Vulnerabilities > Inclusion of Functionality from Untrusted Control Sphere
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-15 | CVE-2018-8351 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Microsoft Edge and Internet Explorer An information disclosure vulnerability exists when affected Microsoft browsers improperly allow cross-frame interaction, aka "Microsoft Browser Information Disclosure Vulnerability." This affects Internet Explorer 11, Microsoft Edge, Internet Explorer 10. | 6.5 |
| 2018-06-26 | CVE-2018-1000502 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Mybb MyBB Group MyBB contains a File Inclusion vulnerability in Admin panel (Tools and Maintenance -> Task Manager -> Add New Task) that can result in Allows Local File Inclusion on modern PHP versions and Remote File Inclusion on ancient PHP versions. | 7.2 |
| 2018-06-25 | CVE-2018-11040 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. | 7.5 |
| 2018-06-11 | CVE-2017-5397 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Mozilla Firefox The cache directory on the local file system is set to be world writable. | 9.8 |
| 2018-03-19 | CVE-2018-7422 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Siteeditor Site Editor 1.0.0/1.1.0/1.1.1 A Local File Inclusion vulnerability in the Site Editor plugin through 1.1.1 for WordPress allows remote attackers to retrieve arbitrary files via the ajax_path parameter to editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php, aka absolute path traversal. | 7.5 |
| 2018-01-19 | CVE-2017-14095 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Trendmicro Smart Protection Server A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a local file inclusion on a vulnerable system. | 8.1 |
| 2017-08-29 | CVE-2017-1376 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in IBM Operations Analytics Predictive Insights A flaw in the IBM J9 VM class verifier allows untrusted code to disable the security manager and elevate its privileges. | 9.8 |
| 2017-03-16 | CVE-2017-6381 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Drupal A 3rd party development library including with Drupal 8 development dependencies is vulnerable to remote code execution. | 8.1 |
| 2010-08-19 | CVE-2010-2076 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache CXF Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632. | 9.8 |
| 2004-11-23 | CVE-2004-0285 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products PHP remote file inclusion vulnerabilities in include/footer.inc.php in (1) AllMyVisitors, (2) AllMyLinks, and (3) AllMyGuests allow remote attackers to execute arbitrary PHP code via a URL in the _AMVconfig[cfg_serverpath] parameter. network low complexity allmyguests-project allmylinks-project allmyvisitors-project CWE-829 critical | 9.8 |