Total
4928 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-4663 | 1 Binarymoon | 2 Timthumb, Wordthumb | 2025-04-12 | 6.8 MEDIUM | N/A |
| TimThumb 2.8.13 and WordThumb 1.07, when Webshot (aka Webshots) is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the src parameter. | |||||
| CVE-2016-1413 | 1 Cisco | 1 Secure Firewall Management Center | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| The web interface in Cisco Firepower Management Center 5.4.0 through 6.0.0.1 allows remote authenticated users to modify pages by placing crafted code in a parameter value, aka Bug ID CSCuy76517. | |||||
| CVE-2015-5603 | 1 Atlassian | 1 Hipchat | 2025-04-12 | 6.5 MEDIUM | N/A |
| The HipChat for JIRA plugin before 6.30.0 for Atlassian JIRA allows remote authenticated users to execute arbitrary Java code via unspecified vectors, related to "Velocity Template Injection Vulnerability." | |||||
| CVE-2015-1059 | 1 Insanevisions | 1 Adaptcms | 2025-04-12 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in admin/files/add in AdaptCMS 3.0.3 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in /app/webroot/uploads. | |||||
| CVE-2014-4151 | 1 Alienvault | 1 Open Source Security Information Management | 2025-04-12 | 10.0 HIGH | N/A |
| The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to create arbitrary files and execute arbitrary code via a crafted set_file request. | |||||
| CVE-2014-0587 | 4 Adobe, Apple, Linux and 1 more | 4 Flash Player, Mac Os X, Linux Kernel and 1 more | 2025-04-12 | 10.0 HIGH | N/A |
| Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-9164. | |||||
| CVE-2014-2044 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | 7.5 HIGH | N/A |
| Incomplete blacklist vulnerability in ajax/upload.php in ownCloud before 5.0, when running on Windows, allows remote authenticated users to bypass intended access restrictions, upload files with arbitrary names, and execute arbitrary code via an Alternate Data Stream (ADS) syntax in the filename parameter, as demonstrated using .htaccess::$DATA to upload a PHP program. | |||||
| CVE-2014-6335 | 1 Microsoft | 3 Office Compatibility Pack, Office Word Viewer, Word | 2025-04-12 | 9.3 HIGH | N/A |
| Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Invalid Pointer Remote Code Execution Vulnerability." | |||||
| CVE-2014-8998 | 1 X7chat | 1 X7 Chat | 2025-04-12 | 6.5 MEDIUM | N/A |
| lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote authenticated users to execute arbitrary PHP code via a crafted HTTP header to index.php, which is processed by the preg_replace function with the eval switch. | |||||
| CVE-2014-2223 | 1 Plogger | 1 Plogger | 2025-04-12 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in plog-admin/plog-upload.php in Plogger 1.0 RC1 and earlier allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a PHP file and a non-zero length PNG file, then accessing the PHP file via a direct request to it in plog-content/uploads/archive/. | |||||
| CVE-2010-4820 | 1 Ghostscript | 1 Ghostscript | 2025-04-12 | 4.4 MEDIUM | N/A |
| Untrusted search path vulnerability in Ghostscript 8.62 allows local users to execute arbitrary PostScript code via a Trojan horse Postscript library file in Encoding/ under the current working directory, a different vulnerability than CVE-2010-2055. | |||||
| CVE-2016-9862 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in phpMyAdmin. With a crafted login request it is possible to inject BBCode in the login page. All 4.6.x versions (prior to 4.6.5) are affected. | |||||
| CVE-2016-1000003 | 1 Mirror Manager Project | 1 Mirror Manager | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Mirror Manager version 0.7.2 and older is vulnerable to remote code execution in the checkin code. | |||||
| CVE-2012-6143 | 1 Ingy | 1 Spoon | 2025-04-12 | 7.5 HIGH | N/A |
| Spoon::Cookie in the Spoon module 0.24 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized. | |||||
| CVE-2013-0204 | 1 Owncloud | 1 Owncloud Server | 2025-04-12 | 4.6 MEDIUM | N/A |
| settings/personal.php in ownCloud 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via crafted mount point settings. | |||||
| CVE-2014-3942 | 1 Typo3 | 1 Typo3 | 2025-04-12 | 6.0 MEDIUM | N/A |
| The Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, and 6.1.0 before 6.1.9 allows remote authenticated editors to execute arbitrary PHP code via a serialized PHP object. | |||||
| CVE-2012-5649 | 1 Apache | 1 Couchdb | 2025-04-12 | 6.8 MEDIUM | N/A |
| Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to execute arbitrary code via a JSONP callback, related to Adobe Flash. | |||||
| CVE-2015-5970 | 1 Novell | 1 Zenworks Configuration Management | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| The ChangePassword RPC method in Novell ZENworks Configuration Management (ZCM) 11.3 and 11.4 allows remote attackers to conduct XPath injection attacks, and read arbitrary text files, via a malformed query involving a system entity reference. | |||||
| CVE-2015-3446 | 1 Alienvault | 1 Unified Security Management | 2025-04-12 | 9.3 HIGH | N/A |
| The Framework Daemon in AlienVault Unified Security Management before 4.15 allows remote attackers to execute arbitrary Python code via a crafted plugin configuration file (.cfg). | |||||
| CVE-2013-0724 | 1 Wpshopstyling | 1 Wp-ecommerce-shop-styling | 2025-04-12 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/generate-pdf.php in the WP ecommerce Shop Styling plugin for WordPress before 1.8 allows remote attackers to execute arbitrary PHP code via a URL in the dompdf parameter. | |||||