Vulnerabilities > Inclusion of Functionality from Untrusted Control Sphere
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-28 | CVE-2021-20187 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Moodle It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that it was possible for site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authentication. | 7.2 |
| 2021-01-26 | CVE-2021-26272 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink plugin). | 6.5 |
| 2021-01-26 | CVE-2021-26271 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs plugin). | 6.5 |
| 2020-11-25 | CVE-2020-29072 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Liquidfiles A Cross-Site Script Inclusion vulnerability was found on LiquidFiles before 3.3.19. | 6.1 |
| 2020-09-19 | CVE-2020-25788 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Tt-Rss Tiny RSS 17.4 An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. | 8.1 |
| 2020-08-11 | CVE-2020-13175 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Teradici products The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 20, 2020 (v15 and earlier for Cloud Access Connector) contains a local file inclusion vulnerability which allows an unauthenticated remote attacker to leak LDAP credentials via a specially crafted HTTP request. | 7.5 |
| 2020-06-15 | CVE-2020-13651 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Digdash 2018R2/2019R1/2019R2 An issue was discovered in DigDash 2018R2 before p20200528, 2019R1 before p20200421, and 2019R2 before p20200430. | 7.8 |
| 2020-06-09 | CVE-2020-13977 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products Nagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON CGIs" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the archivejson.cgi, objectjson.cgi, and statusjson.cgi files. | 4.9 |
| 2020-06-03 | CVE-2020-5295 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Octobercms October In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to read local files of an October CMS server. | 4.9 |
| 2020-04-01 | CVE-2020-10865 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Avast Antivirus An issue was discovered in Avast Antivirus before 20. | 7.5 |