Total
3303 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-7086 | 1 Webbynode | 1 Webbynode | 2017-08-29 | 7.5 HIGH | N/A |
| The message function in lib/webbynode/notify.rb in the Webbynode gem 1.0.5.3 and earlier for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a growlnotify message. | |||||
| CVE-2013-7034 | 1 Livezilla | 1 Livezilla | 2017-08-29 | 7.5 HIGH | N/A |
| The setCookieValue function in _lib/functions.global.inc.php in LiveZilla before 5.1.2.1 allows remote attackers to execute arbitrary PHP code via a serialized PHP object in a cookie. | |||||
| CVE-2013-6309 | 1 Ibm | 1 Marketing Platform | 2017-08-29 | 6.0 MEDIUM | N/A |
| IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to hijack sessions, and consequently read records, modify records, or conduct transactions, via an unspecified link injection. | |||||
| CVE-2013-5369 | 1 Ibm | 1 Spss Analytical Decision Management | 2017-08-29 | 9.3 HIGH | N/A |
| IBM SPSS Analytical Decision Management 6.1 before IF1, 6.2 before IF1, and 7.0 before FP1 IF6 might allow remote attackers to execute arbitrary code by deploying and accessing a service. | |||||
| CVE-2013-5352 | 1 Sharetronix | 1 Sharetronix | 2017-08-29 | 6.8 MEDIUM | N/A |
| Sharetronix 3.1.1.3, 3.1.1, and earlier allows remote attackers to execute arbitrary PHP code via the (1) activities_text parameter to services/activities/set or (2) comments_text parameter to services/comments/set, which is not properly handled when executing the preg_replace function with the e modifier. | |||||
| CVE-2013-5036 | 1 Squash | 1 Square Squash | 2017-08-29 | 7.5 HIGH | N/A |
| The Square Squash allows remote attackers to execute arbitrary code via a YAML document in the (1) namespace parameter to the deobfuscation function or (2) sourcemap parameter to the sourcemap function in app/controllers/api/v1_controller.rb. | |||||
| CVE-2013-4212 | 1 Apache | 1 Roller | 2017-08-29 | 6.8 MEDIUM | N/A |
| Certain getText methods in the ActionSupport controller in Apache Roller before 5.0.2 allow remote attackers to execute arbitrary OGNL expressions via the first or second parameter, as demonstrated by the pageTitle parameter in the !getPageTitle sub-URL to roller-ui/login.rol, which uses a subclass of UIAction, aka "OGNL Injection." | |||||
| CVE-2013-3998 | 1 Ibm | 1 Infosphere Biginsights | 2017-08-29 | 3.5 LOW | N/A |
| CRLF injection vulnerability in the Web Application Enterprise Console in IBM InfoSphere BigInsights 1.1 and 2.x before 2.1 FP2 allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | |||||
| CVE-2013-2950 | 1 Ibm | 1 Websphere Portal | 2017-08-29 | 3.5 LOW | N/A |
| CRLF injection vulnerability in IBM WebSphere Portal 6.1.0.x before 6.1.0.3 CF26, 6.1.5.x before 6.1.5 CF26, 7.0.0.x before 7.0.0.2 CF21, and 8.0.0.x through 8.0.0.1 CF5, when home substitution (aka uri.home.substitution) is enabled, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | |||||
| CVE-2013-1397 | 1 Sensiolabs | 1 Symfony | 2017-08-29 | 7.5 HIGH | N/A |
| Symfony 2.0.x before 2.0.22, 2.1.x before 2.1.7, and 2.2.x remote attackers to execute arbitrary PHP code via a serialized PHP object to the (1) Yaml::parse or (2) Yaml\Parser::parse function, a different vulnerability than CVE-2013-1348. | |||||
| CVE-2013-1348 | 1 Sensiolabs | 1 Symfony | 2017-08-29 | 7.5 HIGH | N/A |
| The Yaml::parse function in Symfony 2.0.x before 2.0.22 remote attackers to execute arbitrary PHP code via a PHP file, a different vulnerability than CVE-2013-1397. | |||||
| CVE-2013-0724 | 1 Wpshopstyling | 1 Wp-ecommerce-shop-styling | 2017-08-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/generate-pdf.php in the WP ecommerce Shop Styling plugin for WordPress before 1.8 allows remote attackers to execute arbitrary PHP code via a URL in the dompdf parameter. | |||||
| CVE-2012-6143 | 1 Ingy | 1 Spoon | 2017-08-29 | 7.5 HIGH | N/A |
| Spoon::Cookie in the Spoon module 0.24 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized. | |||||
| CVE-2012-6142 | 1 Jochen Wiedmann | 1 Html\ | 2017-08-29 | 7.5 HIGH | N/A |
| Session::Cookie in the HTML::EP module 0.2011 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized. | |||||
| CVE-2012-6141 | 1 Stephen Adkins | 1 App\ | 2017-08-29 | 7.5 HIGH | N/A |
| The App::Context module 0.01 through 0.968 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request to (1) App::Session::Cookie or (2) App::Session::HTMLHidden, which is not properly handled when it is deserialized. | |||||
| CVE-2012-6046 | 1 Phpenter | 1 Php Enter | 2017-08-29 | 10.0 HIGH | N/A |
| Static code injection vulnerability in admin/banners.php in PHP Enter allows remote attackers to inject arbitrary PHP code into horad.php via the code parameter. | |||||
| CVE-2012-5777 | 1 Phome | 1 Empirecms | 2017-08-29 | 6.8 MEDIUM | N/A |
| Eval injection vulnerability in the ReplaceListVars function in the template parser in e/class/connect.php in EmpireCMS 6.6 allows user-assisted remote attackers to execute arbitrary PHP code via a crafted template. | |||||
| CVE-2012-5580 | 1 Libproxy Project | 1 Libproxy | 2017-08-29 | 7.5 HIGH | N/A |
| Format string vulnerability in the print_proxies function in bin/proxy.c in libproxy 0.3.1 might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a proxy name, as demonstrated using the http_proxy environment variable or a PAC file. | |||||
| CVE-2012-5293 | 1 Redgraphic | 1 Sapid Cms | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in SAPID CMS 1.2.3 Stable allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[root_path] parameter to usr/extensions/get_tree.inc.php or (2) root_path parameter to usr/extensions/get_infochannel.inc.php. | |||||
| CVE-2012-5231 | 1 Jessgramp | 1 Minicms | 2017-08-29 | 7.5 HIGH | N/A |
| miniCMS 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code via a crafted (1) pagename or (2) area variable containing an executable extension, which is not properly handled by (a) update.php when writing files to content/, or (b) updatenews.php when writing files to content/news/. | |||||