Vulnerabilities > Inclusion of Functionality from Untrusted Control Sphere
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-07-14 | CVE-2019-13589 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Anjlab Paranoid2 1.1.6 The paranoid2 gem 1.1.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. | 9.8 |
2019-07-11 | CVE-2019-4263 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in IBM Content Navigator 3.0.0 IBM Content Navigator 3.0CD is vulnerable to local file inclusion, allowing an attacker to access a configuration file in the ICN server. | 4.3 |
2019-04-29 | CVE-2019-11591 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Web-Dorado Contact Form The WebDorado Contact Form plugin before 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the $_GET['action'] value, and the latter is unsanitized. | 8.8 |
2019-04-29 | CVE-2019-11590 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in 10Web Form Maker The 10Web Form Maker plugin before 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the $_GET['action'] value, and the latter is unsanitized. | 8.8 |
2019-03-15 | CVE-2019-9829 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Maccms 10.0 Maccms 10 allows remote attackers to execute arbitrary PHP code by entering this code in a template/default_pc/html/art Edit action. | 8.8 |
2018-12-20 | CVE-2018-17246 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. | 9.8 |
2018-11-28 | CVE-2018-12120 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Nodejs Node.Js Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with `node --debug` or `node debug`, it listens to port 5858 on all interfaces by default. | 8.1 |
2018-10-29 | CVE-2018-18387 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Playsms Project Playsms playSMS through 1.4.2 allows Privilege Escalation through Daemon abuse. | 8.8 |
2018-09-07 | CVE-2018-15486 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Kone Group Controller Firmware An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. | 9.1 |
2018-08-15 | CVE-2018-8351 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Microsoft Edge and Internet Explorer An information disclosure vulnerability exists when affected Microsoft browsers improperly allow cross-frame interaction, aka "Microsoft Browser Information Disclosure Vulnerability." This affects Internet Explorer 11, Microsoft Edge, Internet Explorer 10. | 6.5 |