Total
3704 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-2802 | 1 Sixnet | 2 Rtu Firmware, Udr | 2024-09-16 | N/A |
| The universal protocol implementation in Sixnet UDR before 2.0 and RTU firmware before 4.8 allows remote attackers to execute arbitrary code; read, modify, or create files; or obtain file metadata via function opcodes. | ||||
| CVE-2010-3085 | 1 David Shadoff | 1 Mednafen | 2024-09-16 | N/A |
| The network-play implementation in Mednafen before 0.8.D might allow remote servers to execute arbitrary code via unspecified vectors, related to "stack manipulation" issues. | ||||
| CVE-2009-3817 | 2 Joomla, Ordasoft | 2 Joomla\!, Com Booklibrary | 2024-09-16 | N/A |
| PHP remote file inclusion vulnerability in doc/releasenote.php in the BookLibrary (com_booklibrary) component 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter, a different vector than CVE-2009-2637. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2010-4939 | 1 Scripts.bdr130 | 1 Mailform | 2024-09-16 | N/A |
| PHP remote file inclusion vulnerability in index.php in MailForm 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the theme parameter. | ||||
| CVE-2010-1279 | 1 Adobe | 1 Photoshop Cs4 | 2024-09-16 | N/A |
| Multiple unspecified vulnerabilities in Adobe Photoshop CS4 11.x before 11.0.1 allow user-assisted remote attackers to execute arbitrary code via a crafted TIFF file. | ||||
| CVE-2011-4257 | 1 Realnetworks | 1 Realplayer | 2024-09-16 | N/A |
| The Cook codec in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via crafted channel data. | ||||
| CVE-2013-5647 | 2 Adam Zaninovich, Ruby-lang | 2 Sounder, Ruby | 2024-09-16 | N/A |
| lib/sounder/sound.rb in the sounder gem 1.0.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a filename. | ||||
| CVE-2009-3518 | 1 Ibm | 1 Installation Manager | 2024-09-16 | N/A |
| Argument injection vulnerability in the iim: URI handler in IBMIM.exe in IBM Installation Manager 1.3.2 and earlier, as used in IBM Rational Robot and Rational Team Concert, allows remote attackers to load arbitrary DLL files via the -vm option, as demonstrated by a reference to a UNC share pathname. | ||||
| CVE-2012-0928 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2024-09-16 | N/A |
| The ATRAC codec in RealNetworks RealPlayer 11.x and 14.x through 14.0.7, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer 12.x before 12.0.0.1703 does not properly decode samples, which allows remote attackers to execute arbitrary code via a crafted ATRAC audio file. | ||||
| CVE-2010-2314 | 2 Edmondhui.homeip, Nucleus Group | 2 Np Twitter, Nucleus Cms | 2024-09-16 | N/A |
| PHP remote file inclusion vulnerability in nucleus/plugins/NP_Twitter.php in the NP_Twitter Plugin 0.8 and 0.9 for Nucleus, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the DIR_PLUGINS parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2010-2991 | 1 Citrix | 1 Online Plug-in For Windows For Xenapp \& Xendesktop | 2024-09-16 | N/A |
| The IICAClient interface in the ICAClient library in the ICA Client ActiveX Object (aka ICO) component in Citrix Online Plug-in for Windows for XenApp & XenDesktop before 12.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document that triggers the reading of a .ICA file. | ||||
| CVE-2010-5091 | 1 Silverstripe | 1 Silverstripe | 2024-09-16 | N/A |
| The setName function in filesystem/File.php in SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1 allows remote authenticated users with CMS author privileges to execute arbitrary PHP code by changing the extension of an uploaded file. | ||||
| CVE-2012-5973 | 1 Ca | 1 Xcom Data Transport | 2024-09-16 | N/A |
| CA XCOM Data Transport r11.0 and r11.5 on UNIX and Linux allows remote attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2022-24439 | 4 Debian, Fedoraproject, Gitpython Project and 1 more | 5 Debian Linux, Fedora, Gitpython and 2 more | 2024-09-16 | 8.1 High |
| All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments. | ||||
| CVE-2014-9521 | 1 Infinitewp | 1 Infinitewp | 2024-09-16 | N/A |
| Unrestricted file upload vulnerability in uploadScript.php in InfiniteWP Admin Panel before 2.4.4, when the allWPFiles query parameter is set, allows remote attackers to execute arbitrary code by uploading a file with a double extension, then accessing it via a direct request to the file in the uploads directory, as demonstrated by the .php.swp filename. | ||||
| CVE-2005-2837 | 1 Plainblack | 1 Webgui | 2024-09-16 | N/A |
| Multiple eval injection vulnerabilities in PlainBlack Software WebGUI before 6.7.3 allow remote attackers to execute arbitrary Perl code via (1) Help.pm, (2) International.pm, or (3) WebGUI.pm. | ||||
| CVE-2017-1000196 | 1 Octobercms | 1 October | 2024-09-16 | N/A |
| October CMS build 412 is vulnerable to PHP code execution in the asset manager functionality resulting in site compromise and possibly other applications on the server. | ||||
| CVE-2020-28502 | 1 Xmlhttprequest Project | 1 Xmlhttprequest | 2024-09-16 | 8.1 High |
| This affects the package xmlhttprequest before 1.7.0; all versions of package xmlhttprequest-ssl. Provided requests are sent synchronously (async=False on xhr.open), malicious user input flowing into xhr.send could result in arbitrary code being injected and run. | ||||
| CVE-2013-6366 | 1 Vmware | 1 Hyperic Hq | 2024-09-16 | N/A |
| The Groovy script console in VMware Hyperic HQ 4.6.6 allows remote authenticated administrators to execute arbitrary code via a Runtime.getRuntime().exec call. | ||||
| CVE-2011-2386 | 1 Visiwave | 1 Site Survey | 2024-09-16 | N/A |
| VisiWaveReport.exe in AZO Technologies, Inc. VisiWave Site Survey before 2.1.9 allows user-assisted remote attackers to execute arbitrary code via a (1) vws and (2) vwr file with an invalid Type property, which triggers an untrusted pointer dereference. | ||||