Total
5795 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-6335 | 1 Microsoft | 3 Office Compatibility Pack, Office Word Viewer, Word | 2025-04-12 | 9.3 HIGH | N/A |
|
Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Invalid Pointer Remote Code Execution Vulnerability."
|
|||||
| CVE-2016-3154 | 1 Spip | 1 Spip | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
|
The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object.
|
|||||
| CVE-2015-0925 | 1 Ipass | 1 Ipass Open Mobile | 2025-04-12 | 9.0 HIGH | N/A |
|
The client in iPass Open Mobile before 2.4.5 on Windows allows remote authenticated users to execute arbitrary code via a DLL pathname in a crafted Unicode string that is improperly handled by a subprocess reached through a named pipe, as demonstrated by a UNC share pathname.
|
|||||
| CVE-2014-3545 | 1 Moodle | 1 Moodle | 2025-04-12 | 6.0 MEDIUM | N/A |
|
Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to execute arbitrary code via a calculated question in a quiz.
|
|||||
| CVE-2016-7787 | 2 Kde, Opensuse | 3 Kde-cli-tools, Leap, Opensuse | 2025-04-12 | 4.0 MEDIUM | 4.9 MEDIUM |
|
A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user.
|
|||||
| CVE-2016-7966 | 4 Debian, Fedoraproject, Kde and 1 more | 4 Debian Linux, Fedora, Kmail and 1 more | 2025-04-12 | 7.5 HIGH | 7.3 HIGH |
|
Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign (=) or a space into the injected HTML, which greatly reduces the available HTML functionality. Although it is possible to include an HTML comment indicator to hide content.
|
|||||
| CVE-2014-8447 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2025-04-12 | 10.0 HIGH | N/A |
|
Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8446, CVE-2014-8456, CVE-2014-8458, CVE-2014-8459, CVE-2014-8461, and CVE-2014-9158.
|
|||||
| CVE-2014-1769 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | 9.3 HIGH | N/A |
|
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1782, CVE-2014-1785, CVE-2014-2753, CVE-2014-2755, CVE-2014-2760, CVE-2014-2761, CVE-2014-2772, and CVE-2014-2776.
|
|||||
| CVE-2014-8791 | 1 Enalean | 1 Tuleap | 2025-04-12 | 6.0 MEDIUM | N/A |
|
project/register.php in Tuleap before 7.7, when sys_create_project_in_one_step is disabled, allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via the data parameter.
|
|||||
| CVE-2015-5693 | 1 Symantec | 1 Web Gateway | 2025-04-12 | 7.9 HIGH | N/A |
|
The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary commands via vectors related to "traffic capture."
|
|||||
| CVE-2015-0935 | 1 Bomgar | 1 Remote Support | 2025-04-12 | 7.5 HIGH | N/A |
|
Bomgar Remote Support before 15.1.1 allows remote attackers to execute arbitrary PHP code via crafted serialized data to unspecified PHP scripts.
|
|||||
| CVE-2014-2027 | 1 Egroupware | 1 Egroupware | 2025-04-12 | 7.5 HIGH | N/A |
|
eGroupware before 1.8.006.20140217 allows remote attackers to conduct PHP object injection attacks, delete arbitrary files, and possibly execute arbitrary code via the (1) addr_fields or (2) trans parameter to addressbook/csv_import.php, (3) cal_fields or (4) trans parameter to calendar/csv_import.php, (5) info_fields or (6) trans parameter to csv_import.php in (a) projectmanager/ or (b) infolog/, or (7) processed parameter to preferences/inc/class.uiaclprefs.inc.php.
|
|||||
| CVE-2014-6334 | 1 Microsoft | 3 Office Compatibility Pack, Office Word Viewer, Word | 2025-04-12 | 9.3 HIGH | N/A |
|
Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Bad Index Remote Code Execution Vulnerability."
|
|||||
| CVE-2014-3942 | 1 Typo3 | 1 Typo3 | 2025-04-12 | 6.0 MEDIUM | N/A |
|
The Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, and 6.1.0 before 6.1.9 allows remote authenticated editors to execute arbitrary PHP code via a serialized PHP object.
|
|||||
| CVE-2016-5734 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
|
phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace e (aka eval) modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table search-and-replace implementation.
|
|||||
| CVE-2012-5495 | 1 Plone | 1 Plone | 2025-04-12 | 5.0 MEDIUM | N/A |
|
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to "go_back."
|
|||||
| CVE-2015-3446 | 1 Alienvault | 1 Unified Security Management | 2025-04-12 | 9.3 HIGH | N/A |
|
The Framework Daemon in AlienVault Unified Security Management before 4.15 allows remote attackers to execute arbitrary Python code via a crafted plugin configuration file (.cfg).
|
|||||
| CVE-2014-2936 | 1 Caldera | 1 Caldera | 2025-04-12 | 7.5 HIGH | N/A |
|
The directory manager in Caldera 9.20 allows remote attackers to conduct variable-injection attacks in the global scope via (1) the maindir_hotfolder parameter to dirmng/index.php, or an unspecified parameter to (2) PPD/index.php, (3) dirmng/docmd.php, or (4) dirmng/param.php.
|
|||||
| CVE-2012-5493 | 1 Plone | 1 Plone | 2025-04-12 | 8.5 HIGH | N/A |
|
gtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors.
|
|||||
| CVE-2013-7034 | 1 Livezilla | 1 Livezilla | 2025-04-12 | 7.5 HIGH | N/A |
|
The setCookieValue function in _lib/functions.global.inc.php in LiveZilla before 5.1.2.1 allows remote attackers to execute arbitrary PHP code via a serialized PHP object in a cookie.
