Total
3567 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-1999 | 1 Fuelphp | 1 Fuelphp | 2024-02-04 | 7.5 HIGH | N/A |
| The auto-format feature in the Request_Curl class in FuelPHP 1.1 through 1.7.1 allows remote attackers to execute arbitrary code via a crafted response. | |||||
| CVE-2013-1899 | 2 Canonical, Postgresql | 2 Ubuntu Linux, Postgresql | 2024-02-04 | 6.5 MEDIUM | N/A |
| Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a "-" (hyphen). | |||||
| CVE-2013-4438 | 1 Saltstack | 1 Salt | 2024-02-04 | 7.5 HIGH | N/A |
| Salt (aka SaltStack) before 0.17.1 allows remote attackers to execute arbitrary YAML code via unspecified vectors. NOTE: the vendor states that this might not be a vulnerability because the YAML to be loaded has already been determined to be safe. | |||||
| CVE-2011-4237 | 1 Cisco | 2 Ciscoworks Common Services, Prime Lan Management Solution | 2024-02-04 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in autologin.jsp in Cisco CiscoWorks Common Services 4.0, as used in Cisco Prime LAN Management Solution and other products, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter, aka Bug ID CSCtu18693. | |||||
| CVE-2012-0261 | 1 Op5 | 2 Monitor, System-portal | 2024-02-04 | 10.0 HIGH | N/A |
| license.php in system-portal before 1.6.2 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the timestamp parameter for an install action. | |||||
| CVE-2013-6671 | 6 Canonical, Fedoraproject, Mozilla and 3 more | 17 Ubuntu Linux, Fedora, Firefox and 14 more | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements. | |||||
| CVE-2012-1037 | 1 Glpi-project | 1 Glpi | 2024-02-04 | 6.5 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in front/popup.php in GLPI 0.78 through 0.80.61 allows remote authenticated users to execute arbitrary PHP code via a URL in the sub_type parameter. | |||||
| CVE-2012-4008 | 1 Cybozu | 1 Cybozu Live | 2024-02-04 | 6.8 MEDIUM | N/A |
| The Cybozu Live application 1.0.4 and earlier for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site. | |||||
| CVE-2013-4212 | 1 Apache | 1 Roller | 2024-02-04 | 6.8 MEDIUM | N/A |
| Certain getText methods in the ActionSupport controller in Apache Roller before 5.0.2 allow remote attackers to execute arbitrary OGNL expressions via the first or second parameter, as demonstrated by the pageTitle parameter in the !getPageTitle sub-URL to roller-ui/login.rol, which uses a subclass of UIAction, aka "OGNL Injection." | |||||
| CVE-2012-5223 | 1 Crawlability | 1 Vbseo | 2024-02-04 | 7.5 HIGH | N/A |
| The proc_deutf function in includes/functions_vbseocp_abstract.php in vBSEO 3.5.0, 3.5.1, 3.5.2, 3.6.0, and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" in the char_repl parameter, which is inserted into a regular expression that is processed by the preg_replace function with the eval switch. | |||||
| CVE-2013-4957 | 1 Puppet | 1 Puppet Enterprise | 2024-02-04 | 6.8 MEDIUM | N/A |
| The dashboard report in Puppet Enterprise before 3.0.1 allows attackers to execute arbitrary YAML code via a crafted report-specific type. | |||||
| CVE-2013-3151 | 1 Microsoft | 1 Internet Explorer | 2024-02-04 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3144 and CVE-2013-3163. | |||||
| CVE-2013-2751 | 1 Netgear | 1 Raidiator | 2024-02-04 | 10.0 HIGH | N/A |
| Eval injection vulnerability in frontview/lib/np_handler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to execute arbitrary Perl code via a crafted request, related to the "forgot password workflow." | |||||
| CVE-2012-1878 | 1 Microsoft | 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more | 2024-02-04 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnBeforeDeactivate Event Remote Code Execution Vulnerability." | |||||
| CVE-2013-4330 | 1 Apache | 1 Camel | 2024-02-04 | 6.8 MEDIUM | N/A |
| Apache Camel before 2.9.7, 2.10.0 before 2.10.7, 2.11.0 before 2.11.2, and 2.12.0 allows remote attackers to execute arbitrary simple language expressions by including "$simple{}" in a CamelFileName message header to a (1) FILE or (2) FTP producer. | |||||
| CVE-2012-2596 | 1 Siemens | 1 Wincc | 2024-02-04 | 5.5 MEDIUM | N/A |
| The XPath functionality in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 does not properly handle special characters in parameters, which allows remote authenticated users to read or modify settings via a crafted URL, related to an "XML injection" attack. | |||||
| CVE-2013-5331 | 4 Adobe, Apple, Linux and 1 more | 6 Air, Air Sdk, Flash Player and 3 more | 2024-02-04 | 9.3 HIGH | N/A |
| Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before 11.9.900.170 on Windows and Mac OS X and before 11.2.202.332 on Linux, Adobe AIR before 3.9.0.1380, Adobe AIR SDK before 3.9.0.1380, and Adobe AIR SDK & Compiler before 3.9.0.1380 allow remote attackers to execute arbitrary code via crafted .swf content that leverages an unspecified "type confusion," as exploited in the wild in December 2013. | |||||
| CVE-2012-0439 | 1 Novell | 1 Groupwise | 2024-02-04 | 9.3 HIGH | N/A |
| An ActiveX control in gwcls1.dll in the client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code via (1) a pointer argument to the SetEngine method or (2) an XPItem pointer argument to an unspecified method. | |||||
| CVE-2012-2526 | 1 Microsoft | 1 Windows Xp | 2024-02-04 | 9.3 HIGH | N/A |
| The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP3 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to a deleted object, aka "Remote Desktop Protocol Vulnerability." | |||||
| CVE-2012-5304 | 1 Yuriy V Semenikhin | 1 Yvs Image Gallery | 2024-02-04 | 7.5 HIGH | N/A |
| Static code injection vulnerability in administration/install.php in YVS Image Gallery allows remote attackers to inject arbitrary PHP code into functions/db_connect.php via unspecified vectors. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. | |||||