Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by CWE-94
Total 2906 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2001-0308 1 Bajie 1 Java Http Server 2008-09-05 7.5 HIGH N/A
UploadServlet in Bajie HTTP JServer 0.78, and possibly other versions before 0.80, allows remote attackers to execute arbitrary commands by calling the servlet to upload a program, then using a ... (modified ..) to access the file that was created for the program.
CVE-2001-0307 1 Bajie 1 Java Http Server 2008-09-05 7.5 HIGH N/A
Bajie HTTP JServer 0.78, and other versions before 0.80, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTP request for a CGI program that does not exist.
CVE-2006-6975 1 Centipaid 1 Centipaid 2008-09-04 5.1 MEDIUM N/A
** DISPUTED ** PHP remote file inclusion vulnerability in centipaid_class.php in CentiPaid 1.4.3 allows remote attackers to execute arbitrary code via a URL in the class_pwd parameter. NOTE: this issue has been disputed by CVE and multiple third parties, who state that $class_pwd is set to a static value before the relevant include statement.
CVE-2002-1991 1 Oscommerce 1 Oscommerce 2008-09-04 7.5 HIGH N/A
PHP file inclusion vulnerability in osCommerce 2.1 execute arbitrary commands via the include_file parameter to include_once.php.
CVE-2008-1511 1 Oocomments 1 Oocomments 2008-09-04 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in ooComments 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the PathToComment parameter for (1) classes/class_admin.php and (2) classes/class_comments.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-6678 2008-01-20 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6167. Reason: This candidate is a duplicate of CVE-2007-6167. Notes: All CVE users should reference CVE-2007-6167 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.