Search
Total
2894 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-4252 | 1 Realnetworks | 1 Realplayer | 2012-03-08 | 9.3 HIGH | N/A |
| The RV10 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via a crafted sample height. | |||||
| CVE-2011-4254 | 1 Realnetworks | 1 Realplayer | 2012-03-08 | 10.0 HIGH | N/A |
| RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted RTSP SETUP request. | |||||
| CVE-2011-4257 | 1 Realnetworks | 1 Realplayer | 2012-03-08 | 9.3 HIGH | N/A |
| The Cook codec in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via crafted channel data. | |||||
| CVE-2011-4258 | 1 Realnetworks | 1 Realplayer | 2012-03-08 | 9.3 HIGH | N/A |
| RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted length of an MLTI chunk in an IVR file. | |||||
| CVE-2011-4260 | 1 Realnetworks | 1 Realplayer | 2012-03-08 | 9.3 HIGH | N/A |
| RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a malformed header in an MP4 file. | |||||
| CVE-2011-4614 | 1 Typo3 | 1 Typo3 | 2012-02-29 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in Classes/Controller/AbstractController.php in the workspaces system extension in TYPO3 4.5.x before 4.5.9, 4.6.x before 4.6.2, and development versions of 4.7 allows remote attackers to execute arbitrary PHP code via a URL in the BACK_PATH parameter. | |||||
| CVE-2012-0926 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2012-02-25 | 9.3 HIGH | N/A |
| The RV10 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, does not properly handle height and width values, which allows remote attackers to execute arbitrary code via a crafted RV10 RealVideo video stream. | |||||
| CVE-2012-0927 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2012-02-25 | 9.3 HIGH | N/A |
| Unspecified vulnerability in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via vectors involving the coded_frame_size value in a RealAudio audio stream. | |||||
| CVE-2012-0924 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2012-02-25 | 9.3 HIGH | N/A |
| RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via vectors involving a VIDOBJ_START_CODE code in a header within a video stream. | |||||
| CVE-2012-0923 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2012-02-25 | 9.3 HIGH | N/A |
| The RV20 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, does not properly handle the frame size array, which allows remote attackers to execute arbitrary code via a crafted RV20 RealVideo video stream. | |||||
| CVE-2012-1205 | 2 Alanft, Wordpress | 2 Relocate-upload, Wordpress | 2012-02-24 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in relocate-upload.php in Relocate Upload plugin before 0.20 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter. | |||||
| CVE-2010-4884 | 1 Hinnendahl | 1 Gaestebuch | 2012-02-14 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in guestbook/gbook.php in Gaestebuch 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the script_pfad parameter. | |||||
| CVE-2010-4998 | 1 Maulana Al Matien | 1 Ardeacore Php Framework | 2012-02-14 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in ardeaCore/lib/core/ardeaInit.php in ardeaCore PHP Framework 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the pathForArdeaCore parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2012-0928 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2012-02-09 | 9.3 HIGH | N/A |
| The ATRAC codec in RealNetworks RealPlayer 11.x and 14.x through 14.0.7, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer 12.x before 12.0.0.1703 does not properly decode samples, which allows remote attackers to execute arbitrary code via a crafted ATRAC audio file. | |||||
| CVE-2011-5061 | 1 Whmcs | 1 Whmcompletesolution | 2012-02-08 | 7.5 HIGH | N/A |
| functions.php in WHMCompleteSolution (WHMCS) 4.0.x through 5.0.x allows remote attackers to trigger arbitrary code execution in the Smarty templating system by submitting a crafted ticket, related to improper handling of characters in the subject field. | |||||
| CVE-2011-4512 | 1 Siemens | 5 Simatic Hmi Panels, Wincc, Wincc Flexible and 2 more | 2012-02-06 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | |||||
| CVE-2011-4337 | 1 Sitracker | 1 Support Incident Tracker | 2012-02-02 | 7.5 HIGH | N/A |
| Static code injection vulnerability in translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to inject arbitrary PHP code into an executable language file in the i18n directory via the lang variable. | |||||
| CVE-2012-0329 | 1 Cisco | 1 Digital Media Manager | 2012-01-31 | 9.0 HIGH | N/A |
| Cisco Digital Media Manager 5.2.2 and earlier, and 5.2.3, allows remote authenticated users to execute arbitrary code via vectors involving a URL and an administrative resource, aka Bug ID CSCts63878. | |||||
