Total
5668 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-36568 | 1 Mayurik | 1 Gas Agency Management System | 2025-04-11 | N/A | 9.8 CRITICAL |
| Sourcecodester Gas Agency Management System v1.0 is vulnerable to SQL Injection via /gasmark/editbrand.php?id=. | |||||
| CVE-2024-41304 | 1 Wondercms | 1 Wondercms | 2025-04-11 | N/A | 5.4 MEDIUM |
| An arbitrary file upload vulnerability in the uploadFileAction() function of WonderCMS v3.4.3 allows attackers to execute arbitrary code via a crafted SVG file. | |||||
| CVE-2024-42634 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2025-04-11 | N/A | 9.8 CRITICAL |
| A Command Injection vulnerability exists in formWriteFacMac of the httpd binary in Tenda AC9 v15.03.06.42. As a result, attacker can execute OS commands with root privileges. | |||||
| CVE-2024-30878 | 1 Rageframe | 1 Rageframe | 2025-04-11 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the upload_drive parameter. | |||||
| CVE-2011-2386 | 1 Visiwave | 1 Site Survey | 2025-04-11 | 9.3 HIGH | N/A |
| VisiWaveReport.exe in AZO Technologies, Inc. VisiWave Site Survey before 2.1.9 allows user-assisted remote attackers to execute arbitrary code via a (1) vws and (2) vwr file with an invalid Type property, which triggers an untrusted pointer dereference. | |||||
| CVE-2013-2121 | 2 Redhat, Theforeman | 2 Openstack, Foreman | 2025-04-11 | 6.0 MEDIUM | N/A |
| Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute. | |||||
| CVE-2013-2817 | 1 Mitsubishielectric | 1 Mc-worx Suite | 2025-04-11 | 9.3 HIGH | N/A |
| An ActiveX control in IcoLaunch.dll in Mitsubishi Electric Automation MC-WorX Suite 8.02 allows user-assisted remote attackers to execute arbitrary programs via a crafted HTML document in conjunction with a Login Client button click. | |||||
| CVE-2010-5040 | 2 John Bradshaw, Nucleuscms | 2 Np Gallery Plugin, Nucleus | 2025-04-11 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in nucleus/plugins/NP_gallery.php in the NP_Gallery plugin 0.94 for Nucleus allows remote attackers to execute arbitrary PHP code via a URL in the DIR_NUCLEUS parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-2809 | 1 Uzbl | 1 Uzbl | 2025-04-11 | 6.8 MEDIUM | N/A |
| The default configuration of the <Button2> binding in Uzbl before 2010.08.05 does not properly use the @SELECTED_URI feature, which allows user-assisted remote attackers to execute arbitrary commands via a crafted HREF attribute of an A element in an HTML document. | |||||
| CVE-2010-1259 | 1 Microsoft | 7 Internet Explorer, Windows 2000, Windows 2003 Server and 4 more | 2025-04-11 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." | |||||
| CVE-2011-4257 | 1 Realnetworks | 1 Realplayer | 2025-04-11 | 9.3 HIGH | N/A |
| The Cook codec in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via crafted channel data. | |||||
| CVE-2012-5293 | 1 Redgraphic | 1 Sapid Cms | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in SAPID CMS 1.2.3 Stable allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[root_path] parameter to usr/extensions/get_tree.inc.php or (2) root_path parameter to usr/extensions/get_infochannel.inc.php. | |||||
| CVE-2010-1901 | 1 Microsoft | 5 Office, Office Compatibility Pack, Office Word Viewer and 2 more | 2025-04-11 | 9.3 HIGH | N/A |
| Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly handle unspecified properties in rich text data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RTF document, aka "Word RTF Parsing Engine Memory Corruption Vulnerability." | |||||
| CVE-2011-0084 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-11 | 10.0 HIGH | N/A |
| The SVGTextElement.getCharNumAtPosition function in Mozilla Firefox before 3.6.20, and 4.x through 5; Thunderbird 3.x before 3.1.12 and other versions before 6; SeaMonkey 2.x before 2.3; and possibly other products does not properly handle SVG text, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer." | |||||
| CVE-2013-1899 | 2 Canonical, Postgresql | 2 Ubuntu Linux, Postgresql | 2025-04-11 | 6.5 MEDIUM | N/A |
| Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a "-" (hyphen). | |||||
| CVE-2013-0618 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2025-04-11 | 10.0 HIGH | N/A |
| Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error," a different vulnerability than CVE-2013-0607, CVE-2013-0608, CVE-2013-0611, and CVE-2013-0614. | |||||
| CVE-2012-0019 | 1 Microsoft | 1 Visio Viewer | 2025-04-11 | 9.3 HIGH | N/A |
| Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0020, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138. | |||||
| CVE-2010-1342 | 1 Directnews | 1 Direct News | 2025-04-11 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Direct News 4.10.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter to (1) admin/menu.php and (2) library/lib.menu.php; and the adminroot parameter to (3) admin/media/update_content.php and (4) library/class.backup.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-4884 | 1 Hinnendahl | 1 Gaestebuch | 2025-04-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in guestbook/gbook.php in Gaestebuch 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the script_pfad parameter. | |||||
| CVE-2010-3228 | 1 Microsoft | 6 .net Framework, Windows 7, Windows Server 2003 and 3 more | 2025-04-11 | 9.3 HIGH | N/A |
| The JIT compiler in Microsoft .NET Framework 4.0 on 64-bit platforms does not properly perform optimizations, which allows remote attackers to execute arbitrary code via a crafted .NET application that triggers memory corruption, aka ".NET Framework x64 JIT Compiler Vulnerability." | |||||