Total
3705 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2012-2990 | 1 Samsung | 1 Kies | 2024-09-17 | N/A |
The MASetupCaller ActiveX control before 1.4.2012.508 in MASetupCaller.dll in MarkAny ContentSAFER, as distributed in Samsung KIES before 2.3.2.12074_13_13, does not properly implement unspecified methods, which allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via a crafted HTML document. | ||||
CVE-2009-3814 | 1 Runcms | 1 Runcms | 2024-09-17 | N/A |
Static code injection vulnerability in RunCMS 2M1 allows remote authenticated administrators to execute arbitrary PHP code via the "Filter/Banning" feature, as demonstrated by modifying modules/system/cache/bademails.php using the "Prohibited: Emails" action, and other unspecified filters. | ||||
CVE-2024-44623 | 1 Tuomoku | 1 Spx Gc | 2024-09-17 | 7.3 High |
An issue in TuomoKu SPx-GC v.1.3.0 and before allows a remote attacker to execute arbitrary code via the child_process.js function. | ||||
CVE-2023-46055 | 1 Thingnario | 1 Photon | 2024-09-17 | 8.8 High |
An issue in ThingNario Photon v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the ping function to the "thingnario Logger Maintenance Webpage" endpoint. | ||||
CVE-2012-5304 | 1 Yuriy V Semenikhin | 1 Yvs Image Gallery | 2024-09-17 | N/A |
Static code injection vulnerability in administration/install.php in YVS Image Gallery allows remote attackers to inject arbitrary PHP code into functions/db_connect.php via unspecified vectors. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. | ||||
CVE-2012-4008 | 1 Cybozu | 1 Cybozu Live | 2024-09-17 | N/A |
The Cybozu Live application 1.0.4 and earlier for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site. | ||||
CVE-2018-10429 | 1 Cosmocms | 1 Cosmo | 2024-09-17 | N/A |
Cosmo 1.0.0Beta6 allows attackers to execute arbitrary PHP code via the Database Prefix field on the Database Info screen of install.php. | ||||
CVE-2020-28464 | 1 Djv Project | 1 Djv | 2024-09-17 | 9.8 Critical |
This affects the package djv before 2.1.4. By controlling the schema file, an attacker can run arbitrary JavaScript code on the victim machine. | ||||
CVE-2011-4337 | 1 Sitracker | 1 Support Incident Tracker | 2024-09-17 | N/A |
Static code injection vulnerability in translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to inject arbitrary PHP code into an executable language file in the i18n directory via the lang variable. | ||||
CVE-2021-23406 | 1 Pac-resolver Project | 1 Pac-resolver | 2024-09-17 | 8.1 High |
This affects the package pac-resolver before 5.0.0. This can occur when used with untrusted input, due to unsafe PAC file handling. **NOTE:** The fix for this vulnerability is applied in the node-degenerator library, a dependency written by the same maintainer. | ||||
CVE-2013-5942 | 1 Graphite Project | 1 Graphite | 2024-09-17 | N/A |
Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to (1) remote_storage.py, (2) storage.py, (3) render/datalib.py, and (4) whitelist/views.py, a different vulnerability than CVE-2013-5093. | ||||
CVE-2012-1625 | 2 Drupal, Wizonesolutions | 2 Drupal, Fillpdf | 2024-09-17 | N/A |
Eval injection vulnerability in the fillpdf_form_export_decode function in fillpdf.admin.inc in the Fill PDF module 6.x-1.x before 6.x-1.16 and 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with administer PDFs privileges to execute arbitrary PHP code via unspecified vectors. NOTE: Some of these details are obtained from third party information. | ||||
CVE-2007-4913 | 1 Invision Power Services | 1 Invision Power Board | 2024-09-17 | N/A |
ips_kernel/class_upload.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to upload arbitrary script files with crafted image filenames to uploads/, where they are saved with a .txt extension and are not executable. NOTE: there are limited usage scenarios under which this would be a vulnerability, but it is being tracked by CVE since the vendor has stated it is security-relevant. | ||||
CVE-2017-0899 | 3 Debian, Redhat, Rubygems | 10 Debian Linux, Enterprise Linux, Enterprise Linux Desktop and 7 more | 2024-09-17 | N/A |
RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences. | ||||
CVE-2021-1585 | 1 Cisco | 1 Adaptive Security Device Manager | 2024-09-17 | 7.5 High |
A vulnerability in the Cisco Adaptive Security Device Manager (ASDM) Launcher could allow an unauthenticated, remote attacker to execute arbitrary code on a user's operating system. This vulnerability is due to a lack of proper signature verification for specific code exchanged between the ASDM and the Launcher. An attacker could exploit this vulnerability by leveraging a man-in-the-middle position on the network to intercept the traffic between the Launcher and the ASDM and then inject arbitrary code. A successful exploit could allow the attacker to execute arbitrary code on the user's operating system with the level of privileges assigned to the ASDM Launcher. A successful exploit may require the attacker to perform a social engineering attack to persuade the user to initiate communication from the Launcher to the ASDM. | ||||
CVE-2011-4047 | 1 Dell | 1 Kace K2000 Systems Deployment Appliance | 2024-09-17 | N/A |
The Dell KACE K2000 System Deployment Appliance allows remote attackers to execute arbitrary commands by leveraging database write access. | ||||
CVE-2017-16100 | 1 Dns-sync Project | 1 Dns-sync | 2024-09-17 | N/A |
dns-sync is a sync/blocking dns resolver. If untrusted user input is allowed into the resolve() method then command injection is possible. | ||||
CVE-2011-4203 | 1 Moodle | 1 Moodle | 2024-09-17 | N/A |
CRLF injection vulnerability in calendar/set.php in the Calendar component in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, 2.1.x before 2.1.3, and 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors involving the url variable. | ||||
CVE-2010-4558 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-09-17 | N/A |
phpMyFAQ 2.6.11 and 2.6.12, as distributed between December 4th and December 15th 2010, contains an externally introduced modification (Trojan Horse) in the getTopTen method in inc/Faq.php, which allows remote attackers to execute arbitrary PHP code. | ||||
CVE-2013-6865 | 1 Sybase | 1 Adaptive Server Enterprise | 2024-09-17 | N/A |
SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka CR732989. |