VIR Vulnerability Intelligence Relay

Search

Found 878 results in 350ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2015-1427 unknown 2.5 KEVEXP 4y ago The Groovy scripting engine in Elasticsearch allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands.
CVE-2016-4437 unknown 2.5 KEVEXPFIX debian debian 4y ago Apache Shiro contains a vulnerability which may allow remote attackers to execute code or bypass intended access restrictions via an unspecified request parameter when a cipher key has not been confi…
CVE-2008-5518 unknown 1.0 EXP 4y ago Apache Geronimo Application Server multiple directory traversal vulnerabilities
CVE-2008-5619 unknown 1.0 EXPFIX debian debian 4y ago html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail (roundcubemail) 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attack…
CVE-2016-7201 unknown 2.5 KEVEXP 4y ago The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.
CVE-2016-7200 unknown 2.5 KEVEXP 4y ago The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.
CVE-2018-1306 unknown 1.0 EXP 4y ago Exposure of Sensitive Information in Apache Pluto
CVE-2018-8718 unknown 1.0 EXP 4y ago Cross-Site Request Forgery in Jenkins Mailer Plugin
CVE-2016-3088 unknown 2.5 KEVEXPFIX debian debian 4y ago The Fileserver web application in Apache ActiveMQ allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request
CVE-2017-12617 unknown 2.5 KEVEXP sles 4y ago When running Apache Tomcat, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the serv…
CVE-2018-15133 unknown 2.5 KEVEXPFIX debian debian 4y ago Laravel Framework contains a deserialization of untrusted data vulnerability, allowing for remote command execution. This vulnerability may only be exploited if a malicious user has accessed the appl…
CVE-2018-10054 unknown 1.0 EXP sles 4y ago Improper Input Validation in Datomic
CVE-2017-9791 unknown 2.5 KEVEXP 4y ago The Struts 1 plugin in Apache Struts might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.
CVE-2018-8298 unknown 2.5 KEVEXP 4y ago The ChakraCore scripting engine contains a type confusion vulnerability which can allow for remote code execution.
CVE-2019-1003002 unknown 1.0 EXP 4y ago Jenkins Pipeline Declarative Plugin sandbox bypass vulnerability
CVE-2019-1003001 unknown 1.0 EXP 4y ago Jenkins Groovy Plugin sandbox bypass vulnerability
CVE-2019-1003000 unknown 1.0 EXP 4y ago Protection Mechanism Failure in Jenkins Script Security Plugin
CVE-2019-1003030 unknown 2.5 KEVEXP 4y ago Jenkins Matrix Project plugin contains a vulnerability which can allow users to escape the sandbox, opening opportunity to perform remote code execution.
CVE-2013-2251 unknown 2.5 KEVEXP 4y ago Apache Struts allows remote attackers to execute arbitrary Object-Graph Navigation Language (OGNL) expressions.
CVE-2019-6804 unknown 1.0 EXP 4y ago Rundeck Community Edition vulnerable to Cross-site Scripting
CVE-2017-8046 unknown 1.0 EXP 4y ago Remote code execution in PATCH requests in Spring Data REST
CVE-2017-1000353 unknown 2.5 KEVEXP 4y ago Jenkins contains a remote code execution vulnerability. This vulnerability that could allowed attackers to transfer a serialized Java SignedObject object to the remoting-based Jenkins CLI, that would…
CVE-2018-1000861 unknown 2.5 KEVEXP 4y ago A code execution vulnerability exists in the Stapler web framework used by Jenkins
CVE-2019-1003029 unknown 2.5 KEVEXP 4y ago Jenkins Script Security Plugin contains a protection mechanism failure, allowing an attacker to bypass the sandbox.
CVE-2019-1003005 unknown 1.0 EXP 4y ago Sandbox Bypass in Script Security Plugin
CVE-2022-29885 unknown 1.0 EXPFIX slesdebian debian 4y ago The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to r…
CVE-2022-1388 unknown 2.5 KEVEXP 4y ago F5 BIG-IP contains a missing authentication in critical function vulnerability which can allow for remote code execution, creation or deletion of files, or disabling services.
CVE-2012-0391 unknown 2.5 KEVEXP 4y ago The ExceptionDelegator component in Apache Struts 2 before 2.2.3.1 contains an improper input validation vulnerability that allows for remote code execution.
CVE-2014-4113 unknown 2.5 KEVEXP 4y ago Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
CVE-2014-0322 unknown 2.5 KEVEXP 4y ago Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute code.
CVE-2014-0160 unknown 2.5 KEVEXPFIX debian debian 4y ago The TLS and DTLS implementations in OpenSSL do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information.
