Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-494

CWE-494

Medium likelihood

Download of Code Without Integrity Check

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.

204 vulnerabilities with CWE-494

CVE-2020-1452 HIGH

SharePoint Enterprise Server and Foundation - Remote Code Execution via Application Package Upload

CVE-2020-1210 CRITICAL

Microsoft SharePoint - Remote Code Execution via Crafted Application Package

CVE-2020-1200 HIGH

Microsoft SharePoint - Remote Code Execution via Application Package Source Markup

CVE-2020-7831 HIGH

inogard ebiz4u - Directory Traversal and Arbitrary File Download via Startup Menu

CVE-2020-7817 MEDIUM

k_upload < 6.2.2018.529 - Arbitrary File Download via Setup.inf

CVE-2020-5772 HIGH

Teltonika TRB2_R_00.02.04.01 - Privilege Escalation

CVE-2020-10926 HIGH

NETGEAR R6700 V1.0.4.84_10.0.58 - RCE

CVE-2020-4125 HIGH

HCL Marketing Operations 9.1.2.4 10.1.x 11.1.0.x - Unauthenticated Arbitrary File Download via Modified Link

CVE-2020-7826 HIGH

EyeSurfer BflyInstallerX.ocx v1.0.0.16 - Code Injection

CVE-2020-7505 HIGH

Schneider-electric Easergy T300 Firmware < 1.5.2 - Download Without Integrity Check

CVE-2020-7812 HIGH

Kaoni ezHTTPTrans < 1.0.0.70 - Remote Code Execution via Ezhttptrans.ocx ActiveX Method

CVE-2020-7813 HIGH

Ezhttptrans.ocx <1.0.0.70 - Code Injection

CVE-2020-9474 HIGH

Siedle SG 150-0 Firmware < 1.2.4 - Remote Code Execution via Backup Functionality

CVE-2020-7806 HIGH

Tobesoft Xplatform <9.2.2.250 - RCE

CVE-2020-5867 HIGH

NGINX Controller Agent <3.3.0 - Info Disclosure

CVE-2020-9759 MEDIUM

LG webOS - Privilege Escalation and Arbitrary File Write via Environment Variable Manipulation

CVE-2020-9751 CRITICAL

Naver Cloud Explorer < 2.2.2.11 - Remote Code Execution via Untrusted Upgrade File Download

CVE-2020-8809 HIGH

Gurux GXDLMS Director <8.5.1905.1301 - RCE

CVE-2020-5398 HIGH

Spring Framework 5.0.0-5.0.15, 5.1.0-5.1.12, 5.2.0-5.2.2 - Reflected File Download via Content-Disposition Header

CVE-2019-19167 HIGH

Tobesoft Nexacro <2019.9.25.1 - RCE

CVE-2019-19166 HIGH

Tobesoft XPlatform <9.2.3 - Code Injection

CVE-2019-19165 HIGH

Inogard Ebiz4u <1.0.5.0 - Code Injection

CVE-2019-3977 HIGH

MikroTik RouterOS < 6.44.5 and < 6.45.6 - Unauthenticated Arbitrary Code Download via Autoupgrade Feature

CVE-2019-9534 HIGH

Cobham EXPLORER 710 <1.07 - Code Injection

CVE-2019-14845 MEDIUM

OpenShift 4.1-4.3 - Man-in-the-Middle Attack via TLS Hostname Verification Bypass

Previous Page 7 of 9 Next

Details

Vulnerabilities 204

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy