Vulnerabilities (CVE)

Filtered by CWE-94
Total 4662 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-9266 1 Samsung 1 Smart Viewer 2025-04-12 6.8 MEDIUM N/A
The STWConfig ActiveX control in Samsung SmartViewer does not properly initialize a variable, which allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2012-5493 1 Plone 1 Plone 2025-04-12 8.5 HIGH N/A
gtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors.
CVE-2013-7034 1 Livezilla 1 Livezilla 2025-04-12 7.5 HIGH N/A
The setCookieValue function in _lib/functions.global.inc.php in LiveZilla before 5.1.2.1 allows remote attackers to execute arbitrary PHP code via a serialized PHP object in a cookie.
CVE-2015-0898 1 Futomi 1 Mp Form Mail Cgi 2025-04-12 7.5 HIGH N/A
futomi CGI Cafe MP Form Mail CGI eCommerce before 2.0.12 on Windows allows remote attackers to execute arbitrary Perl code via unspecified vectors.
CVE-2015-1061 1 Apple 3 Iphone Os, Mac Os X, Tvos 2025-04-12 9.3 HIGH N/A
IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages "type confusion" during serialized-object handling.
CVE-2014-0584 4 Adobe, Apple, Linux and 1 more 7 Air, Air Sdk, Air Sdk \& Compiler and 4 more 2025-04-12 10.0 HIGH N/A
Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2014-0577, CVE-2014-0585, CVE-2014-0586, and CVE-2014-0590.
CVE-2016-7787 2 Kde, Opensuse 3 Kde-cli-tools, Leap, Opensuse 2025-04-12 4.0 MEDIUM 4.9 MEDIUM
A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user.
CVE-2015-4338 1 Xcloner 1 Xcloner 2025-04-12 6.5 MEDIUM N/A
Static code injection vulnerability in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to inject arbitrary PHP code into the language files via a Translation LM_FRONT_* field for a language, as demonstrated by language/italian.php.
CVE-2015-2945 1 H-fj 1 Mt-phpincgi 2025-04-12 7.5 HIGH N/A
mt-phpincgi.php in Hajime Fujimoto mt-phpincgi before 2015-05-15 does not properly restrict URLs, which allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted request, as exploited in the wild in May 2015.
CVE-2014-0472 2 Canonical, Djangoproject 2 Ubuntu Linux, Django 2025-04-12 5.1 MEDIUM N/A
The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a "dotted Python path."
CVE-2012-5495 1 Plone 1 Plone 2025-04-12 5.0 MEDIUM N/A
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to "go_back."
CVE-2014-7205 1 Bassmaster Project 1 Bassmaster 2025-04-12 10.0 HIGH N/A
Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for the hapi server framework for Node.js allows remote attackers to execute arbitrary Javascript code via unspecified vectors.
CVE-2014-8778 1 Checkmarx 1 Cxsast 2025-04-12 9.0 HIGH N/A
Checkmarx CxSAST (formerly CxSuite) before 7.1.8 allows remote authenticated users to bypass the CxQL sandbox protection mechanism and execute arbitrary C# code by asserting the (1) System.Security.Permissions.PermissionState.Unrestricted or (2) System.Security.Permissions.SecurityPermissionFlag.AllFlags permission.
CVE-2015-1699 1 Microsoft 8 Windows 7, Windows 8, Windows 8.1 and 5 more 2025-04-12 9.3 HIGH N/A
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1675, CVE-2015-1695, CVE-2015-1696, CVE-2015-1697, and CVE-2015-1698.
CVE-2015-5643 1 Icz 1 Matchasns 2025-04-12 6.8 MEDIUM N/A
The installer in ICZ MATCHA INVOICE before 2.5.7 does not properly configure the database, which allows remote attackers to execute arbitrary PHP code via unspecified vectors.
CVE-2014-4672 1 Yiiframework 1 Yiiframework 2025-04-12 7.5 HIGH N/A
The CDetailView widget in Yii PHP Framework 1.1.14 allows remote attackers to execute arbitrary PHP scripts via vectors related to the value property.
CVE-2014-2936 1 Caldera 1 Caldera 2025-04-12 7.5 HIGH N/A
The directory manager in Caldera 9.20 allows remote attackers to conduct variable-injection attacks in the global scope via (1) the maindir_hotfolder parameter to dirmng/index.php, or an unspecified parameter to (2) PPD/index.php, (3) dirmng/docmd.php, or (4) dirmng/param.php.
CVE-2016-1986 1 Hp 1 Continuous Delivery Automation 2025-04-12 7.5 HIGH 9.8 CRITICAL
HP Continuous Delivery Automation (CDA) 1.30 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
CVE-2014-2051 1 Owncloud 1 Owncloud Server 2025-04-12 7.5 HIGH N/A
ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote attackers to conduct an LDAP injection attack via unspecified vectors, as demonstrated using a "login query."
CVE-2014-7260 1 Ultrapop 1 I-httpd 2025-04-12 7.5 HIGH N/A
The Server Side Includes (SSI) implementation in the File Upload BBS component in ULTRAPOP.JP i-HTTPD allows remote attackers to execute arbitrary commands by uploading files containing commands in SSI directives.