CVEXv1 Directory :: Common Vulneravilities and Exposures with Exploits

A Collection of original CVEX v1.0 from SecLab

CVEX	Description	Images
`CVEX-2012-1823`	Author \| `PriyankaBose` The PHP CGI in Apache HTTP Server 2.4.0 through 2.4.2 allows remote attackers to execute arbitrary code by leveraging improper handling of query strings that contain a %2F sequence, which is not properly handled by the apr_fnmatch function.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-001/target ghcr.io/ucsb-seclab/cvex-210825-001/exploiter`
`CVEX-2019-12725`	Author \| `degrigis, pagabuc` A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-2019-12725/target ghcr.io/ucsb-seclab/cvex-2019-12725/exploiter`
`CVEX-2019-16278`	Author \| `nvmb3r` Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via a crafted HTTP request.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-004/target ghcr.io/ucsb-seclab/cvex-210825-004/exploiter`
`CVEX-2014-4511`	Author \| `nvmb3r` Gitlist before 0.5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name in the URI of a request for a (1) blame, (2) file, or (3) stats page, as demonstrated by requests to blame/master/, master/, and stats/master/.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-006/target ghcr.io/ucsb-seclab/cvex-210825-006/exploiter`
`CVEX-2018-16763`	Author \| `nvmb3r` FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-007/target ghcr.io/ucsb-seclab/cvex-210825-007/exploiter`
`CVEX-2015-2208`	Author \| `nvmb3r` The saveObject function in moadmin.php in phpMoAdmin 1.1.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the object parameter.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-008/target ghcr.io/ucsb-seclab/cvex-210825-008/exploiter`
`CVEX-2017-1000486`	Author \| `nvmb3r` Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-009/target ghcr.io/ucsb-seclab/cvex-210825-009/exploiter`
`CVEX-2019-16662`	Author \| `fab1ano` Discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering ==> command execution.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-010/target ghcr.io/ucsb-seclab/cvex-210825-010/exploiter`
`CVEX-2019-16663`	Author \| `fab1ano` An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to search.crud.php because the catCommand parameter is passed to the exec function without filtering, which can lead to command execution.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-011/target ghcr.io/ucsb-seclab/cvex-210825-011/exploiter`
`CVEX-2020-25952`	Author \| `fab1ano` SQL injection vulnerability in PHPGurukul User Registration & Login and User Management System With admin panel 2.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-012/target ghcr.io/ucsb-seclab/cvex-210825-012/exploiter`
`CVEX-2020-35151`	Author \| `fab1ano` The Online Marriage Registration System 1.0 post parameter 'searchdata' in the user/search.php request is vulnerable to Time Based Sql Injection.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-013/target ghcr.io/ucsb-seclab/cvex-210825-013/exploiter`
`CVEX-2011-0751`	Author \| `9yte` Directory traversal vulnerability in nhttpd (aka Nostromo webserver) before 1.9.4 allows remote attackers to execute arbitrary programs or read arbitrary files via a ..%2f (encoded dot dot slash) in a URI.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-014/target ghcr.io/ucsb-seclab/cvex-210825-014/exploiter`
`CVEX-2017-5638`	Author \| `9yte` The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-015/target ghcr.io/ucsb-seclab/cvex-210825-015/exploiter`
`CVEX-2016-3714`	Author \| `Trevillie` The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka ImageTragick.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-016/target ghcr.io/ucsb-seclab/cvex-210825-016/exploiter`
`CVEX-2019-14234`	Author \| `Trevillie` An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of 'OR 1=1' in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-017/target ghcr.io/ucsb-seclab/cvex-210825-017/exploiter`
`CVEX-2018-16509`	Author \| `Trevillie` An issue was discovered in Artifex Ghostscript before 9.24. Incorrect 'restoration of privilege' checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the 'pipe' instruction.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-018/target ghcr.io/ucsb-seclab/cvex-210825-018/exploiter`
`CVEX-2017-12650`	Author \| `robmcl4` SQL Injection exists in the Loginizer plugin before 1.3.6 for WordPress via the X-Forwarded-For HTTP header.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-019/target ghcr.io/ucsb-seclab/cvex-210825-019/exploiter`
`CVEX-2018-16509`	Author \| `xavierholt` An issue was discovered in Artifex Ghostscript before 9.24. Incorrect 'restoration of privilege' checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the 'pipe' instruction.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-020/target ghcr.io/ucsb-seclab/cvex-210825-020/exploiter`
