disclosure of sensitive information.",2024-08-26 07:15:04.273,Nuclei CVE-2024-45388,7.5,0.00066,"Hoverfly is a lightweight service virtualization/ API simulation / API mocking tool for developers and testers. The `/api/v2/simulation` POST handler allows users to create new simulation views from the contents of a user-specified file. This feature can be abused by an attacker to read arbitrary files from the Hoverfly server. Note that, although the code prevents absolute paths from being specified, an attacker can escape out of the `hf.Cfg.ResponsesBodyFilesPath` base path by using `../` segments and reach any arbitrary files. This issue was found using the Uncontrolled data used in path expression CodeQL query for python. Users are advised to make sure the final path (`filepath.Join(hf.Cfg.ResponsesBodyFilesPath, filePath)`) is contained within the expected base path (`filepath.Join(hf.Cfg.ResponsesBodyFilesPath, ""/"")`). This issue is also tracked as GHSL-2023-274.",2024-09-02 18:15:38.063,Nuclei CVE-2024-4548,9.8,0.0029,"An SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateHDMWYC' message, which is split into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field.",2024-05-06 14:15:08.533,Metasploit -CVE-2024-45507,9.8,0.00514,"Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz. +CVE-2024-45507,9.8,0.55475,"Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue.",2024-09-04 09:15:04.520,Nuclei -CVE-2024-45622,9.8,0.00043,ASIS (aka Aplikasi Sistem Sekolah using CodeIgniter 3) 3.0.0 through 3.2.0 allows index.php username SQL injection for Authentication Bypass.,2024-09-02 19:15:13.170,Nuclei +CVE-2024-45622,9.8,0.00049,ASIS (aka Aplikasi Sistem Sekolah using CodeIgniter 3) 3.0.0 through 3.2.0 allows index.php username SQL injection for Authentication Bypass.,2024-09-02 19:15:13.170,Nuclei CVE-2024-4577,9.8,0.9632,"In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use ""Best-Fit"" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.",2024-06-09 20:15:09.550,EPSS/CISA/Metasploit/Nuclei CVE-2024-4610,7.8,0.15862,"Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r34p0 through r40p0; Valhall GPU Kernel Driver: from r34p0 through r40p0.",2024-06-07 12:15:09.077,CISA CVE-2024-4671,9.6,0.001,Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High),2024-05-14 15:44:15.573,CISA @@ -6804,12 +6802,12 @@ CVE-2024-7593,9.8,0.93709,Incorrect implementation of an authentication algorith CVE-2024-7786,7.5,0.00053,"The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates.",2024-09-04 06:15:17.600,Nuclei CVE-2024-7928,7.5,0.78308,"A vulnerability, which was classified as problematic, has been found in FastAdmin up to 1.3.3.20220121. Affected by this issue is some unknown functionality of the file /index/ajax/lang. The manipulation of the argument lang leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.3.4.20220530 is able to address this issue. It is recommended to upgrade the affected component.",2024-08-19 22:15:06.203,Nuclei CVE-2024-7954,9.8,0.00157,"The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request.",2024-08-23 18:15:07.677,Metasploit/Nuclei -CVE-2024-7965,8.8,0.00159,Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High),2024-08-21 21:15:08.947,CISA +CVE-2024-7965,8.8,0.25833,Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High),2024-08-21 21:15:08.947,CISA CVE-2024-7971,8.8,0.00159,Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. (Chromium security severity: High),2024-08-21 21:15:09.277,CISA CVE-2024-8181,8.1,0.00587,"An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to access API endpoints as an administrator and allow them to access restricted functionality.",2024-08-27 13:15:06.820,Nuclei CVE-2024-8190,7.2,0.15116,An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability.,2024-09-10 21:15:14.697,CISA -CVE-2024-8503,9.8,0.00043,"An unauthenticated attacker can leverage a time-based SQL injection vulnerability in VICIdial to enumerate database records. By default, VICIdial stores plaintext credentials within the database.",2024-09-10 20:15:05.283,Nuclei -CVE-2024-8517,9.8,0.00157,"SPIP before 4.3.2, 4.2.16, and +CVE-2024-8503,9.8,0.00049,"An unauthenticated attacker can leverage a time-based SQL injection vulnerability in VICIdial to enumerate database records. By default, VICIdial stores plaintext credentials within the database.",2024-09-10 20:15:05.283,Nuclei +CVE-2024-8517,9.8,0.66301,"SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request.",2024-09-06 16:15:03.793,Metasploit/Nuclei CVE-2024-8752,0.0,0.00053,The Windows version of WebIQ 2.15.9 is affected by a directory traversal vulnerability that allows remote attackers to read any file on the system.,2024-09-16 16:15:14.040,Nuclei diff --git a/secpatch.ipynb b/secpatch.ipynb index cc05d8d..6e38515 100644 --- a/secpatch.ipynb +++ b/secpatch.ipynb @@ -5,10 +5,10 @@ "execution_count": 1, "metadata": { "execution": { - "iopub.execute_input": "2024-09-19T06:25:34.464113Z", - "iopub.status.busy": "2024-09-19T06:25:34.463701Z", - "iopub.status.idle": "2024-09-19T06:25:35.424455Z", - "shell.execute_reply": "2024-09-19T06:25:35.423908Z" + "iopub.execute_input": "2024-09-19T12:34:26.868839Z", + "iopub.status.busy": "2024-09-19T12:34:26.868674Z", + "iopub.status.idle": "2024-09-19T12:34:27.884408Z", + "shell.execute_reply": "2024-09-19T12:34:27.883722Z" } }, "outputs": [], @@ -33,10 +33,10 @@ "execution_count": 2, "metadata": { "execution": { - "iopub.execute_input": "2024-09-19T06:25:35.426618Z", - "iopub.status.busy": "2024-09-19T06:25:35.426207Z", - "iopub.status.idle": "2024-09-19T06:25:35.436817Z", - "shell.execute_reply": "2024-09-19T06:25:35.436348Z" + "iopub.execute_input": "2024-09-19T12:34:27.886735Z", + "iopub.status.busy": "2024-09-19T12:34:27.886345Z", + "iopub.status.idle": "2024-09-19T12:34:27.897086Z", + "shell.execute_reply": "2024-09-19T12:34:27.896493Z" } }, "outputs": [], @@ -57,10 +57,10 @@ "execution_count": 3, "metadata": { "execution": { - "iopub.execute_input": "2024-09-19T06:25:35.438689Z", - "iopub.status.busy": "2024-09-19T06:25:35.438337Z", - "iopub.status.idle": "2024-09-19T06:25:35.451071Z", - "shell.execute_reply": "2024-09-19T06:25:35.450657Z" + "iopub.execute_input": "2024-09-19T12:34:27.899167Z", + "iopub.status.busy": "2024-09-19T12:34:27.898808Z", + "iopub.status.idle": "2024-09-19T12:34:27.912831Z", + "shell.execute_reply": "2024-09-19T12:34:27.912277Z" } }, "outputs": [], @@ -76,10 +76,10 @@ "execution_count": 4, "metadata": { "execution": { - "iopub.execute_input": "2024-09-19T06:25:35.452798Z", - "iopub.status.busy": "2024-09-19T06:25:35.452440Z", - "iopub.status.idle": "2024-09-19T06:25:35.558473Z", - "shell.execute_reply": "2024-09-19T06:25:35.557861Z" + "iopub.execute_input": "2024-09-19T12:34:27.914777Z", + "iopub.status.busy": "2024-09-19T12:34:27.914476Z", + "iopub.status.idle": "2024-09-19T12:34:28.024268Z", + "shell.execute_reply": "2024-09-19T12:34:28.023634Z" } }, "outputs": [ @@ -87,7 +87,7 @@ "name": "stderr", "output_type": "stream", "text": [ - "/tmp/ipykernel_3745/298683809.py:5: SettingWithCopyWarning: \n", + "/tmp/ipykernel_3703/298683809.py:5: SettingWithCopyWarning: \n", "A value is trying to be set on a copy of a slice from a DataFrame.\n", "Try using .loc[row_indexer,col_indexer] = value instead\n", "\n", @@ -110,10 +110,10 @@ "execution_count": 5, "metadata": { "execution": { - "iopub.execute_input": "2024-09-19T06:25:35.593933Z", - "iopub.status.busy": "2024-09-19T06:25:35.593599Z", - "iopub.status.idle": "2024-09-19T06:25:35.666162Z", - "shell.execute_reply": "2024-09-19T06:25:35.665567Z" + "iopub.execute_input": "2024-09-19T12:34:28.059402Z", + "iopub.status.busy": "2024-09-19T12:34:28.058984Z", + "iopub.status.idle": "2024-09-19T12:34:28.132056Z", + "shell.execute_reply": "2024-09-19T12:34:28.131423Z" } }, "outputs": [], @@ -127,10 +127,10 @@ "execution_count": 6, "metadata": { "execution": { - "iopub.execute_input": "2024-09-19T06:25:35.668268Z", - "iopub.status.busy": "2024-09-19T06:25:35.667857Z", - "iopub.status.idle": "2024-09-19T06:25:57.433382Z", - "shell.execute_reply": "2024-09-19T06:25:57.432810Z" + "iopub.execute_input": "2024-09-19T12:34:28.134223Z", + "iopub.status.busy": "2024-09-19T12:34:28.133873Z", + "iopub.status.idle": "2024-09-19T12:34:51.005793Z", + "shell.execute_reply": "2024-09-19T12:34:51.005087Z" } }, "outputs": [], @@ -225,10 +225,10 @@ "execution_count": 7, "metadata": { "execution": { - "iopub.execute_input": "2024-09-19T06:25:57.435385Z", - "iopub.status.busy": "2024-09-19T06:25:57.435195Z", - "iopub.status.idle": "2024-09-19T06:25:57.617441Z", - "shell.execute_reply": "2024-09-19T06:25:57.616807Z" + "iopub.execute_input": "2024-09-19T12:34:51.007895Z", + "iopub.status.busy": "2024-09-19T12:34:51.007691Z", + "iopub.status.idle": "2024-09-19T12:34:51.199195Z", + "shell.execute_reply": "2024-09-19T12:34:51.198602Z" } }, "outputs": [],