Total
5795 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-8778 | 1 Checkmarx | 1 Cxsast | 2025-04-12 | 9.0 HIGH | N/A |
|
Checkmarx CxSAST (formerly CxSuite) before 7.1.8 allows remote authenticated users to bypass the CxQL sandbox protection mechanism and execute arbitrary C# code by asserting the (1) System.Security.Permissions.PermissionState.Unrestricted or (2) System.Security.Permissions.SecurityPermissionFlag.AllFlags permission.
|
|||||
| CVE-2014-2720 | 1 Izarc | 1 Izarc | 2025-04-12 | 6.8 MEDIUM | N/A |
|
IZArc 4.1.8 displays a file's name on the basis of a ZIP archive's Central Directory entry, but launches this file on the basis of a ZIP archive's local file header, which allows user-assisted remote attackers to conduct file-extension spoofing attacks via a modified Central Directory, as demonstrated by unintended code execution prompted by a .jpg extension in the Central Directory and a .exe extension in the local file header.
|
|||||
| CVE-2014-8313 | 1 Sap | 1 Hana | 2025-04-12 | 6.0 MEDIUM | N/A |
|
Eval injection in ide/core/base/server/net.xsjs in the Developer Workbench in SAP HANA allows remote attackers to execute arbitrary XSJX code via unspecified vectors.
|
|||||
| CVE-2012-5649 | 1 Apache | 1 Couchdb | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to execute arbitrary code via a JSONP callback, related to Adobe Flash.
|
|||||
| CVE-2014-0233 | 1 Redhat | 1 Openshift | 2025-04-12 | 6.5 MEDIUM | N/A |
|
Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a cartridge using the file: URI scheme.
|
|||||
| CVE-2015-1695 | 1 Microsoft | 8 Windows 7, Windows 8, Windows 8.1 and 5 more | 2025-04-12 | 9.3 HIGH | N/A |
|
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1675, CVE-2015-1696, CVE-2015-1697, CVE-2015-1698, and CVE-2015-1699.
|
|||||
| CVE-2014-6361 | 1 Microsoft | 2 Excel, Office Compatibility Pack | 2025-04-12 | 9.3 HIGH | N/A |
|
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 Gold and SP1, Excel 2013 RT Gold and SP1, and Office Compatibility Pack allow remote attackers to execute arbitrary code via a crafted Office document, aka "Excel Invalid Pointer Remote Code Execution Vulnerability."
|
|||||
| CVE-2014-8458 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2025-04-12 | 10.0 HIGH | N/A |
|
Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8446, CVE-2014-8447, CVE-2014-8456, CVE-2014-8459, CVE-2014-8461, and CVE-2014-9158.
|
|||||
| CVE-2014-6360 | 1 Microsoft | 2 Excel, Office Compatibility Pack | 2025-04-12 | 9.3 HIGH | N/A |
|
Microsoft Excel 2007 SP3, Excel 2010 SP2, and Office Compatibility Pack allow remote attackers to execute arbitrary code via a crafted Office document, aka "Global Free Remote Code Execution in Excel Vulnerability."
|
|||||
| CVE-2014-3541 | 1 Moodle | 1 Moodle | 2025-04-12 | 7.5 HIGH | N/A |
|
The Repositories component in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via serialized data associated with an add-on.
|
|||||
| CVE-2014-3593 | 1 Scientificlinux | 1 Luci | 2025-04-12 | 6.0 MEDIUM | N/A |
|
Eval injection vulnerability in luci 0.26.0 allows remote authenticated users with certain permissions to execute arbitrary Python code via a crafted cluster configuration.
|
|||||
| CVE-2015-5647 | 1 Cybozu | 1 Garoon | 2025-04-12 | 8.5 HIGH | N/A |
|
The RSS Reader component in Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-866.
|
|||||
| CVE-2014-0111 | 1 Apache | 1 Syncope | 2025-04-12 | 6.5 MEDIUM | N/A |
|
Apache Syncope 1.0.0 before 1.0.9 and 1.1.0 before 1.1.7 allows remote administrators to execute arbitrary Java code via vectors related to Apache Commons JEXL expressions, "derived schema definition," "user / role templates," and "account links of resource mappings."
|
|||||
| CVE-2015-5687 | 1 Anchorcms | 1 Anchor Cms | 2025-04-12 | 7.5 HIGH | N/A |
|
system/session/drivers/cookie.php in Anchor CMS 0.9.x allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in a cookie.
