Total
5795 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-5224 | 1 Vbadvanced | 1 Vbadvanced Cmps | 2025-04-11 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in vb/includes/vba_cmps_include_bottom.php in vBadvanced CMPS 3.2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pages[template] parameter.
|
|||||
| CVE-2011-3400 | 1 Microsoft | 2 Windows Server 2003, Windows Xp | 2025-04-11 | 9.3 HIGH | N/A |
|
Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 do not properly handle OLE objects in memory, which allows remote attackers to execute arbitrary code via a crafted object in a file, aka "OLE Property Vulnerability."
|
|||||
| CVE-2012-2290 | 1 Emc | 1 Networker Module For Microsoft Applications | 2025-04-11 | 9.3 HIGH | N/A |
|
The client in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375 allows remote attackers to execute arbitrary code by sending a crafted message over a TCP communication channel.
|
|||||
| CVE-2010-3909 | 1 Vtiger | 1 Vtiger Crm | 2025-04-11 | 6.0 MEDIUM | N/A |
|
Incomplete blacklist vulnerability in config.template.php in vtiger CRM before 5.2.1 allows remote authenticated users to execute arbitrary code by using the draft save feature in the Compose Mail component to upload a file with a .phtml extension, and then accessing this file via a direct request to the file in the storage/ directory tree.
|
|||||
| CVE-2010-4964 | 1 Dlink | 2 Dcs-2121, Dcs-2121 Firmware | 2025-04-11 | 9.0 HIGH | N/A |
|
recorder_test.cgi on the D-Link DCS-2121 camera with firmware 1.04 allows remote attackers to execute arbitrary commands via shell metacharacters in the Password field, related to a "semicolon injection" vulnerability.
|
|||||
| CVE-2012-2174 | 1 Ibm | 1 Lotus Notes | 2025-04-11 | 9.3 HIGH | N/A |
|
The URL handler in IBM Lotus Notes 8.x before 8.5.3 FP2 allows remote attackers to execute arbitrary code via a crafted notes:// URL.
|
|||||
| CVE-2013-3178 | 1 Microsoft | 1 Silverlight | 2025-04-11 | 9.3 HIGH | N/A |
|
Microsoft Silverlight 5 before 5.1.20513.0 does not properly initialize arrays, which allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via a crafted Silverlight application, aka "Null Pointer Vulnerability."
|
|||||
| CVE-2013-3148 | 1 Microsoft | 1 Internet Explorer | 2025-04-11 | 9.3 HIGH | N/A |
|
Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3153.
|
|||||
| CVE-2010-3088 | 2 Jianping Yu, Pidgin | 2 Pidgin-knotify, Pidgin | 2025-04-11 | 5.1 MEDIUM | N/A |
|
The notify function in pidgin-knotify.c in the pidgin-knotify plugin 0.2.1 and earlier for Pidgin allows remote attackers to execute arbitrary commands via shell metacharacters in a message.
|
|||||
| CVE-2011-4545 | 1 Prestashop | 1 Prestashop | 2025-04-11 | 5.0 MEDIUM | N/A |
|
CRLF injection vulnerability in admin/displayImage.php in Prestashop 1.4.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the name parameter.
|
|||||
| CVE-2013-1637 | 1 Opera | 1 Opera Browser | 2025-04-11 | 9.3 HIGH | N/A |
|
Opera before 12.13 allows remote attackers to execute arbitrary code via vectors involving DOM events.
|
|||||
| CVE-2012-0295 | 1 Symantec | 1 Endpoint Protection | 2025-04-11 | 9.3 HIGH | N/A |
|
The Manager service in the management console in Symantec Endpoint Protection (SEP) 12.1 before 12.1 RU1-MP1 allows remote attackers to conduct file-insertion attacks and execute arbitrary code by leveraging exploitation of CVE-2012-0294.
|
|||||
| CVE-2012-5836 | 4 Canonical, Mozilla, Opensuse and 1 more | 8 Ubuntu Linux, Firefox, Seamonkey and 5 more | 2025-04-11 | 7.5 HIGH | N/A |
|
Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving the setting of Cascading Style Sheets (CSS) properties in conjunction with SVG text.
