Total
5969 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-5242 | 1 Redhat | 2 Gluster Storage, Storage | 2025-04-12 | N/A |
| OpenStack Swift-on-File (aka Swiftonfile) does not properly restrict use of the pickle Python module when loading metadata, which allows remote authenticated users to execute arbitrary code via a crafted extended attribute (xattrs). | ||||
| CVE-2015-3446 | 1 Alienvault | 1 Unified Security Management | 2025-04-12 | N/A |
| The Framework Daemon in AlienVault Unified Security Management before 4.15 allows remote attackers to execute arbitrary Python code via a crafted plugin configuration file (.cfg). | ||||
| CVE-2014-0111 | 1 Apache | 1 Syncope | 2025-04-12 | N/A |
| Apache Syncope 1.0.0 before 1.0.9 and 1.1.0 before 1.1.7 allows remote administrators to execute arbitrary Java code via vectors related to Apache Commons JEXL expressions, "derived schema definition," "user / role templates," and "account links of resource mappings." | ||||
| CVE-2014-8997 | 1 Digitalvidhya | 1 Digi Online Examination System | 2025-04-12 | N/A |
| Unrestricted file upload vulnerability in the Photo functionality in DigitalVidhya Digi Online Examination System 2.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in assets/uploads/images/. | ||||
| CVE-2014-8081 | 1 Testlink | 1 Testlink | 2025-04-12 | N/A |
| lib/execute/execSetResults.php in TestLink before 1.9.13 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the filter_result_result parameter. | ||||
| CVE-2015-1698 | 1 Microsoft | 8 Windows 7, Windows 8, Windows 8.1 and 5 more | 2025-04-12 | N/A |
| Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1675, CVE-2015-1695, CVE-2015-1696, CVE-2015-1697, and CVE-2015-1699. | ||||
| CVE-2015-1501 | 1 Solarwinds | 1 Server And Application Monitor | 2025-04-12 | N/A |
| The factory.loadExtensionFactory function in TSUnicodeGraphEditorControl in SolarWinds Server and Application Monitor (SAM) allow remote attackers to execute arbitrary code via a UNC path to a crafted binary. | ||||
| CVE-2014-4663 | 1 Binarymoon | 2 Timthumb, Wordthumb | 2025-04-12 | N/A |
| TimThumb 2.8.13 and WordThumb 1.07, when Webshot (aka Webshots) is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the src parameter. | ||||
| CVE-2015-1497 | 1 Persistent Systems | 1 Radia Client Automation | 2025-04-12 | N/A |
| radexecd.exe in Persistent Systems Radia Client Automation (RCA) 7.9, 8.1, 9.0, and 9.1 allows remote attackers to execute arbitrary commands via a crafted request to TCP port 3465. | ||||
| CVE-2015-1311 | 1 Sap | 1 Hana Extended Application Services | 2025-04-12 | N/A |
| The Extended Application Services (XS) in SAP HANA allows remote attackers to inject arbitrary ABAP code via unspecified vectors, aka SAP Note 2098906. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2015-0845 | 1 Sixapart | 1 Movabletype | 2025-04-12 | N/A |
| Format string vulnerability in Movable Type Pro, Open Source, and Advanced before 5.2.13 and Pro and Advanced 6.0.x before 6.0.8 allows remote attackers to execute arbitrary code via vectors related to localization of templates. | ||||
| CVE-2012-5580 | 1 Libproxy Project | 1 Libproxy | 2025-04-12 | N/A |
| Format string vulnerability in the print_proxies function in bin/proxy.c in libproxy 0.3.1 might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a proxy name, as demonstrated using the http_proxy environment variable or a PAC file. | ||||
| CVE-2015-1645 | 1 Microsoft | 4 Windows 7, Windows Server 2003, Windows Server 2008 and 1 more | 2025-04-12 | N/A |
| Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow remote attackers to execute arbitrary code via a crafted Enhanced Metafile (EMF) image, aka "EMF Processing Remote Code Execution Vulnerability." | ||||
| CVE-2014-9567 | 1 Projectsend | 1 Projectsend | 2025-04-12 | N/A |
| Unrestricted file upload vulnerability in process-upload.php in ProjectSend (formerly cFTP) r100 through r561 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in the upload/files/ or upload/temp/ directory. | ||||
| CVE-2014-9280 | 1 Mantisbt | 1 Mantisbt | 2025-04-12 | N/A |
| The current_user_get_bug_filter function in core/current_user_api.php in MantisBT before 1.2.18 allows remote attackers to execute arbitrary PHP code via the filter parameter. | ||||
| CVE-2014-9185 | 1 Morfy Cms Project | 1 Morfy Cms | 2025-04-12 | N/A |
| Static code injection vulnerability in install.php in Morfy CMS 1.05 allows remote authenticated users to inject arbitrary PHP code into config.php via the site_url parameter. | ||||
| CVE-2014-9001 | 1 Incrediblepbx | 1 Incredible Pbx 11 | 2025-04-12 | N/A |
| reminders/index.php in Incredible PBX 11 2.0.6.5.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) APPTMIN, (2) APPTHR, (3) APPTDA, (4) APPTMO, (5) APPTYR, or (6) APPTPHONE parameters. | ||||
| CVE-2014-8998 | 1 X7chat | 1 X7 Chat | 2025-04-12 | N/A |
| lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote authenticated users to execute arbitrary PHP code via a crafted HTTP header to index.php, which is processed by the preg_replace function with the eval switch. | ||||
| CVE-2014-8877 | 1 Creative Minds | 1 Cm Download Manager | 2025-04-12 | N/A |
| The alterSearchQuery function in lib/controllers/CmdownloadController.php in the CreativeMinds CM Downloads Manager plugin before 2.0.4 for WordPress allows remote attackers to execute arbitrary PHP code via the CMDsearch parameter to cmdownloads/, which is processed by the PHP create_function function. | ||||
| CVE-2013-4537 | 1 Qemu | 1 Qemu | 2025-04-12 | N/A |
| The ssi_sd_transfer function in hw/sd/ssi-sd.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted arglen value in a savevm image. | ||||