Total
5629 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-30878 | 1 Rageframe | 1 Rageframe | 2025-04-11 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the upload_drive parameter. | ||||
| CVE-2009-4693 | 1 Grafxsoftware | 1 Minicwb | 2025-04-11 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in GraFX MiniCWB 2.3.0 allow remote attackers to execute arbitrary PHP code via a URL in the LANG parameter to (1) en.inc.php, (2) hu.inc.php, (3) no.inc.php, (4) ro.inc.php, and (5) ru.inc.php in language/. | ||||
| CVE-2013-3079 | 1 Vmware | 1 Vcenter Server Appliance | 2025-04-11 | N/A |
| VMware vCenter Server Appliance (vCSA) 5.1 before Update 1 allows remote authenticated users to execute arbitrary programs with root privileges by leveraging Virtual Appliance Management Interface (VAMI) access. | ||||
| CVE-2013-2950 | 1 Ibm | 1 Websphere Portal | 2025-04-11 | N/A |
| CRLF injection vulnerability in IBM WebSphere Portal 6.1.0.x before 6.1.0.3 CF26, 6.1.5.x before 6.1.5 CF26, 7.0.0.x before 7.0.0.2 CF21, and 8.0.0.x through 8.0.0.1 CF5, when home substitution (aka uri.home.substitution) is enabled, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | ||||
| CVE-2012-1661 | 1 Esri | 1 Arcmap | 2025-04-11 | N/A |
| ESRI ArcMap 9 and ArcGIS 10.0.2.3200 and earlier does not properly prompt users before executing embedded VBA macros, which allows user-assisted remote attackers to execute arbitrary VBA code via a crafted map (.mxd) file. | ||||
| CVE-2012-1878 | 1 Microsoft | 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more | 2025-04-11 | N/A |
| Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnBeforeDeactivate Event Remote Code Execution Vulnerability." | ||||
| CVE-2013-2817 | 1 Mitsubishielectric | 1 Mc-worx Suite | 2025-04-11 | N/A |
| An ActiveX control in IcoLaunch.dll in Mitsubishi Electric Automation MC-WorX Suite 8.02 allows user-assisted remote attackers to execute arbitrary programs via a crafted HTML document in conjunction with a Login Client button click. | ||||
| CVE-2013-2802 | 1 Sixnet | 2 Rtu Firmware, Udr | 2025-04-11 | N/A |
| The universal protocol implementation in Sixnet UDR before 2.0 and RTU firmware before 4.8 allows remote attackers to execute arbitrary code; read, modify, or create files; or obtain file metadata via function opcodes. | ||||
| CVE-2012-2556 | 1 Microsoft | 9 Windows 2003 Server, Windows 7, Windows 8 and 6 more | 2025-04-11 | N/A |
| The OpenType Font (OTF) driver in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to execute arbitrary code via a crafted OpenType font file, aka "OpenType Font Parsing Vulnerability." | ||||
| CVE-2013-2751 | 1 Netgear | 1 Raidiator | 2025-04-11 | N/A |
| Eval injection vulnerability in frontview/lib/np_handler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to execute arbitrary Perl code via a crafted request, related to the "forgot password workflow." | ||||
| CVE-2013-2549 | 2 Adobe, Redhat | 2 Acrobat Reader, Rhel Extras | 2025-04-11 | N/A |
| Unspecified vulnerability in Adobe Reader 11.0.02 allows remote attackers to execute arbitrary code via vectors related to a "break into the sandbox," as demonstrated by George Hotz during a Pwn2Own competition at CanSecWest 2013. | ||||
| CVE-2011-4075 | 1 Phpldapadmin Project | 1 Phpldapadmin | 2025-04-11 | N/A |
| The masort function in lib/functions.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to execute arbitrary PHP code via the orderby parameter (aka sortby variable) in a query_engine action to cmd.php, as exploited in the wild in October 2011. | ||||
| CVE-2011-2478 | 1 Google | 1 Sketchup | 2025-04-11 | N/A |
| Google SketchUp before 8 does not properly handle edge geometry in SketchUp (aka .SKP) files, which allows remote attackers to execute arbitrary code via a crafted file. | ||||
| CVE-2009-3737 | 2 Microsoft, Oracle | 2 Internet Explorer, Siebel Option Pack Ie Activex Control | 2025-04-11 | N/A |
| The Oracle Siebel Option Pack for IE ActiveX control does not properly initialize memory that is used by the NewBusObj method, which allows remote attackers to execute arbitrary code via a crafted HTML document. | ||||
| CVE-2013-0689 | 2 Emerson, Enea | 4 Dl 8000 Remote Terminal Unit, Roc 800 Remote Terminal Unit, Roc 800l Remote Terminal Unit and 1 more | 2025-04-11 | N/A |
| The TFTP server on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to upload files and consequently execute arbitrary code via unspecified vectors. | ||||
| CVE-2013-2208 | 1 Andreas Krennmair | 1 Tpp | 2025-04-11 | N/A |
| tpp 1.3.1 allows remote attackers to execute arbitrary commands via a --exec command in a TPP template file. | ||||
| CVE-2010-4294 | 2 Microsoft, Vmware | 5 Windows, Movie Decoder, Player and 2 more | 2025-04-11 | N/A |
| The frame decompression functionality in the VMnc media codec in VMware Movie Decoder before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548, VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548 on Windows, VMware Player 2.5.x before 2.5.5 build 246459 and 3.x before 3.1.2 build 301548 on Windows, and VMware Server 2.x on Windows does not properly validate an unspecified size field, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted video file. | ||||
| CVE-2013-1898 | 1 Digineo | 1 Thumbshooter | 2025-04-11 | N/A |
| lib/thumbshooter.rb in the Thumbshooter 0.1.5 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL. | ||||
| CVE-2010-4943 | 1 Brothersoft | 1 Saurus Cms | 2025-04-11 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Saurus CMS 4.7.0 allow remote attackers to execute arbitrary PHP code via a URL in the class_path parameter to (1) file.php or (2) com_del.php. | ||||
| CVE-2010-4924 | 1 Clearbudget | 1 Clearbudget | 2025-04-11 | N/A |
| PHP remote file inclusion vulnerability in logic/controller.class.php in clearBudget 0.9.8 allows remote attackers to execute arbitrary PHP code via a URL in the actionPath parameter. NOTE: this issue has been disputed by a reliable third party | ||||