Total
3865 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-7691 | 1 Sap | 1 Trex | 2024-08-05 | N/A |
| A code injection vulnerability exists in SAP TREX / Business Warehouse Accelerator (BWA). The vendor response is SAP Security Note 2419592. | ||||
| CVE-2017-7625 | 1 Fiyo | 1 Fiyo Cms | 2024-08-05 | N/A |
| In Fiyo CMS 2.x through 2.0.7, attackers may upload a webshell via the content parameter to "/dapur/apps/app_theme/libs/save_file.php" and then execute code. | ||||
| CVE-2017-7570 | 1 Pivotx | 1 Pivotx | 2024-08-05 | N/A |
| PivotX 2.3.11 allows remote authenticated Advanced users to execute arbitrary PHP code by performing an upload with a safe file extension (such as .jpg) and then invoking the duplicate function to change to the .php extension. | ||||
| CVE-2017-7494 | 3 Debian, Redhat, Samba | 9 Debian Linux, Enterprise Linux, Rhel Aus and 6 more | 2024-08-05 | 9.8 Critical |
| Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it. | ||||
| CVE-2017-7465 | 1 Redhat | 2 Jboss Enterprise Application Platform, Jboss Enterprise Application Platform Cd | 2024-08-05 | N/A |
| It was found that the JAXP implementation used in JBoss EAP 7.0 for XSLT processing is vulnerable to code injection. An attacker could use this flaw to cause remote code execution if they are able to provide XSLT content for parsing. Doing a transform in JAXP requires the use of a 'javax.xml.transform.TransformerFactory'. If the FEATURE_SECURE_PROCESSING feature is set to 'true', it mitigates this vulnerability. | ||||
| CVE-2017-7411 | 1 Enalean | 1 Tuleap | 2024-08-05 | N/A |
| An issue was discovered in Enalean Tuleap 9.6 and prior versions. The vulnerability exists because the User::getRecentElements() method is using the unserialize() function with a preference value that can be arbitrarily manipulated by malicious users through the REST API interface, and this can be exploited to inject arbitrary PHP objects into the application scope, allowing an attacker to perform a variety of attacks (including but not limited to Remote Code Execution). | ||||
| CVE-2017-7402 | 1 Lucidcrew | 1 Pixie | 2024-08-05 | N/A |
| Pixie 1.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via the POST data in an admin/index.php?s=publish&x=filemanager request for a filename with a double extension, such as a .jpg.php file with Content-Type of image/jpeg. | ||||
| CVE-2017-7324 | 1 Modx | 1 Modx Revolution | 2024-08-05 | 9.8 Critical |
| setup/templates/findcore.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the core_path parameter. | ||||
| CVE-2017-7321 | 1 Modx | 1 Modx Revolution | 2024-08-05 | 9.8 Critical |
| setup/controllers/welcome.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the config_key parameter to the setup/index.php?action=welcome URI. | ||||
| CVE-2017-6455 | 1 Ntp | 1 Ntp | 2024-08-05 | N/A |
| NTP before 4.2.8p10 and 4.3.x before 4.3.94, when using PPSAPI, allows local users to gain privileges via a DLL in the PPSAPI_DLLS environment variable. | ||||
| CVE-2017-6325 | 1 Symantec | 1 Messaging Gateway | 2024-08-05 | N/A |
| The Symantec Messaging Gateway can encounter a file inclusion vulnerability, which is a type of vulnerability that is most commonly found to affect web applications that rely on a scripting run time. This issue is caused when an application builds a path to executable code using an attacker-controlled variable in a way that allows the attacker to control which file is executed at run time. This file inclusion vulnerability subverts how an application loads code for execution. Successful exploitation of a file inclusion vulnerability will result in remote code execution on the web server that runs the affected web application. | ||||
| CVE-2017-6186 | 1 Bitdefender | 3 Antivirus Plus, Internet Security, Total Security | 2024-08-05 | N/A |
| Code injection vulnerability in Bitdefender Total Security 12.0 (and earlier), Internet Security 12.0 (and earlier), and Antivirus Plus 12.0 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Bitdefender process via a "DoubleAgent" attack. One perspective on this issue is that (1) these products do not use the Protected Processes feature, and therefore an attacker can enter an arbitrary Application Verifier Provider DLL under Image File Execution Options in the registry; (2) the self-protection mechanism is intended to block all local processes (regardless of privileges) from modifying Image File Execution Options for these products; and (3) this mechanism can be bypassed by an attacker who temporarily renames Image File Execution Options during the attack. | ||||
| CVE-2017-5543 | 1 Intelliants | 1 Subrion | 2024-08-05 | N/A |
| includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote attackers to conduct PHP Object Injection attacks via crafted serialized data in a salt cookie in a login request. | ||||
| CVE-2017-4964 | 1 Cloudfoundry | 1 Bosh Azure Cpi | 2024-08-05 | 8.8 High |
| Cloud Foundry Foundation BOSH Azure CPI v22 could potentially allow a maliciously crafted stemcell to execute arbitrary code on VMs created by the director, aka a "CPI code injection vulnerability." | ||||
| CVE-2017-3907 | 1 Mcafee | 1 Mcafee Threat Intelligence Exchange | 2024-08-05 | N/A |
| Code Injection vulnerability in the ePolicy Orchestrator (ePO) extension in McAfee Threat Intelligence Exchange (TIE) Server 2.1.0 and earlier allows remote attackers to execute arbitrary HTML code to be reflected in the response web page via unspecified vector. | ||||
| CVE-2017-2968 | 1 Adobe | 1 Campaign | 2024-08-05 | N/A |
| Adobe Campaign versions 16.4 Build 8724 and earlier have a code injection vulnerability. | ||||
| CVE-2018-1000865 | 2 Jenkins, Redhat | 3 Script Security, Openshift, Openshift Container Platform | 2024-08-05 | N/A |
| A sandbox bypass vulnerability exists in Script Security Plugin 1.47 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM, if plugins using the Groovy sandbox are installed. | ||||
| CVE-2018-1000866 | 2 Jenkins, Redhat | 3 Pipeline\, Openshift, Openshift Container Platform | 2024-08-05 | N/A |
| A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.59 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java, groovy-cps/lib/src/main/java/com/cloudbees/groovy/cps/SandboxCpsTransformer.java that allows attackers with Job/Configure permission, or unauthorized attackers with SCM commit privileges and corresponding pipelines based on Jenkinsfiles set up in Jenkins, to execute arbitrary code on the Jenkins master JVM | ||||
| CVE-2018-1000070 | 1 Bitmessage | 1 Pybitmessage | 2024-08-05 | N/A |
| Bitmessage PyBitmessage version v0.6.2 (and introduced in or after commit 8ce72d8d2d25973b7064b1cf76a6b0b3d62f0ba0) contains a Eval injection vulnerability in main program, file src/messagetypes/__init__.py function constructObject that can result in Code Execution. This attack appears to be exploitable via remote attacker using a malformed message which must be processed by the victim - e.g. arrive from any sender on bitmessage network. This vulnerability appears to have been fixed in v0.6.3. | ||||
| CVE-2018-21005 | 1 Bbpress Move Topics Project | 1 Bbpress Move Topics | 2024-08-05 | N/A |
| The bbp-move-topics plugin before 1.1.6 for WordPress has code injection. | ||||