Total
4470 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-0635 | 1 Simploo | 1 Simploo Cms | 2025-04-11 | 6.0 MEDIUM | N/A |
| Static code injection vulnerability in Simploo CMS 1.7.1 and earlier allows remote authenticated users to inject arbitrary PHP code into config/custom/base.ini.php via the ftpserver parameter (FTP-Server field) to the sicore/updates/optionssav operation for index.php. | |||||
| CVE-2011-1392 | 2 .bbsoftware, Ibm | 2 Bb Flashback, Rational Rhapsody | 2025-04-11 | 9.3 HIGH | N/A |
| The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll in Blueberry BB FlashBack, as used in IBM Rational Rhapsody before 7.6.1 and other products, does not properly implement the (1) Start, (2) PauseAndSave, (3) InsertMarker, and (4) InsertSoundToFBRAtMarker methods, which allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2012-2290 | 1 Emc | 1 Networker Module For Microsoft Applications | 2025-04-11 | 9.3 HIGH | N/A |
| The client in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375 allows remote attackers to execute arbitrary code by sending a crafted message over a TCP communication channel. | |||||
| CVE-2013-6829 | 1 Pineapp | 1 Mail-secure | 2025-04-11 | 7.5 HIGH | N/A |
| admin/confnetworking.html in PineApp Mail-SeCure allows remote attackers to execute arbitrary commands via shell metacharacters in the pinghost parameter during a ping operation. | |||||
| CVE-2010-2186 | 2 Adobe, Macromedia | 3 Air, Flash Player, Flash Player | 2025-04-11 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2011-2964 | 1 Linuxfoundation | 1 Foomatic | 2025-04-11 | 6.8 MEDIUM | N/A |
| foomaticrip.c in foomatic-rip in foomatic-filters in Foomatic 4.0.6 allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPCommandLine field in a .ppd file, a different vulnerability than CVE-2011-2697. | |||||
| CVE-2011-3378 | 1 Rpm | 1 Rpm | 2025-04-11 | 9.3 HIGH | N/A |
| RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via an rpm package with crafted headers and offsets that are not properly handled when a package is queried or installed, related to (1) the regionSwab function, (2) the headerLoad function, and (3) multiple functions in rpmio/rpmpgp.c. | |||||
| CVE-2012-2596 | 1 Siemens | 1 Wincc | 2025-04-11 | 5.5 MEDIUM | N/A |
| The XPath functionality in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 does not properly handle special characters in parameters, which allows remote authenticated users to read or modify settings via a crafted URL, related to an "XML injection" attack. | |||||
| CVE-2010-1737 | 1 Carlos Eduardo Sotelo Pinto | 1 0.1.0 | 2025-04-11 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in core/includes/gfw_smarty.php in Gallo 0.1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the config[gfwroot] parameter. | |||||
| CVE-2011-4237 | 1 Cisco | 2 Ciscoworks Common Services, Prime Lan Management Solution | 2025-04-11 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in autologin.jsp in Cisco CiscoWorks Common Services 4.0, as used in Cisco Prime LAN Management Solution and other products, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter, aka Bug ID CSCtu18693. | |||||
| CVE-2012-0391 | 1 Apache | 1 Struts | 2025-04-11 | 9.3 HIGH | 9.8 CRITICAL |
| The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter. | |||||
| CVE-2013-1898 | 1 Digineo | 1 Thumbshooter | 2025-04-11 | 7.5 HIGH | N/A |
| lib/thumbshooter.rb in the Thumbshooter 0.1.5 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL. | |||||
| CVE-2013-1488 | 1 Oracle | 2 Jdk, Jre | 2025-04-11 | 10.0 HIGH | N/A |
| The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to execute arbitrary code via unspecified vectors involving reflection, Libraries, "improper toString calls," and the JDBC driver manager, as demonstrated by James Forshaw during a Pwn2Own competition at CanSecWest 2013. | |||||
| CVE-2013-3244 | 1 Sap | 1 Erp Central Component | 2025-04-11 | 6.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in the CJDB_FILL_MEMORY_FROM_PPB function in the Project System (PS-IS) module for SAP ERP Central Component (ECC) allow remote attackers to execute arbitrary code via a (1) RFC or (2) SOAP-RFC request. | |||||
| CVE-2012-0295 | 1 Symantec | 1 Endpoint Protection | 2025-04-11 | 9.3 HIGH | N/A |
| The Manager service in the management console in Symantec Endpoint Protection (SEP) 12.1 before 12.1 RU1-MP1 allows remote attackers to conduct file-insertion attacks and execute arbitrary code by leveraging exploitation of CVE-2012-0294. | |||||
| CVE-2013-1491 | 1 Oracle | 2 Jdk, Jre | 2025-04-11 | 10.0 HIGH | N/A |
| The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to execute arbitrary code via vectors related to 2D, as demonstrated by Joshua Drake during a Pwn2Own competition at CanSecWest 2013. | |||||
| CVE-2013-3149 | 1 Microsoft | 1 Internet Explorer | 2025-04-11 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | |||||
| CVE-2010-1272 | 1 Komputer.boo | 1 Gnat-tgp | 2025-04-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/tgpinc.php in Gnat-TGP 1.2.20 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter. | |||||
| CVE-2010-4410 | 1 Andy Armstrong | 2 Cgi-simple, Cgi.pm | 2025-04-11 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in the header function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters preceded by newline characters, a different vulnerability than CVE-2010-2761 and CVE-2010-3172. | |||||
| CVE-2011-2381 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in Bugzilla 2.17.1 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 allows remote attackers to inject arbitrary e-mail headers via an attachment description in a flagmail notification. | |||||