Search
Total
2894 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-1965 | 1 Ibm | 2 Lotus Expeditor Client, Lotus Symphany | 2018-10-11 | 9.3 HIGH | N/A |
| Argument injection vulnerability in the cai: URI handler in rcplauncher in IBM Lotus Expeditor Client for Desktop 6.1.1 and 6.1.2, as used by Lotus Symphony and possibly other products, allows remote attackers to execute arbitrary code by injecting a -launcher option via a cai: URI, as demonstrated by a reference to a UNC share pathname. | |||||
| CVE-2008-2016 | 1 Chilkat Software | 1 Chicomas | 2018-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Chilek Content Management System (aka ChiCoMaS) 2.0.4 allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter to the default URI under install/. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences. | |||||
| CVE-2008-1860 | 1 Lokicms | 1 Lokicms | 2018-10-11 | 9.3 HIGH | N/A |
| Static code injection vulnerability in admin.php in LokiCMS 0.3.3 and earlier allows remote attackers to inject arbitrary PHP code into includes/Config.php via the default parameter. | |||||
| CVE-2008-1926 | 1 Linux | 1 Util-linux | 2018-10-11 | 7.5 HIGH | N/A |
| Argument injection vulnerability in login (login-utils/login.c) in util-linux-ng 2.14 and earlier makes it easier for remote attackers to hide activities by modifying portions of log events, as demonstrated by appending an "addr=" statement to the login name, aka "audit log injection." | |||||
| CVE-2008-1770 | 1 Akamai | 1 Download Manager | 2018-10-11 | 9.3 HIGH | N/A |
| CRLF injection vulnerability in Akamai Download Manager ActiveX control before 2.2.3.6 allows remote attackers to force the download and execution of arbitrary files via a URL parameter containing an encoded LF followed by a malicious target line. | |||||
| CVE-2008-1786 | 1 Computer Associates | 7 Arcserve Backup Laptops And Desktops, Desktop And Server Management, Desktop Management Suite and 4 more | 2018-10-11 | 9.3 HIGH | N/A |
| The DSM gui_cm_ctrls ActiveX control (gui_cm_ctrls.ocx), as used in multiple CA products including BrightStor ARCServe Backup for Laptops and Desktops r11.5, Desktop Management Suite r11.1 through r11.2 C2; Unicenter r11.1 through r11.2 C2; and Desktop and Server Management r11.1 through r11.2 C2 allows remote attackers to execute arbitrary code via crafted function arguments. | |||||
| CVE-2008-1609 | 1 Jaf Cms | 1 Jaf Cms | 2018-10-11 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in just another flat file (JAF) CMS 4.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) website parameter to (a) forum.php, (b) headlines.php, and (c) main.php in forum/, and (2) main_dir parameter to forum/forum.php. NOTE: other main_dir vectors are already covered by CVE-2006-7127. | |||||
| CVE-2008-1233 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-11 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via "XPCNativeWrapper pollution." | |||||
| CVE-2008-1060 | 1 Wordpress | 1 Sniplets Plugin | 2018-10-11 | 7.5 HIGH | N/A |
| Eval injection vulnerability in modules/execute.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via the text parameter. | |||||
| CVE-2008-1059 | 1 Wordpress | 1 Sniplets Plugin | 2018-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in modules/syntax_highlight.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the libpath parameter. | |||||
| CVE-2008-1035 | 1 Apple | 1 Ical | 2018-10-11 | 4.3 MEDIUM | N/A |
| Use-after-free vulnerability in Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and user-assisted remote attackers, to trigger memory corruption or possibly execute arbitrary code via an "ATTACH;VALUE=URI:S=osumi" line in a .ics file, which triggers a "resource liberation" bug. NOTE: CVE-2008-2007 was originally used for this issue, but this is the appropriate identifier. | |||||
| CVE-2008-1043 | 1 Linux Web Shop | 1 Php User Base | 2018-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in templates/default/header.inc.php in Linux Web Shop (LWS) php User Base 1.3 BETA allows remote attackers to execute arbitrary PHP code via a URL in the menu parameter. | |||||
| CVE-2008-1093 | 1 Acresso | 2 Flexnet Connect, Intallshield Update Agent | 2018-10-11 | 9.3 HIGH | N/A |
| Acresso InstallShield Update Agent does not properly verify the authenticity of Rule Scripts obtained from GetRules.asp web pages on FLEXnet Connect servers, which allows remote man-in-the-middle attackers to execute arbitrary VBScript code via Trojan horse Rules. | |||||
