Total
4961 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-6555 | 1 Symantec | 1 Endpoint Protection Manager | 2025-04-12 | 8.5 HIGH | N/A |
| Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 allows remote attackers to execute arbitrary Java code by connecting to the console Java port. | |||||
| CVE-2013-6469 | 1 Redhat | 2 Jboss Fuse Service Works, Jboss Overlord Run Time Governance | 2025-04-12 | 6.5 MEDIUM | N/A |
| JBoss Overlord Run Time Governance (RTGov) 1.0 for JBossAS allows remote authenticated users to execute arbitrary Java code via an MVFLEX Expression Language (MVEL) expression. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2014-5519 | 1 Phpwiki Project | 1 Phpwiki | 2025-04-12 | 7.5 HIGH | N/A |
| The Ploticus module in PhpWiki 1.5.0 allows remote attackers to execute arbitrary code via shell metacharacters in a device option in the edit[content] parameter to index.php/HeIp. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2012-6143 | 1 Ingy | 1 Spoon | 2025-04-12 | 7.5 HIGH | N/A |
| Spoon::Cookie in the Spoon module 0.24 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized. | |||||
| CVE-2014-3915 | 1 Rocketsoftware | 1 Rocket Servergraph | 2025-04-12 | 10.0 HIGH | N/A |
| The userRequest servlet in the Admin Center for Tivoli Storage Manager in Rocket Servergraph allows remote attackers to execute arbitrary commands via a (1) auth, (2) auth_session, (3) auth_simple, (4) add, (5) add_flat, (6) remove, (7) set_pwd, (8) add_permissions, (9) revoke_permissions, (10) runAsync, or (11) tsmRequest command. | |||||
| CVE-2014-6361 | 1 Microsoft | 2 Excel, Office Compatibility Pack | 2025-04-12 | 9.3 HIGH | N/A |
| Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 Gold and SP1, Excel 2013 RT Gold and SP1, and Office Compatibility Pack allow remote attackers to execute arbitrary code via a crafted Office document, aka "Excel Invalid Pointer Remote Code Execution Vulnerability." | |||||
| CVE-2016-9862 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in phpMyAdmin. With a crafted login request it is possible to inject BBCode in the login page. All 4.6.x versions (prior to 4.6.5) are affected. | |||||
| CVE-2014-5194 | 1 Sphider | 1 Sphider | 2025-04-12 | 6.5 MEDIUM | N/A |
| Static code injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote authenticated users to inject arbitrary PHP code into settings/conf.php via the _word_upper_bound parameter. | |||||
| CVE-2014-5158 | 1 Alienvault | 1 Open Source Security Information Management | 2025-04-12 | 10.0 HIGH | N/A |
| The (1) av-centerd SOAP service and (2) backup command in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2014-4663 | 1 Binarymoon | 2 Timthumb, Wordthumb | 2025-04-12 | 6.8 MEDIUM | N/A |
| TimThumb 2.8.13 and WordThumb 1.07, when Webshot (aka Webshots) is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the src parameter. | |||||
| CVE-2013-4321 | 1 Typo3 | 1 Typo3 | 2025-04-12 | 6.5 MEDIUM | N/A |
| The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.4 allows remote authenticated editors to execute arbitrary PHP code via unspecified characters in the file extension when renaming a file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4250. | |||||
| CVE-2016-7966 | 4 Debian, Fedoraproject, Kde and 1 more | 4 Debian Linux, Fedora, Kmail and 1 more | 2025-04-12 | 7.5 HIGH | 7.3 HIGH |
| Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign (=) or a space into the injected HTML, which greatly reduces the available HTML functionality. Although it is possible to include an HTML comment indicator to hide content. | |||||
| CVE-2016-3153 | 2 Debian, Spip | 2 Debian Linux, Spip | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrer_entites function. | |||||
| CVE-2013-1412 | 1 Dleviet | 1 Datalife Engine | 2025-04-12 | 7.5 HIGH | N/A |
| DataLife Engine (DLE) 9.7 allows remote attackers to execute arbitrary PHP code via the catlist[] parameter to engine/preview.php, which is used in a preg_replace function call with an e modifier. | |||||
| CVE-2012-5649 | 1 Apache | 1 Couchdb | 2025-04-12 | 6.8 MEDIUM | N/A |
| Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to execute arbitrary code via a JSONP callback, related to Adobe Flash. | |||||
| CVE-2014-2988 | 1 Egroupware | 1 Egroupware | 2025-04-12 | 8.5 HIGH | N/A |
| EGroupware Enterprise Line (EPL) before 1.1.20140505, EGroupware Community Edition before 1.8.007.20140506, and EGroupware before 14.1 beta allows remote authenticated administrators to execute arbitrary PHP code via crafted callback values to the call_user_func PHP function, as demonstrated using the newsettings[system] parameter. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2987. | |||||
| CVE-2015-5693 | 1 Symantec | 1 Web Gateway | 2025-04-12 | 7.9 HIGH | N/A |
| The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary commands via vectors related to "traffic capture." | |||||
| CVE-2014-0057 | 1 Redhat | 2 Cloudforms, Cloudforms 3.0 Management Engine | 2025-04-12 | 7.5 HIGH | N/A |
| The x_button method in the ServiceController (vmdb/app/controllers/service_controller.rb) in Red Hat CloudForms 3.0 Management Engine 5.2 allows remote attackers to execute arbitrary methods via unspecified vectors. | |||||
| CVE-2014-9001 | 1 Incrediblepbx | 1 Incredible Pbx 11 | 2025-04-12 | 6.5 MEDIUM | N/A |
| reminders/index.php in Incredible PBX 11 2.0.6.5.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) APPTMIN, (2) APPTHR, (3) APPTDA, (4) APPTMO, (5) APPTYR, or (6) APPTPHONE parameters. | |||||
| CVE-2012-5488 | 1 Plone | 1 Plone | 2025-04-12 | 5.0 MEDIUM | N/A |
| python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject. | |||||