Total
3705 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-23344 | 1 Totaljs | 1 Total.js | 2024-09-17 | 9.8 Critical |
The package total.js before 3.4.8 are vulnerable to Remote Code Execution (RCE) via set. | ||||
CVE-2011-0469 | 1 Suse | 1 Opensuse | 2024-09-17 | N/A |
Code injection in openSUSE when running some source services used in the open build service 2.1 before March 11 2011. | ||||
CVE-2012-5537 | 2 Drupal, Simplenews Scheduler Project | 2 Drupal, Simplenews Scheduler | 2024-09-17 | N/A |
The Simplenews Scheduler module 6.x-2.x before 6.x-2.4 for Drupal allows remote authenticated users with the "send scheduled newsletters" permission to inject arbitrary PHP code into the scheduling form, which is later executed by cron. | ||||
CVE-2022-24429 | 1 Convert-svg-core Project | 1 Convert-svg-core | 2024-09-17 | 7.5 High |
The package convert-svg-core before 0.6.3 are vulnerable to Arbitrary Code Injection when using a specially crafted SVG file. An attacker can read arbitrary files from the file system and then show the file content as a converted PNG file. | ||||
CVE-2017-1242 | 1 Ibm | 2 Rational Collaborative Lifecycle Management, Rational Quality Manager | 2024-09-17 | N/A |
IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 124524. | ||||
CVE-2002-2319 | 1 Mysimplenews | 1 Mysimplenews | 2024-09-17 | N/A |
Static code injection vulnerability in users.php in MySimpleNews allows remote attackers to inject arbitrary PHP code and HTML via the (1) LOGIN, (2) DATA, and (3) MESS parameters, which are inserted into news.php3. | ||||
CVE-2010-1153 | 1 Typo3 | 1 Typo3 | 2024-09-17 | N/A |
PHP remote file inclusion vulnerability in the autoloader in TYPO3 4.3.x before 4.3.3 allows remote attackers to execute arbitrary PHP code via a URL in an input field associated with the className variable. | ||||
CVE-2010-3761 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2024-09-17 | N/A |
Unspecified vulnerability in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-700. NOTE: this might overlap CVE-2010-3058 or CVE-2010-3059. | ||||
CVE-2010-0103 | 1 Energizer | 1 Duo Usb | 2024-09-17 | N/A |
UsbCharger.dll in the Energizer DUO USB battery charger software contains a backdoor that is implemented through the Arucer.dll file in the %WINDIR%\system32 directory, which allows remote attackers to download arbitrary programs onto a Windows PC, and execute these programs, via a request to TCP port 7777. | ||||
CVE-2011-4251 | 1 Realnetworks | 1 Realplayer | 2024-09-17 | N/A |
RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted sample size in a RealAudio file. | ||||
CVE-2009-5097 | 1 Hp | 1 Palm Pre Webos | 2024-09-17 | N/A |
Palm Pre WebOS 1.1 and earlier processes JavaScript in email messages, which allows remote attackers to execute arbitrary JavaScript, as demonstrated by reading PalmDatabase.db3. | ||||
CVE-2012-0439 | 1 Novell | 1 Groupwise | 2024-09-17 | N/A |
An ActiveX control in gwcls1.dll in the client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code via (1) a pointer argument to the SetEngine method or (2) an XPItem pointer argument to an unspecified method. | ||||
CVE-2014-8770 | 1 Magmi Project | 1 Magmi | 2024-09-17 | N/A |
Unrestricted file upload vulnerability in magmi/web/magmi.php in the MAGMI (aka Magento Mass Importer) plugin 0.7.17a and earlier for Magento Community Edition (CE) allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a PHP file, then accessing the PHP file via a direct request to it in magmi/plugins/. | ||||
CVE-2021-29679 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-09-17 | 8.8 High |
IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated user to execute code remotely due to incorrectly neutralizaing user-contrlled input that could be interpreted a a server-side include (SSI) directive. IBM X-Force ID: 199915. | ||||
CVE-2013-2615 | 1 Rubygems | 1 Fastreader | 2024-09-17 | N/A |
lib/entry_controller.rb in the fastreader Gem 1.0.8 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL. | ||||
CVE-2012-4143 | 4 Apple, Linux, Microsoft and 1 more | 4 Mac Os X, Linux Kernel, Windows and 1 more | 2024-09-17 | N/A |
Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, allows user-assisted remote attackers to trick users into downloading and executing arbitrary files via a small window for the download dialog, a different vulnerability than CVE-2012-1924. | ||||
CVE-2015-9272 | 1 Videowhisper | 1 Video Presentation | 2024-09-17 | N/A |
The videowhisper-video-presentation plugin 3.31.17 for WordPress allows remote attackers to execute arbitrary code because vp/vw_upload.php considers a file safe when "html" are the last four characters, as demonstrated by a .phtml file containing PHP code. | ||||
CVE-2013-3508 | 1 Gwos | 1 Groundwork Monitor | 2024-09-17 | N/A |
html/System-Files.php in the System File Overview feature in the NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to execute arbitrary commands via vectors involving file editing. | ||||
CVE-2018-10133 | 1 Pbootcms | 1 Pbootcms | 2024-09-17 | N/A |
PbootCMS v0.9.8 allows PHP code injection via an IF label in index.php/About/6.html or admin.php/Site/index.html, related to the parserIfLabel function in \apps\home\controller\ParserController.php. | ||||
CVE-2010-2217 | 3 Adobe, Linux, Microsoft | 4 Flash Media Server, Flash Media Server 2, Linux Kernel and 1 more | 2024-09-17 | N/A |
Adobe Flash Media Server (FMS) before 3.0.6, and 3.5.x before 3.5.4, allows attackers to execute arbitrary code via unspecified vectors, related to a "JS method vulnerability." |