Total
4196 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-5701 | 2 Opensuse, Phpmyadmin | 3 Leap, Opensuse, Phpmyadmin | 2025-04-12 | N/A |
| setup/frames/index.inc.php in phpMyAdmin 4.0.10.x before 4.0.10.16, 4.4.15.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to conduct BBCode injection attacks against HTTP sessions via a crafted URI. | ||||
| CVE-2015-2704 | 2 Realmd Project, Redhat | 2 Realmd, Enterprise Linux | 2025-04-12 | N/A |
| realmd allows remote attackers to inject arbitrary configurations in to sssd.conf and smb.conf via a newline character in an LDAP response. | ||||
| CVE-2013-6501 | 2 Php, Suse | 2 Php, Linux Enterprise Server | 2025-04-12 | N/A |
| The default soap.wsdl_cache_dir setting in (1) php.ini-production and (2) php.ini-development in PHP through 5.6.7 specifies the /tmp directory, which makes it easier for local users to conduct WSDL injection attacks by creating a file under /tmp with a predictable filename that is used by the get_sdl function in ext/soap/php_sdl.c. | ||||
| CVE-2015-1169 | 1 Apereo | 1 Central Authentication Service | 2025-04-12 | N/A |
| Apereo Central Authentication Service (CAS) Server before 3.5.3 allows remote attackers to conduct LDAP injection attacks via a crafted username, as demonstrated by using a wildcard and a valid password to bypass LDAP authentication. | ||||
| CVE-2014-7287 | 1 Symantec | 2 Encryption Management Server, Pgp Universal Server | 2025-04-12 | N/A |
| The key-management component in Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allows remote attackers to trigger unintended content in outbound e-mail messages via a crafted key UID value in an inbound e-mail message, as demonstrated by the outbound Subject header. | ||||
| CVE-2015-5841 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2025-04-12 | N/A |
| The CFNetwork Proxies component in Apple iOS before 9 does not properly handle a Set-Cookie header within a response to an HTTP CONNECT request, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response. | ||||
| CVE-2015-7466 | 1 Ibm | 1 Jazz Reporting Service | 2025-04-12 | N/A |
| Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service (JRS) 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass intended query restrictions or modify the LDAP directory, via unspecified vectors. | ||||
| CVE-2016-5685 | 1 Dell | 4 Idrac7, Idrac7 Firmware, Idrac8 and 1 more | 2025-04-12 | N/A |
| Dell iDRAC7 and iDRAC8 devices with firmware before 2.40.40.40 allow authenticated users to gain Bash shell access through a string injection. | ||||
| CVE-2014-8910 | 1 Ibm | 1 Db2 | 2025-04-12 | N/A |
| IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to read arbitrary text files via a crafted XML/XSLT function in a SELECT statement. | ||||
| CVE-2014-8423 | 1 Arris | 1 Vap2500 Firmware | 2025-04-12 | N/A |
| Unspecified vulnerability in the management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to execute arbitrary commands via unknown vectors. | ||||
| CVE-2015-0169 | 1 Ibm | 1 Security Siteprotector System | 2025-04-12 | N/A |
| IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to inject arguments via unspecified vectors. | ||||
| CVE-2013-6435 | 3 Debian, Redhat, Rpm | 5 Debian Linux, Enterprise Linux, Rhel Eus and 2 more | 2025-04-12 | N/A |
| Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory. | ||||
| CVE-2015-1592 | 2 Debian, Sixapart | 2 Debian Linux, Movable Type | 2025-04-12 | N/A |
| Movable Type Pro, Open Source, and Advanced before 5.2.12 and Pro and Advanced 6.0.x before 6.0.7 does not properly use the Perl Storable::thaw function, which allows remote attackers to include and execute arbitrary local Perl files and possibly execute arbitrary code via unspecified vectors. | ||||
| CVE-2015-0931 | 1 Ektron | 1 Ektron Content Management System | 2025-04-12 | N/A |
| Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1, when the Saxon XSLT parser is used, allows remote attackers to execute arbitrary code via a crafted XSLT document, related to a "resource injection" issue. | ||||
| CVE-2016-2204 | 1 Symantec | 1 Messaging Gateway | 2025-04-12 | N/A |
| The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to obtain root-shell access via crafted terminal-window input. | ||||
| CVE-2015-8800 | 1 Broadcom | 5 Symantec Critical System Protection, Symantec Data Center Security Server, Symantec Data Center Security Server And Agents and 2 more | 2025-04-12 | 7.3 High |
| Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allow remote authenticated users to conduct argument-injection attacks by leveraging certain named-pipe access. | ||||
| CVE-2016-9832 | 1 Pwc | 1 Ace-advanced Business Application Programming | 2025-04-12 | N/A |
| PricewaterhouseCoopers (PwC) ACE-ABAP 8.10.304 for SAP Security allows remote authenticated users to conduct ABAP injection attacks and execute arbitrary code via (1) SAPGUI or (2) Internet Communication Framework (ICF) over HTTP or HTTPS, as demonstrated by WEBGUI or Report. | ||||
| CVE-2015-3013 | 1 Owncloud | 1 Owncloud Server | 2025-04-12 | N/A |
| ownCloud Server before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allows remote authenticated users to bypass the file blacklist and upload arbitrary files via a file path with UTF-8 encoding, as demonstrated by uploading a .htaccess file. | ||||
| CVE-2016-7125 | 2 Php, Redhat | 2 Php, Rhel Software Collections | 2025-04-12 | N/A |
| ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session data by leveraging control of a session name, as demonstrated by object injection. | ||||
| CVE-2015-1762 | 1 Microsoft | 1 Sql Server | 2025-04-12 | N/A |
| Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014, when transactional replication is configured, does not prevent use of uninitialized memory in unspecified function calls, which allows remote authenticated users to execute arbitrary code by leveraging certain permissions and making a crafted query, as demonstrated by the VIEW SERVER STATE permission, aka "SQL Server Remote Code Execution Vulnerability." | ||||