Total
3704 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2016-10548 | 1 Reduce-css-calc Project | 1 Reduce-css-calc | 2024-09-16 | N/A |
Arbitrary code execution is possible in reduce-css-calc node module <=1.2.4 through crafted css. This makes cross sites scripting (XSS) possible on the client and arbitrary code injection possible on the server and user input is passed to the `calc` function. | ||||
CVE-2017-1248 | 1 Ibm | 2 Rational Collaborative Lifecycle Management, Rational Quality Manager | 2024-09-16 | N/A |
IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 124628. | ||||
CVE-2022-21122 | 1 Metarhia | 1 Metacalc | 2024-09-16 | 9 Critical |
The package metacalc before 0.0.2 are vulnerable to Arbitrary Code Execution when it exposes JavaScript's Math class to the v8 context. As the Math class is exposed to user-land, it can be used to get access to JavaScript's Function constructor. | ||||
CVE-2010-1177 | 1 Apple | 2 Iphone Os, Safari | 2024-09-16 | N/A |
Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving document.write calls with long crafted strings. | ||||
CVE-2011-4453 | 1 Pmwiki | 1 Pmwiki | 2024-09-16 | N/A |
The PageListSort function in scripts/pagelist.php in PmWiki 2.x before 2.2.35 allows remote attackers to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive, leading to unintended use of the PHP create_function function. | ||||
CVE-2019-7580 | 1 Thinkcmf | 1 Thinkcmf | 2024-09-16 | N/A |
ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP code via the portal/admin_category/addpost.html alias parameter because the mishandling of a single quote character allows data/conf/route.php injection. | ||||
CVE-2021-39115 | 1 Atlassian | 2 Jira Service Desk, Jira Service Management | 2024-09-16 | 7.2 High |
Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with "Jira Administrators" access to execute arbitrary Java code or run arbitrary system commands via a Server_Side Template Injection vulnerability in the Email Template feature. The affected versions are before version 4.13.9, and from version 4.14.0 before 4.18.0. | ||||
CVE-2013-3520 | 1 Vmware | 1 Vcenter Chargeback Manager | 2024-09-16 | N/A |
VMware vCenter Chargeback Manager (aka CBM) before 2.5.1 does not proper handle uploads, which allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
CVE-2010-4368 | 2 Awstats, Microsoft | 2 Awstats, Windows | 2024-09-16 | N/A |
awstats.cgi in AWStats before 7.0 on Windows accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located at a UNC share pathname. | ||||
CVE-2011-4254 | 1 Realnetworks | 1 Realplayer | 2024-09-16 | N/A |
RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted RTSP SETUP request. | ||||
CVE-2013-7362 | 1 Sap | 1 Ccms Agent | 2024-09-16 | N/A |
An unspecified RFC function in SAP CCMS Agent allows remote attackers to execute arbitrary commands via unknown vectors. | ||||
CVE-2013-6829 | 1 Pineapp | 1 Mail-secure | 2024-09-16 | N/A |
admin/confnetworking.html in PineApp Mail-SeCure allows remote attackers to execute arbitrary commands via shell metacharacters in the pinghost parameter during a ping operation. | ||||
CVE-2013-4830 | 1 Hp | 1 Service Manager | 2024-09-16 | N/A |
HP Service Manager 9.30 through 9.32 allows remote attackers to execute arbitrary code via an unspecified "injection" approach. | ||||
CVE-2013-2617 | 1 Curl Project | 1 Curl | 2024-09-16 | N/A |
lib/curl.rb in the Curl Gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL. | ||||
CVE-2008-3442 | 1 Winzip | 1 Winzip | 2024-09-16 | N/A |
WinZip before 11.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. | ||||
CVE-2008-3437 | 1 Openoffice | 1 Openoffice.org | 2024-09-16 | N/A |
OpenOffice.org (OOo) before 2.1.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. | ||||
CVE-2013-4203 | 1 Richard Cook | 1 Rgpg | 2024-09-16 | N/A |
The self.run_gpg function in lib/rgpg/gpg_helper.rb in the rgpg gem before 0.2.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors. | ||||
CVE-2020-7710 | 1 Safe-eval Project | 1 Safe-eval | 2024-09-16 | 8.1 High |
This affects all versions of package safe-eval. It is possible for an attacker to run an arbitrary command on the host machine. | ||||
CVE-2006-7046 | 1 Clan Manager Pro | 1 Clan Manager Pro | 2024-09-16 | N/A |
PHP remote file inclusion vulnerability in cmpro.intern/login.inc.php for Clan Manager Pro (CMPRO) 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
CVE-2024-5651 | 1 Redhat | 1 Workload Availability Fence Agents Remediation | 2024-09-16 | 8.8 High |
A flaw was found in the Fence Agents Remediation operator. This vulnerability can allow a Remote Code Execution (RCE) primitive by supplying an arbitrary command to execute in the --ssh-path/--telnet-path arguments. A low-privilege user, for example, a user with developer access, can create a specially crafted FenceAgentsRemediation for a fence agent supportingĀ --ssh-path/--telnet-path arguments to execute arbitrary commands on the operator's pod. This RCE leads to a privilege escalation, first as the service account running the operator, then to another service account with cluster-admin privileges. |