|
|||||
| CVE-2013-3079 | 1 Vmware | 1 Vcenter Server Appliance | 2025-04-11 | 9.0 HIGH | N/A |
|
VMware vCenter Server Appliance (vCSA) 5.1 before Update 1 allows remote authenticated users to execute arbitrary programs with root privileges by leveraging Virtual Appliance Management Interface (VAMI) access.
|
|||||
| CVE-2010-2213 | 1 Adobe | 3 Adobe Air, Flash Player, Flash Player For Linux | 2025-04-11 | 9.3 HIGH | N/A |
|
Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-0209, CVE-2010-2214, and CVE-2010-2216.
|
|||||
| CVE-2014-1202 | 2 Eviware, Smartbear | 2 Soapui, Soapui | 2025-04-11 | 9.3 HIGH | N/A |
|
The WSDL/WADL import functionality in SoapUI before 4.6.4 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file.
|
|||||
| CVE-2010-4096 | 1 Monkeysphere Project | 1 Monkeysphere | 2025-04-11 | 4.6 MEDIUM | N/A |
|
share/ma/keys_for_user in Monkeysphere 0.31 and 0.32 allows local users to execute arbitrary code via unknown manipulations related to the "monkeysphere-authentication keys-for-user" command.
|
|||||
| CVE-2010-3085 | 1 David Shadoff | 1 Mednafen | 2025-04-11 | 10.0 HIGH | N/A |
|
The network-play implementation in Mednafen before 0.8.D might allow remote servers to execute arbitrary code via unspecified vectors, related to "stack manipulation" issues.
|
|||||
| CVE-2009-4789 | 2 Joomla, Mojoblog | 2 Joomla, Mojoblog | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in the MojoBlog component RC 0.15 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) wp-comments-post.php and (2) wp-trackback.php.
|
|||||
| CVE-2011-5130 | 1 Haudenschilt | 1 Family Connections Cms | 2025-04-11 | 6.8 MEDIUM | N/A |
|
dev/less.php in Family Connections CMS (FCMS) 2.5.0 - 2.7.1, when register_globals is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the argv[1] parameter.
|
|||||
| CVE-2010-2553 | 1 Microsoft | 3 Windows 7, Windows Vista, Windows Xp | 2025-04-11 | 9.3 HIGH | N/A |
|
The Cinepak codec in Microsoft Windows XP SP2 and SP3, Windows Vista SP1 and SP2, and Windows 7 does not properly decompress media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Cinepak Codec Decompression Vulnerability."
|
|||||
| CVE-2012-0168 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2025-04-11 | 7.6 HIGH | N/A |
|
Microsoft Internet Explorer 6 through 9 allows user-assisted remote attackers to execute arbitrary code via a crafted HTML document that is not properly handled during a "Print table of links" print operation, aka "Print Feature Remote Code Execution Vulnerability."
|
|||||
| CVE-2010-2789 | 1 Mediawiki | 1 Mediawiki | 2025-04-11 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in MediaWikiParserTest.php in MediaWiki 1.16 beta, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via unspecified vectors.
|
|||||
| CVE-2010-0179 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-11 | 5.1 MEDIUM | N/A |
|
Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute arbitrary JavaScript via a crafted HTTP response.
|
|||||
| CVE-2012-5690 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2025-04-11 | 9.3 HIGH | N/A |
|
RealNetworks RealPlayer before 16.0.0.282 and RealPlayer SP 1.0 through 1.1.5 allow remote attackers to execute arbitrary code via a RealAudio file that triggers access to an invalid pointer.
|
|||||
| CVE-2010-1944 | 1 Openmairie | 1 Opencimetiere | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in openMairie openCimetiere 2.01, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) autorisation.class.php, (2) courrierautorisation.class.php, (3) droit.class.php, (4) profil.class.php, (5) temp_defunt_sansemplacement.class.php, (6) utils.class.php, (7) cimetiere.class.php, (8) defunt.class.php, (9) emplacement.class.php, (10) tab_emplacement.class.php, (11) temp_emp ...