`CVEX-2018-16509`	Author \| `xavierholt` An issue was discovered in Artifex Ghostscript before 9.24. Incorrect 'restoration of privilege' checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the 'pipe' instruction.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-021/target ghcr.io/ucsb-seclab/cvex-210825-021/exploiter`
`CVEX-2018-19475`	Author \| `xavierholt` psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-022/target ghcr.io/ucsb-seclab/cvex-210825-022/exploiter`
`CVEX-2019-6116`	Author \| `xavierholt` In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-023/target ghcr.io/ucsb-seclab/cvex-210825-023/exploiter`
`CVEX-2018-11776`	Author \| `ruaronicola` Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-024/target ghcr.io/ucsb-seclab/cvex-210825-024/exploiter`
`CVEX-2019-15107`	Author \| `dipanjan` An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-025/target ghcr.io/ucsb-seclab/cvex-210825-025/exploiter`
`CVEX-2019-9193`	Author \| `xavierholt` In PostgreSQL 9.3 through 11.2, the 'COPY TO/FROM PROGRAM' function allows superusers and users in the 'pg_execute_server_program' group to execute arbitrary code in the context of the database's operating system user. This functionality is enabled by default and can be abused to run arbitrary operating system commands on Windows, Linux, and macOS. NOTE: Third parties claim/state this is not an issue because PostgreSQL functionality for ‘COPY TO/FROM PROGRAM’ is acting as intended. References state that in PostgreSQL, a superuser can execute commands as the server user without using the ‘COPY FROM PROGRAM’.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-026/target ghcr.io/ucsb-seclab/cvex-210825-026/exploiter`
`CVEX-2014-6271`	Author \| `xavierholt` GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka 'ShellShock.' NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-027/target ghcr.io/ucsb-seclab/cvex-210825-027/exploiter`
`CVEX-2015-3306`	Author \| `rjt-gupta` The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-028/target ghcr.io/ucsb-seclab/cvex-210825-028/exploiter`
`CVEX-2017-5941`	Author \| `rjt-gupta` An issue was discovered in the node-serialize package 0.0.4 for Node.js. Untrusted data passed into the unserialize() function can be exploited to achieve arbitrary code execution by passing a JavaScript Object with an Immediately Invoked Function Expression (IIFE).	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-029/target ghcr.io/ucsb-seclab/cvex-210825-029/exploiter`
`CVEX-2020-5192`	Author \| `dipanjan` PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple SQL injection vulnerabilities: multiple pages and parameters are not validating user input, and allow for the application's database and information to be fully compromised.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-030/target ghcr.io/ucsb-seclab/cvex-210825-030/exploiter`
`CVEX-2020-25487`	Author \| `dipanjan` PHPGURUKUL Zoo Management System Using PHP and MySQL version 1.0 is affected by: SQL Injection via zms/animal-detail.php.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-031/target ghcr.io/ucsb-seclab/cvex-210825-031/exploiter`
`CVEX-2020-29283`	Author \| `PriyankaBose` An SQL injection vulnerability was discovered in Online Doctor Appointment Booking System PHP and Mysql via the q parameter to getuser.php.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-032/target ghcr.io/ucsb-seclab/cvex-210825-032/exploiter`
`CVEX-2019-6340`	Author \| `ruaronicola` Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core RESTful Web Services (rest) module enabled and allows PATCH or POST requests, or the site has another web services module enabled, like JSON:API in Drupal 8, or Services or RESTful Web Services in Drupal 7. (Note: The Drupal 7 Services module itself does not require an update at this time, but you should apply other contributed updates associated with this advisory if Services is in use.)	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-033/target ghcr.io/ucsb-seclab/cvex-210825-033/exploiter`
`CVEX-2017-17405`	Author \| `Trevillie` Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the '\|'' pipe character, the command following the pipe character is executed. The default value of localfile is File.basename(remotefile), so malicious FTP servers could cause arbitrary command execution.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-034/target ghcr.io/ucsb-seclab/cvex-210825-034/exploiter`
`CVEX-2018-8733`	Author \| `9yte` Authentication bypass vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an unauthenticated attacker to make configuration changes and leverage an authenticated SQL injection vulnerability.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-035/target ghcr.io/ucsb-seclab/cvex-210825-035/exploiter`
`CVEX-2018-7600`	Author \| `pagabuc` Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-036/target ghcr.io/ucsb-seclab/cvex-210825-036/exploiter`
