Total
5795 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-7086 | 1 Webbynode | 1 Webbynode | 2025-04-11 | 7.5 HIGH | N/A |
|
The message function in lib/webbynode/notify.rb in the Webbynode gem 1.0.5.3 and earlier for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a growlnotify message.
|
|||||
| CVE-2013-4330 | 1 Apache | 1 Camel | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Apache Camel before 2.9.7, 2.10.0 before 2.10.7, 2.11.0 before 2.11.2, and 2.12.0 allows remote attackers to execute arbitrary simple language expressions by including "$simple{}" in a CamelFileName message header to a (1) FILE or (2) FTP producer.
|
|||||
| CVE-2010-2137 | 1 Giaard | 1 Proman | 2025-04-11 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in _center.php in ProMan 0.1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
|
|||||
| CVE-2011-4825 | 3 Phpletter, Phpmyfaq, Tinymce | 3 Ajax File And Image Manager, Phpmyfaq, Tinymce | 2025-04-11 | 7.5 HIGH | N/A |
|
Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters.
|
|||||
| CVE-2010-1880 | 1 Microsoft | 6 Directx, Windows 2000, Windows 2003 Server and 3 more | 2025-04-11 | 9.3 HIGH | N/A |
|
Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "MJPEG Media Decompression Vulnerability."
|
|||||
| CVE-2010-2750 | 1 Microsoft | 2 Office, Word | 2025-04-11 | 9.3 HIGH | N/A |
|
Array index error in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Vulnerability."
|
|||||
| CVE-2010-4367 | 1 Awstats | 1 Awstats | 2025-04-11 | 7.5 HIGH | N/A |
|
awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located on a (1) WebDAV server or (2) NFS server.
|
|||||
| CVE-2010-1528 | 1 Uiga | 1 Proxy | 2025-04-11 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in include/template.php in Uiga Proxy, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the content parameter.
|
|||||
| CVE-2013-0143 | 1 Qnap | 3 Nas, Surveillance Station Pro, Viostor Network Video Recorder | 2025-04-11 | 6.5 MEDIUM | N/A |
|
cgi-bin/pingping.cgi on QNAP VioStor NVR devices with firmware 4.0.3, and in the Surveillance Station Pro component in QNAP NAS, allows remote authenticated users to execute arbitrary commands by leveraging guest access and placing shell metacharacters in the query string.
|
|||||
| CVE-2013-5332 | 4 Adobe, Apple, Linux and 1 more | 6 Air, Air Sdk, Flash Player and 3 more | 2025-04-11 | 9.3 HIGH | N/A |
|
Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before 11.9.900.170 on Windows and Mac OS X and before 11.2.202.332 on Linux, Adobe AIR before 3.9.0.1380, Adobe AIR SDK before 3.9.0.1380, and Adobe AIR SDK & Compiler before 3.9.0.1380 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
|
|||||
| CVE-2013-4203 | 1 Richard Cook | 1 Rgpg | 2025-04-11 | 7.5 HIGH | N/A |
|
The self.run_gpg function in lib/rgpg/gpg_helper.rb in the rgpg gem before 0.2.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors.
|
|||||
| CVE-2012-0671 | 1 Apple | 1 Quicktime | 2025-04-11 | 9.3 HIGH | N/A |
|
Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .pict file.
|
|||||
| CVE-2012-1919 | 1 Atmail | 1 Atmail Open | 2025-04-11 | 6.4 MEDIUM | N/A |
|
CRLF injection vulnerability in mime.php in @Mail WebMail Client in AtMail Open-Source before 1.05 allows remote attackers to conduct directory traversal attacks and read arbitrary files via a %0A sequence followed by a .. (dot dot) in the file parameter.
|
|||||
| CVE-2012-0209 | 1 Horde | 2 Groupware, Horde | 2025-04-11 | 7.5 HIGH | N/A |
|
Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edition 1.2.10, as distributed by FTP between November 2011 and February 2012, contains an externally introduced modification (Trojan Horse) in templates/javascript/open_calendar.js, which allows remote attackers to execute arbitrary PHP code.
