Total
4525 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-9822 | 1 Dnnsoftware | 1 Dotnetnuke | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka "2017-08 (Critical) Possible remote code execution on DNN sites." | |||||
CVE-2016-7102 | 1 Owncloud | 1 Owncloud Desktop Client | 2025-04-20 | 4.6 MEDIUM | 8.4 HIGH |
ownCloud Desktop before 2.2.3 allows local users to execute arbitrary code and possibly gain privileges via a Trojan library in a "special path" in the C: drive. | |||||
CVE-2015-9227 | 1 Alegrocart | 1 Alegrocart | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
PHP remote file inclusion vulnerability in the get_file function in upload/admin2/controller/report_logs.php in AlegroCart 1.2.8 allows remote administrators to execute arbitrary PHP code via a URL in the file_path parameter to upload/admin2. | |||||
CVE-2015-8351 | 1 Gwolle Guestbook Project | 1 Gwolle Guestbook | 2025-04-20 | 6.8 MEDIUM | 9.0 CRITICAL |
PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.5.4 for WordPress, when allow_url_include is enabled, allows remote authenticated users to execute arbitrary PHP code via a URL in the abspath parameter to frontend/captcha/ajaxresponse.php. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences regardless of whether allow_url_include is enabled. | |||||
CVE-2014-3582 | 1 Apache | 1 Ambari | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
In Ambari 1.2.0 through 2.2.2, it may be possible to execute arbitrary system commands on the Ambari Server host while generating SSL certificates for hosts in an Ambari cluster. | |||||
CVE-2017-16682 | 1 Sap | 2 Business Application Software Integrated Solution, Netweaver Internet Transaction Server | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application. | |||||
CVE-2011-0469 | 1 Suse | 1 Opensuse | 2025-04-20 | 9.0 HIGH | 9.8 CRITICAL |
Code injection in openSUSE when running some source services used in the open build service 2.1 before March 11 2011. | |||||
CVE-2017-14764 | 1 Genixcms | 1 Genixcms | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
In the Upload Modules page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a module. | |||||
CVE-2017-7570 | 1 Pivotx | 1 Pivotx | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
PivotX 2.3.11 allows remote authenticated Advanced users to execute arbitrary PHP code by performing an upload with a safe file extension (such as .jpg) and then invoking the duplicate function to change to the .php extension. | |||||
CVE-2016-5726 | 1 Simplemachines | 1 Simple Machines Forum | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the themechanges array parameter. | |||||
CVE-2017-11585 | 1 Finecms | 1 Finecms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
dayrui FineCms 5.0.9 has remote PHP code execution via the param parameter in an action=cache request to libraries/Template.php, aka Eval Injection. | |||||
CVE-2017-14146 | 1 Helpdezk | 1 Helpdezk | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
HelpDEZk 1.1.1 allows remote authenticated users to execute arbitrary PHP code by uploading a .php attachment and then requesting it in the helpdezk\app\uploads\helpdezk\attachments\ directory. | |||||
CVE-2016-10157 | 1 Akamai | 1 Netsession | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
Akamai NetSession 1.9.3.1 is vulnerable to DLL Hijacking: it tries to load CSUNSAPI.dll without supplying the complete path. The issue is aggravated because the mentioned DLL is missing from the installation, thus making it possible to hijack the DLL and subsequently inject code within the Akamai NetSession process space. | |||||
CVE-2017-15806 | 1 Zetacomponents | 1 Mail | 2025-04-20 | 6.8 MEDIUM | 8.1 HIGH |
The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow remote attackers to execute arbitrary code via a crafted email address, as demonstrated by one containing "-X/path/to/wwwroot/file.php." | |||||
CVE-2017-1336 | 1 Ibm | 1 Infosphere Biginsights | 2025-04-20 | 3.6 LOW | 4.4 MEDIUM |
IBM Infosphere BigInsights 4.2.0 could allow an attacker to inject code that could allow access to restricted data and files. IBM X-Force ID: 126244. | |||||
CVE-2014-9463 | 2 Vbseo, Vbulletin | 2 Vbseo, Vbulletin | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
functions_vbseo_hook.php in the VBSEO module for vBulletin allows remote authenticated users to execute arbitrary code via the HTTP Referer header to visitormessage.php. | |||||
CVE-2015-0855 | 1 Pitivi | 1 Pitivi | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
The _mediaLibraryPlayCb function in mainwindow.py in pitivi before 0.95 allows attackers to execute arbitrary code via shell metacharacters in a file path. | |||||
CVE-2017-11459 | 1 Sap | 1 Trex | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
SAP TREX 7.10 allows remote attackers to (1) read arbitrary files via an fget command or (2) write to arbitrary files and consequently execute arbitrary code via an fdir command, aka SAP Security Note 2419592. | |||||
CVE-2017-11760 | 1 Projeqtor | 1 Projeqtor | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
uploadImage.php in ProjeQtOr before 6.3.2 allows remote authenticated users to execute arbitrary PHP code by uploading a .php file composed of concatenated image data and script data, as demonstrated by uploading as an image within the description text area. | |||||
CVE-2017-1469 | 1 Ibm | 1 Infosphere Information Server | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a local user to gain elevated privileges by placing arbitrary files in installation directories. IBM X-Force ID: 128468. |