`CVEX-2019-15715`	Author \| `gal1ium` MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-037/target ghcr.io/ucsb-seclab/cvex-210825-037/exploiter`
`CVEX-2018-17181`	Author \| `pagabuc, f-kalantari` An issue was discovered in OpenEMR before 5.0.1 Patch 7. SQL Injection exists in the SaveAudit function in /portal/lib/paylib.php and the portalAudit function in /portal/lib/appsql.class.php.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-038/target ghcr.io/ucsb-seclab/cvex-210825-038/exploiter`
`CVEX-2018-15143`	Author \| `pagabuc, f-kalantari` Multiple SQL injection vulnerabilities in portal/find_appt_popup_user.php in versions of OpenEMR before 5.0.1.4 allow a remote attacker to execute arbitrary SQL commands via the (1) catid or (2) providerid parameter.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-039/target ghcr.io/ucsb-seclab/cvex-210825-039/exploiter`
`CVEX-2018-15145`	Author \| `pagabuc, f-kalantari` Multiple SQL injection vulnerabilities in portal/add_edit_event_user.php in versions of OpenEMR before 5.0.1.4 allow a remote attacker to execute arbitrary SQL commands via the (1) eid, (2) userid, or (3) pid parameter.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-040/target ghcr.io/ucsb-seclab/cvex-210825-040/exploiter`
`CVEX-2018-17179`	Author \| `pagabuc, robmcl4` An issue was discovered in OpenEMR before 5.0.1 Patch 7. There is SQL Injection in the make_task function in /interface/forms/eye_mag/php/taskman_functions.php via /interface/forms/eye_mag/taskman.php.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-041/target ghcr.io/ucsb-seclab/cvex-210825-041/exploiter`
`CVEX-2018-15144`	Author \| `pagabuc, robmcl4` SQL injection vulnerability in interface/de_identification_forms/find_drug_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the search_term parameter.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-042/target ghcr.io/ucsb-seclab/cvex-210825-042/exploiter`
`CVEX-2018-15146`	Author \| `pagabuc, robmcl4` SQL injection vulnerability in interface/de_identification_forms/find_immunization_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'search_term' parameter.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-043/target ghcr.io/ucsb-seclab/cvex-210825-043/exploiter`
`CVEX-2018-15147`	Author \| `pagabuc, robmcl4` SQL injection vulnerability in interface/forms_admin/forms_admin.php from library/registry.inc in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'id' parameter.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-044/target ghcr.io/ucsb-seclab/cvex-210825-044/exploiter`
`CVEX-2018-15148`	Author \| `pagabuc, robmcl4` SQL injection vulnerability in interface/patient_file/encounter/search_code.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'text' parameter.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-045/target ghcr.io/ucsb-seclab/cvex-210825-045/exploiter`
`CVEX-2018-15149`	Author \| `pagabuc, robmcl4` SQL injection vulnerability in interface/forms/eye_mag/php/Anything_simple.php from library/forms.inc in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'encounter' parameter.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-046/target ghcr.io/ucsb-seclab/cvex-210825-046/exploiter`
`CVEX-2018-15151`	Author \| `pagabuc, robmcl4` SQL injection vulnerability in interface/de_identification_forms/find_code_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'search_term' parameter.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-047/target ghcr.io/ucsb-seclab/cvex-210825-047/exploiter`
`CVEX-2018-15150`	Author \| `pagabuc, robmcl4` SQL injection vulnerability in interface/de_identification_forms/de_identification_screen2.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'temporary_files_dir' variable in interface/super/edit_globals.php.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-048/target ghcr.io/ucsb-seclab/cvex-210825-048/exploiter`
`CVEX-2018-15153`	Author \| `pagabuc, robmcl4` OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/main/daemon_frame.php after modifying the 'hylafax_server' global variable in interface/super/edit_globals.php.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-049/target ghcr.io/ucsb-seclab/cvex-210825-049/exploiter`
`CVEX-2021-41773`	Author \| `etrickel` A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration 'require all denied', these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-050/target ghcr.io/ucsb-seclab/cvex-210825-050/exploiter`
`CVEX-2021-41773`	Author \| `pagabuc` WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search parameter.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-211021-001/target ghcr.io/ucsb-seclab/cvex-211021-001/exploiter`
`CVEX-2021-41773`	Author \| `Zion L. Basque, Paul Emge` Denial of Service (DOS) in Dial Reference Source Code Used before June 18th, 2019.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-211109-001/target ghcr.io/ucsb-seclab/cvex-211109-001/exploiter`