|
|||||
| CVE-2013-3133 | 1 Microsoft | 1 .net Framework | 2025-04-11 | 9.3 HIGH | N/A |
|
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Anonymous Method Injection Vulnerability."
|
|||||
| CVE-2011-5147 | 1 Freewebshop | 1 Freewebshop | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Static code injection vulnerability in ajax_save_name.php in the Ajax File Manager module in the tinymce plugin in FreeWebshop 2.2.9 R2 and earlier allows remote attackers to inject arbitrary PHP code into data.php via the selected document, as demonstrated by a call to ajax_file_cut.php and then to ajax_save_name.php.
|
|||||
| CVE-2010-1622 | 2 Oracle, Springsource | 2 Fusion Middleware, Spring Framework | 2025-04-11 | 6.0 MEDIUM | N/A |
|
SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via an HTTP request containing class.classLoader.URLs[0]=jar: followed by a URL of a crafted .jar file.
|
|||||
| CVE-2013-3149 | 1 Microsoft | 1 Internet Explorer | 2025-04-11 | 9.3 HIGH | N/A |
|
Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
|
|||||
| CVE-2012-0014 | 2 Apple, Microsoft | 9 Mac Os X, .net Framework, Silverlight and 6 more | 2025-04-11 | 9.3 HIGH | 7.8 HIGH |
|
Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Unmanaged Objects Vulnerability."
|
|||||
| CVE-2010-0252 | 1 Microsoft | 6 Windows 2000, Windows 2003 Server, Windows 7 and 3 more | 2025-04-11 | 9.3 HIGH | N/A |
|
The Microsoft Data Analyzer ActiveX control (aka the Office Excel ActiveX control for Data Analysis) in max3activex.dll in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted web page that corrupts the "system state," aka "Microsoft Data Analyzer ActiveX Control Vulnerability."
|
|||||
| CVE-2010-0191 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2025-04-11 | 9.3 HIGH | N/A |
|
Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified vectors, related to a "prefix protocol handler vulnerability."
|
|||||
| CVE-2010-2132 | 1 Danny Ho | 1 Oes | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Open Education System (OES) 0.1 beta allow remote attackers to execute arbitrary PHP code via a URL in the CONF_INCLUDE_PATH parameter to (1) forum/admin.php and (2) plotgraph/index.php in admin/modules/modules/, and (3) admin_user/mod_admuser.php and (4) ogroup/mod_group.php in admin/modules/user_account/, different vectors than CVE-2007-1446.
|
|||||
| CVE-2012-4008 | 1 Cybozu | 1 Cybozu Live | 2025-04-11 | 6.8 MEDIUM | N/A |
|
The Cybozu Live application 1.0.4 and earlier for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site.
|
|||||
| CVE-2012-4791 | 1 Microsoft | 1 Exchange Server | 2025-04-11 | 3.5 LOW | N/A |
|
Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote authenticated users to cause a denial of service (Information Store service hang) by subscribing to a crafted RSS feed, aka "RSS Feed May Cause Exchange DoS Vulnerability."
|
|||||
| CVE-2013-5674 | 1 Moodle | 1 Moodle | 2025-04-11 | 7.5 HIGH | N/A |
|
badges/external.php in Moodle 2.5.x before 2.5.2 does not properly handle an object obtained by unserializing a description of an external badge, which allows remote attackers to conduct PHP object injection attacks via unspecified vectors, as demonstrated by overwriting the value of the userid parameter.
|
|||||
| CVE-2010-0245 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2025-04-11 | 9.3 HIGH | N/A |
|
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, and CVE-2010-0246.
|
|||||
| CVE-2012-4864 | 1 Oreans | 1 Winlicense | 2025-04-11 | 9.3 HIGH | N/A |
|
Oreans WinLicense 2.1.8.0 allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via a crafted xml file.
