Total
4525 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-5242 | 1 Redhat | 1 Gluster Storage | 2025-04-12 | 6.0 MEDIUM | N/A |
| OpenStack Swift-on-File (aka Swiftonfile) does not properly restrict use of the pickle Python module when loading metadata, which allows remote authenticated users to execute arbitrary code via a crafted extended attribute (xattrs). | |||||
| CVE-2016-9862 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in phpMyAdmin. With a crafted login request it is possible to inject BBCode in the login page. All 4.6.x versions (prior to 4.6.5) are affected. | |||||
| CVE-2014-3915 | 1 Rocketsoftware | 1 Rocket Servergraph | 2025-04-12 | 10.0 HIGH | N/A |
| The userRequest servlet in the Admin Center for Tivoli Storage Manager in Rocket Servergraph allows remote attackers to execute arbitrary commands via a (1) auth, (2) auth_session, (3) auth_simple, (4) add, (5) add_flat, (6) remove, (7) set_pwd, (8) add_permissions, (9) revoke_permissions, (10) runAsync, or (11) tsmRequest command. | |||||
| CVE-2014-0602 | 1 Microfocus | 1 Security Manager | 2025-04-12 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the DumpToFile method in the NQMcsVarSet ActiveX control in NetIQ Security Manager through 6.5.4 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-3460. | |||||
| CVE-2014-7260 | 1 Ultrapop | 1 I-httpd | 2025-04-12 | 7.5 HIGH | N/A |
| The Server Side Includes (SSI) implementation in the File Upload BBS component in ULTRAPOP.JP i-HTTPD allows remote attackers to execute arbitrary commands by uploading files containing commands in SSI directives. | |||||
| CVE-2014-8997 | 1 Digitalvidhya | 1 Digi Online Examination System | 2025-04-12 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in the Photo functionality in DigitalVidhya Digi Online Examination System 2.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in assets/uploads/images/. | |||||
| CVE-2015-2171 | 1 Slimframework | 1 Slim | 2025-04-12 | 7.5 HIGH | N/A |
| Middleware/SessionCookie.php in Slim before 2.6.0 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted session data. | |||||
| CVE-2015-5646 | 1 Cybozu | 1 Garoon | 2025-04-12 | 8.5 HIGH | N/A |
| Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-863 and CyVDB-867. | |||||
| CVE-2014-2720 | 1 Izarc | 1 Izarc | 2025-04-12 | 6.8 MEDIUM | N/A |
| IZArc 4.1.8 displays a file's name on the basis of a ZIP archive's Central Directory entry, but launches this file on the basis of a ZIP archive's local file header, which allows user-assisted remote attackers to conduct file-extension spoofing attacks via a modified Central Directory, as demonstrated by unintended code execution prompted by a .jpg extension in the Central Directory and a .exe extension in the local file header. | |||||
| CVE-2014-2996 | 1 Xcloner | 1 Xcloner | 2025-04-12 | 7.1 HIGH | N/A |
| XCloner Standalone 3.5 and earlier, when enable_db_backup and sql_mem are enabled, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the dbbackup_comp parameter in a generate action to index2.php. NOTE: it is not clear whether this issue crosses privilege boundaries, since administrators might already have the privileges to execute code. NOTE: this can be leveraged by remote attackers using CVE-2014-2579. | |||||
| CVE-2014-1556 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-04-12 | 9.3 HIGH | N/A |
| Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to execute arbitrary code via crafted WebGL content constructed with the Cesium JavaScript library. | |||||
| CVE-2015-1597 | 1 Siemens | 1 Spcanywhere | 2025-04-12 | 6.8 MEDIUM | N/A |
| The Siemens SPCanywhere application for Android does not use encryption during the loading of code, which allows man-in-the-middle attackers to execute arbitrary code by modifying the client-server data stream. | |||||
| CVE-2013-6943 | 1 Citrix | 1 Netscaler Application Delivery Controller Firmware | 2025-04-12 | 5.0 MEDIUM | N/A |
| Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows remote attackers to conduct an LDAP injection attack via vectors related to SSH and Web management usernames. | |||||
| CVE-2014-3429 | 3 Ipython, Mageia, Opensuse | 3 Ipython Notebook, Mageia, Opensuse | 2025-04-12 | 6.8 MEDIUM | N/A |
| IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, which allows remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a crafted page. | |||||
| CVE-2013-5036 | 1 Squash | 1 Square Squash | 2025-04-12 | 7.5 HIGH | N/A |
| The Square Squash allows remote attackers to execute arbitrary code via a YAML document in the (1) namespace parameter to the deobfuscation function or (2) sourcemap parameter to the sourcemap function in app/controllers/api/v1_controller.rb. | |||||
| CVE-2014-3805 | 1 Alienvault | 1 Open Source Security Information Management | 2025-04-12 | 10.0 HIGH | N/A |
| The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) get_license, (2) get_log_line, or (3) update_system/upgrade_pro_web request, a different vulnerability than CVE-2014-3804. | |||||
| CVE-2014-1999 | 1 Fuelphp | 1 Fuelphp | 2025-04-12 | 7.5 HIGH | N/A |
| The auto-format feature in the Request_Curl class in FuelPHP 1.1 through 1.7.1 allows remote attackers to execute arbitrary code via a crafted response. | |||||
| CVE-2014-8081 | 1 Testlink | 1 Testlink | 2025-04-12 | 7.5 HIGH | N/A |
| lib/execute/execSetResults.php in TestLink before 1.9.13 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the filter_result_result parameter. | |||||
| CVE-2014-5194 | 1 Sphider | 1 Sphider | 2025-04-12 | 6.5 MEDIUM | N/A |
| Static code injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote authenticated users to inject arbitrary PHP code into settings/conf.php via the _word_upper_bound parameter. | |||||
| CVE-2013-0724 | 1 Wpshopstyling | 1 Wp-ecommerce-shop-styling | 2025-04-12 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/generate-pdf.php in the WP ecommerce Shop Styling plugin for WordPress before 1.8 allows remote attackers to execute arbitrary PHP code via a URL in the dompdf parameter. | |||||