Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-94
Total 2906 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-0678 1 Katalog.hurricane 1 Katalog Stron Hurricane 2010-02-22 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in includes/moderation.php in Katalog Stron Hurricane 1.3.5, and possibly earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the includes_directory parameter.
CVE-2009-4646 1 Accellion 1 Secure File Transfer Appliance 2010-02-21 9.0 HIGH N/A
Static code injection vulnerability in the administrative web interface in Accellion Secure File Transfer Appliance allows remote authenticated administrators to inject arbitrary shell commands by appending them to a request to update the SNMP public community string.
CVE-2009-4319 1 Eocms 1 Eocms 2009-12-14 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in js/bbcodepress/bbcode-form.php in eoCMS 0.9.03 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the BBCODE_path parameter.
CVE-2009-4264 2 Aroundme, Barnraiser 2 Aroundme, Aroundme 2009-12-10 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in components/core/connect.php in AROUNDMe 1.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the language_path parameter.
CVE-2009-4127 2 Mozilla, Wikipedia 2 Firefox, Wikipedia Toolbar 2009-12-02 9.3 HIGH N/A
Unspecified vulnerability in Wikipedia Toolbar extension before 0.5.9.2 for Firefox allows user-assisted remote attackers to execute arbitrary JavaScript with Chrome privileges via vectors involving unspecified Toolbar buttons and the eval function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-4156 1 Ciamos 1 Ciamos Cms 2009-12-02 7.5 HIGH N/A
PHP remote file inclusion vulnerability in modules/pms/index.php in Ciamos CMS 0.9.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_path parameter.
CVE-2009-3817 2 Joomla, Ordasoft 2 Joomla\!, Com Booklibrary 2009-10-28 7.5 HIGH N/A
PHP remote file inclusion vulnerability in doc/releasenote.php in the BookLibrary (com_booklibrary) component 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter, a different vector than CVE-2009-2637. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-3822 2 Fijiwebdesign, Joomla 2 Com Ajaxchat, Joomla\! 2009-10-28 7.5 HIGH N/A
PHP remote file inclusion vulnerability in Fiji Web Design Ajax Chat (com_ajaxchat) component 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter to tests/ajcuser.php.
CVE-2009-3814 1 Runcms 1 Runcms 2009-10-27 6.5 MEDIUM N/A
Static code injection vulnerability in RunCMS 2M1 allows remote authenticated administrators to execute arbitrary PHP code via the "Filter/Banning" feature, as demonstrated by modifying modules/system/cache/bademails.php using the "Prohibited: Emails" action, and other unspecified filters.
CVE-2009-1083 1 Sun 1 Java System Identity Manager 2009-10-05 9.0 HIGH N/A
Sun Java System Identity Manager (IdM) 7.0 through 8.0 on Linux, AIX, Solaris, and HP-UX permits "control characters" in the passwords of user accounts, which allows remote attackers to execute arbitrary commands via vectors involving "resource adapters."
CVE-2009-3518 1 Ibm 1 Installation Manager 2009-10-01 9.3 HIGH N/A
Argument injection vulnerability in the iim: URI handler in IBMIM.exe in IBM Installation Manager 1.3.2 and earlier, as used in IBM Rational Robot and Rational Team Concert, allows remote attackers to load arbitrary DLL files via the -vm option, as demonstrated by a reference to a UNC share pathname.
CVE-2009-3478 2 Mozilla, Nightlight 2 Firefox, Fireftp 2009-09-30 6.0 MEDIUM N/A
Argument injection vulnerability in (1) src/content/js/connection/sftp.js and (2) src/content/js/connection/controlSocket.js.in in FireFTP Extension 1.0.5 for Firefox allows remote authenticated SFTP users to cause victims to alter permissions, delete, download, or move the wrong file via a filename containing " (double quotes), which is not properly filtered or encoded when FireFTP constructs the command to send to psftp.exe.
CVE-2009-3362 1 Sznews 1 Sznews 2009-09-24 7.5 HIGH N/A
PHP remote file inclusion vulnerability in printnews.php3 in SZNews 2.7 allows remote attackers to execute arbitrary PHP code via a URL in the id parameter.
CVE-2009-1862 1 Adobe 3 Acrobat, Acrobat Reader, Flash Player 2009-09-15 9.3 HIGH N/A
Unspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.1.2, and Adobe Flash Player 9.x through 9.0.159.0 and 10.x through 10.0.22.87, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via (1) a crafted Flash application in a .pdf file or (2) a crafted .swf file, related to authplay.dll, as exploited in the wild in July 2009.
CVE-2007-6731 1 Claudio Matsuoka 1 Extended Module Player 2009-09-13 10.0 HIGH N/A
Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers to execute arbitrary code via an OXM file with a negative value, which bypasses a check in (1) test_oxm and (2) decrunch_oxm functions in misc/oxm.c, leading to a buffer overflow.
CVE-2009-2665 1 Mozilla 1 Firefox 2009-09-03 10.0 HIGH N/A
The nsDocument::SetScriptGlobalObject function in content/base/src/nsDocument.cpp in Mozilla Firefox 3.5.x before 3.5.2, when certain add-ons are enabled, does not properly handle a Link HTTP header, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted web page, related to an incorrect security wrapper.
CVE-2008-1217 1 Ibm 1 Lotus Notes 2009-09-02 9.3 HIGH N/A
Unspecified vulnerability in nlnotes.dll in the client in IBM Lotus Notes 6.5, 7.0.x before 7.0.2 CCH, and 8.0.x before 8.0.1 allows remote attackers to execute arbitrary code via a crafted attachment in an e-mail message sent over SMTP, a variant of CVE-2007-6706.
CVE-2009-2118 1 Irfanview 1 Irfanview 2009-06-23 6.8 MEDIUM N/A
Integer overflow in IrfanView 4.23, when the resampling or screen fitting option is enabled, allows remote attackers to execute arbitrary code via a crafted TIFF 1 BPP image, which triggers a heap-based buffer overflow.
CVE-2009-2169 1 Edraw 1 Pdf Viewer Component 2009-06-22 9.3 HIGH N/A
Insecure method vulnerability in the PDFVIEWER.PDFViewerCtrl.1 ActiveX control (pdfviewer.ocx) in Edraw PDF Viewer Component before 3.2.0.126 allows remote attackers to create and overwrite arbitrary files via a URL argument to the FtpConnect argument and a target filename argument to the FtpDownloadFile method. NOTE: this can be leveraged for code execution by writing to a Startup folder.
CVE-2009-1704 1 Apple 1 Safari 2009-06-18 9.3 HIGH N/A
CFNetwork in Apple Safari before 4.0 misinterprets downloaded image files as local HTML documents in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript code by placing it in an image file.