CVE-2009-1595 unknown 1.0 EXP 4y ago Ignite Realtime Openfire Allows Users to Change Passwords of Arbitrary Accounts
CVE-2009-1523 unknown 1.0 EXP 4y ago Directory traversal in Mort Bay Jetty
CVE-2009-0580 unknown 1.0 EXP 4y ago Exposure of Sensitive Information in Apache Tomcat
CVE-2009-0039 unknown 1.0 EXP 4y ago Apache Geronimo Application Server CSRF vulnerabilities
CVE-2009-0038 unknown 1.0 EXP 4y ago Apache Geronimo Application Server multiple cross-site scripting (XSS) vulnerabilities
CVE-2009-0026 unknown 1.0 EXP 4y ago Apache Jackrabbit contains Cross-site Scripting
CVE-2008-2938 unknown 1.0 EXP 4y ago Apache Tomcat Directory Traversal vulnerability
CVE-2008-2370 unknown 1.0 EXP 4y ago Apache Tomcat Path Traversal Vulnerability
CVE-2008-1510 unknown 1.0 EXP 4y ago Alkacon OpenCMS XSS via searchfilter or listSearchFilter parameter
CVE-2008-1301 unknown 1.0 EXP 4y ago Alkacon OpenCMS Absolute Path Traversal via pathname in filePath.0 parameter
CVE-2008-1300 unknown 1.0 EXP 4y ago Alkacon Open CMS XSS via Logfile Viewer Settings function
CVE-2008-1232 unknown 1.0 EXP 4y ago Apache Tomcat Cross-site scripting (XSS) vulnerability
CVE-2008-1045 unknown 1.0 EXP 4y ago Alkacon OpenCMS XSS via file tree navigation in system/workplace/views/explorer/tree_files.jsp
CVE-2007-5461 unknown 1.0 EXP 4y ago Apache Tomcat Path Traversal Vulnerability
CVE-2007-5333 unknown 1.0 EXP 4y ago Exposure of Sensitive Information in Apache Tomcat
CVE-2007-3382 unknown 1.0 EXP 4y ago Apache Tomcat treats single quotes as delimiters in cookies
CVE-2007-2449 unknown 1.0 EXP 4y ago Apache Tomcat XSS Vulnerabilities in Examples Web Application
CVE-2007-2353 unknown 1.0 EXP debian debian 4y ago Apache Axis allows Exposure of Sensitive Information to an Unauthorized Actor
CVE-2007-1355 unknown 1.0 EXP 4y ago Apache Tomcat Vulnerable to Cross-Site Scripting
CVE-2007-0450 unknown 1.0 EXP 4y ago Apache Tomcat Directory Traversal
CVE-2006-7196 unknown 1.0 EXP 4y ago Cross-site scripting in Apache Tomcat
CVE-2006-3835 unknown 1.0 EXP 4y ago Apache Tomcat Reveals Directories
CVE-2006-2758 unknown 1.0 EXP sles 4y ago Jetty Directory Traversal Vulnerability
CVE-2006-0254 unknown 1.0 EXP 4y ago Apache Geronimo console 1.0 vulnerable to cross-site scripting
CVE-2005-4703 unknown 1.0 EXP 4y ago Apache Tomcat Discloses MS-DOS Pathname
CVE-2005-3747 unknown 1.0 EXP sles 4y ago Mortbay Jetty Discloses JSP Source Code
CVE-2005-3745 unknown 1.0 EXP 4y ago Apache Struts Cross-site scripting Vulnerability
CVE-2002-2272 unknown 1.0 EXP 4y ago Apache Tomcat DoS via Malicious Get Request
CVE-2002-2006 unknown 1.0 EXP 4y ago Apache Tomcat Default Installation Reveals Sensitive Information
CVE-2002-1567 unknown 1.0 EXP 4y ago Apache Tomcat XSS Vulnerability
CVE-2002-1533 unknown 1.0 EXP 4y ago Jetty Javascript Inclusion Vulnerability
CVE-2002-1148 unknown 1.0 EXP 4y ago Apache Tomcat Source Code Disclosure
CVE-2001-0590 unknown 1.0 EXP 4y ago Apache Tomcat Allows Source Disclosure
CVE-2000-0759 unknown 1.0 EXP 4y ago Jakarta Apache Tomcat Reveals Physical Paths
CVE-2003-0866 unknown 1.0 EXP 4y ago Apache Tomcat Denial of Service vulnerability in the Catalina package
CVE-2003-0042 unknown 1.0 EXP 4y ago Jakarta Tomcat Directory Listing vulnerability
CVE-2022-29464 unknown 2.5 KEVEXP 4y ago Multiple WSO2 products allow for unrestricted file upload, resulting in remote code execution.
