Total
4640 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-5543 | 1 Intelliants | 1 Subrion | 2025-04-20 | N/A |
| includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote attackers to conduct PHP Object Injection attacks via crafted serialized data in a salt cookie in a login request. | ||||
| CVE-2017-3753 | 1 Lenovo | 219 63, 63 Firmware, H50-30g and 216 more | 2025-04-20 | N/A |
| A vulnerability has been identified in some Lenovo products that use UEFI (BIOS) code developed by American Megatrends, Inc. (AMI). With this vulnerability, conditions exist where an attacker with administrative privileges or physical access to a system may be able to run specially crafted code that can allow them to bypass system protections such as Device Guard and Hyper-V. | ||||
| CVE-2017-4964 | 1 Cloudfoundry | 1 Bosh Azure Cpi | 2025-04-20 | 8.8 High |
| Cloud Foundry Foundation BOSH Azure CPI v22 could potentially allow a maliciously crafted stemcell to execute arbitrary code on VMs created by the director, aka a "CPI code injection vulnerability." | ||||
| CVE-2017-3897 | 1 Mcafee | 2 Livesafe, Security Scan Plus | 2025-04-20 | N/A |
| A Code Injection vulnerability in the non-certificate-based authentication mechanism in McAfee Live Safe versions prior to 16.0.3 and McAfee Security Scan Plus (MSS+) versions prior to 3.11.599.3 allows network attackers to perform a malicious file execution via a HTTP backend-response. | ||||
| CVE-2017-2968 | 1 Adobe | 1 Campaign | 2025-04-20 | N/A |
| Adobe Campaign versions 16.4 Build 8724 and earlier have a code injection vulnerability. | ||||
| CVE-2017-2809 | 1 Ansible-vault Project | 1 Ansible-vault | 2025-04-20 | N/A |
| An exploitable vulnerability exists in the yaml loading functionality of ansible-vault before 1.0.5. A specially crafted vault can execute arbitrary python commands resulting in command execution. An attacker can insert python into the vault to trigger this vulnerability. | ||||
| CVE-2017-17649 | 1 Readymade Video Sharing Script Project | 1 Readymade Video Sharing Script | 2025-04-20 | N/A |
| Readymade Video Sharing Script 3.2 has HTML Injection via the single-video-detail.php comment parameter. | ||||
| CVE-2017-16664 | 2 Debian, Otrs | 2 Debian Linux, Otrs | 2025-04-20 | N/A |
| Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System (OTRS) 5 before 5.0.24, 4 before 4.0.26, and 3.3 before 3.3.20. In the agent interface, an authenticated remote attacker can execute shell commands as the webserver user via URL manipulation. | ||||
| CVE-2017-16682 | 1 Sap | 2 Business Application Software Integrated Solution, Netweaver Internet Transaction Server | 2025-04-20 | N/A |
| SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application. | ||||
| CVE-2017-16783 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-04-20 | 9.8 Critical |
| In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate parameter. | ||||
| CVE-2017-16871 | 1 Updraftplus | 1 Updraftplus | 2025-04-20 | N/A |
| The UpdraftPlus plugin through 1.13.12 for WordPress allows remote PHP code execution because the plupload_action function in /wp-content/plugins/updraftplus/admin.php has a race condition before deleting a file associated with the name parameter. NOTE: the vendor reports that this does not cross a privilege boundary | ||||
| CVE-2017-15806 | 1 Zetacomponents | 1 Mail | 2025-04-20 | N/A |
| The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow remote attackers to execute arbitrary code via a crafted email address, as demonstrated by one containing "-X/path/to/wwwroot/file.php." | ||||
| CVE-2017-15376 | 1 Mobatek | 1 Mobaxterm | 2025-04-20 | 9.8 Critical |
| The TELNET service in Mobatek MobaXterm 10.4 does not require authentication, which allows remote attackers to execute arbitrary commands via TCP port 23. | ||||
| CVE-2017-14764 | 1 Genixcms | 1 Genixcms | 2025-04-20 | N/A |
| In the Upload Modules page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a module. | ||||
| CVE-2017-14353 | 1 Hp | 1 Ucmdb Foundation Software | 2025-04-20 | N/A |
| A remote code execution vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33, could be remotely exploited to allow code execution. | ||||
| CVE-2017-1469 | 1 Ibm | 1 Infosphere Information Server | 2025-04-20 | N/A |
| IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a local user to gain elevated privileges by placing arbitrary files in installation directories. IBM X-Force ID: 128468. | ||||
| CVE-2017-14077 | 1 Phpcaptcha | 1 Securimage | 2025-04-20 | N/A |
| HTML Injection in Securimage 3.6.4 and earlier allows remote attackers to inject arbitrary HTML into an e-mail message body via the $_SERVER['HTTP_USER_AGENT'] parameter to example_form.ajax.php or example_form.php. | ||||
| CVE-2017-14146 | 1 Helpdezk | 1 Helpdezk | 2025-04-20 | N/A |
| HelpDEZk 1.1.1 allows remote authenticated users to execute arbitrary PHP code by uploading a .php attachment and then requesting it in the helpdezk\app\uploads\helpdezk\attachments\ directory. | ||||
| CVE-2017-14198 | 1 Squiz | 1 Matrix | 2025-04-20 | N/A |
| An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. Authenticated users with permissions to edit design assets can cause Remote Code Execution (RCE) via a maliciously crafted time_format tag. | ||||
| CVE-2017-11715 | 1 Metinfo Project | 1 Metinfo | 2025-04-20 | N/A |
| job/uploadfile_save.php in MetInfo through 5.3.17 blocks the .php extension but not related extensions, which might allow remote authenticated admins to execute arbitrary PHP code by uploading a .phtml file after certain actions involving admin/system/safe.php and job/cv.php. | ||||