CWE:
 

Sorry. No results for Bugtraq WLB2


CVEMAP Search Results

CVE
Details
Description
2018-12-21
Medium
CVE-2018-19322

Vendor: Gigabyte
Software: Aorus graphi...
 

 
The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE v1.33 and earlier, XTREME GAMING ENGINE v1.25 and earlier, and OC GURU II v2.08 expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges.

 
2018-12-20
Medium
CVE-2018-16627

Vendor: Getkirby
Software: Kirby
 

 
panel/login in Kirby v2.5.12 allows Host header injection via the "forget password" feature.

 
Medium
CVE-2018-1000854

Vendor: Esigate
Software: Esigate
 

 
esigate.org esigate version 5.2 and earlier contains a CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in ESI directive with user specified XSLT that can result in Remote Code Execution. This attack appear to be exploitable via Use of another weakness in backend application to reflect ESI directives. This vulnerability appears to have been fixed in 5.3.

 
2018-12-07
Low
CVE-2018-1896

Vendor: IBM
Software: Connections
 

 
IBM Connections 5.0, 5.5, and 6.0 is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain. IBM X-Force ID: 152456.

 
2018-11-15
Low
CVE-2018-19289

Vendor: Valine
Software: Valine
 

 
An issue was discovered in Valine v1.3.3. It allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in conjunction with a .pdf file.

 
2018-10-10
Low
CVE-2018-18207

Vendor: Virtualmin
Software: Virtualmin
 

 
Virtualmin 6.03 allows Frame Injection via the settings-editor_read.cgi file parameter.

 
2018-10-02
Medium
CVE-2018-11072

Updating...
 

 
Dell Digital Delivery versions prior to 3.5.1 contain a DLL Injection Vulnerability. A local authenticated malicious user with advance knowledge of the application workflow could potentially load and execute a malicious DLL with administrator privileges.

 
2018-09-26
Medium
CVE-2018-17538

Vendor: AXON
Software: Evidence sync
 

 
** DISPUTED ** Axon (formerly TASER International) Evidence Sync 3.15.89 is vulnerable to process injection. NOTE: the vendor's position is that this CVE is not associated with information that supports any finding of any type of vulnerability.

 
2018-09-12
Medium
CVE-2018-12160

Vendor: Intel
Software: Data migrati...
 

 
DLL injection vulnerability in software installer for Intel Data Center Migration Center Software v3.1 and before may allow an authenticated user to potentially execute code using default directory permissions via local access.

 
2018-09-07
Low
CVE-2017-1115

Vendor: IBM
Software: Campaign
 

 
IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 121153.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top