|
|||||
| CVE-2013-1756 | 2 Mark Evans, Ruby On Rails | 2 Dragonfly Gem, Ruby On Rails | 2025-04-12 | 7.5 HIGH | N/A |
|
The Dragonfly gem 0.7 before 0.8.6 and 0.9.x before 0.9.13 for Ruby, when used with Ruby on Rails, allows remote attackers to execute arbitrary code via a crafted request.
|
|||||
| CVE-2015-5644 | 1 Icz | 1 Matchasns | 2025-04-12 | 6.8 MEDIUM | N/A |
|
The installer in ICZ MATCHA SNS before 1.3.7 does not properly configure the database, which allows remote attackers to execute arbitrary PHP code via unspecified vectors.
|
|||||
| CVE-2014-1774 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | 9.3 HIGH | N/A |
|
Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1788 and CVE-2014-2754.
|
|||||
| CVE-2013-6469 | 1 Redhat | 2 Jboss Fuse Service Works, Jboss Overlord Run Time Governance | 2025-04-12 | 6.5 MEDIUM | N/A |
|
JBoss Overlord Run Time Governance (RTGov) 1.0 for JBossAS allows remote authenticated users to execute arbitrary Java code via an MVFLEX Expression Language (MVEL) expression. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2014-8461 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2025-04-12 | 10.0 HIGH | N/A |
|
Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8446, CVE-2014-8447, CVE-2014-8456, CVE-2014-8458, CVE-2014-8459, and CVE-2014-9158.
|
|||||
| CVE-2012-2301 | 1 Ubercart | 1 Ubercart | 2025-04-12 | 6.0 MEDIUM | N/A |
|
The Ubercart module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the "administer product classes" permission to execute arbitrary PHP code via unspecified vectors.
|
|||||
| CVE-2014-2089 | 1 Ilias | 1 Ilias | 2025-04-12 | 6.8 MEDIUM | N/A |
|
ILIAS 4.4.1 allows remote attackers to execute arbitrary PHP code via an e-mail attachment that leads to creation of a .php file with a certain client_id pathname.
|
|||||
| CVE-2014-4151 | 1 Alienvault | 1 Open Source Security Information Management | 2025-04-12 | 10.0 HIGH | N/A |
|
The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to create arbitrary files and execute arbitrary code via a crafted set_file request.
|
|||||
| CVE-2014-6298 | 1 Mm Forum Project | 1 Mm Forum | 2025-04-12 | 7.5 HIGH | N/A |
|
Unrestricted file upload vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors.
|
|||||
| CVE-2013-1348 | 1 Sensiolabs | 1 Symfony | 2025-04-12 | 7.5 HIGH | N/A |
|
The Yaml::parse function in Symfony 2.0.x before 2.0.22 remote attackers to execute arbitrary PHP code via a PHP file, a different vulnerability than CVE-2013-1397.
|
|||||
| CVE-2014-5194 | 1 Sphider | 1 Sphider | 2025-04-12 | 6.5 MEDIUM | N/A |
|
Static code injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote authenticated users to inject arbitrary PHP code into settings/conf.php via the _word_upper_bound parameter.
|
|||||
| CVE-2013-1412 | 1 Dleviet | 1 Datalife Engine | 2025-04-12 | 7.5 HIGH | N/A |
|
DataLife Engine (DLE) 9.7 allows remote attackers to execute arbitrary PHP code via the catlist[] parameter to engine/preview.php, which is used in a preg_replace function call with an e modifier.
|
|||||
| CVE-2014-3176 | 1 Google | 1 Chrome | 2025-04-12 | 10.0 HIGH | N/A |
|
Google Chrome before 37.0.2062.94 does not properly handle the interaction of extensions, IPC, the sync API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-3177.
|
|||||
| CVE-2014-3829 | 1 Merethis | 2 Centreon, Centreon Enterprise Server | 2025-04-12 | 10.0 HIGH | N/A |
|
displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) session_id or (2) template_id parameter, related to the command_line variable.
|
|||||
| CVE-2014-8636 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-12 | 7.5 HIGH | N/A |
|
The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via unspecified vectors.
|
|||||
| CVE-2014-5324 | 1 Najeebmedia | 1 N-media File Uploader | 2025-04-12 | 6.5 MEDIUM | N/A |
|
Unrestricted file upload vulnerability in the N-Media file uploader plugin before 3.4 for WordPress allows remote authenticated users to execute arbitrary PHP code by leveraging Author privileges to store a file.
|
|||||
| CVE-2016-7109 | 1 Huawei | 1 Uma | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
|
Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows remote attackers to execute arbitrary commands via "special characters," a different vulnerability than CVE-2016-7110.
|
|||||
| CVE-2012-5485 | 1 Plone | 1 Plone | 2025-04-12 | 6.8 MEDIUM | N/A |
|
registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface.
|
|||||
| CVE-2015-0279 | 1 Redhat | 1 Richfaces | 2025-04-12 | 6.8 MEDIUM | N/A |
|
JBoss RichFaces before 4.5.4 allows remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via the do parameter.
|
|||||
| CVE-2015-1696 | 1 Microsoft | 8 Windows 7, Windows 8, Windows 8.1 and 5 more | 2025-04-12 | 9.3 HIGH | N/A |
|
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1675, CVE-2015-1695, CVE-2015-1697, CVE-2015-1698, and CVE-2015-1699.
|
|||||