CVE Catalog

A cross-site scripting (XSS) vulnerability has been identified in Amazon AWS JavaScript S3 Explorer (aws-js-s3-explorer) version 2 alpha prior to August 2, 2019. The issue arises in explorer.js, where user input is not properly sanitized, allowing for the injection of malicious scripts under certain conditions.

A denial-of-service vulnerability has been identified in F5 BIG-IP Virtual Edition (VE) instances running versions 15.0.0-15.0.1.1 and 14.1.0-14.1.2.2. When these instances process specially crafted traffic with the default 'xnet' driver, they may experience a Traffic Management Microkernel (TMM) restart. This issue does not affect BIG-IP VEs in other virtual environments or hardware appliances.

A cross-site scripting (XSS) vulnerability has been identified in the Auth0 wp-auth0 plugin for WordPress, specifically in versions 3.11.x prior to 3.11.3. The issue arises from a wle parameter related to the wp-login.php file, allowing for the injection of malicious scripts.

A cross-site scripting (XSS) vulnerability exists in Auth0 Lock versions prior to 11.21.0. The issue arises when the 'additionalSignUpFields' feature is used with an untrusted placeholder, allowing for the injection of malicious scripts.

A remote code execution vulnerability exists in Angular Expressions versions prior to 1.0.1. The issue arises when user-controlled input is passed to the `expressions.compile()` function. In a browser environment, this could allow an attacker to execute arbitrary scripts. On the server side, any JavaScript expression could be executed, leading to remote code execution.

A stored client-side template injection vulnerability has been identified in the SolarWinds Orion Platform version 2019.2 HF1. This vulnerability allows an attacker to inject an Angular expression, escaping the Angular sandbox to achieve stored cross-site scripting. The consequence of this vulnerability could lead to privilege escalation.

A reflected client-side template injection vulnerability has been identified in the SolarWinds Orion Platform version 2019.2 HF1. This vulnerability allows an attacker to inject an Angular expression that escapes the Angular sandbox, potentially leading to stored cross-site scripting (XSS) attacks.

A vulnerability in EllisLab CodeIgniter version 2.1.2 allows remote attackers to bypass the xss_clean() filter, potentially leading to cross-site scripting (XSS) attacks.

A SQL injection filter bypass vulnerability has been identified in Imperva SecureSphere Web Application Firewall (WAF) versions prior to August 12, 2010. This vulnerability allows attackers to evade SQL injection protections by exploiting a typo in the WAF's SQL injection detection rules. The bypass is achieved by appending a crafted string that manipulates the WAF's filtering mechanism, enabling potentially malicious SQL injection payloads to be processed without detection.

A cross-site scripting (XSS) vulnerability exists in all Angular versions prior to 1.5.0-beta.0. This issue arises because the framework does not properly sanitize 'xlink:href' attributes, allowing malicious scripts to be injected and executed in the context of the user.

A remote code execution vulnerability has been identified in Apache Solr versions 5.0.0 through 8.3.1. The issue arises in the VelocityResponseWriter component, where an attacker can exploit custom Velocity templates. While parameter-provided templates are disabled by default, they can be enabled by configuring 'params.resource.loader.enabled' to true, allowing the execution of malicious templates. This vulnerability is particularly concerning as it has been reported to cause crashes in the Solr process, leading to service disruptions.

A directory traversal vulnerability allowing remote code execution has been identified in Citrix Application Delivery Controller (ADC) and Gateway versions 10.5, 11.1, 12.0, 12.1, and 13.0. This vulnerability allows an unauthenticated attacker to access and execute arbitrary code on the affected system by exploiting the directory traversal flaw.

A remote code execution vulnerability exists in mongo-express versions prior to 0.54.0. The issue arises in endpoints that utilize the 'toBSON' method, allowing for the execution of commands through a misuse of the 'vm' dependency in an unsafe environment.

A use-after-free vulnerability has been identified in multiple Apple products, including iOS, macOS, tvOS, and watchOS. This vulnerability allows a malicious application to execute arbitrary code with system privileges. The issue arises from improper memory management, leading to memory corruption.

A use-after-free vulnerability has been identified in Apple macOS, specifically in versions prior to 10.14.4. This vulnerability allows a malicious application to gain elevated privileges. The issue arises from improper memory management, which creates opportunities for exploitation.

A buffer underflow vulnerability has been identified in the PHP FastCGI Process Manager (FPM) component, specifically in PHP versions 7.1.x prior to 7.1.33, 7.2.x prior to 7.2.24, and 7.3.x prior to 7.3.11. In certain FPM configurations, the vulnerability allows for writing past allocated buffers into the space reserved for FastCGI protocol data, creating an opportunity for remote code execution.

A remote code execution vulnerability has been identified in vBulletin versions 5.0.0 prior to 5.5.4. The issue arises from the widgetConfig[code] parameter in an ajax/render/widget_php routestring POST request, allowing unauthenticated attackers to execute arbitrary PHP code on the server.

A remote code execution vulnerability has been identified in Apache Solr versions prior to 8.2.0, specifically within the DataImportHandler module. This vulnerability arises because the 'dataConfig' parameter can be used to inject malicious scripts into the DataImportHandler configuration. Although the 'dataConfig' parameter is disabled by default in Solr 8.2.0 and later, it remains a security risk in previous versions.

A deserialization vulnerability has been identified in the anti-CSRF module of Sitecore CMS and Experience Platform (XP) versions through 9.1. This vulnerability allows an authenticated attacker to execute arbitrary code by sending a serialized .NET object in an HTTP POST parameter. In Sitecore versions 8.x, this vulnerability can be exploited without authentication, while in versions 9.x prior to 9.1.1, authentication is required.

A deserialization vulnerability has been identified in the Sitecore.Security.AntiCSRF module, affecting Sitecore CMS versions 7.0 to 7.2 and Sitecore XP versions 7.5 to 8.2. This vulnerability allows an unauthenticated attacker to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter '__CSRFTOKEN'. The issue arises because the CSRF protection module expects a serialized object, which can be manipulated to create valid .NET objects that, when deserialized, lead to code execution on the server.

A remote code execution vulnerability exists in Citrix Workspace App and Citrix Receiver for Windows, prior to version 1904. This issue arises from incorrect access control, allowing local drive access preferences to be exploited. As a result, malicious code could potentially be executed remotely.

A privilege escalation vulnerability has been identified in Apache HTTP Server versions 2.4.17 prior to 2.4.39. This issue occurs in the event, worker, or prefork Multi-Processing Modules (MPMs). The vulnerability allows code running in less-privileged child processes or threads, including those executing CGI scripts or using an in-process scripting interpreter, to execute arbitrary code with the privileges of the parent process, typically root. The exploitation is achieved by manipulating the scoreboard, which can lead to unauthorized access or modifications. Non-Unix systems are not affected.

A memory corruption vulnerability has been identified in various Apple products, including iOS, macOS Mojave, tvOS, and watchOS. This vulnerability, present in versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, and watchOS 5, can allow a malicious application to execute arbitrary code with system or kernel privileges. The issue arises from improper memory handling and input validation, creating opportunities for exploitation.

A file content disclosure vulnerability has been identified in Ruby on Rails versions 5.2.1, 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1, and v3. This vulnerability allows arbitrary files on the server's filesystem to be accessed and their contents exposed. The issue arises in Action View when specially crafted accept headers are used with calls to 'render file:', without a specified accept format. As a result, the contents of the targeted files are rendered and disclosed.

A stored cross-site scripting vulnerability has been identified in the WordPress Social Warfare plugin, affecting versions prior to 3.5.3. The issue arises in the wp-admin/admin-post.php file, where the swp_url parameter is not properly sanitized. This flaw allows attackers to inject malicious JavaScript that is executed in the context of the user visiting the site, potentially leading to remote code execution.

A logic issue in Group FaceTime calls on Apple devices running iOS 12.1.4 or macOS Mojave 10.14.3 may allow the caller to cause the recipient's device to answer the call without user interaction. This vulnerability was addressed with improved state management.

A remote code execution vulnerability exists in ThinkPHP versions prior to 3.2.4, including version 5.0.23. This vulnerability is also present in Open Source BMS version 1.1.1. The issue arises from a PHP injection vulnerability that allows attackers to execute arbitrary commands on the server via a crafted HTTP request. Exploitation involves invoking a PHP function that executes system commands, which can lead to unauthorized command execution on the server.

