Total
4662 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-0310 | 1 Cogentdatahub | 3 Cascade Datahub, Cogent Datahub, Opc Datahub | 2025-04-11 | 5.8 MEDIUM | N/A |
| CRLF injection vulnerability in Cogent DataHub 7.1.2 and earlier, Cascade DataHub 6.4.20 and earlier, and OPC DataHub 6.4.20 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | |||||
| CVE-2013-2115 | 1 Apache | 1 Struts | 2025-04-11 | 9.3 HIGH | 8.1 HIGH |
| Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966. | |||||
| CVE-2013-3161 | 1 Microsoft | 1 Internet Explorer | 2025-04-11 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3143. | |||||
| CVE-2010-0988 | 1 Pulsecms | 1 Pulse Cms | 2025-04-11 | 6.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Pulse CMS before 1.2.3 allow (1) remote attackers to write to arbitrary files and execute arbitrary PHP code via vectors related to improper handling of login failures by includes/login.php; and allow remote authenticated users to write to arbitrary files and execute arbitrary PHP code via vectors involving the (2) filename and (3) block parameters to view.php. | |||||
| CVE-2013-1349 | 1 Os4ed | 1 Opensis | 2025-04-11 | 7.5 HIGH | N/A |
| Eval injection vulnerability in ajax.php in openSIS 4.5 through 5.2 allows remote attackers to execute arbitrary PHP code via the modname parameter. | |||||
| CVE-2010-1256 | 1 Microsoft | 5 Internet Information Server, Windows 2003 Server, Windows 7 and 2 more | 2025-04-11 | 8.5 HIGH | N/A |
| Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability." | |||||
| CVE-2010-2261 | 1 Linksys | 1 Wap54gv3 | 2025-04-11 | 10.0 HIGH | N/A |
| Linksys WAP54Gv3 firmware 3.04.03 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) data2 and (2) data3 parameters to (a) Debug_command_page.asp and (b) debug.cgi. | |||||
| CVE-2009-4928 | 1 Sweetphp | 1 Totalcalendar | 2025-04-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in config.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter, a different vector than CVE-2006-1922 and CVE-2006-7055. | |||||
| CVE-2011-3229 | 1 Apple | 1 Safari | 2025-04-11 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in Apple Safari before 5.1.1 allows remote attackers to execute arbitrary JavaScript code, in a Safari Extensions context, via a crafted safari-extension: URL. | |||||
| CVE-2012-6329 | 1 Perl | 1 Perl | 2025-04-11 | 7.5 HIGH | N/A |
| The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6. | |||||
| CVE-2013-3402 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | 6.5 MEDIUM | N/A |
| An unspecified function in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary commands via unknown vectors, aka Bug ID CSCuh73440. | |||||
| CVE-2009-4768 | 1 Blizzard | 1 Warcraft 3 The Frozen Throne | 2025-04-11 | 9.3 HIGH | N/A |
| Unspecified vulnerability in the JASS script interpreter in Warcraft III: The Frozen Throne 1.24b and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted custom map. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-3401 | 1 Microsoft | 3 Windows 7, Windows Vista, Windows Xp | 2025-04-11 | 9.3 HIGH | N/A |
| ENCDEC.DLL in Windows Media Player and Media Center in Microsoft Windows XP SP2 and SP3, Windows Vista SP2, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .dvr-ms file, aka "Windows Media Player DVR-MS Memory Corruption Vulnerability." | |||||
| CVE-2010-0254 | 1 Microsoft | 1 Visio | 2025-04-11 | 7.6 HIGH | N/A |
| Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Attribute Validation Memory Corruption Vulnerability." | |||||
| CVE-2011-3504 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | 9.3 HIGH | N/A |
| The Matroska format decoder in FFmpeg before 0.8.3 does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file. | |||||
| CVE-2010-1180 | 1 Apple | 2 Iphone Os, Safari | 2025-04-11 | 9.3 HIGH | N/A |
| Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long exception string in a throw statement, possibly a related issue to CVE-2009-1514. | |||||
| CVE-2010-0983 | 1 Utilo | 1 Rezervi | 2025-04-11 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in include/mail.inc.php in Rezervi 3.0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the root parameter, a different vector than CVE-2007-2156. | |||||
| CVE-2012-5537 | 2 Drupal, Simplenews Scheduler Project | 2 Drupal, Simplenews Scheduler | 2025-04-11 | 6.0 MEDIUM | N/A |
| The Simplenews Scheduler module 6.x-2.x before 6.x-2.4 for Drupal allows remote authenticated users with the "send scheduled newsletters" permission to inject arbitrary PHP code into the scheduling form, which is later executed by cron. | |||||
| CVE-2010-3085 | 1 David Shadoff | 1 Mednafen | 2025-04-11 | 10.0 HIGH | N/A |
| The network-play implementation in Mednafen before 0.8.D might allow remote servers to execute arbitrary code via unspecified vectors, related to "stack manipulation" issues. | |||||
| CVE-2010-2618 | 1 Insanevisions | 1 Adapcms | 2025-04-11 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in inc/smarty/libs/init.php in AdaptCMS 2.0.0 Beta, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter. NOTE: it was later reported that 2.0.1 is also affected. | |||||