Total
2906 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-1939 | 2 Google, Lenovo | 2 Android, Shareit | 2016-05-26 | 7.5 HIGH | N/A |
| java/android/webkit/BrowserFrame.java in Android before 4.4 uses the addJavascriptInterface API in conjunction with creating an object of the SearchBoxImpl class, which allows attackers to execute arbitrary Java code by leveraging access to the searchBoxJavaBridge_ interface at certain Android API levels. | |||||
| CVE-2016-3154 | 1 Spip | 1 Spip | 2016-04-14 | 7.5 HIGH | 9.8 CRITICAL |
| The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object. | |||||
| CVE-2016-3153 | 2 Debian, Spip | 2 Debian Linux, Spip | 2016-04-14 | 7.5 HIGH | 9.8 CRITICAL |
| SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrer_entites function. | |||||
| CVE-2015-1399 | 1 Magento | 1 Magento | 2016-04-01 | 6.5 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in the fetchView function in the Mage_Core_Block_Template_Zend class in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allows remote administrators to execute arbitrary PHP code via a URL in unspecified vectors involving the setScriptPath function. NOTE: it is not clear whether this issue crosses privilege boundaries, since administrators might already have privileges to include arbitrary files. | |||||
| CVE-2014-6261 | 1 Zenoss | 1 Zenoss Core | 2016-03-21 | 9.3 HIGH | N/A |
| Zenoss Core through 5 Beta 3 does not properly implement the Check For Updates feature, which allows remote attackers to execute arbitrary code by (1) spoofing the callhome server or (2) deploying a crafted web site that is visited during a login session, aka ZEN-12657. | |||||
| CVE-2015-5970 | 1 Novell | 1 Zenworks Configuration Management | 2016-03-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| The ChangePassword RPC method in Novell ZENworks Configuration Management (ZCM) 11.3 and 11.4 allows remote attackers to conduct XPath injection attacks, and read arbitrary text files, via a malformed query involving a system entity reference. | |||||
| CVE-2015-8761 | 1 Values Project | 1 Values | 2016-01-11 | 6.0 MEDIUM | 9.0 CRITICAL |
| The Values module 7.x-1.x before 7.x-1.2 for Drupal does not properly check permissions, which allows remote administrators with the "Import value sets" permission to execute arbitrary PHP code via the exported values list in a ctools import. | |||||
| CVE-2015-5242 | 1 Redhat | 1 Gluster Storage | 2015-11-27 | 6.0 MEDIUM | N/A |
| OpenStack Swift-on-File (aka Swiftonfile) does not properly restrict use of the pickle Python module when loading metadata, which allows remote authenticated users to execute arbitrary code via a crafted extended attribute (xattrs). | |||||
| CVE-2015-7729 | 1 Sap | 1 Hana | 2015-10-16 | 6.5 MEDIUM | N/A |
| Eval injection in test-net.xsjs in the Web-based Development Workbench in SAP HANA Developer Edition DB 1.00.091.00.1418659308 allows remote authenticated users to execute arbitrary XSJS code via unspecified vectors, aka SAP Security Note 2153892. | |||||
| CVE-2015-5647 | 1 Cybozu | 1 Garoon | 2015-10-13 | 8.5 HIGH | N/A |
| The RSS Reader component in Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-866. | |||||
| CVE-2015-5646 | 1 Cybozu | 1 Garoon | 2015-10-13 | 8.5 HIGH | N/A |
| Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-863 and CyVDB-867. | |||||
| CVE-2015-0845 | 1 Sixapart | 1 Movabletype | 2015-10-09 | 7.5 HIGH | N/A |
| Format string vulnerability in Movable Type Pro, Open Source, and Advanced before 5.2.13 and Pro and Advanced 6.0.x before 6.0.8 allows remote attackers to execute arbitrary code via vectors related to localization of templates. | |||||
| CVE-2015-5643 | 1 Icz | 1 Matchasns | 2015-10-07 | 6.8 MEDIUM | N/A |
| The installer in ICZ MATCHA INVOICE before 2.5.7 does not properly configure the database, which allows remote attackers to execute arbitrary PHP code via unspecified vectors. | |||||
| CVE-2015-5644 | 1 Icz | 1 Matchasns | 2015-10-07 | 6.8 MEDIUM | N/A |
| The installer in ICZ MATCHA SNS before 1.3.7 does not properly configure the database, which allows remote attackers to execute arbitrary PHP code via unspecified vectors. | |||||
| CVE-2015-5687 | 1 Anchorcms | 1 Anchor Cms | 2015-10-06 | 7.5 HIGH | N/A |
| system/session/drivers/cookie.php in Anchor CMS 0.9.x allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in a cookie. | |||||
| CVE-2014-6446 | 1 Infusionsoft Gravity Forms Project | 1 Infusionsoft Gravity Forms | 2015-10-01 | 7.5 HIGH | N/A |
| The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for WordPress does not properly restrict access, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code via a request to utilities/code_generator.php. | |||||
| CVE-2015-7381 | 1 Refbase | 1 Refbase | 2015-09-28 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in install.php in Web Reference Database (aka refbase) through 0.9.6 allow remote attackers to execute arbitrary PHP code via the (1) pathToMYSQL or (2) databaseStructureFile parameter, a different issue than CVE-2015-6008. | |||||
| CVE-2014-2331 | 1 Check Mk Project | 1 Check Mk | 2015-09-01 | 8.5 HIGH | N/A |
| Check_MK 1.2.2p2, 1.2.2p3, and 1.2.3i5 allows remote authenticated users to execute arbitrary Python code via a crafted rules.mk file in a snapshot. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2330. | |||||
| CVE-2015-4338 | 1 Xcloner | 1 Xcloner | 2015-06-18 | 6.5 MEDIUM | N/A |
| Static code injection vulnerability in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to inject arbitrary PHP code into the language files via a Translation LM_FRONT_* field for a language, as demonstrated by language/italian.php. | |||||
| CVE-2015-2945 | 1 H-fj | 1 Mt-phpincgi | 2015-05-27 | 7.5 HIGH | N/A |
| mt-phpincgi.php in Hajime Fujimoto mt-phpincgi before 2015-05-15 does not properly restrict URLs, which allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted request, as exploited in the wild in May 2015. | |||||