Vulnerabilities > Inclusion of Functionality from Untrusted Control Sphere
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-03 | CVE-2020-5295 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Octobercms October In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to read local files of an October CMS server. | 4.9 |
| 2020-04-01 | CVE-2020-10865 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Avast Antivirus An issue was discovered in Avast Antivirus before 20. | 7.5 |
| 2020-03-25 | CVE-2020-3794 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Adobe Coldfusion 2016/2018 ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a file inclusion vulnerability. | 9.8 |
| 2020-01-29 | CVE-2013-3321 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Netapp Oncommand System Manager 2.0.2/2.1 NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to include arbitrary files through specially crafted requests to the "diagnostic" page using the SnapMirror log path parameter. | 7.5 |
| 2020-01-28 | CVE-2013-4582 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Gitlab and Gitlab-Shell The (1) create_branch, (2) create_tag, (3) import_project, and (4) fork_project functions in lib/gitlab_projects.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to include information from local files into the metadata of a Git repository via the web interface. | 6.5 |
| 2020-01-22 | CVE-2012-4919 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Gallery Project Gallery 1.4 Gallery Plugin1.4 for WordPress has a Remote File Include Vulnerability | 9.8 |
| 2019-11-13 | CVE-2019-16951 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Enghouse web Chat 6.1.300.31/6.2.284.34 A remote file include (RFI) issue was discovered in Enghouse Web Chat 6.2.284.34. | 5.3 |
| 2019-11-06 | CVE-2019-8154 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Magento A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. | 8.8 |
| 2019-10-31 | CVE-2013-1945 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Ruby-Lang Ruby193 ruby193 uses an insecure LD_LIBRARY_PATH setting. | 3.3 |
| 2019-09-27 | CVE-2019-11742 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Mozilla Firefox A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a <canvas> element due to an error in how same-origin policy is applied to cached image content. | 6.5 |