Total
4662 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-1247 | 1 Microsoft | 1 Excel | 2025-04-11 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record that triggers heap corruption, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1249. | |||||
| CVE-2013-1966 | 1 Apache | 1 Struts | 2025-04-11 | 9.3 HIGH | N/A |
| Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. | |||||
| CVE-2010-3808 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2025-04-11 | 9.3 HIGH | N/A |
| WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of editing commands, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. | |||||
| CVE-2009-4646 | 1 Accellion | 1 Secure File Transfer Appliance | 2025-04-11 | 9.0 HIGH | N/A |
| Static code injection vulnerability in the administrative web interface in Accellion Secure File Transfer Appliance allows remote authenticated administrators to inject arbitrary shell commands by appending them to a request to update the SNMP public community string. | |||||
| CVE-2011-0386 | 1 Cisco | 2 Telepresence Recording Server, Telepresence Recording Server Software | 2025-04-11 | 9.3 HIGH | N/A |
| The XML-RPC implementation on Cisco TelePresence Recording Server devices with software 1.6.x and 1.7.x before 1.7.1 allows remote attackers to overwrite files and consequently execute arbitrary code via a malformed request, aka Bug ID CSCti50739. | |||||
| CVE-2012-2990 | 1 Samsung | 1 Kies | 2025-04-11 | 9.3 HIGH | N/A |
| The MASetupCaller ActiveX control before 1.4.2012.508 in MASetupCaller.dll in MarkAny ContentSAFER, as distributed in Samsung KIES before 2.3.2.12074_13_13, does not properly implement unspecified methods, which allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via a crafted HTML document. | |||||
| CVE-2013-5093 | 1 Graphite Project | 1 Graphite | 2025-04-11 | 6.8 MEDIUM | N/A |
| The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object. | |||||
| CVE-2010-1880 | 1 Microsoft | 6 Directx, Windows 2000, Windows 2003 Server and 3 more | 2025-04-11 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "MJPEG Media Decompression Vulnerability." | |||||
| CVE-2011-4639 | 1 Spamtitan | 1 Webtitan | 2025-04-11 | 6.5 MEDIUM | N/A |
| The (1) Traceroute and (2) Ping implementations in tools.php in SpamTitan WebTitan before 3.60 allow remote authenticated users to execute arbitrary commands via shell metacharacters in an argument, as demonstrated by an && (ampersand ampersand) sequence. | |||||
| CVE-2010-4943 | 1 Brothersoft | 1 Saurus Cms | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Saurus CMS 4.7.0 allow remote attackers to execute arbitrary PHP code via a URL in the class_path parameter to (1) file.php or (2) com_del.php. | |||||
| CVE-2011-2585 | 1 Cisco | 1 Show And Share | 2025-04-11 | 6.5 MEDIUM | N/A |
| Cisco Show and Share 5(2), 5.2(1), and 5.2(2) before 5.2(2.1) allows remote authenticated users to upload and execute arbitrary code by leveraging video upload privileges, aka Bug ID CSCto69857. | |||||
| CVE-2010-3913 | 1 Transware | 1 Active\! Mail | 2025-04-11 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in TransWARE Active! mail 6 build 6.40.010047750 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | |||||
| CVE-2013-6830 | 1 Pineapp | 1 Mail-secure 5099sk | 2025-04-11 | 7.5 HIGH | N/A |
| admin/confnetworking.html in PineApp Mail-SeCure 3.70 and earlier on 5099SK and earlier platforms allows remote attackers to execute arbitrary commands via shell metacharacters in the nsserver parameter during an nslookup operation. | |||||
| CVE-2012-0175 | 1 Microsoft | 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more | 2025-04-11 | 9.3 HIGH | 8.8 HIGH |
| The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted name for a (1) file or (2) directory, aka "Command Injection Vulnerability." | |||||
| CVE-2010-4914 | 1 Deltascripts | 1 Php Classifieds | 2025-04-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in tools/phpmailer/class.phpmailer.php in PHP Classifieds 7.3 allows remote attackers to execute arbitrary PHP code via a URL in the lang_path parameter. | |||||
| CVE-2010-0755 | 1 Wikyblog | 1 Wikyblog | 2025-04-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in include/WBmap.php in WikyBlog 1.7.3 rc2 allows remote attackers to execute arbitrary PHP code via a URL in the langFile parameter. | |||||
| CVE-2010-1121 | 1 Mozilla | 1 Firefox | 2025-04-11 | 10.0 HIGH | N/A |
| Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another, which allows remote attackers to conduct use-after-free attacks and execute arbitrary code via unspecified vectors involving improper interaction with garbage collection, as demonstrated by Nils during a Pwn2Own competition at CanSecWest 2010. | |||||
| CVE-2014-1202 | 2 Eviware, Smartbear | 2 Soapui, Soapui | 2025-04-11 | 9.3 HIGH | N/A |
| The WSDL/WADL import functionality in SoapUI before 4.6.4 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file. | |||||
| CVE-2010-3215 | 1 Microsoft | 2 Office, Word | 2025-04-11 | 9.3 HIGH | N/A |
| Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle unspecified return values during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Return Value Vulnerability." | |||||
| CVE-2012-5224 | 1 Vbadvanced | 1 Vbadvanced Cmps | 2025-04-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in vb/includes/vba_cmps_include_bottom.php in vBadvanced CMPS 3.2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pages[template] parameter. | |||||