Total
1095 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-2180 | 1 Roundcube | 1 Webmail | 2024-08-06 | N/A |
| The DBMail driver in the Password plugin in Roundcube before 1.1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the password. | ||||
| CVE-2015-1975 | 1 Ibm | 1 Tivoli Directory Server | 2024-08-06 | N/A |
| The web administration tool in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, and 6.3 before iFix 37 and IBM Security Directory Server 6.3.1 before iFix 11 and 6.4 before iFix 2 allows local users to gain privileges via vectors related to argument injection. IBM X-Force ID: 103694. | ||||
| CVE-2015-1762 | 1 Microsoft | 1 Sql Server | 2024-08-06 | N/A |
| Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014, when transactional replication is configured, does not prevent use of uninitialized memory in unspecified function calls, which allows remote authenticated users to execute arbitrary code by leveraging certain permissions and making a crafted query, as demonstrated by the VIEW SERVER STATE permission, aka "SQL Server Remote Code Execution Vulnerability." | ||||
| CVE-2015-1592 | 2 Debian, Sixapart | 2 Debian Linux, Movable Type | 2024-08-06 | N/A |
| Movable Type Pro, Open Source, and Advanced before 5.2.12 and Pro and Advanced 6.0.x before 6.0.7 does not properly use the Perl Storable::thaw function, which allows remote attackers to include and execute arbitrary local Perl files and possibly execute arbitrary code via unspecified vectors. | ||||
| CVE-2015-1169 | 1 Apereo | 1 Central Authentication Service | 2024-08-06 | N/A |
| Apereo Central Authentication Service (CAS) Server before 3.5.3 allows remote attackers to conduct LDAP injection attacks via a crafted username, as demonstrated by using a wildcard and a valid password to bypass LDAP authentication. | ||||
| CVE-2015-0931 | 1 Ektron | 1 Ektron Content Management System | 2024-08-06 | N/A |
| Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1, when the Saxon XSLT parser is used, allows remote attackers to execute arbitrary code via a crafted XSLT document, related to a "resource injection" issue. | ||||
| CVE-2015-0169 | 1 Ibm | 1 Security Siteprotector System | 2024-08-06 | N/A |
| IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to inject arguments via unspecified vectors. | ||||
| CVE-2015-0116 | 1 Ibm | 1 Leads | 2024-08-06 | N/A |
| IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before 9.1.1.0.2 does not properly restrict the addition of links, which makes it easier for remote authenticated users to conduct cross-site request forgery (CSRF) attacks via unspecified vectors. | ||||
| CVE-2016-15004 | 1 Revmakx | 1 Infinitewp Client | 2024-08-06 | 7.3 High |
| A vulnerability was found in InfiniteWP Client Plugin 1.5.1.3/1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to injection. The attack can be launched remotely. Upgrading to version 1.6.1.1 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2016-15007 | 1 Centralized Salesforce Development Framework Project | 1 Centralized Salesforce Development Framework | 2024-08-06 | 5.5 Medium |
| A vulnerability was found in Centralized-Salesforce-Dev-Framework. It has been declared as problematic. Affected by this vulnerability is the function SObjectService of the file src/classes/SObjectService.cls of the component SOQL Handler. The manipulation of the argument orderDirection leads to injection. The patch is named db03ac5b8a9d830095991b529c067a030a0ccf7b. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217195. | ||||
| CVE-2016-11068 | 1 Mattermost | 1 Mattermost Server | 2024-08-06 | 5.3 Medium |
| An issue was discovered in Mattermost Server before 3.2.0. Attackers could read LDAP fields via injection. | ||||
| CVE-2016-10847 | 1 Cpanel | 1 Cpanel | 2024-08-06 | N/A |
| cPanel before 11.54.0.4 allows arbitrary file-read and file-write operations via scripts/fixmailboxpath (SEC-80). | ||||
| CVE-2016-10845 | 1 Cpanel | 1 Cpanel | 2024-08-06 | N/A |
| cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/check_system_storable (SEC-78). | ||||
| CVE-2016-10801 | 1 Cpanel | 1 Cpanel | 2024-08-06 | N/A |
| cPanel before 58.0.4 has improper session handling for shared users (SEC-139). | ||||
| CVE-2016-10761 | 1 Logitech | 10 K360, K360 Firmware, K400r and 7 more | 2024-08-06 | N/A |
| Logitech Unifying devices before 2016-02-26 allow keystroke injection, bypassing encryption, aka MouseJack. | ||||
| CVE-2016-10131 | 1 Codeigniter | 1 Codeigniter | 2024-08-06 | N/A |
| system/libraries/Email.php in CodeIgniter before 3.1.3 allows remote attackers to execute arbitrary code by leveraging control over the email->from field to insert sendmail command-line arguments. | ||||
| CVE-2016-9832 | 1 Pwc | 1 Ace-advanced Business Application Programming | 2024-08-06 | N/A |
| PricewaterhouseCoopers (PwC) ACE-ABAP 8.10.304 for SAP Security allows remote authenticated users to conduct ABAP injection attacks and execute arbitrary code via (1) SAPGUI or (2) Internet Communication Framework (ICF) over HTTP or HTTPS, as demonstrated by WEBGUI or Report. | ||||
| CVE-2016-8901 | 1 B2evolution | 1 B2evolution | 2024-08-06 | N/A |
| b2evolution 6.7.6 suffer from an Object Injection vulnerability in /htsrv/call_plugin.php. | ||||
| CVE-2016-8899 | 1 Exponentcms | 1 Exponent Cms | 2024-08-06 | N/A |
| Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expCatController.php related to change_cats. | ||||
| CVE-2016-8900 | 1 Exponentcms | 1 Exponent Cms | 2024-08-06 | N/A |
| Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expTagController.php related to change_tags. | ||||