Vulnerabilities (CVE)

Filtered by CWE-94
Total 6516 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-5646 1 Cybozu 1 Garoon 2026-06-17 8.5 HIGH N/A
Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-863 and CyVDB-867.
CVE-2015-5644 1 Icz 1 Matchasns 2026-06-17 6.8 MEDIUM N/A
The installer in ICZ MATCHA SNS before 1.3.7 does not properly configure the database, which allows remote attackers to execute arbitrary PHP code via unspecified vectors.
CVE-2015-5643 1 Icz 1 Matchasns 2026-06-17 6.8 MEDIUM N/A
The installer in ICZ MATCHA INVOICE before 2.5.7 does not properly configure the database, which allows remote attackers to execute arbitrary PHP code via unspecified vectors.
CVE-2015-5603 1 Atlassian 1 Hipchat 2026-06-17 6.5 MEDIUM N/A
The HipChat for JIRA plugin before 6.30.0 for Atlassian JIRA allows remote authenticated users to execute arbitrary Java code via unspecified vectors, related to "Velocity Template Injection Vulnerability."
CVE-2015-5243 1 Phpwhois Project 1 Phpwhois 2026-06-17 7.5 HIGH 9.8 CRITICAL
phpWhois allows remote attackers to execute arbitrary code via a crafted whois record.
CVE-2015-5242 1 Redhat 1 Gluster Storage 2026-06-17 6.0 MEDIUM N/A
OpenStack Swift-on-File (aka Swiftonfile) does not properly restrict use of the pickle Python module when loading metadata, which allows remote authenticated users to execute arbitrary code via a crafted extended attribute (xattrs).
CVE-2015-4726 1 Audiosharescript 1 Audioshare 2026-06-17 7.5 HIGH N/A
PHP remote file inclusion vulnerability in ajax/myajaxphp.php in AudioShare 2.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the config['basedir'] parameter.
CVE-2015-4338 1 Xcloner 1 Xcloner 2026-06-17 6.5 MEDIUM N/A
Static code injection vulnerability in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to inject arbitrary PHP code into the language files via a Translation LM_FRONT_* field for a language, as demonstrated by language/italian.php.
CVE-2015-3640 1 Phpmybackuppro 1 Phpmybackuppro 2026-06-17 6.0 MEDIUM 7.5 HIGH
phpMyBackupPro 2.5 and earlier does not properly escape the "." character in request parameters, which allows remote authenticated users with knowledge of a web-accessible and web-writeable directory on the target system to inject and execute arbitrary PHP scripts by injecting scripts via the path, filename, and dirs parameters to scheduled.php, and making requests to injected scripts.
CVE-2015-3638 1 Phpmybackuppro 1 Phpmybackuppro 2026-06-17 6.5 MEDIUM 8.8 HIGH
phpMyBackupPro before 2.5 does not validate integer input, which allows remote authenticated users to execute arbitrary PHP code by injecting scripts via the path, filename, and period parameters to scheduled.php, and making requests to injected scripts, or by injecting PHP into a PHP configuration variable via a PHP variable variable.
CVE-2015-3446 1 Alienvault 1 Unified Security Management 2026-06-17 9.3 HIGH N/A
The Framework Daemon in AlienVault Unified Security Management before 4.15 allows remote attackers to execute arbitrary Python code via a crafted plugin configuration file (.cfg).
CVE-2015-3173 1 Custom Content Type Manager Project 1 Custom Content Type Manager 2026-06-17 6.5 MEDIUM 7.2 HIGH
custom-content-type-manager Wordpress plugin can be used by an administrator to achieve arbitrary PHP remote code execution.
CVE-2015-2945 1 H-fj 1 Mt-phpincgi 2026-06-17 7.5 HIGH N/A
mt-phpincgi.php in Hajime Fujimoto mt-phpincgi before 2015-05-15 does not properly restrict URLs, which allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted request, as exploited in the wild in May 2015.
CVE-2015-2308 1 Sensiolabs 1 Symfony 2026-06-17 6.8 MEDIUM N/A
Eval injection vulnerability in the HttpCache class in HttpKernel in Symfony 2.x before 2.3.27, 2.4.x and 2.5.x before 2.5.11, and 2.6.x before 2.6.6 allows remote attackers to execute arbitrary PHP code via a language="php" attribute of a SCRIPT element.
CVE-2015-2252 1 Huawei 2 Oceanstor Uds, Oceanstor Uds Firmware 2026-06-17 9.3 HIGH 8.8 HIGH
Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to execute arbitrary code with root privileges via a crafted UDS patch with shell scripts.
CVE-2015-2171 1 Slimframework 1 Slim 2026-06-17 7.5 HIGH N/A
Middleware/SessionCookie.php in Slim before 2.6.0 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted session data.
CVE-2015-2079 1 Webmin 1 Usermin 2026-06-17 N/A 9.9 CRITICAL
Usermin 0.980 through 1.x before 1.660 allows uconfig_save.cgi sig_file_free remote code execution because it uses the two argument (not three argument) form of Perl open.
CVE-2015-1699 1 Microsoft 8 Windows 7, Windows 8, Windows 8.1 and 5 more 2026-06-17 9.3 HIGH N/A
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1675, CVE-2015-1695, CVE-2015-1696, CVE-2015-1697, and CVE-2015-1698.
CVE-2015-1698 1 Microsoft 8 Windows 7, Windows 8, Windows 8.1 and 5 more 2026-06-17 9.3 HIGH N/A
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1675, CVE-2015-1695, CVE-2015-1696, CVE-2015-1697, and CVE-2015-1699.
CVE-2015-1697 1 Microsoft 8 Windows 7, Windows 8, Windows 8.1 and 5 more 2026-06-17 9.3 HIGH N/A
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1675, CVE-2015-1695, CVE-2015-1696, CVE-2015-1698, and CVE-2015-1699.