Total
5967 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-7411 | 1 Enalean | 1 Tuleap | 2025-04-20 | N/A |
| An issue was discovered in Enalean Tuleap 9.6 and prior versions. The vulnerability exists because the User::getRecentElements() method is using the unserialize() function with a preference value that can be arbitrarily manipulated by malicious users through the REST API interface, and this can be exploited to inject arbitrary PHP objects into the application scope, allowing an attacker to perform a variety of attacks (including but not limited to Remote Code Execution). | ||||
| CVE-2017-13676 | 1 Norton | 1 Remove \& Reinstall | 2025-04-20 | N/A |
| Norton Remove & Reinstall can be susceptible to a DLL preloading vulnerability. These types of issues occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application. A Norton Remove & Reinstall update, version 4.4.0.58, has been released which addresses the aforementioned vulnerability. | ||||
| CVE-2017-10968 | 1 Finecms Project | 1 Finecms | 2025-04-20 | N/A |
| In FineCMS through 2017-07-07, application\core\controller\template.php allows remote PHP code execution by placing the code after "<?php" in a route=template request. | ||||
| CVE-2017-8912 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-04-20 | 7.2 High |
| CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to admin/editusertag.php, related to the CreateTagFunction and CallUserTag functions. NOTE: the vendor reportedly has stated this is "a feature, not a bug. | ||||
| CVE-2017-14764 | 1 Genixcms | 1 Genixcms | 2025-04-20 | N/A |
| In the Upload Modules page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a module. | ||||
| CVE-2017-16664 | 2 Debian, Otrs | 2 Debian Linux, Otrs | 2025-04-20 | N/A |
| Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System (OTRS) 5 before 5.0.24, 4 before 4.0.26, and 3.3 before 3.3.20. In the agent interface, an authenticated remote attacker can execute shell commands as the webserver user via URL manipulation. | ||||
| CVE-2017-3897 | 1 Mcafee | 2 Livesafe, Security Scan Plus | 2025-04-20 | N/A |
| A Code Injection vulnerability in the non-certificate-based authentication mechanism in McAfee Live Safe versions prior to 16.0.3 and McAfee Security Scan Plus (MSS+) versions prior to 3.11.599.3 allows network attackers to perform a malicious file execution via a HTTP backend-response. | ||||
| CVE-2015-3638 | 1 Phpmybackuppro | 1 Phpmybackuppro | 2025-04-20 | N/A |
| phpMyBackupPro before 2.5 does not validate integer input, which allows remote authenticated users to execute arbitrary PHP code by injecting scripts via the path, filename, and period parameters to scheduled.php, and making requests to injected scripts, or by injecting PHP into a PHP configuration variable via a PHP variable variable. | ||||
| CVE-2016-2242 | 1 Exponentcms | 1 Exponent Cms | 2025-04-20 | N/A |
| Exponent CMS 2.x before 2.3.7 Patch 3 allows remote attackers to execute arbitrary code via the sc parameter to install/index.php. | ||||
| CVE-2011-0469 | 1 Suse | 1 Opensuse | 2025-04-20 | N/A |
| Code injection in openSUSE when running some source services used in the open build service 2.1 before March 11 2011. | ||||
| CVE-2014-3582 | 1 Apache | 1 Ambari | 2025-04-20 | N/A |
| In Ambari 1.2.0 through 2.2.2, it may be possible to execute arbitrary system commands on the Ambari Server host while generating SSL certificates for hosts in an Ambari cluster. | ||||
| CVE-2015-0249 | 1 Apache | 1 Roller | 2025-04-20 | N/A |
| The weblog page template in Apache Roller 5.1 through 5.1.1 allows remote authenticated users with admin privileges for a weblog to execute arbitrary Java code via crafted Velocity Text Language (aka VTL). | ||||
| CVE-2017-9807 | 1 Openwebif Project | 1 Openwebif | 2025-04-20 | N/A |
| An issue was discovered in the OpenWebif plugin through 1.2.4 for E2 open devices. The saveConfig function of "plugin/controllers/models/config.py" performs an eval() call on the contents of the "key" HTTP GET parameter. This allows an unauthenticated remote attacker to execute arbitrary Python code or OS commands via api/saveconfig. | ||||
| CVE-2017-9771 | 1 Websitebaker | 1 Websitebaker | 2025-04-20 | N/A |
| install\save.php in WebsiteBaker v2.10.0 allows remote attackers to execute arbitrary PHP code via the database_username, database_host, or database_password parameter. | ||||
| CVE-2017-9774 | 1 Horde | 1 Horde Image Api | 2025-04-20 | N/A |
| Remote Code Execution was found in Horde_Image 2.x before 2.5.0 via a crafted GET request. Exploitation requires authentication. | ||||
| CVE-2017-8402 | 1 Pivotx | 1 Pivotx | 2025-04-20 | N/A |
| PivotX 2.3.11 allows remote authenticated users to execute arbitrary PHP code via vectors involving an upload of a .htaccess file. | ||||
| CVE-2017-7911 | 1 Cybervision | 1 Kaa Iot Platform | 2025-04-20 | N/A |
| A Code Injection issue was discovered in CyberVision Kaa IoT Platform, Version 0.7.4. An insufficient-encapsulation vulnerability has been identified, which may allow remote code execution. | ||||
| CVE-2017-7694 | 1 Getsymphony | 1 Symphony | 2025-04-20 | N/A |
| Remote Code Execution vulnerability in symphony/content/content.blueprintsdatasources.php in Symphony CMS through 2.6.11 allows remote attackers to execute code and get a webshell from the back-end. The attacker must be authenticated and enter PHP code in the datasource editor or event editor. | ||||
| CVE-2017-7691 | 1 Sap | 1 Trex | 2025-04-20 | N/A |
| A code injection vulnerability exists in SAP TREX / Business Warehouse Accelerator (BWA). The vendor response is SAP Security Note 2419592. | ||||
| CVE-2017-7321 | 1 Modx | 1 Modx Revolution | 2025-04-20 | 9.8 Critical |
| setup/controllers/welcome.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the config_key parameter to the setup/index.php?action=welcome URI. | ||||