Total
3303 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-5072 | 1 Oxidforge | 1 Oxid Eshop | 2017-04-14 | 6.5 MEDIUM | 8.8 HIGH |
| OXID eShop before 2016-06-13 allows remote attackers to execute arbitrary code via a GET or POST request to the oxuser class. Fixed versions are Enterprise Edition v5.1.12, Enterprise Edition v5.2.9, Professional Edition v4.8.12, Professional Edition v4.9.9, Community Edition v4.8.12, Community Edition v4.9.9. | |||||
| CVE-2017-7570 | 1 Pivotx | 1 Pivotx | 2017-04-13 | 6.5 MEDIUM | 8.8 HIGH |
| PivotX 2.3.11 allows remote authenticated Advanced users to execute arbitrary PHP code by performing an upload with a safe file extension (such as .jpg) and then invoking the duplicate function to change to the .php extension. | |||||
| CVE-2014-3927 | 1 Mrlg4php Project | 1 Mrlg4php | 2017-04-10 | 7.5 HIGH | 9.8 CRITICAL |
| mrlg-lib.php in mrlg4php before 1.0.8 allows remote attackers to execute arbitrary shell code. | |||||
| CVE-2015-0855 | 1 Pitivi | 1 Pitivi | 2017-04-04 | 10.0 HIGH | 9.8 CRITICAL |
| The _mediaLibraryPlayCb function in mainwindow.py in pitivi before 0.95 allows attackers to execute arbitrary code via shell metacharacters in a file path. | |||||
| CVE-2016-8354 | 1 Schneider-electric | 1 Unity Pro | 2017-03-15 | 5.1 MEDIUM | 7.0 HIGH |
| An issue was discovered in Schneider Electric Unity PRO prior to V11.1. Unity projects can be compiled as x86 instructions and loaded onto the PLC Simulator delivered with Unity PRO. These x86 instructions are subsequently executed directly by the simulator. A specially crafted patched Unity project file can make the simulator execute malicious code by redirecting the control flow of these instructions. | |||||
| CVE-2016-1985 | 2 Hp, Microsoft | 2 Operations Manager, Windows | 2017-03-14 | 10.0 HIGH | 10.0 CRITICAL |
| HPE Operations Manager 8.x and 9.0 on Windows allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. | |||||
| CVE-2015-8771 | 1 Gosa Project | 1 Gosa Plugin | 2017-03-02 | 7.5 HIGH | 9.8 CRITICAL |
| The generate_smb_nt_hash function in include/functions.inc in GOsa allows remote attackers to execute arbitrary commands via a crafted password. | |||||
| CVE-2017-2968 | 1 Adobe | 1 Campaign | 2017-03-01 | 7.5 HIGH | 9.1 CRITICAL |
| Adobe Campaign versions 16.4 Build 8724 and earlier have a code injection vulnerability. | |||||
| CVE-2016-5727 | 1 Simplemachines | 1 Simple Machines Forum | 2017-02-23 | 6.8 MEDIUM | 8.8 HIGH |
| LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input in a foreach loop. | |||||
| CVE-2016-5726 | 1 Simplemachines | 1 Simple Machines Forum | 2017-02-23 | 7.5 HIGH | 9.8 CRITICAL |
| Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the themechanges array parameter. | |||||
| CVE-2016-10157 | 1 Akamai | 1 Netsession | 2017-02-07 | 7.5 HIGH | 9.8 CRITICAL |
| Akamai NetSession 1.9.3.1 is vulnerable to DLL Hijacking: it tries to load CSUNSAPI.dll without supplying the complete path. The issue is aggravated because the mentioned DLL is missing from the installation, thus making it possible to hijack the DLL and subsequently inject code within the Akamai NetSession process space. | |||||
| CVE-2015-7905 | 1 Unitronics | 1 Visilogic Oplc Ide | 2017-01-12 | 7.5 HIGH | N/A |
| Unitronics VisiLogic OPLC IDE before 9.8.02 allows remote attackers to execute unspecified code via unknown vectors. | |||||
| CVE-2016-9949 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2017-01-07 | 9.3 HIGH | 7.8 HIGH |
| An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "{". This allows remote attackers to execute arbitrary Python code. | |||||
| CVE-2014-1557 | 3 Debian, Mozilla, Oracle | 5 Debian Linux, Firefox, Firefox Esr and 2 more | 2017-01-07 | 9.3 HIGH | N/A |
| The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, does not properly handle the discarding of image data during function execution, which allows remote attackers to execute arbitrary code by triggering prolonged image scaling, as demonstrated by scaling of a high-quality image. | |||||
| CVE-2014-1556 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2017-01-07 | 9.3 HIGH | N/A |
| Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to execute arbitrary code via crafted WebGL content constructed with the Cesium JavaScript library. | |||||
| CVE-2014-0472 | 2 Canonical, Djangoproject | 2 Ubuntu Linux, Django | 2017-01-07 | 5.1 MEDIUM | N/A |
| The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a "dotted Python path." | |||||
| CVE-2014-0558 | 4 Adobe, Apple, Linux and 1 more | 6 Adobe Air, Adobe Air Sdk, Flash Player and 3 more | 2017-01-03 | 10.0 HIGH | N/A |
| Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0564. | |||||
| CVE-2016-7968 | 1 Kde | 1 Kmail | 2016-12-27 | 7.5 HIGH | 6.5 MEDIUM |
| KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. HTML Mail contents were not sanitized for JavaScript and included code was executed. | |||||
| CVE-2016-7967 | 1 Kde | 1 Kmail | 2016-12-27 | 5.8 MEDIUM | 8.1 HIGH |
| KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. Since the generated html is executed in the local file security context by default access to remote and local URLs was enabled. | |||||
| CVE-2016-1000003 | 1 Mirror Manager Project | 1 Mirror Manager | 2016-12-22 | 7.5 HIGH | 9.8 CRITICAL |
| Mirror Manager version 0.7.2 and older is vulnerable to remote code execution in the checkin code. | |||||