CVEX	Description	Images
`CVEX-2012-1823`	Author \| `PriyankaBose` The PHP CGI in Apache HTTP Server 2.4.0 through 2.4.2 allows remote attackers to execute arbitrary code by leveraging improper handling of query strings that contain a %2F sequence, which is not properly handled by the apr_fnmatch function.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-001/target ghcr.io/ucsb-seclab/cvex-210825-001/exploiter`
`CVEX-2019-12725`	Author \| `degrigis, pagabuc` A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-2019-12725/target ghcr.io/ucsb-seclab/cvex-2019-12725/exploiter`
`CVEX-2019-16278`	Author \| `nvmb3r` Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via a crafted HTTP request.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-004/target ghcr.io/ucsb-seclab/cvex-210825-004/exploiter`
`CVEX-2014-4511`	Author \| `nvmb3r` Gitlist before 0.5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name in the URI of a request for a (1) blame, (2) file, or (3) stats page, as demonstrated by requests to blame/master/, master/, and stats/master/.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-006/target ghcr.io/ucsb-seclab/cvex-210825-006/exploiter`
`CVEX-2018-16763`	Author \| `nvmb3r` FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-007/target ghcr.io/ucsb-seclab/cvex-210825-007/exploiter`
`CVEX-2015-2208`	Author \| `nvmb3r` The saveObject function in moadmin.php in phpMoAdmin 1.1.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the object parameter.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-008/target ghcr.io/ucsb-seclab/cvex-210825-008/exploiter`
`CVEX-2017-1000486`	Author \| `nvmb3r` Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-009/target ghcr.io/ucsb-seclab/cvex-210825-009/exploiter`
`CVEX-2019-16662`	Author \| `fab1ano` Discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering ==> command execution.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-010/target ghcr.io/ucsb-seclab/cvex-210825-010/exploiter`
`CVEX-2019-16663`	Author \| `fab1ano` An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to search.crud.php because the catCommand parameter is passed to the exec function without filtering, which can lead to command execution.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-011/target ghcr.io/ucsb-seclab/cvex-210825-011/exploiter`
`CVEX-2020-25952`	Author \| `fab1ano` SQL injection vulnerability in PHPGurukul User Registration & Login and User Management System With admin panel 2.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-012/target ghcr.io/ucsb-seclab/cvex-210825-012/exploiter`
`CVEX-2020-35151`	Author \| `fab1ano` The Online Marriage Registration System 1.0 post parameter 'searchdata' in the user/search.php request is vulnerable to Time Based Sql Injection.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-013/target ghcr.io/ucsb-seclab/cvex-210825-013/exploiter`
`CVEX-2011-0751`	Author \| `9yte` Directory traversal vulnerability in nhttpd (aka Nostromo webserver) before 1.9.4 allows remote attackers to execute arbitrary programs or read arbitrary files via a ..%2f (encoded dot dot slash) in a URI.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-014/target ghcr.io/ucsb-seclab/cvex-210825-014/exploiter`
`CVEX-2017-5638`	Author \| `9yte` The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-015/target ghcr.io/ucsb-seclab/cvex-210825-015/exploiter`
`CVEX-2016-3714`	Author \| `Trevillie` The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka ImageTragick.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-016/target ghcr.io/ucsb-seclab/cvex-210825-016/exploiter`
`CVEX-2019-14234`	Author \| `Trevillie` An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of 'OR 1=1' in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-017/target ghcr.io/ucsb-seclab/cvex-210825-017/exploiter`
`CVEX-2018-16509`	Author \| `Trevillie` An issue was discovered in Artifex Ghostscript before 9.24. Incorrect 'restoration of privilege' checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the 'pipe' instruction.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-018/target ghcr.io/ucsb-seclab/cvex-210825-018/exploiter`
`CVEX-2017-12650`	Author \| `robmcl4` SQL Injection exists in the Loginizer plugin before 1.3.6 for WordPress via the X-Forwarded-For HTTP header.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-019/target ghcr.io/ucsb-seclab/cvex-210825-019/exploiter`
`CVEX-2018-16509`	Author \| `xavierholt` An issue was discovered in Artifex Ghostscript before 9.24. Incorrect 'restoration of privilege' checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the 'pipe' instruction.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-020/target ghcr.io/ucsb-seclab/cvex-210825-020/exploiter`
`CVEX-2018-16509`	Author \| `xavierholt` An issue was discovered in Artifex Ghostscript before 9.24. Incorrect 'restoration of privilege' checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the 'pipe' instruction.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-021/target ghcr.io/ucsb-seclab/cvex-210825-021/exploiter`
`CVEX-2018-19475`	Author \| `xavierholt` psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-022/target ghcr.io/ucsb-seclab/cvex-210825-022/exploiter`
`CVEX-2019-6116`	Author \| `xavierholt` In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-023/target ghcr.io/ucsb-seclab/cvex-210825-023/exploiter`
`CVEX-2018-11776`	Author \| `ruaronicola` Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-024/target ghcr.io/ucsb-seclab/cvex-210825-024/exploiter`
`CVEX-2019-15107`	Author \| `dipanjan` An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-025/target ghcr.io/ucsb-seclab/cvex-210825-025/exploiter`
`CVEX-2019-9193`	Author \| `xavierholt` In PostgreSQL 9.3 through 11.2, the 'COPY TO/FROM PROGRAM' function allows superusers and users in the 'pg_execute_server_program' group to execute arbitrary code in the context of the database's operating system user. This functionality is enabled by default and can be abused to run arbitrary operating system commands on Windows, Linux, and macOS. NOTE: Third parties claim/state this is not an issue because PostgreSQL functionality for ‘COPY TO/FROM PROGRAM’ is acting as intended. References state that in PostgreSQL, a superuser can execute commands as the server user without using the ‘COPY FROM PROGRAM’.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-026/target ghcr.io/ucsb-seclab/cvex-210825-026/exploiter`
`CVEX-2014-6271`	Author \| `xavierholt` GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka 'ShellShock.' NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-027/target ghcr.io/ucsb-seclab/cvex-210825-027/exploiter`
`CVEX-2015-3306`	Author \| `rjt-gupta` The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-028/target ghcr.io/ucsb-seclab/cvex-210825-028/exploiter`
`CVEX-2017-5941`	Author \| `rjt-gupta` An issue was discovered in the node-serialize package 0.0.4 for Node.js. Untrusted data passed into the unserialize() function can be exploited to achieve arbitrary code execution by passing a JavaScript Object with an Immediately Invoked Function Expression (IIFE).	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-029/target ghcr.io/ucsb-seclab/cvex-210825-029/exploiter`
`CVEX-2020-5192`	Author \| `dipanjan` PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple SQL injection vulnerabilities: multiple pages and parameters are not validating user input, and allow for the application's database and information to be fully compromised.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-030/target ghcr.io/ucsb-seclab/cvex-210825-030/exploiter`
`CVEX-2020-25487`	Author \| `dipanjan` PHPGURUKUL Zoo Management System Using PHP and MySQL version 1.0 is affected by: SQL Injection via zms/animal-detail.php.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-031/target ghcr.io/ucsb-seclab/cvex-210825-031/exploiter`
`CVEX-2020-29283`	Author \| `PriyankaBose` An SQL injection vulnerability was discovered in Online Doctor Appointment Booking System PHP and Mysql via the q parameter to getuser.php.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-032/target ghcr.io/ucsb-seclab/cvex-210825-032/exploiter`
`CVEX-2019-6340`	Author \| `ruaronicola` Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core RESTful Web Services (rest) module enabled and allows PATCH or POST requests, or the site has another web services module enabled, like JSON:API in Drupal 8, or Services or RESTful Web Services in Drupal 7. (Note: The Drupal 7 Services module itself does not require an update at this time, but you should apply other contributed updates associated with this advisory if Services is in use.)	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-033/target ghcr.io/ucsb-seclab/cvex-210825-033/exploiter`
`CVEX-2017-17405`	Author \| `Trevillie` Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the '\|'' pipe character, the command following the pipe character is executed. The default value of localfile is File.basename(remotefile), so malicious FTP servers could cause arbitrary command execution.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-034/target ghcr.io/ucsb-seclab/cvex-210825-034/exploiter`
`CVEX-2018-8733`	Author \| `9yte` Authentication bypass vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an unauthenticated attacker to make configuration changes and leverage an authenticated SQL injection vulnerability.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-035/target ghcr.io/ucsb-seclab/cvex-210825-035/exploiter`
`CVEX-2018-7600`	Author \| `pagabuc` Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-036/target ghcr.io/ucsb-seclab/cvex-210825-036/exploiter`
`CVEX-2019-15715`	Author \| `gal1ium` MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-037/target ghcr.io/ucsb-seclab/cvex-210825-037/exploiter`
`CVEX-2018-17181`	Author \| `pagabuc, f-kalantari` An issue was discovered in OpenEMR before 5.0.1 Patch 7. SQL Injection exists in the SaveAudit function in /portal/lib/paylib.php and the portalAudit function in /portal/lib/appsql.class.php.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-038/target ghcr.io/ucsb-seclab/cvex-210825-038/exploiter`
`CVEX-2018-15143`	Author \| `pagabuc, f-kalantari` Multiple SQL injection vulnerabilities in portal/find_appt_popup_user.php in versions of OpenEMR before 5.0.1.4 allow a remote attacker to execute arbitrary SQL commands via the (1) catid or (2) providerid parameter.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-039/target ghcr.io/ucsb-seclab/cvex-210825-039/exploiter`
`CVEX-2018-15145`	Author \| `pagabuc, f-kalantari` Multiple SQL injection vulnerabilities in portal/add_edit_event_user.php in versions of OpenEMR before 5.0.1.4 allow a remote attacker to execute arbitrary SQL commands via the (1) eid, (2) userid, or (3) pid parameter.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-040/target ghcr.io/ucsb-seclab/cvex-210825-040/exploiter`
`CVEX-2018-17179`	Author \| `pagabuc, robmcl4` An issue was discovered in OpenEMR before 5.0.1 Patch 7. There is SQL Injection in the make_task function in /interface/forms/eye_mag/php/taskman_functions.php via /interface/forms/eye_mag/taskman.php.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-041/target ghcr.io/ucsb-seclab/cvex-210825-041/exploiter`
`CVEX-2018-15144`	Author \| `pagabuc, robmcl4` SQL injection vulnerability in interface/de_identification_forms/find_drug_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the search_term parameter.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-042/target ghcr.io/ucsb-seclab/cvex-210825-042/exploiter`
`CVEX-2018-15146`	Author \| `pagabuc, robmcl4` SQL injection vulnerability in interface/de_identification_forms/find_immunization_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'search_term' parameter.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-043/target ghcr.io/ucsb-seclab/cvex-210825-043/exploiter`
`CVEX-2018-15147`	Author \| `pagabuc, robmcl4` SQL injection vulnerability in interface/forms_admin/forms_admin.php from library/registry.inc in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'id' parameter.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-044/target ghcr.io/ucsb-seclab/cvex-210825-044/exploiter`
`CVEX-2018-15148`	Author \| `pagabuc, robmcl4` SQL injection vulnerability in interface/patient_file/encounter/search_code.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'text' parameter.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-045/target ghcr.io/ucsb-seclab/cvex-210825-045/exploiter`
`CVEX-2018-15149`	Author \| `pagabuc, robmcl4` SQL injection vulnerability in interface/forms/eye_mag/php/Anything_simple.php from library/forms.inc in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'encounter' parameter.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-046/target ghcr.io/ucsb-seclab/cvex-210825-046/exploiter`
`CVEX-2018-15151`	Author \| `pagabuc, robmcl4` SQL injection vulnerability in interface/de_identification_forms/find_code_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'search_term' parameter.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-047/target ghcr.io/ucsb-seclab/cvex-210825-047/exploiter`
`CVEX-2018-15150`	Author \| `pagabuc, robmcl4` SQL injection vulnerability in interface/de_identification_forms/de_identification_screen2.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'temporary_files_dir' variable in interface/super/edit_globals.php.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-048/target ghcr.io/ucsb-seclab/cvex-210825-048/exploiter`
`CVEX-2018-15153`	Author \| `pagabuc, robmcl4` OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/main/daemon_frame.php after modifying the 'hylafax_server' global variable in interface/super/edit_globals.php.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-049/target ghcr.io/ucsb-seclab/cvex-210825-049/exploiter`
`CVEX-2021-41773`	Author \| `etrickel` A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration 'require all denied', these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-210825-050/target ghcr.io/ucsb-seclab/cvex-210825-050/exploiter`
`CVEX-2021-41773`	Author \| `pagabuc` WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search parameter.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-211021-001/target ghcr.io/ucsb-seclab/cvex-211021-001/exploiter`
`CVEX-2021-41773`	Author \| `Zion L. Basque, Paul Emge` Denial of Service (DOS) in Dial Reference Source Code Used before June 18th, 2019.	Domain \| ghcr.io/ucsb-seclab `ghcr.io/ucsb-seclab/cvex-211109-001/target ghcr.io/ucsb-seclab/cvex-211109-001/exploiter`