| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| CMSimple 5.4 is vulnerable to Directory Traversal. The vulnerability exists when a user changes the file name to malicious file on config.php leading to remote code execution. |
| CmsWing CMS 1.3.7 is affected by a Remote Code Execution (RCE) vulnerability via parameter: log rule |
| Leanote 2.7.0 is vulnerable to Cross Site Scripting (XSS) in the markdown type note. This leads to remote code execution with payload : <video src=x onerror=(function(){require('child_process').exec('calc');})();> |
| Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple parameters in add_patient.php. As a result, an authenticated malicious user can compromise the databases system and in some cases leverage this vulnerability to get remote code execution on the remote web server. |
| An issue was discovered in Spiceworks Help Desk Server before 1.3.3. A Blind Boolean SQL injection vulnerability within the order_by_for_ticket function in app/models/reporting/database_query.rb allows an authenticated attacker to execute arbitrary SQL commands via the sort parameter. This can be leveraged to leak local files from the host system, leading to remote code execution (RCE) through deserialization of malicious data. |
| A stack-based buffer overflow in image_load_bmp() in HTMLDOC <= 1.9.13 results in remote code execution if the victim converts an HTML document linking to a crafted BMP file. |
| An issue was discovered in the pixxio (aka pixx.io integration or DAM) extension before 1.0.6 for TYPO3. The extension fails to restrict the image download to the configured pixx.io DAM URL, resulting in SSRF. As a result, an attacker can download various content from a remote location and save it to a user-controlled filename, which may result in Remote Code Execution. A TYPO3 backend user account is required to exploit this. |
| mySCADA myDESIGNER Versions 8.20.0 and prior fails to properly validate contents of an imported project file, which may make the product vulnerable to a path traversal payload. This vulnerability may allow an attacker to plant files on the file system in arbitrary locations or overwrite existing files, resulting in remote code execution. |
| A Remote Code Execution (RCE) vulnerability exists in Simple Client Management System 1.0 in create.php due to the failure to validate the extension of the file being sent in a request. |
| A Remote Code Execution (RCE) vulnerability exists in The-Secretary 2.5 via install.php. |
| In the thymeleaf-spring5:3.0.12 component, thymeleaf combined with specific scenarios in template injection may lead to remote code execution. |
| Microsoft Excel Remote Code Execution Vulnerability |
| Windows Fax Service Remote Code Execution Vulnerability |
| Remote Desktop Client Remote Code Execution Vulnerability |
| Windows Event Tracing Remote Code Execution Vulnerability |
| Bot Framework SDK Remote Code Execution Vulnerability |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
| Windows Encrypting File System (EFS) Remote Code Execution Vulnerability |
| iSNS Server Memory Corruption Vulnerability Can Lead to Remote Code Execution |
| Web Media Extensions Remote Code Execution Vulnerability |
