High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source Info | Patch Info |
|---|---|---|---|---|---|
| Thinkphp–ThinkPHP | ThinkPHP 5.0.23 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by invoking functions through the routing parameter. Attackers can craft requests to the index.php endpoint with malicious function parameters to execute system commands with application privileges. | 2026-04-22 | 9.8 | CVE-2018-25270 | ExploitDB-45978 Official Product Homepage Product Reference VulnCheck Advisory: ThinkPHP 5.0.23 Remote Code Execution via invokefunction |
| Elba–ELBA5 | ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database credentials and execute arbitrary commands with SYSTEM level permissions. Attackers can connect to the database using default connector credentials, decrypt the DBA password, and execute commands via the xp_cmdshell stored procedure or add backdoor users to the BEDIENER table. | 2026-04-22 | 9.8 | CVE-2018-25272 | ExploitDB-45905 Official Product Homepage VulnCheck Advisory: ELBA5 5.8.0 Remote Code Execution via Database Access |
| Lizardsystems–Terminal Services Manager | Terminal Services Manager 3.1 contains a stack-based buffer overflow vulnerability in the computer names field that allows local attackers to execute arbitrary code by triggering structured exception handling. Attackers can craft a malicious input file with shellcode and jump instructions that overwrite the SEH handler pointer to execute calc.exe or other payloads when imported through the add computers wizard. | 2026-04-22 | 8.4 | CVE-2018-25259 | ExploitDB-46058 Official Product Homepage VulnCheck Advisory: Terminal Services Manager 3.1 Buffer Overflow SEH |
| Magix–MAGIX Music Editor | MAGIX Music Editor 3.1 contains a buffer overflow vulnerability in the FreeDB Proxy Options dialog that allows local attackers to execute arbitrary code by exploiting structured exception handling. Attackers can craft a malicious payload, paste it into the Server field via the CD menu’s FreeDB Proxy Options, and trigger code execution when settings are accepted. | 2026-04-22 | 8.4 | CVE-2018-25260 | ExploitDB-46056 Official Product Homepage Product Reference VulnCheck Advisory: MAGIX Music Editor 3.1 Buffer Overflow via SEH |
| Iperiusbackup–Iperius Backup | Iperius Backup 5.8.1 contains a local buffer overflow vulnerability in the structured exception handling (SEH) mechanism that allows local attackers to execute arbitrary code by supplying a malicious file path. Attackers can crea […] Content was cut in order to protect the source.Please visit the source for the rest of the article. This article has been indexed from Bulletins
Read the original article: Post navigation |