Total
1095 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-3750 | 1 Opera | 1 Opera Browser | 2024-08-07 | N/A |
| Opera before 8.51 on Linux and Unix systems allows remote attackers to execute arbitrary code via shell metacharacters (backticks) in a URL that another product provides in a command line argument when launching Opera. | ||||
| CVE-2005-3056 | 1 Twiki | 1 Twiki | 2024-08-07 | 9.8 Critical |
| TWiki allows arbitrary shell command execution via the Include function | ||||
| CVE-2005-3007 | 1 Opera | 1 Opera Browser | 2024-08-07 | N/A |
| Opera before 8.50 allows remote attackers to spoof the content type of files via a filename with a trailing "." (dot), which might allow remote attackers to trick users into processing dangerous content. | ||||
| CVE-2024-34448 | 2024-08-07 | 8.8 High | ||
| Ghost before 5.82.0 allows CSV Injection during a member CSV export. | ||||
| CVE-2022-31102 | 1 Argoproj | 1 Argo Cd | 2024-08-07 | 2.6 Low |
| Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with 2.3.0 and prior to 2.3.6 and 2.4.5 is vulnerable to a cross-site scripting (XSS) bug which could allow an attacker to inject arbitrary JavaScript in the `/auth/callback` page in a victim's browser. This vulnerability only affects Argo CD instances which have single sign on (SSO) enabled. The exploit also assumes the attacker has 1) access to the API server's encryption key, 2) a method to add a cookie to the victim's browser, and 3) the ability to convince the victim to visit a malicious `/auth/callback` link. The vulnerability is classified as low severity because access to the API server's encryption key already grants a high level of access. Exploiting the XSS would allow the attacker to impersonate the victim, but would not grant any privileges which the attacker could not otherwise gain using the encryption key. A patch for this vulnerability has been released in the following Argo CD versions 2.4.5 and 2.3.6. There is currently no known workaround. | ||||
| CVE-2007-4190 | 1 Joomla | 1 Joomla\! | 2024-08-07 | N/A |
| CRLF injection vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to inject arbitrary HTTP headers and probably conduct HTTP response splitting attacks via CRLF sequences in the url parameter. NOTE: this can be leveraged for cross-site scripting (XSS) attacks. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-0456 | 2 Apache, Redhat | 5 Http Server, Enterprise Linux, Enterprise Linux Desktop and 2 more | 2024-08-07 | N/A |
| CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file. | ||||
| CVE-2009-1781 | 1 Frax | 1 Php Recommend | 2024-08-07 | N/A |
| Static code injection vulnerability in admin.php in Frax.dk Php Recommend 1.3 and earlier allows remote attackers to inject arbitrary PHP code into phpre_config.php via the form_aula parameter. | ||||
| CVE-2010-4654 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2024-08-07 | 7.8 High |
| poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack. | ||||
| CVE-2010-4658 | 1 Status | 1 Statusnet | 2024-08-07 | 5.3 Medium |
| statusnet through 2010 allows attackers to spoof syslog messages via newline injection attacks. | ||||
| CVE-2010-3668 | 1 Typo3 | 1 Typo3 | 2024-08-07 | 7.5 High |
| TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Header Injection in the secure download feature jumpurl. | ||||
| CVE-2011-4558 | 1 Tiki | 1 Tiki | 2024-08-07 | 7.2 High |
| Tiki 8.2 and earlier allows remote administrators to execute arbitrary PHP code via crafted input to the regexres and regex parameters. | ||||
| CVE-2011-3624 | 1 Ruby-lang | 1 Ruby | 2024-08-06 | 5.3 Medium |
| Various methods in WEBrick::HTTPRequest in Ruby 1.9.2 and 1.8.7 and earlier do not validate the X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server headers in requests, which might allow remote attackers to inject arbitrary text into log files or bypass intended address parsing via a crafted header. | ||||
| CVE-2011-2855 | 2 Apple, Google | 4 Iphone Os, Itunes, Safari and 1 more | 2024-08-06 | N/A |
| Google Chrome before 14.0.835.163 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale node." | ||||
| CVE-2011-2805 | 2 Apple, Google | 3 Iphone Os, Safari, Chrome | 2024-08-06 | N/A |
| Google Chrome before 13.0.782.107 allows remote attackers to bypass the Same Origin Policy and conduct script injection attacks via unspecified vectors. | ||||
| CVE-2011-2717 | 2 Linux, Redhat | 2 Dhcp6c, Enterprise Linux | 2024-08-06 | 9.8 Critical |
| The DHCPv6 client (dhcp6c) as used in the dhcpv6 project through 2011-07-25 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message. | ||||
| CVE-2011-2538 | 1 Cisco | 1 Telepresence Video Communication Server | 2024-08-06 | 7.2 High |
| Cisco Video Communications Server (VCS) before X7.0.3 contains a command injection vulnerability which allows remote, authenticated attackers to execute arbitrary commands. | ||||
| CVE-2012-2931 | 1 Tinywebgallery | 1 Tinywebgallery | 2024-08-06 | 7.2 High |
| PHP code injection in TinyWebGallery before 1.8.8 allows remote authenticated users with admin privileges to inject arbitrary code into the .htusers.php file. | ||||
| CVE-2012-1495 | 1 Webcalendar Project | 1 Webcalendar | 2024-08-06 | 9.8 Critical |
| install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter. | ||||
| CVE-2012-1496 | 1 Webcalendar Project | 1 Webcalendar | 2024-08-06 | 8.8 High |
| Local file inclusion in WebCalendar before 1.2.5. | ||||