|
|||||
| CVE-2014-1979 | 2 Google, Nttdocomo | 2 Android, Spmode Mail Android | 2025-04-12 | 6.8 MEDIUM | N/A |
|
The NTT DOCOMO sp mode mail application 5900 through 6300 for Android 4.0.x and 6000 through 6620 for Android 4.1 through 4.4 allows remote attackers to execute arbitrary Java methods via Deco-mail emoticon POP data in an e-mail message.
|
|||||
| CVE-2014-8660 | 1 Sap | 1 Document Management Services | 2025-04-12 | 7.2 HIGH | N/A |
|
SAP Document Management Services allows local users to execute arbitrary commands via unspecified vectors.
|
|||||
| CVE-2015-1061 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2025-04-12 | 9.3 HIGH | N/A |
|
IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages "type confusion" during serialized-object handling.
|
|||||
| CVE-2014-1613 | 1 Dotclear | 1 Dotclear | 2025-04-12 | 7.5 HIGH | N/A |
|
Dotclear before 2.6.2 allows remote attackers to execute arbitrary PHP code via a serialized object in the dc_passwd cookie to a password-protected page, which is not properly handled by (1) inc/public/lib.urlhandlers.php or (2) plugins/pages/_public.php.
|
|||||
| CVE-2015-1399 | 1 Magento | 1 Magento | 2025-04-12 | 6.5 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in the fetchView function in the Mage_Core_Block_Template_Zend class in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allows remote administrators to execute arbitrary PHP code via a URL in unspecified vectors involving the setScriptPath function. NOTE: it is not clear whether this issue crosses privilege boundaries, since administrators might already have privileges to include arbitrary files.
|
|||||
| CVE-2014-8949 | 1 Imember360 | 1 Imember360 | 2025-04-12 | 6.0 MEDIUM | N/A |
|
The iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the i4w_trace parameter. NOTE: this can be leveraged with CVE-2014-8948 to allow remote attackers to execute code. NOTE: it is not clear whether this issue itself crosses privileges.
|
|||||
| CVE-2015-5721 | 1 Misp-project | 1 Malware Information Sharing Platform | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
|
Malware Information Sharing Platform (MISP) before 2.3.90 allows remote attackers to conduct PHP object injection attacks via crafted serialized data, related to TemplatesController.php and populate_event_from_template_attributes.ctp.
|
|||||
| CVE-2014-2223 | 1 Plogger | 1 Plogger | 2025-04-12 | 7.5 HIGH | N/A |
|
Unrestricted file upload vulnerability in plog-admin/plog-upload.php in Plogger 1.0 RC1 and earlier allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a PHP file and a non-zero length PNG file, then accessing the PHP file via a direct request to it in plog-content/uploads/archive/.
|
|||||
| CVE-2013-1397 | 1 Sensiolabs | 1 Symfony | 2025-04-12 | 7.5 HIGH | N/A |
|
Symfony 2.0.x before 2.0.22, 2.1.x before 2.1.7, and 2.2.x remote attackers to execute arbitrary PHP code via a serialized PHP object to the (1) Yaml::parse or (2) Yaml\Parser::parse function, a different vulnerability than CVE-2013-1348.
|
|||||
| CVE-2015-2308 | 1 Sensiolabs | 1 Symfony | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Eval injection vulnerability in the HttpCache class in HttpKernel in Symfony 2.x before 2.3.27, 2.4.x and 2.5.x before 2.5.11, and 2.6.x before 2.6.6 allows remote attackers to execute arbitrary PHP code via a language="php" attribute of a SCRIPT element.
|
|||||
| CVE-2014-8081 | 1 Testlink | 1 Testlink | 2025-04-12 | 7.5 HIGH | N/A |
|
lib/execute/execSetResults.php in TestLink before 1.9.13 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the filter_result_result parameter.
|
|||||
| CVE-2014-2331 | 1 Check Mk Project | 1 Check Mk | 2025-04-12 | 8.5 HIGH | N/A |
|
Check_MK 1.2.2p2, 1.2.2p3, and 1.2.3i5 allows remote authenticated users to execute arbitrary Python code via a crafted rules.mk file in a snapshot. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2330.
|
|||||
| CVE-2014-2177 | 1 Cisco | 7 Rv120w, Rv120w Firmware, Rv180 and 4 more | 2025-04-12 | 9.0 HIGH | N/A |
|
The network-diagnostics administration interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote authenticated users to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCuh87126.