CVE-2022-26904 unknown 2.5 KEVEXP 4y ago Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.
CVE-2012-1592 unknown 1.0 EXP 4y ago Unrestricted Upload of File with Dangerous Type in Apache Struts2
CVE-2011-3923 unknown 1.0 EXP 4y ago Struts ParameterInterceptor vulnerability allows remote command execution
CVE-2022-22960 unknown 2.5 KEVEXP 4y ago VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts.
CVE-2019-3929 unknown 2.5 KEVEXP 4y ago Multiple Crestron products are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system comma…
CVE-2018-7841 unknown 2.5 KEVEXP 4y ago A SQL Injection vulnerability exists in U.motion Builder software which could cause unwanted code execution when an improper set of characters is entered.
CVE-2014-0780 unknown 2.5 KEVEXP 4y ago InduSoft Web Studio NTWebServer contains a directory traversal vulnerability that allows remote attackers to read administrative passwords in APP files, allowing for remote code execution.
CVE-2007-3010 unknown 2.5 KEVEXP 4y ago masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server allows remote attackers to execute arbitrary commands.
CVE-2022-22954 unknown 2.5 KEVEXP 4y ago VMware Workspace ONE Access and Identity Manager allow for remote code execution due to server-side template injection.
CVE-2015-5122 unknown 2.5 KEVEXP 4y ago Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS).
CVE-2015-3113 unknown 2.5 KEVEXP 4y ago Heap-based buffer overflow vulnerability in Adobe Flash Player allows remote attackers to execute code.
CVE-2015-0313 unknown 2.5 KEVEXP 4y ago Use-after-free vulnerability in Adobe Flash Player allows remote attackers to execute code.
CVE-2015-0311 unknown 2.5 KEVEXP 4y ago Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute code.
CVE-2017-11317 unknown 2.5 KEVEXP 4y ago Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX allows remote attackers to perform arbitrary file uploads or execute arbitrary code.
CVE-2021-31166 unknown 2.5 KEVEXP 4y ago Microsoft HTTP Protocol Stack contains a vulnerability in http.sys that allows for remote code execution.
CVE-2017-0148 unknown 2.5 KEVEXP 4y ago The SMBv1 server in Microsoft allows remote attackers to execute arbitrary code via crafted packets.
CVE-2022-22963 unknown 2.5 KEVEXP 4y ago When using routing functionality in VMware Tanzu's Spring Cloud Function, it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code executio…
CVE-2022-22965 unknown 2.5 KEVEXP debian debian 4y ago Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.
CVE-2022-1040 unknown 2.5 KEVEXP 4y ago An authentication bypass vulnerability in User Portal and Webadmin of Sophos Firewall allows for remote code execution.
CVE-2021-21551 unknown 2.5 KEVEXP 4y ago Dell dbutil driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial-of-service (DoS), or information disclosure.
CVE-2018-10562 unknown 2.5 KEVEXP 4y ago Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10561, exploitation can allow an attacker to perform remote code execution.
CVE-2018-10561 unknown 2.5 KEVEXP 4y ago Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10562, exploitation can allow an attacker to perform remote code execution.
CVE-2022-0543 unknown 2.5 KEVEXPFIX debian debian 4y ago Redis is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.
CVE-2021-26085 unknown 2.5 KEVEXP 4y ago Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a pre-authorization arbitrary file read vulnerability in the /s/ endpoint.
CVE-2018-8440 unknown 2.5 KEVEXP 4y ago An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).
CVE-2017-0213 unknown 2.5 KEVEXP 4y ago Microsoft Windows COM Aggregate Marshaler allows for privilege escalation when an attacker runs a specially crafted application.
CVE-2017-0059 unknown 2.5 KEVEXP 4y ago Microsoft Internet Explorer allow remote attackers to obtain sensitive information from process memory via a crafted web site.
CVE-2017-0037 unknown 2.5 KEVEXP 4y ago Microsoft Edge and Internet Explorer have a type confusion vulnerability in mshtml.dll, which allows remote code execution.
CVE-2016-0189 unknown 2.5 KEVEXP 4y ago The Microsoft JScript nd VBScript engines, as used in Internet Explorer and other products, allow attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web s…
CVE-2016-0151 unknown 2.5 KEVEXP 4y ago The Client-Server Run-time Subsystem (CSRSS) in Microsoft mismanages process tokens, which allows local users to gain privileges via a crafted application.
CVE-2016-0040 unknown 2.5 KEVEXP 4y ago The kernel in Microsoft Windows allows local users to gain privileges via a crafted application.
CVE-2015-2426 unknown 2.5 KEVEXP 4y ago A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts.