Total
5795 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-5164 | 2 Kingsoft, Microsoft | 2 Personal Firewall 9, Windows Xp | 2025-04-11 | 6.2 MEDIUM | 5.3 MEDIUM |
|
Race condition in KingSoft Personal Firewall 9 Plus 2009.05.07.70 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where ...
Show More |
|||||
| CVE-2011-4075 | 1 Phpldapadmin Project | 1 Phpldapadmin | 2025-04-11 | 7.5 HIGH | N/A |
|
The masort function in lib/functions.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to execute arbitrary PHP code via the orderby parameter (aka sortby variable) in a query_engine action to cmd.php, as exploited in the wild in October 2011.
|
|||||
| CVE-2011-3411 | 1 Microsoft | 1 Publisher | 2025-04-11 | 9.3 HIGH | N/A |
|
Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Invalid Pointer Vulnerability."
|
|||||
| CVE-2013-6830 | 1 Pineapp | 1 Mail-secure 5099sk | 2025-04-11 | 7.5 HIGH | N/A |
|
admin/confnetworking.html in PineApp Mail-SeCure 3.70 and earlier on 5099SK and earlier platforms allows remote attackers to execute arbitrary commands via shell metacharacters in the nsserver parameter during an nslookup operation.
|
|||||
| CVE-2010-4914 | 1 Deltascripts | 1 Php Classifieds | 2025-04-11 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in tools/phpmailer/class.phpmailer.php in PHP Classifieds 7.3 allows remote attackers to execute arbitrary PHP code via a URL in the lang_path parameter.
|
|||||
| CVE-2012-0693 | 1 Whmcs | 1 Whmcompletesolution | 2025-04-11 | 5.0 MEDIUM | N/A |
|
submitticket.php in WHMCompleteSolution (WHMCS) 5.03 allows remote attackers to inject arbitrary code into a subject field via crafted ticket data, a different vulnerability than CVE-2011-5061. NOTE: the vendor disputes this issue, noting that some of the details overlap CVE-2011-5061, but that it "says it affects V5.0.3, and the submitticket.php file, both of which are wrong.
|
|||||
| CVE-2010-3205 | 1 Textpattern | 1 Textpattern | 2025-04-11 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in index.php in Textpattern CMS 4.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc parameter.
|
|||||
| CVE-2013-0745 | 4 Canonical, Mozilla, Opensuse and 1 more | 9 Ubuntu Linux, Firefox, Seamonkey and 6 more | 2025-04-11 | 9.3 HIGH | N/A |
|
The AutoWrapperChanger class in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly interact with garbage collection, which allows remote attackers to execute arbitrary code via a crafted HTML document referencing JavaScript objects.
|
|||||
| CVE-2010-4943 | 1 Brothersoft | 1 Saurus Cms | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Saurus CMS 4.7.0 allow remote attackers to execute arbitrary PHP code via a URL in the class_path parameter to (1) file.php or (2) com_del.php.
|
|||||
| CVE-2010-2809 | 1 Uzbl | 1 Uzbl | 2025-04-11 | 6.8 MEDIUM | N/A |
|
The default configuration of the <Button2> binding in Uzbl before 2010.08.05 does not properly use the @SELECTED_URI feature, which allows user-assisted remote attackers to execute arbitrary commands via a crafted HREF attribute of an A element in an HTML document.
|
|||||
| CVE-2012-4049 | 2 Opensuse, Wireshark | 2 Opensuse, Wireshark | 2025-04-11 | 2.9 LOW | N/A |
|
epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (loop and CPU consumption) via a crafted packet.
|
|||||
| CVE-2013-2616 | 1 Rubygems | 1 Mini Magick | 2025-04-11 | 7.5 HIGH | N/A |
|
lib/mini_magick.rb in the MiniMagick Gem 1.3.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.
|
|||||
| CVE-2010-2163 | 2 Adobe, Macromedia | 3 Air, Flash Player, Flash Player | 2025-04-11 | 9.3 HIGH | N/A |
|
Multiple unspecified vulnerabilities in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unknown vectors.
|
|||||
| CVE-2012-2522 | 1 Microsoft | 1 Internet Explorer | 2025-04-11 | 9.3 HIGH | N/A |
|
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a malformed virtual function table after this table's deletion, aka "Virtual Function Table Corruption Remote Code Execution Vulnerability."
|
|||||
| CVE-2011-4247 | 1 Realnetworks | 1 Realplayer | 2025-04-11 | 9.3 HIGH | N/A |
|
RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted QCELP stream.
|
|||||
| CVE-2009-4768 | 1 Blizzard | 1 Warcraft 3 The Frozen Throne | 2025-04-11 | 9.3 HIGH | N/A |
|
Unspecified vulnerability in the JASS script interpreter in Warcraft III: The Frozen Throne 1.24b and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted custom map. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2013-3200 | 1 Microsoft | 8 Windows 7, Windows 8, Windows Rt and 5 more | 2025-04-11 | 7.2 HIGH | N/A |
|
The USB drivers in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allow physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability."
|
|||||
| CVE-2010-2314 | 2 Edmondhui.homeip, Nucleus Group | 2 Np Twitter, Nucleus Cms | 2025-04-11 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in nucleus/plugins/NP_Twitter.php in the NP_Twitter Plugin 0.8 and 0.9 for Nucleus, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the DIR_PLUGINS parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2010-3210 | 1 Martin Lee | 1 Multi-lingual E-commerce System | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Multi-lingual E-Commerce System 0.2 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) checkout2-CYM.php, (2) checkout2-EN.php, (3) checkout2-FR.php, (4) cat-FR.php, (5) cat-EN.php, (6) cat-CYM.php, (7) checkout1-CYM.php, (8) checkout1-EN.php, (9) checkout1-FR.php, (10) prod-CYM.php, (11) prod-EN.php, and (12) prod-FR.php in inc/.
|
|||||
| CVE-2009-1571 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-11 | 10.0 HIGH | N/A |
|
Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to execute arbitrary code via unspecified method calls that attempt to access freed objects in low-memory situations.
|
|||||
| CVE-2013-1899 | 2 Canonical, Postgresql | 2 Ubuntu Linux, Postgresql | 2025-04-11 | 6.5 MEDIUM | N/A |
|
Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a "-" (hyphen).
|
|||||
| CVE-2010-0966 | 1 Dzcp | 1 Dev\!l\'z Clanportal | 2025-04-11 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in inc/config.php in deV!L`z Clanportal (DZCP) 1.5.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the basePath parameter.
|
|||||
| CVE-2011-0386 | 1 Cisco | 2 Telepresence Recording Server, Telepresence Recording Server Software | 2025-04-11 | 9.3 HIGH | N/A |
|
The XML-RPC implementation on Cisco TelePresence Recording Server devices with software 1.6.x and 1.7.x before 1.7.1 allows remote attackers to overwrite files and consequently execute arbitrary code via a malformed request, aka Bug ID CSCti50739.
|
|||||
| CVE-2010-1868 | 1 Php | 1 Php | 2025-04-11 | 7.5 HIGH | N/A |
|
The (1) sqlite_single_query and (2) sqlite_array_query functions in ext/sqlite/sqlite.c in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to execute arbitrary code by calling these functions with an empty SQL query, which triggers access of uninitialized memory.
|
|||||
| CVE-2010-1215 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1 do not properly implement access to a content object through a SafeJSObjectWrapper (aka SJOW) wrapper, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging "access to an object from the chrome scope."
|
|||||
| CVE-2010-2626 | 1 Miyabi-seo | 1 Cgi Tools Seo Links | 2025-04-11 | 7.5 HIGH | N/A |
|
index.pl in Miyabi CGI Tools SEO Links 1.02 allows remote attackers to execute arbitrary commands via shell metacharacters in the fn command. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2013-7069 | 1 Beyondgrep | 1 Ack | 2025-04-11 | 6.8 MEDIUM | N/A |
|
ack 2.00 through 2.11_02 allows remote attackers to execute arbitrary code via a (1) --pager, (2) --regex, or (3) --output option in a .ackrc file in a directory to be searched.
|
|||||
| CVE-2013-0077 | 1 Microsoft | 4 Windows Server 2003, Windows Server 2008, Windows Vista and 1 more | 2025-04-11 | 9.3 HIGH | N/A |
|
Quartz.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via crafted media content in (1) a media file, (2) a media stream, or (3) a Microsoft Office document, aka "Media Decompression Vulnerability."
|
|||||
| CVE-2010-3189 | 1 Trendmicro | 1 Internet Security | 2025-04-11 | 9.3 HIGH | N/A |
|
The extSetOwner function in the UfProxyBrowserCtrl ActiveX control (UfPBCtrl.dll) in Trend Micro Internet Security Pro 2010 allows remote attackers to execute arbitrary code via an invalid address that is dereferenced as a pointer.
|
|||||
| CVE-2010-1120 | 1 Apple | 2 Mac Os X, Safari | 2025-04-11 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Safari 4 on Apple Mac OS X 10.6 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Charlie Miller during a Pwn2Own competition at CanSecWest 2010.
|
|||||
| CVE-2013-0618 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2025-04-11 | 10.0 HIGH | N/A |
|
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error," a different vulnerability than CVE-2013-0607, CVE-2013-0608, CVE-2013-0611, and CVE-2013-0614.
|
|||||
| CVE-2010-1978 | 1 Freephpblogsoftware | 1 Freephpblogsoftware | 2025-04-11 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in default_theme.php in FreePHPBlogSoftware 1.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the phpincdir parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2010-2991 | 1 Citrix | 1 Online Plug-in For Windows For Xenapp \& Xendesktop | 2025-04-11 | 9.3 HIGH | N/A |
|
The IICAClient interface in the ICAClient library in the ICA Client ActiveX Object (aka ICO) component in Citrix Online Plug-in for Windows for XenApp & XenDesktop before 12.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document that triggers the reading of a .ICA file.
|
|||||
| CVE-2013-2035 | 1 Redhat | 1 Hawtjni | 2025-04-11 | 4.4 MEDIUM | N/A |
|
Race condition in hawtjni-runtime/src/main/java/org/fusesource/hawtjni/runtime/Library.java in HawtJNI before 1.8, when a custom library path is not specified, allows local users to execute arbitrary Java code by overwriting a temporary JAR file with a predictable name in /tmp.
|
|||||
| CVE-2010-0248 | 1 Microsoft | 7 Internet Explorer, Windows 2000, Windows 7 and 4 more | 2025-04-11 | 9.3 HIGH | 8.1 HIGH |
|
Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability."
|
|||||
| CVE-2013-3520 | 1 Vmware | 1 Vcenter Chargeback Manager | 2025-04-11 | 7.5 HIGH | N/A |
|
VMware vCenter Chargeback Manager (aka CBM) before 2.5.1 does not proper handle uploads, which allows remote attackers to execute arbitrary code via unspecified vectors.
|
|||||
| CVE-2010-4924 | 1 Clearbudget | 1 Clearbudget | 2025-04-11 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in logic/controller.class.php in clearBudget 0.9.8 allows remote attackers to execute arbitrary PHP code via a URL in the actionPath parameter. NOTE: this issue has been disputed by a reliable third party
|
|||||
| CVE-2013-5331 | 4 Adobe, Apple, Linux and 1 more | 6 Air, Air Sdk, Flash Player and 3 more | 2025-04-11 | 9.3 HIGH | N/A |
|
Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before 11.9.900.170 on Windows and Mac OS X and before 11.2.202.332 on Linux, Adobe AIR before 3.9.0.1380, Adobe AIR SDK before 3.9.0.1380, and Adobe AIR SDK & Compiler before 3.9.0.1380 allow remote attackers to execute arbitrary code via crafted .swf content that leverages an unspecified "type confusion," as exploited in the wild in December 2013.
|
|||||
| CVE-2013-3145 | 1 Microsoft | 1 Internet Explorer | 2025-04-11 | 9.3 HIGH | N/A |
|
Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3150.
|
|||||
| CVE-2011-3828 | 1 Sunplus-tech | 1 Dvr Remote Activex Control | 2025-04-11 | 9.3 HIGH | N/A |
|
DVRemoteAx.ax 2.1.0.39 in the DVR Remote ActiveX control allows remote attackers to execute arbitrary code via a crafted DVRobot.dll file in a manifest directory on a web server.
|
|||||