A remote code execution vulnerability exists in Drupal Core versions 8.5.x prior to 8.5.11 and 8.6.x prior to 8.6.10. Certain field types fail to adequately sanitize data from non-form sources, which can lead to arbitrary PHP code execution. This vulnerability is triggered when the Drupal 8 core RESTful Web Services module is enabled and allows PATCH or POST requests, or when another web services module, such as JSON:API in Drupal 8 or Services or RESTful Web Services in Drupal 7, is active.

A remote code execution vulnerability exists in ThinkPHP versions through 5.0.23, specifically within the NoneCms application version 1.3. The issue arises from improper handling of the filter parameter, which can be exploited by sending a crafted query string. This vulnerability allows attackers to execute arbitrary PHP code on the server.

A vulnerability exists in the RichFaces Framework versions 3.0 through 3.3.4, allowing for Expression Language (EL) injection via the UserResource resource. This issue enables remote, unauthenticated attackers to execute arbitrary code by exploiting a chain of Java serialized objects through org.ajax4jsf.resource.UserResource$UriData.

A remote code execution vulnerability exists in Apache Struts versions 2.3 prior to 2.3.35 and 2.5 prior to 2.5.17. The issue arises when the 'alwaysSelectFullNamespace' option is enabled, either by the user or a plugin such as the Convention Plugin. Under these conditions, if results are processed without a specified namespace and the upper package lacks a namespace or uses a wildcard, the vulnerability can be exploited. This also applies when the 'url' tag is used without a value or action, while its upper package has no or a wildcard namespace.

A remote code execution vulnerability exists in Laravel Framework versions through 5.5.40 and 5.6.x prior to 5.6.30. The issue arises from an insecure unserialize operation on the X-XSRF-TOKEN cookie, which can be manipulated if the attacker knows the application encryption key. Exploitation involves crafting a token that, when unserialized, executes arbitrary code on the server.

A remote code execution vulnerability has been identified in Drupal Core versions 7.0 prior to 7.59, 8.0.0 prior to 8.4.8, and 8.5.0 prior to 8.5.3. This vulnerability exists within multiple subsystems of Drupal and allows attackers to exploit various attack vectors, potentially compromising the affected site. The vulnerability is actively being exploited in the wild.

A vulnerability exists in the web interface of Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software. This vulnerability allows an unauthenticated, remote attacker to cause the device to reload unexpectedly, leading to a denial-of-service (DoS) condition. On certain software releases, the device may not reload, but the attacker could exploit directory traversal techniques to access sensitive system information without authentication. The vulnerability arises from improper input validation of HTTP URLs, allowing exploitation via crafted HTTP requests. This issue affects both IPv4 and IPv6 HTTP traffic.

A remote code execution vulnerability has been identified in Drupal core versions prior to 7.58, 8.0.x prior to 8.3.9, 8.4.x prior to 8.4.6, and 8.5.x prior to 8.5.1. This vulnerability allows remote attackers to execute arbitrary code, potentially leading to a complete compromise of the affected Drupal site. The issue arises from insufficient input sanitation in the Form API, which enables attackers to inject malicious payloads that are executed without authentication.

A vulnerability exists in Cisco Secure Access Control System (ACS) versions prior to 5.8 patch 9, allowing an unauthenticated, remote attacker to execute arbitrary commands with root privileges on the affected device. This vulnerability arises from insecure deserialization of user-supplied content, which can be exploited by sending a crafted serialized Java object.

A remote code execution vulnerability exists in JBoss Application Server versions included with Red Hat Enterprise Application Platform 5.2. The issue arises because the 'doFilter' method in the 'ReadOnlyAccessFilter' of the HTTP Invoker does not properly restrict which classes can be deserialized. This flaw allows attackers to execute arbitrary code by sending crafted serialized data. The vulnerability is known to be exploited in ransomware campaigns.

A remote code execution vulnerability has been identified in Apache Tomcat versions 9.0.0.M1 prior to 9.0.0, 8.5.0 prior to 8.5.23, 8.0.0.RC1 prior to 8.0.47, and 7.0.0 prior to 7.0.82. When HTTP PUT requests were enabled, it was possible to upload a JSP file to the server through a specially crafted request. The uploaded JSP file could then be accessed, and any code it contained would be executed by the server.

A remote code execution vulnerability has been identified in Apache Tomcat versions 7.0.0 to 7.0.79, running on Windows. When HTTP PUT requests are enabled, it is possible to upload a JSP file to the server through a specially crafted request. The uploaded JSP file can then be accessed, and any code it contains will be executed by the server. This vulnerability arises from insufficient validation of file uploads, allowing malicious JSP files to be uploaded and executed.

A remote code execution vulnerability exists in the Apache Struts 2 REST Plugin, affecting versions 2.1.1 through 2.3.x prior to 2.3.34 and 2.5.x prior to 2.5.13. The vulnerability arises because the REST Plugin uses an XStreamHandler to deserialize XML payloads without any type filtering. This lack of validation can be exploited by an attacker to execute arbitrary code on the server.

A remote code execution vulnerability has been identified in Apache Struts versions 2.1.x and 2.3.x, specifically within the Struts 1 plugin. This vulnerability arises when a malicious field value is sent in a raw message to the ActionMessage, allowing for unauthorized execution of code.

A remote code execution vulnerability exists in PHPUnit versions prior to 4.8.28 and 5.x prior to 5.6.3. The issue arises in the 'eval-stdin.php' file, where the 'eval' function is used to execute PHP code from the HTTP POST request. This vulnerability can be exploited on servers with an exposed '/vendor' directory, allowing access to the vulnerable 'eval-stdin.php' script.

A remote code execution vulnerability exists in Apache Tomcat versions prior to 6.0.48, 7.x prior to 7.0.73, 8.x prior to 8.0.39, 8.5.x prior to 8.5.7, and 9.x prior to 9.0.0.M12. The vulnerability is triggered when the JmxRemoteLifecycleListener is used and an attacker can access the JMX ports. This issue arises because the listener was not updated to align with an Oracle patch that affected credential types, leaving certain Tomcat installations vulnerable to remote code execution.

A remote code execution vulnerability has been identified in Apache Struts 2 versions 2.3.x prior to 2.3.32 and 2.5.x prior to 2.5.10.1. The issue arises in the Jakarta Multipart parser, which improperly handles exceptions and error messages during file upload attempts. This flaw allows remote attackers to execute arbitrary commands by crafting the Content-Type, Content-Disposition, or Content-Length HTTP headers. The vulnerability was actively exploited in March 2017, using a Content-Type header that included a '#cmd=' string.

A remote code execution vulnerability exists in PHPMailer versions prior to 5.2.18. The issue arises in the 'isMail' transport when the 'Sender' property is crafted to include additional parameters that are passed to the mail command. This exploitation allows for arbitrary code execution on the server where the vulnerable PHPMailer version is used.

A remote code execution vulnerability exists in Apache Shiro versions prior to 1.2.5. When the 'remember me' feature is enabled but no cipher key is configured, remote attackers can exploit this vulnerability by sending a crafted request parameter. This exploitation can lead to arbitrary code execution or bypassing access restrictions.

A remote code execution vulnerability has been identified in the Fileserver web application of Apache ActiveMQ versions 5.0.0 prior to 5.14.0. This vulnerability allows remote attackers to upload and execute arbitrary files. The issue arises from improper input validation, enabling attackers to exploit the Fileserver's upload functionality by sending an HTTP PUT request followed by an HTTP MOVE request. The uploaded file, which can contain malicious code, is executed when the ActiveMQ service is restarted.

A vulnerability allowing unrestricted deserialization of authentication credentials has been identified in Oracle Java SE versions 6u113, 7u99, and 8u77, as well as in Java SE Embedded 8u77 and JRockit R28.3.9. This vulnerability could be exploited by remote, unauthenticated attackers who are able to connect to a JMX port, potentially leading to the execution of deserialization attacks.

A directory traversal vulnerability has been identified in the Action View component of Ruby on Rails. This issue is present in versions prior to 3.2.22.1, 4.0.x, 4.1.x prior to 4.1.14.1, 4.2.x prior to 4.2.5.1, and 5.x prior to 5.0.0.beta1.1. The vulnerability allows remote attackers to read arbitrary files by exploiting an application's unrestricted use of the render method, and by providing a .. (dot dot) in the pathname. The flaw arises from the Action View component's handling of template rendering, where untrusted input can be used to access files outside the application's view directory, potentially leading to remote code execution.

A vulnerability exists in several IBM products, including WebSphere Application Server, Cognos Controller, Watson Explorer, Watson Content Analytics, and Sterling B2B Integrator. This vulnerability arises from the deserialization of Java objects by the Apache Commons Collections library, specifically the InvokerTransformer class, which can lead to arbitrary code execution on the affected system.