Total
3303 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-8998 | 1 X7chat | 1 X7 Chat | 2017-09-08 | 6.5 MEDIUM | N/A |
| lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote authenticated users to execute arbitrary PHP code via a crafted HTTP header to index.php, which is processed by the preg_replace function with the eval switch. | |||||
| CVE-2014-8997 | 1 Digitalvidhya | 1 Digi Online Examination System | 2017-09-08 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in the Photo functionality in DigitalVidhya Digi Online Examination System 2.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in assets/uploads/images/. | |||||
| CVE-2014-8636 | 1 Mozilla | 2 Firefox, Seamonkey | 2017-09-08 | 7.5 HIGH | N/A |
| The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via unspecified vectors. | |||||
| CVE-2014-8350 | 1 Smarty | 1 Smarty | 2017-09-08 | 7.5 HIGH | N/A |
| Smarty before 3.1.21 allows remote attackers to bypass the secure mode restrictions and execute arbitrary PHP code as demonstrated by "{literal}<{/literal}script language=php>" in a template. | |||||
| CVE-2014-7192 | 1 Joyent | 1 Node.js | 2017-09-08 | 10.0 HIGH | N/A |
| Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rational Application Developer and other products, allows remote attackers to execute arbitrary code via a crafted file. | |||||
| CVE-2014-6389 | 1 Phpcompta | 1 Phpcompta\/noalyss | 2017-09-08 | 7.5 HIGH | N/A |
| backup.php in PHPCompta/NOALYSS before 6.7.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the d parameter. | |||||
| CVE-2014-6119 | 1 Ibm | 2 Security Appscan, Security Appscan Source | 2017-09-08 | 9.3 HIGH | N/A |
| IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows remote attackers to execute arbitrary code via a crafted executable file in an archive. | |||||
| CVE-2014-5261 | 1 Cacti | 1 Cacti | 2017-09-08 | 7.5 HIGH | N/A |
| The graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a font size, related to the rrdtool commandline in lib/rrd.php. | |||||
| CVE-2015-0935 | 1 Bomgar | 1 Remote Support | 2017-09-07 | 7.5 HIGH | N/A |
| Bomgar Remote Support before 15.1.1 allows remote attackers to execute arbitrary PHP code via crafted serialized data to unspecified PHP scripts. | |||||
| CVE-2014-8677 | 1 Soplanning | 1 Soplanning | 2017-09-06 | 3.5 LOW | 5.3 MEDIUM |
| The installation process for SOPlanning 1.32 and earlier allows remote authenticated users with a prepared database, and access to an existing database with a crafted name, or permissions to create arbitrary databases, or if PHP before 5.2 is being used, the configuration database is down, and smarty/templates_c is not writable to execute arbitrary php code via a crafted database name. | |||||
| CVE-2017-14146 | 1 Helpdezk | 1 Helpdezk | 2017-09-06 | 6.5 MEDIUM | 8.8 HIGH |
| HelpDEZk 1.1.1 allows remote authenticated users to execute arbitrary PHP code by uploading a .php attachment and then requesting it in the helpdezk\app\uploads\helpdezk\attachments\ directory. | |||||
| CVE-2017-3897 | 1 Mcafee | 2 Livesafe, Security Scan Plus | 2017-09-06 | 7.5 HIGH | 9.8 CRITICAL |
| A Code Injection vulnerability in the non-certificate-based authentication mechanism in McAfee Live Safe versions prior to 16.0.3 and McAfee Security Scan Plus (MSS+) versions prior to 3.11.599.3 allows network attackers to perform a malicious file execution via a HTTP backend-response. | |||||
| CVE-2016-8020 | 1 Mcafee | 1 Virusscan Enterprise | 2017-09-03 | 6.0 MEDIUM | 8.0 HIGH |
| Improper control of generation of code vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to execute arbitrary code via a crafted HTTP request parameter. | |||||
| CVE-2016-6175 | 1 Php-gettext Project | 1 Php-gettext | 2017-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| Eval injection vulnerability in php-gettext 1.0.12 and earlier allows remote attackers to execute arbitrary PHP code via a crafted plural forms header. | |||||
| CVE-2015-1497 | 1 Persistent Systems | 1 Radia Client Automation | 2017-09-03 | 10.0 HIGH | N/A |
| radexecd.exe in Persistent Systems Radia Client Automation (RCA) 7.9, 8.1, 9.0, and 9.1 allows remote attackers to execute arbitrary commands via a crafted request to TCP port 3465. | |||||
| CVE-2017-10835 | 1 Nippon-antenna | 2 Scr02hd, Scr02hd Firmware | 2017-08-31 | 6.5 MEDIUM | 8.8 HIGH |
| "Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows authenticated attackers to conduct code injection attacks via unspecified vectors. | |||||
| CVE-2017-3753 | 1 Lenovo | 219 63, 63 Firmware, H50-30g and 216 more | 2017-08-29 | 7.2 HIGH | 6.8 MEDIUM |
| A vulnerability has been identified in some Lenovo products that use UEFI (BIOS) code developed by American Megatrends, Inc. (AMI). With this vulnerability, conditions exist where an attacker with administrative privileges or physical access to a system may be able to run specially crafted code that can allow them to bypass system protections such as Device Guard and Hyper-V. | |||||
| CVE-2014-4767 | 1 Ibm | 1 Websphere Application Server | 2017-08-29 | 6.5 MEDIUM | N/A |
| IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x before 8.5.5.3 does not properly use the Liberty Repository for feature installation, which allows remote authenticated users to execute arbitrary code via unspecified vectors. | |||||
| CVE-2014-0661 | 1 Cisco | 14 Telepresence System 1000, Telepresence System 1100, Telepresence System 1300-65 and 11 more | 2017-08-29 | 8.3 HIGH | N/A |
| The System Status Collection Daemon (SSCD) in Cisco TelePresence System 500-37, 1000, 1300-65, and 3xxx before 1.10.2(42), and 500-32, 1300-47, TX1310 65, and TX9xxx before 6.0.4(11), allows remote attackers to execute arbitrary commands or cause a denial of service (stack memory corruption) via a crafted XML-RPC message, aka Bug ID CSCui32796. | |||||
| CVE-2014-0479 | 2 Canonical, Debian | 2 Reportbug, Reportbug | 2017-08-29 | 6.8 MEDIUM | N/A |
| reportbug before 6.4.4+deb7u1 and 6.5.x before 6.5.0+nmu1 allows remote attackers to execute arbitrary commands via vectors related to compare_versions and reportbug/checkversions.py. | |||||