Page 41 of 8851 results (0.019 seconds)

CVSS: 5.6EPSS: 0%CPEs: -EXPL: 0

Insecure permissions in the sys_exec function of Oracle MYSQL MariaDB v10.5 allows authenticated attackers to execute arbitrary commands with elevated privileges. Insecure permissions in the sys_exec function of MariaDB v10.5 allows authenticated attackers to execute arbitrary commands with elevated privileges. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed. • https://github.com/Ant1sec-ops/CVE-2023-39593 https://seclists.org/fulldisclosure/2012/Dec/39 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.7EPSS: 0%CPEs: -EXPL: 1

An issue in MYSQL MariaDB v.11.1 allows a remote attacker to execute arbitrary code via the lib_mysqludf_sys.so function. An issue in MariaDB v.11.1 allows a remote attacker to execute arbitrary code via the lib_mysqludf_sys.so function. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed. • https://github.com/Ant1sec-ops/CVE-2024-27766 https://seclists.org/fulldisclosure/2012/Dec/39 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0

Untrusted Search Path vulnerability in OpenTextâ„¢ Application Lifecycle Management (ALM),Quality Center allows Code Inclusion. The vulnerability allows a user to archive a malicious DLLs on the system prior to the installation.   This issue affects Application Lifecycle Management (ALM),Quality Center: 15.00, 15.01, 15.01 P1, 15.01 P2, 15.01 P3, 15.01 P4, 15.01 P5, 15.51, 15.51 P1, 15.51 P2, 15.51 P3, 16.00, 16.01 P1. La vulnerabilidad de ruta de búsqueda no confiable en OpenTextâ„¢ Application Lifecycle Management (ALM),Quality Center permite la inclusión de código. La vulnerabilidad permite a un usuario archivar archivos DLL maliciosos en el sistema antes de la instalación. • https://portal.microfocus.com/s/article/KM000024386?language=en_US • CWE-426: Untrusted Search Path •

CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0

A Reflected Cross Site Scripting (XSS) vulnerability was found in /trms/listed- teachers.php in PHPGurukul Teachers Record Management System v2.1, which allows remote attackers to execute arbitrary code via "searchinput" POST request parameter. Se encontró una vulnerabilidad de cross-site scripting (XSS) reflejado en /trms/listed-teachers.php en PHPGurukul Teachers Record Management System v2.1, que permite a atacantes remotos ejecutar código arbitrario a través del parámetro de solicitud POST "searchinput". • https://github.com/vkcyberexpert/CVE-Writeup/blob/main/PHPGurukul/Teachers%20Record/Reflected%20XSS.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0

The ee-class from FormosaSoft does not properly validate a specific page parameter, allowing remote attackers with regular privileges to upload a malicious PHP file first and then exploit this vulnerability to include the file, resulting in arbitrary code execution on the server. • https://www.twcert.org.tw/en/cp-139-8145-15bea-2.html https://www.twcert.org.tw/tw/cp-132-8144-2885b-1.html • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •