Total
3568 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-5488 | 1 Plone | 1 Plone | 2024-02-04 | 5.0 MEDIUM | N/A |
| python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject. | |||||
| CVE-2014-8997 | 1 Digitalvidhya | 1 Digi Online Examination System | 2024-02-04 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in the Photo functionality in DigitalVidhya Digi Online Examination System 2.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in assets/uploads/images/. | |||||
| CVE-2014-3593 | 1 Scientificlinux | 1 Luci | 2024-02-04 | 6.0 MEDIUM | N/A |
| Eval injection vulnerability in luci 0.26.0 allows remote authenticated users with certain permissions to execute arbitrary Python code via a crafted cluster configuration. | |||||
| CVE-2014-8949 | 1 Imember360 | 1 Imember360 | 2024-02-04 | 6.0 MEDIUM | N/A |
| The iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the i4w_trace parameter. NOTE: this can be leveraged with CVE-2014-8948 to allow remote attackers to execute code. NOTE: it is not clear whether this issue itself crosses privileges. | |||||
| CVE-2012-5485 | 1 Plone | 1 Plone | 2024-02-04 | 6.8 MEDIUM | N/A |
| registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface. | |||||
| CVE-2014-0585 | 4 Adobe, Apple, Linux and 1 more | 7 Air, Air Sdk, Air Sdk \& Compiler and 4 more | 2024-02-04 | 10.0 HIGH | N/A |
| Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2014-0577, CVE-2014-0584, CVE-2014-0586, and CVE-2014-0590. | |||||
| CVE-2014-0577 | 4 Adobe, Apple, Linux and 1 more | 7 Air, Air Sdk, Air Sdk \& Compiler and 4 more | 2024-02-04 | 10.0 HIGH | N/A |
| Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2014-0584, CVE-2014-0585, CVE-2014-0586, and CVE-2014-0590. | |||||
| CVE-2014-3496 | 1 Redhat | 2 Openshift, Openshift Origin | 2024-02-04 | 10.0 HIGH | N/A |
| cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a Source-Url ending with a (1) .tar.gz, (2) .zip, (3) .tgz, or (4) .tar file extension in a cartridge manifest file. | |||||
| CVE-2014-3805 | 1 Alienvault | 1 Open Source Security Information Management | 2024-02-04 | 10.0 HIGH | N/A |
| The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) get_license, (2) get_log_line, or (3) update_system/upgrade_pro_web request, a different vulnerability than CVE-2014-3804. | |||||
| CVE-2014-1813 | 1 Microsoft | 1 Web Applications | 2024-02-04 | 8.5 HIGH | N/A |
| Microsoft Web Applications 2010 SP1 and SP2 allows remote authenticated users to execute arbitrary code via crafted page content, aka "Web Applications Page Content Vulnerability." | |||||
| CVE-2013-6948 | 1 Belkin | 1 Wemo Home Automation Firmware | 2024-02-04 | 7.8 HIGH | N/A |
| The peerAddresses API in the Belkin WeMo Home Automation firmware before 3949 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2014-8998 | 1 X7chat | 1 X7 Chat | 2024-02-04 | 6.5 MEDIUM | N/A |
| lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote authenticated users to execute arbitrary PHP code via a crafted HTTP header to index.php, which is processed by the preg_replace function with the eval switch. | |||||
| CVE-2013-1397 | 1 Sensiolabs | 1 Symfony | 2024-02-04 | 7.5 HIGH | N/A |
| Symfony 2.0.x before 2.0.22, 2.1.x before 2.1.7, and 2.2.x remote attackers to execute arbitrary PHP code via a serialized PHP object to the (1) Yaml::parse or (2) Yaml\Parser::parse function, a different vulnerability than CVE-2013-1348. | |||||
| CVE-2015-0090 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2024-02-04 | 9.3 HIGH | N/A |
| Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) file, aka "Adobe Font Driver Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-0088, CVE-2015-0091, CVE-2015-0092, and CVE-2015-0093. | |||||
| CVE-2014-1824 | 1 Microsoft | 8 Windows 7, Windows 8, Windows 8.1 and 5 more | 2024-02-04 | 9.3 HIGH | N/A |
| Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted Journal (aka .JNT) file, aka "Windows Journal Remote Code Execution Vulnerability." | |||||
| CVE-2014-8877 | 1 Creative Minds | 1 Cm Download Manager | 2024-02-04 | 10.0 HIGH | N/A |
| The alterSearchQuery function in lib/controllers/CmdownloadController.php in the CreativeMinds CM Downloads Manager plugin before 2.0.4 for WordPress allows remote attackers to execute arbitrary PHP code via the CMDsearch parameter to cmdownloads/, which is processed by the PHP create_function function. | |||||
| CVE-2013-7394 | 1 Splunk | 1 Splunk | 2024-02-04 | 9.0 HIGH | N/A |
| The "runshellscript echo.sh" script in Splunk before 5.0.5 allows remote authenticated users to execute arbitrary commands via a crafted string. NOTE: this issue was SPLIT from CVE-2013-6771 per ADT2 due to different vulnerability types. | |||||
| CVE-2014-8346 | 1 Samsung | 2 Findmymobile, Mobile | 2024-02-04 | 7.8 HIGH | N/A |
| The Remote Controls feature on Samsung mobile devices does not validate the source of lock-code data received over a network, which makes it easier for remote attackers to cause a denial of service (screen locking with an arbitrary code) by triggering unexpected Find My Mobile network traffic. | |||||
| CVE-2014-3176 | 1 Google | 1 Chrome | 2024-02-04 | 10.0 HIGH | N/A |
| Google Chrome before 37.0.2062.94 does not properly handle the interaction of extensions, IPC, the sync API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-3177. | |||||
| CVE-2014-6261 | 1 Zenoss | 1 Zenoss Core | 2024-02-04 | 9.3 HIGH | N/A |
| Zenoss Core through 5 Beta 3 does not properly implement the Check For Updates feature, which allows remote attackers to execute arbitrary code by (1) spoofing the callhome server or (2) deploying a crafted web site that is visited during a login session, aka ZEN-12657. | |||||