| CVE-2011-3228 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-01-14 | 6.8 MEDIUM | N/A |
| QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file. | |||||
| CVE-2011-3221 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-01-14 | 6.8 MEDIUM | N/A |
| QuickTime in Apple Mac OS X before 10.7.2 does not properly handle the atom hierarchy in movie files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file. | |||||
| CVE-2011-2404 | 1 Hp | 1 Easy Printer Care Software | 2012-01-14 | 7.5 HIGH | N/A |
| A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-4786 and CVE-2011-4787. | |||||
| CVE-2011-0224 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-01-14 | 6.8 MEDIUM | N/A |
| CoreMedia in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted QuickTime movie file. | |||||
| CVE-2011-4453 | 1 Pmwiki | 1 Pmwiki | 2012-01-12 | 7.5 HIGH | N/A |
| The PageListSort function in scripts/pagelist.php in PmWiki 2.x before 2.2.35 allows remote attackers to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive, leading to unintended use of the PHP create_function function. | |||||
| CVE-2011-2585 | 1 Cisco | 1 Show And Share | 2012-01-12 | 6.5 MEDIUM | N/A |
| Cisco Show and Share 5(2), 5.2(1), and 5.2(2) before 5.2(2.1) allows remote authenticated users to upload and execute arbitrary code by leveraging video upload privileges, aka Bug ID CSCto69857. | |||||
| CVE-2011-5021 | 1 Phpids | 1 Phpids | 2011-12-29 | 7.5 HIGH | N/A |
| PHPIDS before 0.7 does not properly implement Regular Expression Denial of Service (ReDoS) filters, which allows remote attackers to bypass rulesets and add PHP sequences to a file via unspecified vectors. | |||||
| CVE-2011-4825 | 3 Phpletter, Phpmyfaq, Tinymce | 3 Ajax File And Image Manager, Phpmyfaq, Tinymce | 2011-12-15 | 7.5 HIGH | N/A |
| Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters. | |||||
| CVE-2011-4828 | 1 Autosectools | 1 V-cms | 2011-12-15 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in includes/inline_image_upload.php in AutoSec Tools V-CMS 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in temp/. | |||||
| CVE-2011-4201 | 1 Restorepoint | 1 Restorepoint | 2011-12-13 | 9.3 HIGH | N/A |
| remote_support.cgi in the Tadasoft Restorepoint 3.2 evaluation image allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) pid1 or (2) pid2 parameter in a stop_remote_support action. | |||||
| CVE-2011-4545 | 1 Prestashop | 1 Prestashop | 2011-12-13 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in admin/displayImage.php in Prestashop 1.4.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the name parameter. | |||||
| CVE-2011-4646 | 2 Lesterchan, Wordpress | 2 Wp-postratings, Wordpress | 2011-12-01 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in wp-postratings.php in the WP-PostRatings plugin 1.50, 1.61, and probably other versions before 1.62 for WordPress allows remote authenticated users with the Author role to execute arbitrary SQL commands via the id attribute of the ratings shortcode when creating a post. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-5040 | 2 John Bradshaw, Nucleuscms | 2 Np Gallery Plugin, Nucleus | 2011-11-16 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in nucleus/plugins/NP_gallery.php in the NP_Gallery plugin 0.94 for Nucleus allows remote attackers to execute arbitrary PHP code via a URL in the DIR_NUCLEUS parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-4047 | 1 Dell | 1 Kace K2000 Systems Deployment Appliance | 2011-11-14 | 9.3 HIGH | N/A |
| The Dell KACE K2000 System Deployment Appliance allows remote attackers to execute arbitrary commands by leveraging database write access. | |||||
| CVE-2006-4533 | 1 Plume-cms | 1 Plume Cms | 2011-11-10 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Plume CMS 1.0.6 and earlier allow remote attackers to execute arbitrary PHP code via the _PX_config[manager_path] parameter to (1) articles.php, (2) categories.php, (3) news.php, (4) prefs.php, (5) sites.php, (6) subtypes.php, (7) users.php, (8) xmedia.php, (9) frontinc/class.template.php, (10) inc/lib.text.php, (11) install/index.php, (12) install/upgrade.php, and (13) tools/htaccess/index.php. NOTE: other vectors are covered by CVE-2006-3562, CVE-2006-2645, and CVE-2006-0725. | |||||
| CVE-2009-4635 | 1 Ffmpeg | 1 Ffmpeg | 2011-10-26 | 9.3 HIGH | N/A |
| FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted MOV container with improperly ordered tags that cause (1) mov.c and (2) utils.c to use inconsistent codec types and identifiers, leading to processing of a video-structure pointer by the mp3 decoder, and a stack-based buffer overflow. | |||||
| CVE-2009-4636 | 1 Ffmpeg | 1 Ffmpeg | 2011-10-26 | 4.3 MEDIUM | N/A |
| FFmpeg 0.5 allows remote attackers to cause a denial of service (hang) via a crafted file that triggers an infinite loop. | |||||
| CVE-2009-5097 | 1 Hp | 1 Palm Pre Webos | 2011-09-14 | 7.1 HIGH | N/A |
| Palm Pre WebOS 1.1 and earlier processes JavaScript in email messages, which allows remote attackers to execute arbitrary JavaScript, as demonstrated by reading PalmDatabase.db3. | |||||
| CVE-2006-6689 | 1 Paristemi | 1 Paristemi | 2011-09-08 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Paristemi 0.8.3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the SERVER_DIRECTORY parameter to unspecified scripts, a different vector than CVE-2006-6739. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-0659 | 1 Runcms | 1 Runcms | 2011-09-08 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file include vulnerabilities in RunCMS 1.2 and earlier, with register_globals and allow_url_fopen enabled, allow remote attackers to execute arbitrary code via the bbPath[path] parameter in (1) class.forumposts.php and (2) forumpollrenderer.php. | |||||
| CVE-2006-5481 | 1 Castor | 1 Castor | 2011-09-08 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in 2le.net Castor PHP Web Builder 1.1.1 allow remote attackers to execute arbitrary PHP code via the rootpath parameter in (1) lib/code.php, (2) lib/dbconnect.php, (3) lib/error.php, (4) lib/menu.php, and other unspecified files. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2011-1760 | 1 Maynard Johnson | 1 Oprofile | 2011-09-07 | 7.2 HIGH | N/A |
| utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to conduct eval injection attacks and gain privileges via shell metacharacters in the -e argument. | |||||
| CVE-2011-1646 | 1 Cisco | 4 Rvs4000, Rvs4000 Software, Wrvs4400n and 1 more | 2011-09-07 | 9.0 HIGH | N/A |
| The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2.1, allows remote authenticated users to execute arbitrary commands via the (1) ping test parameter or (2) traceroute test parameter, aka Bug ID CSCtn23871. | |||||
| CVE-2006-0094 | 1 Oaboard | 1 Oaboard | 2011-08-23 | 7.5 HIGH | N/A |
| PHP remote file include vulnerability in forum.php in oaBoard 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc_stat parameter, a different vulnerability than CVE-2006-0076. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-4942 | 1 Focus-sis | 1 Focus Sis | 2011-08-22 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in modules/Discipline/StudentFieldBreakdown.php in Focus/SIS 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the FocusPath parameter, a different vector than CVE-2007-4806. NOTE: the provenance of this information is unknown. | |||||
| CVE-2005-3835 | 1 Desklance | 1 Desklance | 2011-08-10 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in support/index.php in DeskLance 2.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the main parameter. | |||||
| CVE-2009-3737 | 2 Microsoft, Oracle | 2 Internet Explorer, Siebel Option Pack Ie Activex Control | 2011-07-26 | 9.3 HIGH | N/A |
| The Oracle Siebel Option Pack for IE ActiveX control does not properly initialize memory that is used by the NewBusObj method, which allows remote attackers to execute arbitrary code via a crafted HTML document. | |||||
| CVE-2010-2789 | 1 Mediawiki | 1 Mediawiki | 2011-07-19 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in MediaWikiParserTest.php in MediaWiki 1.16 beta, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via unspecified vectors. | |||||
| CVE-2002-2019 | 1 Oscommerce | 1 Oscommerce | 2011-06-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in include_once.php in osCommerce (a.k.a. Exchange Project) 2.1 allows remote attackers to execute arbitrary PHP code via the include_file parameter. | |||||
| CVE-2006-5258 | 1 Asbru Software | 2 Asbru Web Content Management, Asbru Website Manager | 2011-06-13 | 5.1 MEDIUM | N/A |
| The spell checking component of (1) Asbru Web Content Management before 6.1.22, (2) Asbru Web Content Editor before 6.0.22, and (3) Asbru Website Manager before 6.0.22 allows remote attackers to execute arbitrary commands via an unspecified parameter that is not sanitized before Aspell is invoked. | |||||
| CVE-2008-2233 | 1 Openwsman | 1 Openwsman | 2011-03-08 | 7.5 HIGH | N/A |
| The client in Openwsman 1.2.0 and 2.0.0, in unknown configurations, allows remote Openwsman servers to replay SSL sessions via unspecified vectors. | |||||
| CVE-2008-0858 | 2 Kerio, Visnetic | 2 Kerio Mailserver, Visnetic Antivirus Plug-in For Mail Server | 2011-03-08 | 7.5 HIGH | N/A |
| Buffer overflow in the Visnetic anti-virus plugin in Kerio MailServer before 6.5.0 might allow remote attackers to execute arbitrary code via unspecified vectors. | |||||