|
|||||
| CVE-2010-0247 | 1 Microsoft | 4 Internet Explorer, Windows 2000, Windows Server 2003 and 1 more | 2025-04-11 | 9.3 HIGH | N/A |
|
Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
|
|||||
| CVE-2010-1921 | 1 Openmairie | 1 Openannuaire | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in OpenMairie openAnnuaire 2.00, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) annuaire.class.php, (2) droit.class.php, (3) collectivite.class.php, (4) profil.class.php, (5) direction.class.php, (6) service.class.php, (7) directiongenerale.class.php, and (8) utilisateur.class.php in obj/.
|
|||||
| CVE-2010-3326 | 1 Microsoft | 4 Internet Explorer, Windows 2003 Server, Windows Server 2003 and 1 more | 2025-04-11 | 9.3 HIGH | N/A |
|
Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
|
|||||
| CVE-2010-4988 | 1 Familycms | 1 Family Connections Who Is Chatting | 2025-04-11 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in mod_chatting/themes/default/header.php in Family Connections Who is Chatting 2.2.3 allows remote attackers to execute arbitrary PHP code via a URL in the TMPL[path] parameter.
|
|||||
| CVE-2010-2771 | 1 Ibm | 1 Soliddb | 2025-04-11 | 10.0 HIGH | N/A |
|
solid.exe in IBM solidDB before 6.5 FP2 allows remote attackers to execute arbitrary code via a long username field in the first handshake packet.
|
|||||
| CVE-2012-6329 | 1 Perl | 1 Perl | 2025-04-11 | 7.5 HIGH | N/A |
|
The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6.
|
|||||
| CVE-2012-4707 | 1 3s-software | 1 Codesys Gateway-server | 2025-04-11 | 10.0 HIGH | N/A |
|
3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via vectors that trigger an out-of-bounds memory access.
|
|||||
| CVE-2013-5325 | 2 Adobe, Microsoft | 3 Acrobat, Acrobat Reader, Windows | 2025-04-11 | 9.3 HIGH | N/A |
|
Adobe Reader and Acrobat 11.x before 11.0.05 on Windows allow remote attackers to execute arbitrary JavaScript code in a javascript: URL via a crafted PDF document.
|
|||||
| CVE-2010-0483 | 1 Microsoft | 5 Internet Explorer, Windows 2000, Windows 2003 Server and 2 more | 2025-04-11 | 7.6 HIGH | N/A |
|
vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution involving winhlp32.exe when the F1 key is pressed, aka "VBScript Help Keypress Vulne ...
Show More |
|||||
| CVE-2010-4939 | 1 Scripts.bdr130 | 1 Mailform | 2025-04-11 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in index.php in MailForm 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the theme parameter.
|
|||||
| CVE-2012-3355 | 1 Gnome | 1 Rhythmbox | 2025-04-11 | 3.6 LOW | N/A |
|
(1) AlbumTab.py, (2) ArtistTab.py, (3) LinksTab.py, and (4) LyricsTab.py in the Context module in GNOME Rhythmbox 0.13.3 and earlier allows local users to execute arbitrary code via a symlink attack on a temporary HTML template file in the /tmp/context directory.
|
|||||
| CVE-2013-3508 | 1 Gwos | 1 Groundwork Monitor | 2025-04-11 | 6.5 MEDIUM | N/A |
|
html/System-Files.php in the System File Overview feature in the NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to execute arbitrary commands via vectors involving file editing.
|
|||||
| CVE-2010-1360 | 1 Boesch-it | 1 Faqengine | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in FAQEngine 4.24.00 allow remote attackers to execute arbitrary PHP code via a URL in the path_faqe parameter to (1) attachs.php, (2) backup.php, (3) badwords.php, (4) categories.php, (5) changepw.php, (6) colorchooser.php, (7) colorwheel.php, (8) dbfiles.php, (9) diraccess.php, (10) faq.php, (11) index.php, (12) kb.php, and (13) stats.php.
|
|||||