Total
4927 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-2809 | 1 Ansible-vault Project | 1 Ansible-vault | 2025-04-20 | N/A |
| An exploitable vulnerability exists in the yaml loading functionality of ansible-vault before 1.0.5. A specially crafted vault can execute arbitrary python commands resulting in command execution. An attacker can insert python into the vault to trigger this vulnerability. | ||||
| CVE-2017-1440 | 1 Ibm | 1 Emptoris Services Procurement | 2025-04-20 | N/A |
| IBM Emptoris Services Procurement 10.0.0.5 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL to specify a malicious file from a remote system, which could allow the attacker to execute arbitrary code on the vulnerable Web server. IBM X-Force ID: 128105. | ||||
| CVE-2017-14198 | 1 Squiz | 1 Matrix | 2025-04-20 | N/A |
| An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. Authenticated users with permissions to edit design assets can cause Remote Code Execution (RCE) via a maliciously crafted time_format tag. | ||||
| CVE-2017-6325 | 1 Symantec | 1 Messaging Gateway | 2025-04-20 | N/A |
| The Symantec Messaging Gateway can encounter a file inclusion vulnerability, which is a type of vulnerability that is most commonly found to affect web applications that rely on a scripting run time. This issue is caused when an application builds a path to executable code using an attacker-controlled variable in a way that allows the attacker to control which file is executed at run time. This file inclusion vulnerability subverts how an application loads code for execution. Successful exploitation of a file inclusion vulnerability will result in remote code execution on the web server that runs the affected web application. | ||||
| CVE-2017-7411 | 1 Enalean | 1 Tuleap | 2025-04-20 | N/A |
| An issue was discovered in Enalean Tuleap 9.6 and prior versions. The vulnerability exists because the User::getRecentElements() method is using the unserialize() function with a preference value that can be arbitrarily manipulated by malicious users through the REST API interface, and this can be exploited to inject arbitrary PHP objects into the application scope, allowing an attacker to perform a variety of attacks (including but not limited to Remote Code Execution). | ||||
| CVE-2017-7494 | 3 Debian, Redhat, Samba | 9 Debian Linux, Enterprise Linux, Rhel Aus and 6 more | 2025-04-20 | 9.8 Critical |
| Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it. | ||||
| CVE-2017-11421 | 1 Gnome-exe-thumbnailer Project | 1 Gnome-exe-thumbnailer | 2025-04-20 | N/A |
| gnome-exe-thumbnailer before 0.9.5 is prone to a VBScript Injection when generating thumbnails for MSI files, aka the "Bad Taste" issue. There is a local attack if the victim uses the GNOME Files file manager, and navigates to a directory containing a .msi file with VBScript code in its filename. | ||||
| CVE-2017-13676 | 1 Norton | 1 Remove \& Reinstall | 2025-04-20 | N/A |
| Norton Remove & Reinstall can be susceptible to a DLL preloading vulnerability. These types of issues occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application. A Norton Remove & Reinstall update, version 4.4.0.58, has been released which addresses the aforementioned vulnerability. | ||||
| CVE-2017-14077 | 1 Phpcaptcha | 1 Securimage | 2025-04-20 | N/A |
| HTML Injection in Securimage 3.6.4 and earlier allows remote attackers to inject arbitrary HTML into an e-mail message body via the $_SERVER['HTTP_USER_AGENT'] parameter to example_form.ajax.php or example_form.php. | ||||
| CVE-2017-9841 | 2 Oracle, Phpunit Project | 2 Communications Diameter Signaling Router, Phpunit | 2025-04-20 | 9.8 Critical |
| Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI. | ||||
| CVE-2014-8872 | 1 Avm | 4 Fritz\!box 6810 Lte, Fritz\!box 6810 Lte Firmware, Fritz\!box 6840 Lte and 1 more | 2025-04-20 | N/A |
| Improper Verification of Cryptographic Signature in AVM FRITZ!Box 6810 LTE after firmware 5.22, FRITZ!Box 6840 LTE after firmware 5.23, and other models with firmware 5.50. | ||||
| CVE-2014-3927 | 1 Mrlg4php Project | 1 Mrlg4php | 2025-04-20 | N/A |
| mrlg-lib.php in mrlg4php before 1.0.8 allows remote attackers to execute arbitrary shell code. | ||||
| CVE-2016-5072 | 1 Oxidforge | 1 Oxid Eshop | 2025-04-20 | N/A |
| OXID eShop before 2016-06-13 allows remote attackers to execute arbitrary code via a GET or POST request to the oxuser class. Fixed versions are Enterprise Edition v5.1.12, Enterprise Edition v5.2.9, Professional Edition v4.8.12, Professional Edition v4.9.9, Community Edition v4.8.12, Community Edition v4.9.9. | ||||
| CVE-2017-8759 | 1 Microsoft | 11 .net Framework, Windows 10 1507, Windows 10 1511 and 8 more | 2025-04-20 | 7.8 High |
| Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability." | ||||
| CVE-2014-4000 | 1 Cacti | 1 Cacti | 2025-04-20 | N/A |
| Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserialize(stripslashes()). | ||||
| CVE-2014-9463 | 2 Vbseo, Vbulletin | 2 Vbseo, Vbulletin | 2025-04-20 | N/A |
| functions_vbseo_hook.php in the VBSEO module for vBulletin allows remote authenticated users to execute arbitrary code via the HTTP Referer header to visitormessage.php. | ||||
| CVE-2017-10835 | 1 Nippon-antenna | 2 Scr02hd, Scr02hd Firmware | 2025-04-20 | N/A |
| "Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows authenticated attackers to conduct code injection attacks via unspecified vectors. | ||||
| CVE-2016-8020 | 1 Mcafee | 1 Virusscan Enterprise | 2025-04-20 | N/A |
| Improper control of generation of code vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to execute arbitrary code via a crafted HTTP request parameter. | ||||
| CVE-2017-11167 | 1 Finecms Project | 1 Finecms | 2025-04-20 | N/A |
| FineCMS 2.1.0 allows remote attackers to execute arbitrary PHP code by using a URL Manager "Add Site" action to enter this code after a ', sequence in a domain name, as demonstrated by the ',phpinfo() input value. | ||||
| CVE-2017-15935 | 1 Artica | 1 Pandora Fms | 2025-04-20 | N/A |
| Artica Pandora FMS version 7.0 is vulnerable to remote PHP code execution through the manager files function. This is only exploitable by administrators who upload a PHP file. | ||||