Total
3704 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-45847 | 1 Mindsdb | 1 Mindsdb | 2024-09-16 | 8.8 High |
| An arbitrary code execution vulnerability exists in versions 23.11.4.2 up to 24.7.4.1 of the MindsDB platform, when one of several integrations is installed on the server. If a specially crafted ‘UPDATE’ query containing Python code is run against a database created with the specified integration engine, the code will be passed to an eval function and executed on the server. | ||||
| CVE-2024-45846 | 1 Mindsdb | 1 Mindsdb | 2024-09-16 | 8.8 High |
| An arbitrary code execution vulnerability exists in versions 23.10.3.0 up to 24.7.4.1 of the MindsDB platform, when the Weaviate integration is installed on the server. If a specially crafted ‘SELECT WHERE’ clause containing Python code is run against a database created with the Weaviate engine, the code will be passed to an eval function and executed on the server. | ||||
| CVE-2010-1120 | 1 Apple | 2 Mac Os X, Safari | 2024-09-16 | N/A |
| Unspecified vulnerability in Safari 4 on Apple Mac OS X 10.6 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Charlie Miller during a Pwn2Own competition at CanSecWest 2010. | ||||
| CVE-2014-8661 | 1 Sap | 1 Customer Relationship Management Internet Sales | 2024-09-16 | N/A |
| The SAP CRM Internet Sales module allows remote attackers to execute arbitrary commands via unspecified vectors. | ||||
| CVE-2009-0820 | 1 Php.brickhost | 1 Phpscheduleit | 2024-09-16 | N/A |
| Multiple eval injection vulnerabilities in phpScheduleIt before 1.2.11 allow remote attackers to execute arbitrary code via (1) the end_date parameter to reserve.php and (2) the start_date and end_date parameters to check.php. NOTE: the start_date/reserve.php vector is already covered by CVE-2008-6132. | ||||
| CVE-2018-14579 | 1 Golemcms Project | 1 Golemcms | 2024-09-16 | N/A |
| GolemCMS through 2008-12-24, if the install/ directory remains active after an installation, allows remote attackers to execute arbitrary PHP code by inserting this code into the "Database Information" "Table prefix" form field, or obtain sensitive information via a direct request for install/install.sql. | ||||
| CVE-2021-39128 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2024-09-16 | 7.2 High |
| Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA Administrators access to execute arbitrary Java code via a server-side template injection vulnerability in the Email Template feature. The affected versions of Jira Server or Data Center are before version 8.13.12, and from version 8.14.0 before 8.19.1. | ||||
| CVE-2010-1239 | 1 Foxitsoftware | 1 Foxit Reader | 2024-09-16 | N/A |
| Foxit Reader before 3.2.1.0401 allows remote attackers to (1) execute arbitrary local programs via a certain "/Type /Action /S /Launch" sequence, and (2) execute arbitrary programs embedded in a PDF document via an unspecified "/Launch /Action" sequence, a related issue to CVE-2009-0836. | ||||
| CVE-2009-3362 | 1 Sznews | 1 Sznews | 2024-09-16 | N/A |
| PHP remote file inclusion vulnerability in printnews.php3 in SZNews 2.7 allows remote attackers to execute arbitrary PHP code via a URL in the id parameter. | ||||
| CVE-2010-4964 | 1 Dlink | 2 Dcs-2121, Dcs-2121 Firmware | 2024-09-16 | N/A |
| recorder_test.cgi on the D-Link DCS-2121 camera with firmware 1.04 allows remote attackers to execute arbitrary commands via shell metacharacters in the Password field, related to a "semicolon injection" vulnerability. | ||||
| CVE-2022-24915 | 1 Ipcomm | 2 Ipdio, Ipdio Firmware | 2024-09-16 | 8 High |
| The absence of filters when loading some sections in the web application of the vulnerable device allows attackers to inject malicious code that will be interpreted when a legitimate user accesses the web section where the information is displayed. Injection can be done on specific parameters. The injected code is executed when a legitimate user attempts to upload, copy, download, or delete an existing configuration (Administrative Services). | ||||
| CVE-2017-1001004 | 1 Typed Function Project | 1 Typed Function | 2024-09-16 | N/A |
| typed-function before 0.10.6 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution. | ||||
| CVE-2012-5690 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2024-09-16 | N/A |
| RealNetworks RealPlayer before 16.0.0.282 and RealPlayer SP 1.0 through 1.1.5 allow remote attackers to execute arbitrary code via a RealAudio file that triggers access to an invalid pointer. | ||||
| CVE-2017-16042 | 1 Growl Project | 1 Growl | 2024-09-16 | N/A |
| Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution. | ||||
| CVE-2016-10546 | 1 Pouchdb | 1 Pouchdb | 2024-09-16 | N/A |
| An arbitrary code injection vector was found in PouchDB 6.0.4 and lesser via the map/reduce functions used in PouchDB temporary views and design documents. The code execution engine for this branch is not properly sandboxed and may be used to run arbitrary JavaScript as well as system commands. | ||||
| CVE-2009-4789 | 2 Joomla, Mojoblog | 2 Joomla, Mojoblog | 2024-09-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the MojoBlog component RC 0.15 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) wp-comments-post.php and (2) wp-trackback.php. | ||||
| CVE-2017-1001002 | 1 Mathjs | 1 Math.js | 2024-09-16 | N/A |
| math.js before 3.17.0 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution. | ||||
| CVE-2009-4646 | 1 Accellion | 1 Secure File Transfer Appliance | 2024-09-16 | N/A |
| Static code injection vulnerability in the administrative web interface in Accellion Secure File Transfer Appliance allows remote authenticated administrators to inject arbitrary shell commands by appending them to a request to update the SNMP public community string. | ||||
| CVE-2012-4884 | 1 Bestpractical | 1 Rt | 2024-09-16 | N/A |
| Argument injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to create arbitrary files via unspecified vectors related to the GnuPG client. | ||||
| CVE-2013-3383 | 1 Cisco | 2 Ironport Asyncos, Web Security Appliance | 2024-09-16 | N/A |
| The web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-550 allows remote authenticated users to execute arbitrary commands via crafted command-line input in a URL sent over IPv4, aka Bug ID CSCzv69294. | ||||