Vulnerabilities (CVE)

Filtered by CWE-94
Total 6444 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2011-1646 1 Cisco 4 Rvs4000, Rvs4000 Software, Wrvs4400n and 1 more 2026-06-16 9.0 HIGH N/A
The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2.1, allows remote authenticated users to execute arbitrary commands via the (1) ping test parameter or (2) traceroute test parameter, aka Bug ID CSCtn23871.
CVE-2011-1508 1 Microsoft 1 Publisher 2026-06-16 9.3 HIGH N/A
Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, does not properly manage memory allocations for function pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Function Pointer Overwrite Vulnerability."
CVE-2011-1392 2 .bbsoftware, Ibm 2 Bb Flashback, Rational Rhapsody 2026-06-16 9.3 HIGH N/A
The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll in Blueberry BB FlashBack, as used in IBM Rational Rhapsody before 7.6.1 and other products, does not properly implement the (1) Start, (2) PauseAndSave, (3) InsertMarker, and (4) InsertSoundToFBRAtMarker methods, which allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2011-1391 2 .bbsoftware, Ibm 2 Bb Flashback, Rational Rhapsody 2026-06-16 9.3 HIGH N/A
The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll in Blueberry BB FlashBack, as used in IBM Rational Rhapsody before 7.6.1 and other products, does not properly implement the InsertMarker method, which allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2011-1388 2 .bbsoftware, Ibm 2 Bb Flashback, Rational Rhapsody 2026-06-16 9.3 HIGH N/A
The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll in Blueberry BB FlashBack, as used in IBM Rational Rhapsody before 7.6.1 and other products, does not properly implement the TestCompatibilityRecordMode method, which allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2011-1265 2 Bluetooth, Microsoft 3 Bluetooth Stack, Windows 7, Windows Vista 2026-06-16 8.3 HIGH 8.8 HIGH
The Bluetooth Stack 2.1 in Microsoft Windows Vista SP1 and SP2 and Windows 7 Gold and SP1 does not prevent access to objects in memory that (1) were not properly initialized or (2) have been deleted, which allows remote attackers to execute arbitrary code via crafted Bluetooth packets, aka "Bluetooth Stack Vulnerability."
CVE-2011-10019 1 Spreecommerce 1 Spree 2026-06-16 N/A 9.8 CRITICAL
Spreecommerce versions prior to 0.60.2 contains a remote command execution vulnerability in its search functionality. The application fails to properly sanitize input passed via the search[send][] parameter, which is dynamically invoked using Ruby’s send method. This allows attackers to execute arbitrary shell commands on the server without authentication.
CVE-2011-10018 1 Mybb 1 Mybb 2026-06-16 N/A 9.8 CRITICAL
myBB version 1.6.4 was distributed with an unauthorized backdoor embedded in the source code. The backdoor allowed remote attackers to execute arbitrary PHP code by injecting payloads into a specially crafted collapsed cookie. This vulnerability was introduced during packaging and was not part of the intended application logic. Exploitation requires no authentication and results in full compromise of the web server under the context of the web application.
CVE-2011-10013 2026-06-16 N/A N/A
Traq versions 2.0 through 2.3 contain a remote code execution vulnerability in the admincp/common.php script. The flawed authorization logic fails to halt execution after a failed access check, allowing unauthenticated users to reach admin-only functionality. This can be exploited via plugins.php to inject and execute arbitrary PHP code.
CVE-2011-10011 2026-06-16 N/A N/A
WeBid 1.0.2 contains a remote code injection vulnerability in the converter.php script, where unsanitized input in the to parameter of a POST request is written directly into includes/currencies.php. This allows unauthenticated attackers to inject arbitrary PHP code, resulting in persistent remote code execution when the modified script is accessed or included by the application.
CVE-2011-0635 1 Simploo 1 Simploo Cms 2026-06-16 6.0 MEDIUM N/A
Static code injection vulnerability in Simploo CMS 1.7.1 and earlier allows remote authenticated users to inject arbitrary PHP code into config/custom/base.ini.php via the ftpserver parameter (FTP-Server field) to the sicore/updates/optionssav operation for index.php.
CVE-2011-0554 1 Symantec 1 Im Manager 2026-06-16 7.5 HIGH N/A
The management console in Symantec IM Manager before 8.4.18 allows remote attackers to execute arbitrary code via unspecified vectors, related to a "code injection issue."
CVE-2011-0487 1 Icq 1 Icq 2026-06-16 9.3 HIGH N/A
ICQ 7 does not verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a crafted file that is fetched through an automatic-update mechanism.
CVE-2011-0469 1 Suse 1 Opensuse 2026-06-16 9.0 HIGH 9.8 CRITICAL
Code injection in openSUSE when running some source services used in the open build service 2.1 before March 11 2011.
CVE-2011-0386 1 Cisco 2 Telepresence Recording Server, Telepresence Recording Server Software 2026-06-16 9.3 HIGH N/A
The XML-RPC implementation on Cisco TelePresence Recording Server devices with software 1.6.x and 1.7.x before 1.7.1 allows remote attackers to overwrite files and consequently execute arbitrary code via a malformed request, aka Bug ID CSCti50739.
CVE-2011-0364 1 Cisco 1 Security Agent 2026-06-16 10.0 HIGH N/A
The Management Console (webagent.exe) in Cisco Security Agent 5.1, 5.2, and 6.0 before 6.0.2.145 allows remote attackers to create arbitrary files and execute arbitrary code via unspecified parameters in a crafted st_upload request.
CVE-2011-0224 1 Apple 2 Mac Os X, Mac Os X Server 2026-06-16 6.8 MEDIUM N/A
CoreMedia in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted QuickTime movie file.
CVE-2011-0093 1 Microsoft 1 Visio 2026-06-16 9.3 HIGH N/A
ELEMENTS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 does not properly parse structures during the opening of a Visio file, which allows remote attackers to execute arbitrary code via a file containing a malformed structure, aka "Visio Data Type Memory Corruption Vulnerability."
CVE-2011-0092 1 Microsoft 1 Visio 2026-06-16 9.3 HIGH N/A
The LZW stream decompression functionality in ORMELEMS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 allows remote attackers to execute arbitrary code via a Visio file with a malformed VisioDocument stream that triggers an exception handler that accesses an object that has not been fully initialized, which triggers memory corruption, aka "Visio Object Memory Corruption Vulnerability."
CVE-2011-0084 1 Mozilla 3 Firefox, Seamonkey, Thunderbird 2026-06-16 10.0 HIGH N/A
The SVGTextElement.getCharNumAtPosition function in Mozilla Firefox before 3.6.20, and 4.x through 5; Thunderbird 3.x before 3.1.12 and other versions before 6; SeaMonkey 2.x before 2.3; and possibly other products does not properly handle SVG text, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer."