Total
5247 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-5970 | 1 Novell | 1 Zenworks Configuration Management | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| The ChangePassword RPC method in Novell ZENworks Configuration Management (ZCM) 11.3 and 11.4 allows remote attackers to conduct XPath injection attacks, and read arbitrary text files, via a malformed query involving a system entity reference. | |||||
| CVE-2015-3446 | 1 Alienvault | 1 Unified Security Management | 2025-04-12 | 9.3 HIGH | N/A |
| The Framework Daemon in AlienVault Unified Security Management before 4.15 allows remote attackers to execute arbitrary Python code via a crafted plugin configuration file (.cfg). | |||||
| CVE-2013-0724 | 1 Wpshopstyling | 1 Wp-ecommerce-shop-styling | 2025-04-12 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/generate-pdf.php in the WP ecommerce Shop Styling plugin for WordPress before 1.8 allows remote attackers to execute arbitrary PHP code via a URL in the dompdf parameter. | |||||
| CVE-2013-7362 | 1 Sap | 1 Ccms Agent | 2025-04-12 | 7.5 HIGH | N/A |
| An unspecified RFC function in SAP CCMS Agent allows remote attackers to execute arbitrary commands via unknown vectors. | |||||
| CVE-2014-3915 | 1 Rocketsoftware | 1 Rocket Servergraph | 2025-04-12 | 10.0 HIGH | N/A |
| The userRequest servlet in the Admin Center for Tivoli Storage Manager in Rocket Servergraph allows remote attackers to execute arbitrary commands via a (1) auth, (2) auth_session, (3) auth_simple, (4) add, (5) add_flat, (6) remove, (7) set_pwd, (8) add_permissions, (9) revoke_permissions, (10) runAsync, or (11) tsmRequest command. | |||||
| CVE-2013-1756 | 2 Mark Evans, Ruby On Rails | 2 Dragonfly Gem, Ruby On Rails | 2025-04-12 | 7.5 HIGH | N/A |
| The Dragonfly gem 0.7 before 0.8.6 and 0.9.x before 0.9.13 for Ruby, when used with Ruby on Rails, allows remote attackers to execute arbitrary code via a crafted request. | |||||
| CVE-2014-2089 | 1 Ilias | 1 Ilias | 2025-04-12 | 6.8 MEDIUM | N/A |
| ILIAS 4.4.1 allows remote attackers to execute arbitrary PHP code via an e-mail attachment that leads to creation of a .php file with a certain client_id pathname. | |||||
| CVE-2014-0248 | 1 Redhat | 3 Jboss Enterprise Application Platform, Jboss Enterprise Web Platform, Jboss Web Framework Kit | 2025-04-12 | 6.8 MEDIUM | N/A |
| org.jboss.seam.web.AuthenticationFilter in Red Hat JBoss Web Framework Kit 2.5.0, JBoss Enterprise Application Platform (JBEAP) 5.2.0, and JBoss Enterprise Web Platform (JBEWP) 5.2.0 allows remote attackers to execute arbitrary code via a crafted authentication header, related to Seam logging. | |||||
| CVE-2014-3399 | 1 Cisco | 1 Adaptive Security Appliance Software | 2025-04-12 | 5.5 MEDIUM | N/A |
| The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.2(.2.4) and earlier does not properly manage session information during creation of a SharePoint handler, which allows remote authenticated users to overwrite arbitrary RAMFS cache files or inject Lua programs, and consequently cause a denial of service (portal outage or system reload), via crafted HTTP requests, aka Bug ID CSCup54208. | |||||
| CVE-2014-1691 | 1 Horde | 1 Horde Application Framework | 2025-04-12 | 7.5 HIGH | N/A |
| The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the _formvars form. | |||||
| CVE-2016-1985 | 2 Hp, Microsoft | 2 Operations Manager, Windows | 2025-04-12 | 10.0 HIGH | 10.0 CRITICAL |
| HPE Operations Manager 8.x and 9.0 on Windows allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. | |||||
| CVE-2015-1311 | 1 Sap | 1 Hana Extended Application Services | 2025-04-12 | 10.0 HIGH | N/A |
| The Extended Application Services (XS) in SAP HANA allows remote attackers to inject arbitrary ABAP code via unspecified vectors, aka SAP Note 2098906. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2014-1806 | 1 Microsoft | 1 .net Framework | 2025-04-12 | 10.0 HIGH | N/A |
| The .NET Remoting implementation in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly restrict memory access, which allows remote attackers to execute arbitrary code via vectors involving malformed objects, aka "TypeFilterLevel Vulnerability." | |||||
| CVE-2014-6433 | 1 Gopro | 2 Gopro Hero, Gopro Hero Firmware | 2025-04-12 | 10.0 HIGH | N/A |
| gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary files via a the (1) a1 or (2) a2 parameter in a start action. | |||||
| CVE-2014-5158 | 1 Alienvault | 1 Open Source Security Information Management | 2025-04-12 | 10.0 HIGH | N/A |
| The (1) av-centerd SOAP service and (2) backup command in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2013-5036 | 1 Squash | 1 Square Squash | 2025-04-12 | 7.5 HIGH | N/A |
| The Square Squash allows remote attackers to execute arbitrary code via a YAML document in the (1) namespace parameter to the deobfuscation function or (2) sourcemap parameter to the sourcemap function in app/controllers/api/v1_controller.rb. | |||||
| CVE-2014-3453 | 1 Flag Module Project | 1 Flag | 2025-04-12 | 6.5 MEDIUM | N/A |
| Eval injection vulnerability in the flag_import_form_validate function in includes/flag.export.inc in the Flag module 7.x-3.0, 7.x-3.5, and earlier for Drupal allows remote authenticated administrators to execute arbitrary PHP code via the "Flag import code" text area to admin/structure/flags/import. NOTE: this issue could also be exploited by other attackers if the administrator ignores a security warning on the permissions assignment page. | |||||
| CVE-2014-2988 | 1 Egroupware | 1 Egroupware | 2025-04-12 | 8.5 HIGH | N/A |
| EGroupware Enterprise Line (EPL) before 1.1.20140505, EGroupware Community Edition before 1.8.007.20140506, and EGroupware before 14.1 beta allows remote authenticated administrators to execute arbitrary PHP code via crafted callback values to the call_user_func PHP function, as demonstrated using the newsettings[system] parameter. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2987. | |||||
| CVE-2014-4767 | 1 Ibm | 1 Websphere Application Server | 2025-04-12 | 6.5 MEDIUM | N/A |
| IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x before 8.5.5.3 does not properly use the Liberty Repository for feature installation, which allows remote authenticated users to execute arbitrary code via unspecified vectors. | |||||
| CVE-2014-6119 | 1 Ibm | 2 Security Appscan, Security Appscan Source | 2025-04-12 | 9.3 HIGH | N/A |
| IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows remote attackers to execute arbitrary code via a crafted executable file in an archive. | |||||