Total
5367 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-2101 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2025-04-11 | 9.3 HIGH | N/A |
| Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X do not properly restrict script, which allows attackers to execute arbitrary code via a crafted document, related to a "cross document script execution vulnerability." | |||||
| CVE-2011-0092 | 1 Microsoft | 1 Visio | 2025-04-11 | 9.3 HIGH | N/A |
| The LZW stream decompression functionality in ORMELEMS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 allows remote attackers to execute arbitrary code via a Visio file with a malformed VisioDocument stream that triggers an exception handler that accesses an object that has not been fully initialized, which triggers memory corruption, aka "Visio Object Memory Corruption Vulnerability." | |||||
| CVE-2013-2582 | 1 Open-xchange | 2 Open-xchange Appsuite, Open-xchange Server | 2025-04-11 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in the redirect servlet in Open-Xchange AppSuite and Server before 6.22.0 rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allows remote attackers to inject arbitrary HTTP headers and conduct open redirect attacks by leveraging improper sanitization of whitespace characters. | |||||
| CVE-2010-0823 | 1 Microsoft | 5 Excel, Office, Office Compatibility Pack and 2 more | 2025-04-11 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2; Office 2004 for mac; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-1247 and CVE-2010-1249. | |||||
| CVE-2010-0811 | 1 Microsoft | 5 Windows 2003 Server, Windows 7, Windows Server 2008 and 2 more | 2025-04-11 | 9.3 HIGH | N/A |
| Multiple unspecified vulnerabilities in the Microsoft Internet Explorer 8 Developer Tools ActiveX control in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via unknown vectors that "corrupt the system state," aka "Microsoft Internet Explorer 8 Developer Tools Vulnerability." | |||||
| CVE-2013-3651 | 1 Lockon | 1 Ec-cube | 2025-04-11 | 7.5 HIGH | N/A |
| LOCKON EC-CUBE 2.11.2 through 2.12.4 allows remote attackers to conduct unspecified PHP code-injection attacks via a crafted string, related to data/class/SC_CheckError.php and data/class/SC_FormParam.php. | |||||
| CVE-2012-6535 | 1 Djvulibre Project | 1 Djvulibre | 2025-04-11 | 9.3 HIGH | N/A |
| DjVuLibre before 3.5.25.3, as used in Evince, Sumatra PDF Reader, VuDroid, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted DjVu (aka .djv) file. | |||||
| CVE-2010-3955 | 1 Microsoft | 1 Publisher | 2025-04-11 | 9.3 HIGH | N/A |
| pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 does not properly perform array indexing, which allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Array Indexing Memory Corruption Vulnerability." | |||||
| CVE-2010-1245 | 1 Microsoft | 3 Excel, Office, Open Xml File Format Converter | 2025-04-11 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed SxView (0xB0) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0824 and CVE-2010-0821. | |||||
| CVE-2013-1875 | 1 Rubygems | 1 Command Wrap | 2025-04-11 | 7.5 HIGH | N/A |
| command_wrap.rb in the command_wrap Gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL or filename. | |||||
| CVE-2010-0046 | 1 Apple | 1 Safari | 2025-04-11 | 9.3 HIGH | N/A |
| The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted format arguments. | |||||
| CVE-2012-0925 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2025-04-11 | 9.3 HIGH | N/A |
| Unspecified vulnerability in the RV40 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted RV40 RealVideo video stream. | |||||
| CVE-2009-4623 | 1 Plohni | 1 Advanced Comment System | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Advanced Comment System 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the ACS_path parameter to (1) index.php and (2) admin.php in advanced_comment_system/. NOTE: this might only be a vulnerability when the administrator has not followed installation instructions in install.php. NOTE: this might be the same as CVE-2020-35598. | |||||
| CVE-2012-2224 | 1 Xunlei | 1 Thunder | 2025-04-11 | 7.5 HIGH | N/A |
| Xunlei Thunder before 7.2.6 allows remote attackers to execute arbitrary code via a crafted file, related to a "DLL injection vulnerability." | |||||
| CVE-2010-1880 | 1 Microsoft | 6 Directx, Windows 2000, Windows 2003 Server and 3 more | 2025-04-11 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "MJPEG Media Decompression Vulnerability." | |||||
| CVE-2010-2208 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2025-04-11 | 9.3 HIGH | N/A |
| Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, dereference a heap object after this object's deletion, which allows attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2010-2132 | 1 Danny Ho | 1 Oes | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Open Education System (OES) 0.1 beta allow remote attackers to execute arbitrary PHP code via a URL in the CONF_INCLUDE_PATH parameter to (1) forum/admin.php and (2) plotgraph/index.php in admin/modules/modules/, and (3) admin_user/mod_admuser.php and (4) ogroup/mod_group.php in admin/modules/user_account/, different vectors than CVE-2007-1446. | |||||
| CVE-2012-2924 | 1 Hypermethod | 1 Elearning Server | 2025-04-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin/setup.inc.php in Hypermethod eLearning Server 4G allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | |||||
| CVE-2012-0170 | 1 Microsoft | 1 Internet Explorer | 2025-04-11 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnReadyStateChange Remote Code Execution Vulnerability." | |||||
| CVE-2011-3412 | 1 Microsoft | 1 Publisher | 2025-04-11 | 9.3 HIGH | N/A |
| Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect memory handling, aka "Publisher Memory Corruption Vulnerability." | |||||