|
|||||
| CVE-2014-0586 | 4 Adobe, Apple, Linux and 1 more | 7 Air, Air Sdk, Air Sdk \& Compiler and 4 more | 2025-04-12 | 10.0 HIGH | N/A |
|
Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2014-0577, CVE-2014-0584, CVE-2014-0585, and CVE-2014-0590.
|
|||||
| CVE-2016-1986 | 1 Hp | 1 Continuous Delivery Automation | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
|
HP Continuous Delivery Automation (CDA) 1.30 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
|
|||||
| CVE-2014-0472 | 2 Canonical, Djangoproject | 2 Ubuntu Linux, Django | 2025-04-12 | 5.1 MEDIUM | N/A |
|
The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a "dotted Python path."
|
|||||
| CVE-2014-3910 | 1 Emurasoft | 1 Emftp | 2025-04-12 | 4.4 MEDIUM | N/A |
|
Emurasoft EmFTP allows local users to gain privileges via a Trojan horse executable file that is launched during an attempt to read a similarly named file that lacks a filename extension.
|
|||||
| CVE-2011-2702 | 1 Gnu | 2 Eglibc, Glibc | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Integer signedness error in Glibc before 2.13 and eglibc before 2.13, when using Supplemental Streaming SIMD Extensions 3 (SSSE3) optimization, allows context-dependent attackers to execute arbitrary code via a negative length parameter to (1) memcpy-ssse3-rep.S, (2) memcpy-ssse3.S, or (3) memset-sse2.S in sysdeps/i386/i686/multiarch/, which triggers an out-of-bounds read, as demonstrated using the memcpy function.
|
|||||
| CVE-2014-2208 | 1 Facebook | 1 Hiphop Virtual Machine | 2025-04-12 | 7.5 HIGH | N/A |
|
CRLF injection vulnerability in the LightProcess protocol implementation in hphp/util/light-process.cpp in Facebook HipHop Virtual Machine (HHVM) before 2.4.2 allows remote attackers to execute arbitrary commands by entering a \n (newline) character before the end of a string.
|
|||||
| CVE-2014-3399 | 1 Cisco | 1 Adaptive Security Appliance Software | 2025-04-12 | 5.5 MEDIUM | N/A |
|
The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.2(.2.4) and earlier does not properly manage session information during creation of a SharePoint handler, which allows remote authenticated users to overwrite arbitrary RAMFS cache files or inject Lua programs, and consequently cause a denial of service (portal outage or system reload), via crafted HTTP requests, aka Bug ID CSCup54208.
|
|||||
| CVE-2014-1806 | 1 Microsoft | 1 .net Framework | 2025-04-12 | 10.0 HIGH | N/A |
|
The .NET Remoting implementation in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly restrict memory access, which allows remote attackers to execute arbitrary code via vectors involving malformed objects, aka "TypeFilterLevel Vulnerability."
|
|||||
| CVE-2016-7954 | 1 Bundler | 1 Bundler | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
|
Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334.
|
|||||
| CVE-2014-6261 | 1 Zenoss | 1 Zenoss Core | 2025-04-12 | 9.3 HIGH | N/A |
|
Zenoss Core through 5 Beta 3 does not properly implement the Check For Updates feature, which allows remote attackers to execute arbitrary code by (1) spoofing the callhome server or (2) deploying a crafted web site that is visited during a login session, aka ZEN-12657.
|
|||||
| CVE-2014-1824 | 1 Microsoft | 8 Windows 7, Windows 8, Windows 8.1 and 5 more | 2025-04-12 | 9.3 HIGH | N/A |
|
Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted Journal (aka .JNT) file, aka "Windows Journal Remote Code Execution Vulnerability."
|
|||||
| CVE-2014-8445 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2025-04-12 | 10.0 HIGH | N/A |
|
Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8446, CVE-2014-8447, CVE-2014-8456, CVE-2014-8458, CVE-2014-8459, CVE-2014-8461, and CVE-2014-9158.
|
|||||
| CVE-2015-5603 | 1 Atlassian | 1 Hipchat | 2025-04-12 | 6.5 MEDIUM | N/A |
|
The HipChat for JIRA plugin before 6.30.0 for Atlassian JIRA allows remote authenticated users to execute arbitrary Java code via unspecified vectors, related to "Velocity Template Injection Vulnerability."
|
|||||