Total
6214 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-3630 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| Moodle through 2.5.2 allows remote authenticated administrators to execute arbitrary programs by configuring the aspell pathname and then triggering a spell-check operation within the TinyMCE editor. | ||||
| CVE-2013-2121 | 2 Redhat, Theforeman | 3 Openstack, Satellite, Foreman | 2025-04-11 | N/A |
| Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute. | ||||
| CVE-2012-2971 | 1 Microsoft | 1 Windows | 2025-04-11 | N/A |
| The server in CA ARCserve Backup r12.5, r15, and r16 on Windows does not properly process RPC requests, which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted request. | ||||
| CVE-2011-0364 | 1 Cisco | 1 Security Agent | 2025-04-11 | N/A |
| The Management Console (webagent.exe) in Cisco Security Agent 5.1, 5.2, and 6.0 before 6.0.2.145 allows remote attackers to create arbitrary files and execute arbitrary code via unspecified parameters in a crafted st_upload request. | ||||
| CVE-2011-4932 | 1 Impresspages | 1 Impresspages Cms | 2025-04-11 | N/A |
| Eval injection vulnerability in ip_cms/modules/standard/content_management/actions.php in ImpressPages CMS 1.0.12 and possibly other versons before 1.0.13 allows remote attackers to execute arbitrary code via the cm_group parameter. | ||||
| CVE-2009-4928 | 1 Sweetphp | 1 Totalcalendar | 2025-04-11 | N/A |
| PHP remote file inclusion vulnerability in config.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter, a different vector than CVE-2006-1922 and CVE-2006-7055. | ||||
| CVE-2010-1176 | 1 Apple | 2 Iphone Os, Safari | 2025-04-11 | N/A |
| Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to an array of long strings, an array of IMG elements with crafted strings in their SRC attributes, a TBODY element with no associated TABLE element, and certain calls to the delete operator and the cloneNode, clearAttributes, and CollectGarbage methods, possibly a related issue to CVE-2009-0075. | ||||
| CVE-2010-3172 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | N/A |
| CRLF injection vulnerability in Bugzilla before 3.2.9, 3.4.x before 3.4.9, 3.6.x before 3.6.3, and 4.0.x before 4.0rc1, when Server Push is enabled in a web browser, allows remote attackers to inject arbitrary HTTP headers and content, and conduct HTTP response splitting attacks, via a crafted URL. | ||||
| CVE-2013-2615 | 1 Rubygems | 1 Fastreader | 2025-04-11 | N/A |
| lib/entry_controller.rb in the fastreader Gem 1.0.8 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL. | ||||
| CVE-2012-4781 | 1 Microsoft | 1 Internet Explorer | 2025-04-11 | N/A |
| Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "InjectHTMLStream Use After Free Vulnerability." | ||||
| CVE-2010-3220 | 1 Microsoft | 2 Office, Word | 2025-04-11 | N/A |
| Unspecified vulnerability in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Parsing Vulnerability." | ||||
| CVE-2012-0261 | 1 Op5 | 2 Monitor, System-portal | 2025-04-11 | N/A |
| license.php in system-portal before 1.6.2 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the timestamp parameter for an install action. | ||||
| CVE-2010-3625 | 2 Adobe, Redhat | 3 Acrobat, Acrobat Reader, Rhel Extras | 2025-04-11 | N/A |
| Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified vectors, related to a "prefix protocol handler vulnerability." | ||||
| CVE-2010-2747 | 1 Microsoft | 2 Office, Word | 2025-04-11 | N/A |
| Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle an uninitialized pointer during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Uninitialized Pointer Vulnerability." | ||||
| CVE-2013-6671 | 6 Canonical, Fedoraproject, Mozilla and 3 more | 18 Ubuntu Linux, Fedora, Firefox and 15 more | 2025-04-11 | 9.8 Critical |
| The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements. | ||||
| CVE-2010-2748 | 1 Microsoft | 2 Office, Word | 2025-04-11 | N/A |
| Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly check an unspecified boundary during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Boundary Check Vulnerability." | ||||
| CVE-2009-4977 | 1 Tufat | 1 Mybackup | 2025-04-11 | N/A |
| PHP remote file inclusion vulnerability in index.php in MyBackup 1.4.0 allows remote authenticated users to execute arbitrary PHP code via a URL in the main_content parameter. | ||||
| CVE-2010-3206 | 1 Diy-cms | 1 Diy-cms | 2025-04-11 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in DiY-CMS 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lang parameter to modules/guestbook/blocks/control.block.php, (2) main_module parameter to index.php, and (3) getFile parameter to includes/general.functions.php. | ||||
| CVE-2011-3285 | 1 Cisco | 2 5500 Series Adaptive Security Appliance, Adaptive Security Appliance Software | 2025-04-11 | N/A |
| CRLF injection vulnerability in /+CSCOE+/logon.html on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 through 8.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors, aka Bug ID CSCth63101. | ||||
| CVE-2012-0922 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2025-04-11 | N/A |
| rvrender.dll in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via crafted flags in an RMFF file. | ||||