| CVE-2008-1128 | 1 Phpmytourney | 1 Phpmytourney | 2018-10-11 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in tourney/index.php in phpMyTourney 2 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | |||||
| CVE-2008-1136 | 1 Synce | 1 Synce | 2018-10-11 | 9.3 HIGH | N/A |
| The Utils::runScripts function in src/utils.cpp in vdccm 0.92 through 0.10.0 in SynCE (SynCE-dccm) allows remote attackers to execute arbitrary commands via shell metacharacters in a certain string to TCP port 5679. | |||||
| CVE-2008-1170 | 1 Kcwiki | 1 Kcwiki | 2018-10-11 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in KCWiki 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the page parameter to (1) minimal/wiki.php and (2) simplest/wiki.php. | |||||
| CVE-2008-1171 | 1 Phpbb | 1 123 Flash Chat Module | 2018-10-11 | 6.8 MEDIUM | N/A |
| ** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in the 123 Flash Chat Module for phpBB allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) 123flashchat.php and (2) phpbb_login_chat.php. NOTE: CVE disputes this issue because $phpbb_root_path is explicitly set to "./" in both programs. | |||||
| CVE-2011-0364 | 1 Cisco | 1 Security Agent | 2018-10-10 | 10.0 HIGH | N/A |
| The Management Console (webagent.exe) in Cisco Security Agent 5.1, 5.2, and 6.0 before 6.0.2.145 allows remote attackers to create arbitrary files and execute arbitrary code via unspecified parameters in a crafted st_upload request. | |||||
| CVE-2010-4294 | 2 Microsoft, Vmware | 5 Windows, Movie Decoder, Player and 2 more | 2018-10-10 | 9.3 HIGH | N/A |
| The frame decompression functionality in the VMnc media codec in VMware Movie Decoder before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548, VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548 on Windows, VMware Player 2.5.x before 2.5.5 build 246459 and 3.x before 3.1.2 build 301548 on Windows, and VMware Server 2.x on Windows does not properly validate an unspecified size field, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted video file. | |||||
| CVE-2010-4283 | 1 Artica | 1 Pandora Fms | 2018-10-10 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in extras/pandora_diag.php in Pandora FMS before 3.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the argv[1] parameter. | |||||
| CVE-2010-5038 | 1 Groonesworld | 1 Simple Contact Form | 2018-10-10 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in contact/contact.php in Groone's Simple Contact Form allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter. | |||||
| CVE-2010-4281 | 1 Artica | 1 Pandora Fms | 2018-10-10 | 7.5 HIGH | N/A |
| Incomplete blacklist vulnerability in the safe_url_extraclean function in ajax.php in Pandora FMS before 3.1.1 allows remote attackers to execute arbitrary PHP code by using a page parameter containing a UNC share pathname, which bypasses the check for the : (colon) character. | |||||
| CVE-2010-3719 | 1 Symantec | 1 Im Manager | 2018-10-10 | 8.5 HIGH | N/A |
| Eval injection vulnerability in IMAdminSchedTask.asp in the administrative interface for Symantec IM Manager 8.4.16 and earlier allows remote attackers to execute arbitrary code via unspecified parameters to the ScheduleTask method. | |||||
| CVE-2010-3758 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2018-10-10 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 allow remote attackers to execute arbitrary code via vectors involving the (1) AGI_SendToLog (aka _SendToLog) function; the (2) group, (3) workgroup, or (4) domain name field to the USER_S_AddADGroup function; the (5) user_path variable to the FXCLI_checkIndexDBLocation function; or (6) the _AGI_S_ActivateLTScriptReply (aka ActivateLTScriptReply) function. NOTE: this might overlap CVE-2010-3059. | |||||
| CVE-2010-3759 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2018-10-10 | 10.0 HIGH | N/A |
| FastBackMount.exe in the Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 writes a certain value to a memory location specified by a UDP packet field, which allows remote attackers to execute arbitrary code via multiple requests. NOTE: this might overlap CVE-2010-3058. | |||||
| CVE-2010-3429 | 2 Ffmpeg, Mplayerhq | 3 Ffmpeg, Libavcodec, Mplayer | 2018-10-10 | 6.8 MEDIUM | N/A |
| flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer and other products, allows remote attackers to execute arbitrary code via a crafted flic file, related to an "arbitrary offset dereference vulnerability." | |||||
| CVE-2010-3189 | 1 Trendmicro | 1 Internet Security | 2018-10-10 | 9.3 HIGH | N/A |
| The extSetOwner function in the UfProxyBrowserCtrl ActiveX control (UfPBCtrl.dll) in Trend Micro Internet Security Pro 2010 allows remote attackers to execute arbitrary code via an invalid address that is dereferenced as a pointer. | |||||
| CVE-2010-2996 | 2 Microsoft, Realnetworks | 2 Windows, Realplayer | 2018-10-10 | 9.3 HIGH | N/A |
| Array index error in RealNetworks RealPlayer 11.0 through 11.1 on Windows allows remote attackers to execute arbitrary code via a malformed header in a RealMedia .IVR file. | |||||
| CVE-2010-2261 | 1 Linksys | 1 Wap54gv3 | 2018-10-10 | 10.0 HIGH | N/A |
| Linksys WAP54Gv3 firmware 3.04.03 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) data2 and (2) data3 parameters to (a) Debug_command_page.asp and (b) debug.cgi. | |||||
| CVE-2010-2576 | 1 Opera | 1 Opera Browser | 2018-10-10 | 6.8 MEDIUM | N/A |
| Opera before 10.61 does not properly suppress clicks on download dialogs that became visible after a recent tab change, which allows remote attackers to conduct clickjacking attacks, and consequently execute arbitrary code, via vectors involving (1) closing a tab or (2) hiding a tab, a related issue to CVE-2005-2407. | |||||
| CVE-2010-2240 | 1 Linux | 1 Linux Kernel | 2018-10-10 | 7.2 HIGH | N/A |
| The do_anonymous_page function in mm/memory.c in the Linux kernel before 2.6.27.52, 2.6.32.x before 2.6.32.19, 2.6.34.x before 2.6.34.4, and 2.6.35.x before 2.6.35.2 does not properly separate the stack and the heap, which allows context-dependent attackers to execute arbitrary code by writing to the bottom page of a shared memory segment, as demonstrated by a memory-exhaustion attack against the X.Org X server. | |||||
| CVE-2010-2145 | 1 Richrumble | 1 Clearsite | 2018-10-10 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in ClearSite Beta 4.50, and possibly other versions, allow remote attackers to execute arbitrary PHP code via a URL in the cs_base_path parameter to (1) docs.php and (2) include/admin/device_admin.php. NOTE: the header.php vector is already covered by CVE-2009-3306. NOTE: this issue may be due to a variable extraction error. | |||||
| CVE-2010-1922 | 1 29o3 Cms | 1 29o3 Cms | 2018-10-10 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in 29o3 CMS 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the LibDir parameter to (1) lib/page/pageDescriptionObject.php, and (2) layoutHeaderFuncs.php, (3) layoutManager.php, and (4) layoutParser.php in lib/layout/. | |||||
| CVE-2010-0988 | 1 Pulsecms | 1 Pulse Cms | 2018-10-10 | 6.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Pulse CMS before 1.2.3 allow (1) remote attackers to write to arbitrary files and execute arbitrary PHP code via vectors related to improper handling of login failures by includes/login.php; and allow remote authenticated users to write to arbitrary files and execute arbitrary PHP code via vectors involving the (2) filename and (3) block parameters to view.php. | |||||
| CVE-2010-0155 | 1 Ibm | 2 Proventia Network Mail Security System Virtual Appliance, Proventia Network Mail Security System Virtual Appliance Firmware | 2018-10-10 | 3.5 LOW | N/A |
| CRLF injection vulnerability in load.php in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5 allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the javaVersion parameter. | |||||
| CVE-2009-4747 | 1 Tecnick | 1 Aiocp | 2018-10-10 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in public/code/cp_html2xhtmlbasic.php in All In One Control Panel (AIOCP) 1.4.001 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter, a different vector than CVE-2009-3220. | |||||
| CVE-2009-4509 | 1 Vsecurity | 1 Tandberg Video Communication Server | 2018-10-10 | 10.0 HIGH | N/A |
| The administrative web console on the TANDBERG Video Communication Server (VCS) before X4.3 uses predictable session cookies in (1) tandberg/web/lib/secure.php and (2) tandberg/web/user/lib/secure.php, which makes it easier for remote attackers to bypass authentication, and execute arbitrary code by loading a custom software update, via a crafted "Cookie: tandberg_login=" HTTP header. | |||||