Show More |
|||||
| CVE-2012-0138 | 1 Microsoft | 1 Visio Viewer | 2025-04-11 | 9.3 HIGH | N/A |
|
Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0137.
|
|||||
| CVE-2013-2802 | 1 Sixnet | 2 Rtu Firmware, Udr | 2025-04-11 | 10.0 HIGH | N/A |
|
The universal protocol implementation in Sixnet UDR before 2.0 and RTU firmware before 4.8 allows remote attackers to execute arbitrary code; read, modify, or create files; or obtain file metadata via function opcodes.
|
|||||
| CVE-2010-1272 | 1 Komputer.boo | 1 Gnat-tgp | 2025-04-11 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in includes/tgpinc.php in Gnat-TGP 1.2.20 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter.
|
|||||
| CVE-2010-0195 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2025-04-11 | 9.3 HIGH | N/A |
|
Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, do not properly handle fonts, which allows attackers to execute arbitrary code via unspecified vectors.
|
|||||
| CVE-2011-3413 | 1 Microsoft | 4 Office, Office Compatibility Pack, Powerpoint and 1 more | 2025-04-11 | 9.3 HIGH | N/A |
|
Microsoft PowerPoint 2007 SP2; Office 2008 for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and PowerPoint Viewer 2007 SP2 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an invalid OfficeArt record in a PowerPoint document, aka "OfficeArt Shape RCE Vulnerability."
|
|||||
| CVE-2010-0244 | 1 Microsoft | 7 Internet Explorer, Windows 2000, Windows 7 and 4 more | 2025-04-11 | 9.3 HIGH | N/A |
|
Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2530 and CVE-2009-2531.
|
|||||
| CVE-2010-0019 | 2 Apple, Microsoft | 3 Mac Os X, Silverlight, Windows | 2025-04-11 | 9.3 HIGH | N/A |
|
Microsoft Silverlight 3 before 3.0.50611.0 on Windows, and before 3.0.41130.0 on Mac OS X, does not properly handle pointers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and framework outage) via a crafted web site, aka "Microsoft Silverlight Memory Corruption Vulnerability."
|
|||||
| CVE-2010-0824 | 1 Microsoft | 2 Excel, Office | 2025-04-11 | 9.3 HIGH | N/A |
|
Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed WOPT (0x80B) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0821 and CVE-2010-1245.
|
|||||
| CVE-2012-1523 | 1 Microsoft | 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more | 2025-04-11 | 9.3 HIGH | N/A |
|
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Center Element Remote Code Execution Vulnerability."
|
|||||
| CVE-2010-1251 | 1 Microsoft | 2 Excel, Office | 2025-04-11 | 9.3 HIGH | N/A |
|
Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel Record Stack Corruption Vulnerability."
|
|||||
| CVE-2013-3146 | 1 Microsoft | 1 Internet Explorer | 2025-04-11 | 9.3 HIGH | N/A |
|
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3152.
|
|||||
| CVE-2010-2564 | 1 Microsoft | 1 Windows Movie Maker | 2025-04-11 | 9.3 HIGH | N/A |
|
Buffer overflow in Microsoft Windows Movie Maker (WMM) 2.1, 2.6, and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted project file, aka "Movie Maker Memory Corruption Vulnerability."
|
|||||
| CVE-2013-3384 | 1 Cisco | 4 Content Security Management, Email Security Appliance Firmware, Ironport Asyncos and 1 more | 2025-04-11 | 9.0 HIGH | N/A |
|
The web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-550; Email Security Appliance devices before 7.1.5-104, 7.3 before 7.3.2-026, 7.5 before 7.5.2-203, and 7.6 before 7.6.3-019; and Content Security Management Appliance devices before 7.2.2-110, 7.7 before 7.7.0-213, and 7.8 and 7.9 before 7.9.1-102 allows remote authenticated users to execute arbitrary commands via crafted command-line input in a URL, aka Bug ...
Show More |
|||||
| CVE-2011-1508 | 1 Microsoft | 1 Publisher | 2025-04-11 | 9.3 HIGH | N/A |
|
Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, does not properly manage memory allocations for function pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Function Pointer Overwrite Vulnerability."
|
|||||