Vulnerabilities (CVE)

Filtered by CWE-94
Total 6514 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-1675 1 Microsoft 8 Windows 7, Windows 8, Windows 8.1 and 5 more 2026-06-17 9.3 HIGH N/A
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1695, CVE-2015-1696, CVE-2015-1697, CVE-2015-1698, and CVE-2015-1699.
CVE-2015-1645 1 Microsoft 4 Windows 7, Windows Server 2003, Windows Server 2008 and 1 more 2026-06-17 9.3 HIGH N/A
Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow remote attackers to execute arbitrary code via a crafted Enhanced Metafile (EMF) image, aka "EMF Processing Remote Code Execution Vulnerability."
CVE-2015-1635 1 Microsoft 5 Windows 7, Windows 8, Windows 8.1 and 2 more 2026-06-17 10.0 HIGH 9.8 CRITICAL
HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability."
CVE-2015-1597 1 Siemens 1 Spcanywhere 2026-06-17 6.8 MEDIUM N/A
The Siemens SPCanywhere application for Android does not use encryption during the loading of code, which allows man-in-the-middle attackers to execute arbitrary code by modifying the client-server data stream.
CVE-2015-1501 1 Solarwinds 1 Server And Application Monitor 2026-06-17 6.8 MEDIUM N/A
The factory.loadExtensionFactory function in TSUnicodeGraphEditorControl in SolarWinds Server and Application Monitor (SAM) allow remote attackers to execute arbitrary code via a UNC path to a crafted binary.
CVE-2015-1497 1 Persistent Systems 1 Radia Client Automation 2026-06-17 10.0 HIGH N/A
radexecd.exe in Persistent Systems Radia Client Automation (RCA) 7.9, 8.1, 9.0, and 9.1 allows remote attackers to execute arbitrary commands via a crafted request to TCP port 3465.
CVE-2015-1399 1 Magento 1 Magento 2026-06-17 6.5 MEDIUM N/A
PHP remote file inclusion vulnerability in the fetchView function in the Mage_Core_Block_Template_Zend class in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allows remote administrators to execute arbitrary PHP code via a URL in unspecified vectors involving the setScriptPath function. NOTE: it is not clear whether this issue crosses privilege boundaries, since administrators might already have privileges to include arbitrary files.
CVE-2015-1311 1 Sap 1 Hana Extended Application Services 2026-06-17 10.0 HIGH N/A
The Extended Application Services (XS) in SAP HANA allows remote attackers to inject arbitrary ABAP code via unspecified vectors, aka SAP Note 2098906. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2015-1061 1 Apple 3 Iphone Os, Mac Os X, Tvos 2026-06-17 9.3 HIGH N/A
IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages "type confusion" during serialized-object handling.
CVE-2015-1059 1 Insanevisions 1 Adaptcms 2026-06-17 6.5 MEDIUM N/A
Unrestricted file upload vulnerability in admin/files/add in AdaptCMS 3.0.3 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in /app/webroot/uploads.
CVE-2015-10009 1 Nonfiction 1 Nterchange 2026-06-17 5.2 MEDIUM 5.5 MEDIUM
A vulnerability was found in nterchange up to 4.1.0. It has been rated as critical. This issue affects the function getContent of the file app/controllers/code_caller_controller.php. The manipulation of the argument q with the input %5C%27%29;phpinfo%28%29;/* leads to code injection. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.1 is able to address this issue. The patch is named fba7d89176fba8fe289edd58835fe45080797d99. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217187.
CVE-2015-0935 1 Bomgar 1 Remote Support 2026-06-17 7.5 HIGH N/A
Bomgar Remote Support before 15.1.1 allows remote attackers to execute arbitrary PHP code via crafted serialized data to unspecified PHP scripts.
CVE-2015-0925 1 Ipass 1 Ipass Open Mobile 2026-06-17 9.0 HIGH N/A
The client in iPass Open Mobile before 2.4.5 on Windows allows remote authenticated users to execute arbitrary code via a DLL pathname in a crafted Unicode string that is improperly handled by a subprocess reached through a named pipe, as demonstrated by a UNC share pathname.
CVE-2015-0898 1 Futomi 1 Mp Form Mail Cgi 2026-06-17 7.5 HIGH N/A
futomi CGI Cafe MP Form Mail CGI eCommerce before 2.0.12 on Windows allows remote attackers to execute arbitrary Perl code via unspecified vectors.
CVE-2015-0855 1 Pitivi 1 Pitivi 2026-06-17 10.0 HIGH 9.8 CRITICAL
The _mediaLibraryPlayCb function in mainwindow.py in pitivi before 0.95 allows attackers to execute arbitrary code via shell metacharacters in a file path.
CVE-2015-0845 1 Sixapart 1 Movabletype 2026-06-17 7.5 HIGH N/A
Format string vulnerability in Movable Type Pro, Open Source, and Advanced before 5.2.13 and Pro and Advanced 6.0.x before 6.0.8 allows remote attackers to execute arbitrary code via vectors related to localization of templates.
CVE-2015-0279 1 Redhat 1 Richfaces 2026-06-17 6.8 MEDIUM N/A
JBoss RichFaces before 4.5.4 allows remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via the do parameter.
CVE-2015-0249 1 Apache 1 Roller 2026-06-17 6.5 MEDIUM 7.2 HIGH
The weblog page template in Apache Roller 5.1 through 5.1.1 allows remote authenticated users with admin privileges for a weblog to execute arbitrary Java code via crafted Velocity Text Language (aka VTL).
CVE-2015-0093 1 Microsoft 9 Windows 7, Windows 8, Windows 8.1 and 6 more 2026-06-17 9.3 HIGH N/A
Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) file, aka "Adobe Font Driver Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-0088, CVE-2015-0090, CVE-2015-0091, and CVE-2015-0092.
CVE-2015-0092 1 Microsoft 9 Windows 7, Windows 8, Windows 8.1 and 6 more 2026-06-17 9.3 HIGH N/A
Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) file, aka "Adobe Font Driver Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-0088, CVE-2015-0090, CVE-2015-0091, and CVE-2015-0093.