Total
2906 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-1670 | 1 Microsoft | 1 Bing | 2018-01-02 | 6.8 MEDIUM | N/A |
| The Microsoft Bing application before 4.2.1 for Android allows remote attackers to install arbitrary APK files via vectors involving a crafted DNS response. | |||||
| CVE-2012-1594 | 1 Wireshark | 1 Wireshark | 2017-12-28 | 3.3 LOW | N/A |
| epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. | |||||
| CVE-2014-3942 | 1 Typo3 | 1 Typo3 | 2017-12-28 | 6.0 MEDIUM | N/A |
| The Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, and 6.1.0 before 6.1.9 allows remote authenticated editors to execute arbitrary PHP code via a serialized PHP object. | |||||
| CVE-2016-5713 | 1 Puppet | 1 Puppet Agent | 2017-12-28 | 7.5 HIGH | 9.8 CRITICAL |
| Versions of Puppet Agent prior to 1.6.0 included a version of the Puppet Execution Protocol (PXP) agent that passed environment variables through to Puppet runs. This could allow unauthorized code to be loaded. This bug was first introduced in Puppet Agent 1.3.0. | |||||
| CVE-2017-7411 | 1 Enalean | 1 Tuleap | 2017-12-27 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Enalean Tuleap 9.6 and prior versions. The vulnerability exists because the User::getRecentElements() method is using the unserialize() function with a preference value that can be arbitrarily manipulated by malicious users through the REST API interface, and this can be exploited to inject arbitrary PHP objects into the application scope, allowing an attacker to perform a variety of attacks (including but not limited to Remote Code Execution). | |||||
| CVE-2017-1336 | 1 Ibm | 1 Infosphere Biginsights | 2017-12-22 | 3.6 LOW | 4.4 MEDIUM |
| IBM Infosphere BigInsights 4.2.0 could allow an attacker to inject code that could allow access to restricted data and files. IBM X-Force ID: 126244. | |||||
| CVE-2017-16682 | 1 Sap | 2 Business Application Software Integrated Solution, Netweaver Internet Transaction Server | 2017-12-22 | 6.5 MEDIUM | 7.2 HIGH |
| SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application. | |||||
| CVE-2012-2224 | 1 Xunlei | 1 Thunder | 2017-12-19 | 7.5 HIGH | N/A |
| Xunlei Thunder before 7.2.6 allows remote attackers to execute arbitrary code via a crafted file, related to a "DLL injection vulnerability." | |||||
| CVE-2012-5973 | 1 Ca | 1 Xcom Data Transport | 2017-12-07 | 10.0 HIGH | N/A |
| CA XCOM Data Transport r11.0 and r11.5 on UNIX and Linux allows remote attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2012-1328 | 1 Cisco | 2 Unified Ip Phone, Unified Ip Phone Firmware | 2017-12-06 | 4.6 MEDIUM | N/A |
| Cisco Unified IP Phones 9900 series devices with firmware 9.1 and 9.2 do not properly handle downloads of configuration information to an RT phone, which allows local users to gain privileges via unspecified injected data, aka Bug ID CSCts32237. | |||||
| CVE-2011-3285 | 1 Cisco | 2 5500 Series Adaptive Security Appliance, Adaptive Security Appliance Software | 2017-12-06 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in /+CSCOE+/logon.html on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 through 8.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors, aka Bug ID CSCth63101. | |||||
| CVE-2017-15806 | 1 Zetacomponents | 1 Mail | 2017-12-02 | 6.8 MEDIUM | 8.1 HIGH |
| The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow remote attackers to execute arbitrary code via a crafted email address, as demonstrated by one containing "-X/path/to/wwwroot/file.php." | |||||
| CVE-2013-2616 | 1 Rubygems | 1 Mini Magick | 2017-11-29 | 7.5 HIGH | N/A |
| lib/mini_magick.rb in the MiniMagick Gem 1.3.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL. | |||||
| CVE-2014-4000 | 1 Cacti | 1 Cacti | 2017-11-29 | 6.5 MEDIUM | 8.8 HIGH |
| Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserialize(stripslashes()). | |||||
| CVE-2014-0818 | 1 Autodesk | 1 Autocad | 2017-11-21 | 7.5 HIGH | N/A |
| Untrusted search path vulnerability in Autodesk AutoCAD before 2014 allows local users to gain privileges and execute arbitrary VBScript code via a Trojan horse FAS file in the FAS file search path. | |||||
| CVE-2009-3890 | 1 Wordpress | 1 Wordpress | 2017-11-21 | 6.0 MEDIUM | N/A |
| Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename. | |||||
| CVE-2017-15935 | 1 Artica | 1 Pandora Fms | 2017-11-14 | 9.0 HIGH | 7.2 HIGH |
| Artica Pandora FMS version 7.0 is vulnerable to remote PHP code execution through the manager files function. This is only exploitable by administrators who upload a PHP file. | |||||
| CVE-2014-2027 | 1 Egroupware | 1 Egroupware | 2017-11-13 | 7.5 HIGH | N/A |
| eGroupware before 1.8.006.20140217 allows remote attackers to conduct PHP object injection attacks, delete arbitrary files, and possibly execute arbitrary code via the (1) addr_fields or (2) trans parameter to addressbook/csv_import.php, (3) cal_fields or (4) trans parameter to calendar/csv_import.php, (5) info_fields or (6) trans parameter to csv_import.php in (a) projectmanager/ or (b) infolog/, or (7) processed parameter to preferences/inc/class.uiaclprefs.inc.php. | |||||
| CVE-2017-14353 | 1 Hp | 1 Ucmdb Foundation Software | 2017-11-10 | 6.8 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33, could be remotely exploited to allow code execution. | |||||
| CVE-2017-9771 | 1 Websitebaker | 1 Websitebaker | 2017-11-06 | 7.5 HIGH | 9.8 CRITICAL |
| install\save.php in WebsiteBaker v2.10.0 allows remote attackers to execute arbitrary PHP code via the database_username, database_host, or database_password parameter. | |||||