| CVE-2009-4210 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2018-10-10 | 9.3 HIGH | N/A |
| The Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted media content. | |||||
| CVE-2009-4115 | 1 Cutephp | 1 Cutenews | 2018-10-10 | 6.5 MEDIUM | N/A |
| Multiple static code injection vulnerabilities in the Categories module in CutePHP CuteNews 1.4.6 allow remote authenticated users with application administrative privileges to inject arbitrary PHP code into data/category.db.php via the (1) category and (2) Icon URL fields; or (3) inject arbitrary PHP code into data/ipban.php via the add_ip parameter. | |||||
| CVE-2009-4148 | 1 Daz3d | 1 Daz Studio | 2018-10-10 | 9.3 HIGH | N/A |
| DAZ Studio 2.3.3.161, 2.3.3.163, and 3.0.1.135 allows remote attackers to execute arbitrary JavaScript code via a (1) .ds, (2) .dsa, (3) .dse, or (4) .dsb file, as demonstrated by code that loads the WScript.Shell ActiveX control, related to a "script injection vulnerability." | |||||
| CVE-2009-4113 | 2 Cutephp, Korn19 | 2 Cutenews, Utf-8 Cutenews | 2018-10-10 | 6.5 MEDIUM | N/A |
| Static code injection vulnerability in the Categories module in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote authenticated users with application administrative privileges to inject arbitrary PHP code into data/category.db.php via the Category Access field. | |||||
| CVE-2009-3577 | 1 Autodesk | 1 3ds Max | 2018-10-10 | 9.3 HIGH | N/A |
| Autodesk 3D Studio Max (3DSMax) 6 through 9 and 2008 through 2010 allows remote attackers to execute arbitrary code via a .max file with a MAXScript statement that calls the DOSCommand method, related to "application callbacks." | |||||
| CVE-2009-3578 | 1 Autodesk | 2 Alias Wavefront Maya, Autodesk Maya | 2018-10-10 | 9.3 HIGH | N/A |
| Autodesk Maya 8.0, 8.5, 2008, 2009, and 2010 and Alias Wavefront Maya 6.5 and 7.0 allow remote attackers to execute arbitrary code via a (1) .ma or (2) .mb file that uses the Maya Embedded Language (MEL) python command or unspecified other MEL commands, related to "Script Nodes." | |||||
| CVE-2009-3850 | 1 Blender | 1 Blender | 2018-10-10 | 9.3 HIGH | N/A |
| Blender 2.34, 2.35a, 2.40, and 2.49b allows remote attackers to execute arbitrary code via a .blend file that contains Python statements in the onLoad action of a ScriptLink SDNA. | |||||
| CVE-2009-3576 | 1 Autodesk | 2 Autodesk Softimage, Autodesk Softimage Xsi | 2018-10-10 | 9.3 HIGH | N/A |
| Autodesk Softimage 7.x and Softimage XSI 6.x allow remote attackers to execute arbitrary JavaScript code via a scene package containing a Scene Table of Contents (aka .scntoc) file with a Script_Content element, as demonstrated by code that loads the WScript.Shell ActiveX control. | |||||
| CVE-2009-3114 | 1 Ibm | 1 Lotus Notes | 2018-10-10 | 7.5 HIGH | N/A |
| The RSS reader widget in IBM Lotus Notes 8.0 and 8.5 saves items from an RSS feed as local HTML documents, which allows remote attackers to execute arbitrary script in Internet Explorer's Local Machine Zone via a crafted feed, aka SPR RGAU7RDJ9K. | |||||
| CVE-2009-3220 | 1 Tecnick | 1 Aiocp | 2018-10-10 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in cp_html2txt.php in All In One Control Panel (AIOCP) 1.4.001 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | |||||
| CVE-2009-3306 | 1 Richrumble | 1 Clearsite | 2018-10-10 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in include/header.php in ClearSite 4.50 allows remote attackers to execute arbitrary PHP code via a URL in the cs_base_path parameter. | |||||
| CVE-2009-2628 | 1 Vmware | 4 Ace, Movie Decoder, Player and 1 more | 2018-10-10 | 9.3 HIGH | N/A |
| The VMnc media codec in vmnc.dll in VMware Movie Decoder before 6.5.3 build 185404, VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, and VMware ACE 2.5.x before 2.5.3 build 185404 on Windows does not properly handle certain small heights in video content, which might allow remote attackers to execute arbitrary code via a crafted AVI file that triggers heap memory corruption. | |||||
| CVE-2009-2348 | 1 Google | 1 Android | 2018-10-10 | 6.9 MEDIUM | N/A |
| Android 1.5 CRBxx allows local users to bypass the (1) Manifest.permission.CAMERA (aka android.permission.CAMERA) and (2) Manifest.permission.AUDIO_RECORD (aka android.permission.RECORD_AUDIO) configuration settings by installing and executing an application that does not make a permission request before using the camera or microphone. | |||||