Vulnerabilities > Use of Incorrectly-Resolved Name or Reference
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-06 | CVE-2019-9616 | Use of Incorrectly-Resolved Name or Reference vulnerability in Ofcms Project Ofcms 1.1.1/1.1.2 An issue was discovered in OFCMS before 1.1.3. | 7.2 |
| 2019-02-18 | CVE-2019-8908 | Use of Incorrectly-Resolved Name or Reference vulnerability in Wtcms Project Wtcms 1.0 An issue was discovered in WTCMS 1.0. | 9.8 |
| 2019-02-17 | CVE-2019-8395 | Use of Incorrectly-Resolved Name or Reference vulnerability in Zohocorp Manageengine Servicedesk Plus An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10007 via an attachment to a request. | 9.8 |
| 2019-02-11 | CVE-2019-7731 | Use of Incorrectly-Resolved Name or Reference vulnerability in Mywebsql 3.7 MyWebSQL 3.7 has a remote code execution (RCE) vulnerability after an attacker writes shell code into the database, and executes the Backup Database function with a .php filename for the backup's archive file. | 9.8 |
| 2019-01-15 | CVE-2019-6289 | Use of Incorrectly-Resolved Name or Reference vulnerability in Dedecms 5.7 uploads/include/dialog/select_soft.php in DedeCMS V57_UTF8_SP2 allows remote attackers to execute arbitrary PHP code by uploading with a safe file extension and then renaming with a mixed-case variation of the .php extension, as demonstrated by the 1.pHP filename. | 8.8 |
| 2019-01-09 | CVE-2018-6112 | Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products Making URLs clickable and allowing them to be styled in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | 4.3 |
| 2019-01-08 | CVE-2019-0571 | Use of Incorrectly-Resolved Name or Reference vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. | 7.8 |
| 2018-06-08 | CVE-2018-12020 | Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. | 7.5 |
| 2018-04-19 | CVE-2018-0237 | Use of Incorrectly-Resolved Name or Reference vulnerability in Cisco Advanced Malware Protection for Endpoints 1.4(5) A vulnerability in the file type detection mechanism of the Cisco Advanced Malware Protection (AMP) for Endpoints macOS Connector could allow an unauthenticated, remote attacker to bypass malware detection. | 5.8 |