Total
4978 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-2378 | 1 Sensysnetworks | 4 Trafficdot, Vds, Vsn240-f and 1 more | 2025-04-12 | N/A |
| Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not verify the integrity of downloaded updates, which allows remote attackers to execute arbitrary code via a Trojan horse update. | ||||
| CVE-2014-6287 | 1 Rejetto | 1 Http File Server | 2025-04-12 | 9.8 Critical |
| The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action. | ||||
| CVE-2016-7787 | 2 Kde, Opensuse | 3 Kde-cli-tools, Leap, Opensuse | 2025-04-12 | N/A |
| A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user. | ||||
| CVE-2014-8778 | 1 Checkmarx | 1 Cxsast | 2025-04-12 | N/A |
| Checkmarx CxSAST (formerly CxSuite) before 7.1.8 allows remote authenticated users to bypass the CxQL sandbox protection mechanism and execute arbitrary C# code by asserting the (1) System.Security.Permissions.PermissionState.Unrestricted or (2) System.Security.Permissions.SecurityPermissionFlag.AllFlags permission. | ||||
| CVE-2014-2777 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | N/A |
| Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary web script with increased privileges via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2014-1778. | ||||
| CVE-2014-5340 | 2 Check Mk Project, Redhat | 2 Check Mk, Storage | 2025-04-12 | N/A |
| The wato component in Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to an automation URL. | ||||
| CVE-2014-8791 | 1 Enalean | 1 Tuleap | 2025-04-12 | N/A |
| project/register.php in Tuleap before 7.7, when sys_create_project_in_one_step is disabled, allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via the data parameter. | ||||
| CVE-2014-5324 | 1 Najeebmedia | 1 N-media File Uploader | 2025-04-12 | N/A |
| Unrestricted file upload vulnerability in the N-Media file uploader plugin before 3.4 for WordPress allows remote authenticated users to execute arbitrary PHP code by leveraging Author privileges to store a file. | ||||
| CVE-2014-3911 | 1 Samsung | 1 Ipolis Device Manager | 2025-04-12 | N/A |
| Samsung iPOLiS Device Manager before 1.8.7 allow remote attackers to execute arbitrary code via unspecified values to the (1) Start, (2) ChangeControlLocalName, (3) DeleteDeviceProfile, (4) FrameAdvanceReader, or other unknown method in the XNSSDKDEVICE.XnsSdkDeviceCtrlForIpInstaller.1 ActiveX control. | ||||
| CVE-2016-3154 | 1 Spip | 1 Spip | 2025-04-12 | N/A |
| The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object. | ||||
| CVE-2014-5297 | 1 X2engine | 1 X2engine | 2025-04-12 | N/A |
| The actionSendErrorReport method in protected/controllers/SiteController.php in X2Engine 2.8 through 4.1.7 allows remote attackers to conduct PHP object injection and Server-Side Request Forgery (SSRF) attacks via crafted serialized data in the report parameter. | ||||
| CVE-2016-2098 | 3 Debian, Redhat, Rubyonrails | 4 Debian Linux, Rhel Software Collections, Rails and 1 more | 2025-04-12 | N/A |
| Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method. | ||||
| CVE-2016-1986 | 1 Hp | 1 Continuous Delivery Automation | 2025-04-12 | N/A |
| HP Continuous Delivery Automation (CDA) 1.30 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. | ||||
| CVE-2015-6555 | 1 Symantec | 1 Endpoint Protection Manager | 2025-04-12 | N/A |
| Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 allows remote attackers to execute arbitrary Java code by connecting to the console Java port. | ||||
| CVE-2016-1985 | 2 Hp, Microsoft | 2 Operations Manager, Windows | 2025-04-12 | N/A |
| HPE Operations Manager 8.x and 9.0 on Windows allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. | ||||
| CVE-2016-1000003 | 1 Mirror Manager Project | 1 Mirror Manager | 2025-04-12 | N/A |
| Mirror Manager version 0.7.2 and older is vulnerable to remote code execution in the checkin code. | ||||
| CVE-2016-7967 | 1 Kde | 1 Kmail | 2025-04-12 | N/A |
| KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. Since the generated html is executed in the local file security context by default access to remote and local URLs was enabled. | ||||
| CVE-2014-1691 | 1 Horde | 1 Horde Application Framework | 2025-04-12 | N/A |
| The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the _formvars form. | ||||
| CVE-2014-5261 | 1 Cacti | 1 Cacti | 2025-04-12 | N/A |
| The graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a font size, related to the rrdtool commandline in lib/rrd.php. | ||||
| CVE-2015-8761 | 1 Values Project | 1 Values | 2025-04-12 | N/A |
| The Values module 7.x-1.x before 7.x-1.2 for Drupal does not properly check permissions, which allows remote administrators with the "Import value sets" permission to execute arbitrary PHP code via the exported values list in a ctools import. | ||||