Total
3303 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1359 | 1 Microsoft | 2 Ie, Internet Explorer | 2021-07-23 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer. | |||||
| CVE-2010-0805 | 1 Microsoft | 3 Internet Explorer, Windows 2000, Windows Xp | 2021-07-23 | 9.3 HIGH | N/A |
| The Tabular Data Control (TDC) ActiveX control in Microsoft Internet Explorer 5.01 SP4, 6 on Windows XP SP2 and SP3, and 6 SP1 allows remote attackers to execute arbitrary code via a long URL (DataURL parameter) that triggers memory corruption in the CTDCCtl::SecurityCHeckDataURL function, aka "Memory Corruption Vulnerability." | |||||
| CVE-2006-2385 | 1 Microsoft | 2 Ie, Internet Explorer | 2021-07-23 | 7.6 HIGH | N/A |
| Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption when it is saved as a multipart HTML (.mht) file. | |||||
| CVE-2008-1086 | 1 Microsoft | 6 Internet Explorer, Windows-nt, Windows 2000 and 3 more | 2021-07-23 | 9.3 HIGH | N/A |
| The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption. | |||||
| CVE-2008-1368 | 1 Microsoft | 1 Internet Explorer | 2021-07-23 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in Microsoft Internet Explorer 5 and 6 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded CRLF (%0D%0A) before the FTP command, which causes the commands to be inserted into an authenticated FTP connection established earlier in the same browser session, as demonstrated using a DELE command, a variant or possibly a regression of CVE-2004-1166. NOTE: a trailing "//" can force Internet Explorer to try to reuse an existing authenticated connection. | |||||
| CVE-2010-3326 | 1 Microsoft | 4 Internet Explorer, Windows 2003 Server, Windows Server 2003 and 1 more | 2021-07-23 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." | |||||
| CVE-2009-0552 | 1 Microsoft | 5 Ie, Internet Explorer, Windows 2000 and 2 more | 2021-07-23 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability." | |||||
| CVE-2020-5593 | 1 Zenphoto | 1 Zenphoto | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| Zenphoto versions prior to 1.5.7 allows an attacker to conduct PHP code injection attacks by leading a user to upload a specially crafted .zip file. | |||||
| CVE-2020-6243 | 1 Sap | 1 Adaptive Server Enterprise | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| Under certain conditions, SAP Adaptive Server Enterprise (XP Server on Windows Platform), versions 15.7, 16.0, does not perform the necessary checks for an authenticated user while executing the extended stored procedure, allowing an attacker to read, modify, delete restricted data on connected servers, leading to Code Injection. | |||||
| CVE-2020-7673 | 1 Node-extend Project | 1 Node-extend | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| node-extend through 0.2.0 is vulnerable to Arbitrary Code Execution. User input provided to the argument `A` of `extend` function`(A,B,as,isAargs)` located within `lib/extend.js` is executed by the `eval` function, resulting in code execution. | |||||
| CVE-2019-17408 | 1 Zzzcms | 1 Zzzphp | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| parserIfLabel in inc/zzz_template.php in ZZZCMS zzzphp 1.7.3 allows remote attackers to execute arbitrary code because the danger_key function can be bypassed via manipulations such as strtr. | |||||
| CVE-2020-6248 | 1 Sap | 1 Adaptive Server Enterprise Backup Server | 2021-07-21 | 6.5 MEDIUM | 7.2 HIGH |
| SAP Adaptive Server Enterprise (Backup Server), version 16.0, does not perform the necessary validation checks for an authenticated user while executing DUMP or LOAD command allowing arbitrary code execution or Code Injection. | |||||
| CVE-2020-7694 | 1 Encode | 1 Uvicorn | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| This affects all versions of package uvicorn. The request logger provided by the package is vulnerable to ASNI escape sequence injection. Whenever any HTTP request is received, the default behaviour of uvicorn is to log its details to either the console or a log file. When attackers request crafted URLs with percent-encoded escape sequences, the logging component will log the URL after it's been processed with urllib.parse.unquote, therefore converting any percent-encoded characters into their single-character equivalent, which can have special meaning in terminal emulators. By requesting URLs with crafted paths, attackers can: * Pollute uvicorn's access logs, therefore jeopardising the integrity of such files. * Use ANSI sequence codes to attempt to interact with the terminal emulator that's displaying the logs (either in real time or from a file). | |||||
| CVE-2020-7672 | 1 Mosc Project | 1 Mosc | 2021-07-21 | 7.5 HIGH | 8.6 HIGH |
| mosc through 1.0.0 is vulnerable to Arbitrary Code Execution. User input provided to `properties` argument is executed by the `eval` function, resulting in code execution. | |||||
| CVE-2020-7674 | 1 Access-policy Project | 1 Access-policy | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| access-policy through 3.1.0 is vulnerable to Arbitrary Code Execution. User input provided to the `template` function is executed by the `eval` function resulting in code execution. | |||||
| CVE-2020-5558 | 1 Cutephp | 1 Cutenews | 2021-07-21 | 9.0 HIGH | 8.8 HIGH |
| CuteNews 2.0.1 allows remote authenticated attackers to execute arbitrary PHP code via unspecified vectors. | |||||
| CVE-2020-15070 | 1 Zulip | 1 Zulip Server | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| Zulip Server 2.x before 2.1.7 allows eval injection if a privileged attacker were able to write directly to the postgres database, and chose to write a crafted custom profile field value. | |||||
| CVE-2020-15348 | 1 Zyxel | 1 Cloud Cnm Secumanager | 2021-07-21 | 10.0 HIGH | 9.8 CRITICAL |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of live/CPEManager/AXCampaignManager/delete_cpes_by_ids?cpe_ids= for eval injection of Python code. | |||||
| CVE-2020-28870 | 1 Inoideas | 1 Inoerp | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| In InoERP 0.7.2, an unauthorized attacker can execute arbitrary code on the server side due to lack of validations in /modules/sys/form_personalization/json_fp.php. | |||||
| CVE-2020-11804 | 1 Titanhq | 1 Spamtitan | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Titan SpamTitan 7.07. Due to improper sanitization of the parameter quid, used in the page mailqueue.php, code injection can occur. The input for this parameter is provided directly by an authenticated user via an HTTP GET request. | |||||