Search
Total
373 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-11715 | 1 Metinfo Project | 1 Metinfo | 2017-08-09 | 6.5 MEDIUM | 9.8 CRITICAL |
| job/uploadfile_save.php in MetInfo through 5.3.17 blocks the .php extension but not related extensions, which might allow remote authenticated admins to execute arbitrary PHP code by uploading a .phtml file after certain actions involving admin/system/safe.php and job/cv.php. | |||||
| CVE-2017-11585 | 1 Finecms | 1 Finecms | 2017-07-28 | 7.5 HIGH | 9.8 CRITICAL |
| dayrui FineCms 5.0.9 has remote PHP code execution via the param parameter in an action=cache request to libraries/Template.php, aka Eval Injection. | |||||
| CVE-2017-10968 | 1 Finecms Project | 1 Finecms | 2017-07-17 | 7.5 HIGH | 9.8 CRITICAL |
| In FineCMS through 2017-07-07, application\core\controller\template.php allows remote PHP code execution by placing the code after "<?php" in a route=template request. | |||||
| CVE-2017-11167 | 1 Finecms Project | 1 Finecms | 2017-07-14 | 7.5 HIGH | 9.8 CRITICAL |
| FineCMS 2.1.0 allows remote attackers to execute arbitrary PHP code by using a URL Manager "Add Site" action to enter this code after a ', sequence in a domain name, as demonstrated by the ',phpinfo() input value. | |||||
| CVE-2016-5734 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-01 | 7.5 HIGH | 9.8 CRITICAL |
| phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace e (aka eval) modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table search-and-replace implementation. | |||||
| CVE-2014-3582 | 1 Apache | 1 Ambari | 2017-05-31 | 7.5 HIGH | 9.8 CRITICAL |
| In Ambari 1.2.0 through 2.2.2, it may be possible to execute arbitrary system commands on the Ambari Server host while generating SSL certificates for hosts in an Ambari cluster. | |||||
| CVE-2017-7691 | 1 Sap | 1 Trex | 2017-04-17 | 7.5 HIGH | 9.8 CRITICAL |
| A code injection vulnerability exists in SAP TREX / Business Warehouse Accelerator (BWA). The vendor response is SAP Security Note 2419592. | |||||
| CVE-2017-7625 | 1 Fiyo | 1 Fiyo Cms | 2017-04-17 | 7.5 HIGH | 9.8 CRITICAL |
| In Fiyo CMS 2.x through 2.0.7, attackers may upload a webshell via the content parameter to "/dapur/apps/app_theme/libs/save_file.php" and then execute code. | |||||
| CVE-2014-3927 | 1 Mrlg4php Project | 1 Mrlg4php | 2017-04-10 | 7.5 HIGH | 9.8 CRITICAL |
| mrlg-lib.php in mrlg4php before 1.0.8 allows remote attackers to execute arbitrary shell code. | |||||
| CVE-2015-0855 | 1 Pitivi | 1 Pitivi | 2017-04-04 | 10.0 HIGH | 9.8 CRITICAL |
| The _mediaLibraryPlayCb function in mainwindow.py in pitivi before 0.95 allows attackers to execute arbitrary code via shell metacharacters in a file path. | |||||
| CVE-2016-1985 | 2 Hp, Microsoft | 2 Operations Manager, Windows | 2017-03-14 | 10.0 HIGH | 10.0 CRITICAL |
| HPE Operations Manager 8.x and 9.0 on Windows allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. | |||||
| CVE-2015-8771 | 1 Gosa Project | 1 Gosa Plugin | 2017-03-02 | 7.5 HIGH | 9.8 CRITICAL |
| The generate_smb_nt_hash function in include/functions.inc in GOsa allows remote attackers to execute arbitrary commands via a crafted password. | |||||
| CVE-2017-2968 | 1 Adobe | 1 Campaign | 2017-03-01 | 7.5 HIGH | 9.1 CRITICAL |
| Adobe Campaign versions 16.4 Build 8724 and earlier have a code injection vulnerability. | |||||
| CVE-2016-5726 | 1 Simplemachines | 1 Simple Machines Forum | 2017-02-23 | 7.5 HIGH | 9.8 CRITICAL |
| Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the themechanges array parameter. | |||||
| CVE-2016-10157 | 1 Akamai | 1 Netsession | 2017-02-07 | 7.5 HIGH | 9.8 CRITICAL |
| Akamai NetSession 1.9.3.1 is vulnerable to DLL Hijacking: it tries to load CSUNSAPI.dll without supplying the complete path. The issue is aggravated because the mentioned DLL is missing from the installation, thus making it possible to hijack the DLL and subsequently inject code within the Akamai NetSession process space. | |||||
| CVE-2016-1000003 | 1 Mirror Manager Project | 1 Mirror Manager | 2016-12-22 | 7.5 HIGH | 9.8 CRITICAL |
| Mirror Manager version 0.7.2 and older is vulnerable to remote code execution in the checkin code. | |||||
| CVE-2016-1986 | 1 Hp | 1 Continuous Delivery Automation | 2016-12-01 | 7.5 HIGH | 9.8 CRITICAL |
| HP Continuous Delivery Automation (CDA) 1.30 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. | |||||
| CVE-2015-5721 | 1 Misp-project | 1 Malware Information Sharing Platform | 2016-11-28 | 7.5 HIGH | 9.8 CRITICAL |
| Malware Information Sharing Platform (MISP) before 2.3.90 allows remote attackers to conduct PHP object injection attacks via crafted serialized data, related to TemplatesController.php and populate_event_from_template_attributes.ctp. | |||||
| CVE-2016-7109 | 1 Huawei | 1 Uma | 2016-09-08 | 10.0 HIGH | 9.8 CRITICAL |
| Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows remote attackers to execute arbitrary commands via "special characters," a different vulnerability than CVE-2016-7110. | |||||
| CVE-2016-7110 | 1 Huawei | 1 Uma | 2016-09-08 | 10.0 HIGH | 9.8 CRITICAL |
| Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows remote attackers to execute arbitrary commands via "special characters," a different vulnerability than CVE-2016-7109. | |||||
| CVE-2016-3154 | 1 Spip | 1 Spip | 2016-04-14 | 7.5 HIGH | 9.8 CRITICAL |
| The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object. | |||||
| CVE-2016-3153 | 2 Debian, Spip | 2 Debian Linux, Spip | 2016-04-14 | 7.5 HIGH | 9.8 CRITICAL |
| SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrer_entites function. | |||||
| CVE-2015-8761 | 1 Values Project | 1 Values | 2016-01-12 | 6.0 MEDIUM | 9.0 CRITICAL |
| The Values module 7.x-1.x before 7.x-1.2 for Drupal does not properly check permissions, which allows remote administrators with the "Import value sets" permission to execute arbitrary PHP code via the exported values list in a ctools import. | |||||