Total
4449 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-6385 | 1 Drupal | 1 Drupal | 2025-04-11 | 5.1 MEDIUM | N/A |
| The form API in Drupal 6.x before 6.29 and 7.x before 7.24, when used with unspecified third-party modules, performs form validation even when CSRF validation has failed, which might allow remote attackers to trigger application-specific impacts such as arbitrary code execution via application-specific vectors. | |||||
| CVE-2013-4376 | 1 X2go | 1 X2go Server | 2025-04-11 | 7.5 HIGH | N/A |
| The setgid wrapper libx2go-server-db-sqlite3-wrapper.c in X2Go Server before 4.0.0.2 allows remote attackers to execute arbitrary code via unspecified vectors, related to the path to libx2go-server-db-sqlite3-wrapper.pl. | |||||
| CVE-2013-0810 | 1 Microsoft | 4 Windows Server 2003, Windows Server 2008, Windows Vista and 1 more | 2025-04-11 | 9.3 HIGH | 8.1 HIGH |
| Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, and Windows Server 2008 SP2 allow remote attackers to execute arbitrary code via a crafted screensaver in a theme file, aka "Windows Theme File Remote Code Execution Vulnerability." | |||||
| CVE-2012-0394 | 1 Apache | 1 Struts | 2025-04-11 | 6.8 MEDIUM | N/A |
| The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself. | |||||
| CVE-2010-3759 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2025-04-11 | 10.0 HIGH | N/A |
| FastBackMount.exe in the Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 writes a certain value to a memory location specified by a UDP packet field, which allows remote attackers to execute arbitrary code via multiple requests. NOTE: this might overlap CVE-2010-3058. | |||||
| CVE-2012-4008 | 1 Cybozu | 1 Cybozu Live | 2025-04-11 | 6.8 MEDIUM | N/A |
| The Cybozu Live application 1.0.4 and earlier for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site. | |||||
| CVE-2012-0011 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2025-04-11 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "HTML Layout Remote Code Execution Vulnerability." | |||||
| CVE-2010-4732 | 1 Intellicom | 7 Netbiter Easyconnect Ec150, Netbiter Modbus Rtu-tcp Gateway Mb100, Netbiter Nb100 and 4 more | 2025-04-11 | 9.0 HIGH | N/A |
| cgi-bin/read.cgi in WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB100 and NB200 platforms allows remote authenticated administrators to execute arbitrary code by using a config.html 2.conf action to replace the logo page's GIF image file with a file containing this code, a different vulnerability than CVE-2009-4463. | |||||
| CVE-2009-4509 | 1 Vsecurity | 1 Tandberg Video Communication Server | 2025-04-11 | 10.0 HIGH | N/A |
| The administrative web console on the TANDBERG Video Communication Server (VCS) before X4.3 uses predictable session cookies in (1) tandberg/web/lib/secure.php and (2) tandberg/web/user/lib/secure.php, which makes it easier for remote attackers to bypass authentication, and execute arbitrary code by loading a custom software update, via a crafted "Cookie: tandberg_login=" HTTP header. | |||||
| CVE-2010-1927 | 1 Openmairie | 1 Opencourrier | 2025-04-11 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in openMairie openCourrier 2.02 and 2.03 beta, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) bible.class.php, (2) dossier.class.php, (3) service.class.php, (4) collectivite.class.php, (5) droit.class.php, (6) tache.class.php, (7) emetteur.class.php, (8) utilisateur.class.php, (9) courrier.recherche.tab.class.php, and (10) profil.class.php in obj/. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2012-0136 | 1 Microsoft | 1 Visio Viewer | 2025-04-11 | 9.3 HIGH | N/A |
| Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0137, and CVE-2012-0138. | |||||
| CVE-2013-3131 | 1 Microsoft | 2 .net Framework, Silverlight | 2025-04-11 | 9.3 HIGH | N/A |
| Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5, and Silverlight 5 before 5.1.20513.0, does not properly prevent changes to data in multidimensional arrays of structures, which allows remote attackers to execute arbitrary code via (1) a crafted .NET Framework application or (2) a crafted Silverlight application, aka "Array Access Violation Vulnerability." | |||||
| CVE-2012-4427 | 1 Gnome | 1 Gnome-shell | 2025-04-11 | 6.8 MEDIUM | N/A |
| The gnome-shell plugin 3.4.1 in GNOME allows remote attackers to force the download and installation of arbitrary extensions from extensions.gnome.org via a crafted web page. | |||||
| CVE-2010-1934 | 1 Openmairie | 1 Openplanning | 2025-04-11 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in openMairie openPlanning 1.00, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) categorie.class.php, (2) profil.class.php, (3) collectivite.class.php, (4) ressource.class.php, (5) droit.class.php, (6) utilisateur.class.php, and (7) planning.class.php in obj/. | |||||
| CVE-2012-1933 | 1 Sourcefabric | 1 Newscoop | 2025-04-11 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Newscoop 3.5.x before 3.5.5 and 4 before RC4, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[g_campsiteDir] parameter to (1) include/phorum_load.php, (2) conf/install_conf.php, or (3) conf/liveuser_configuration.php. | |||||
| CVE-2009-3737 | 2 Microsoft, Oracle | 2 Internet Explorer, Siebel Option Pack Ie Activex Control | 2025-04-11 | 9.3 HIGH | N/A |
| The Oracle Siebel Option Pack for IE ActiveX control does not properly initialize memory that is used by the NewBusObj method, which allows remote attackers to execute arbitrary code via a crafted HTML document. | |||||
| CVE-2011-4260 | 1 Realnetworks | 1 Realplayer | 2025-04-11 | 9.3 HIGH | N/A |
| RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a malformed header in an MP4 file. | |||||
| CVE-2014-1670 | 1 Microsoft | 1 Bing | 2025-04-11 | 6.8 MEDIUM | N/A |
| The Microsoft Bing application before 4.2.1 for Android allows remote attackers to install arbitrary APK files via vectors involving a crafted DNS response. | |||||
| CVE-2012-0182 | 1 Microsoft | 1 Word | 2025-04-11 | 9.3 HIGH | N/A |
| Microsoft Word 2007 SP2 and SP3 does not properly handle memory during the parsing of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Word PAPX Section Corruption Vulnerability." | |||||
| CVE-2012-4048 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2025-04-11 | 3.3 LOW | N/A |
| The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted packet, as demonstrated by a usbmon dump. | |||||