Total
5662 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-0394 | 1 Apache | 1 Struts | 2025-04-11 | 6.8 MEDIUM | N/A |
| The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself. | |||||
| CVE-2013-3520 | 1 Vmware | 1 Vcenter Chargeback Manager | 2025-04-11 | 7.5 HIGH | N/A |
| VMware vCenter Chargeback Manager (aka CBM) before 2.5.1 does not proper handle uploads, which allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2011-5061 | 1 Whmcs | 1 Whmcompletesolution | 2025-04-11 | 7.5 HIGH | N/A |
| functions.php in WHMCompleteSolution (WHMCS) 4.0.x through 5.0.x allows remote attackers to trigger arbitrary code execution in the Smarty templating system by submitting a crafted ticket, related to improper handling of characters in the subject field. | |||||
| CVE-2010-0178 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-11 | 7.6 HIGH | N/A |
| Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, does not prevent applets from interpreting mouse clicks as drag-and-drop actions, which allows remote attackers to execute arbitrary JavaScript with Chrome privileges by loading a chrome: URL and then loading a javascript: URL. | |||||
| CVE-2009-4636 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | 4.3 MEDIUM | N/A |
| FFmpeg 0.5 allows remote attackers to cause a denial of service (hang) via a crafted file that triggers an infinite loop. | |||||
| CVE-2013-6427 | 1 Hp | 1 Linux Imaging And Printing Project | 2025-04-11 | 6.8 MEDIUM | N/A |
| upgrade.py in the hp-upgrade service in HP Linux Imaging and Printing (HPLIP) 3.x through 3.13.11 launches a program from an http URL, which allows man-in-the-middle attackers to execute arbitrary code by gaining control over the client-server data stream. | |||||
| CVE-2010-3189 | 1 Trendmicro | 1 Internet Security | 2025-04-11 | 9.3 HIGH | N/A |
| The extSetOwner function in the UfProxyBrowserCtrl ActiveX control (UfPBCtrl.dll) in Trend Micro Internet Security Pro 2010 allows remote attackers to execute arbitrary code via an invalid address that is dereferenced as a pointer. | |||||
| CVE-2012-0693 | 1 Whmcs | 1 Whmcompletesolution | 2025-04-11 | 5.0 MEDIUM | N/A |
| submitticket.php in WHMCompleteSolution (WHMCS) 5.03 allows remote attackers to inject arbitrary code into a subject field via crafted ticket data, a different vulnerability than CVE-2011-5061. NOTE: the vendor disputes this issue, noting that some of the details overlap CVE-2011-5061, but that it "says it affects V5.0.3, and the submitticket.php file, both of which are wrong. | |||||
| CVE-2010-0032 | 1 Microsoft | 1 Powerpoint | 2025-04-11 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "OEPlaceholderAtom Use After Free Vulnerability." | |||||
| CVE-2011-4337 | 1 Sitracker | 1 Support Incident Tracker | 2025-04-11 | 7.5 HIGH | N/A |
| Static code injection vulnerability in translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to inject arbitrary PHP code into an executable language file in the i18n directory via the lang variable. | |||||
| CVE-2010-5164 | 2 Kingsoft, Microsoft | 2 Personal Firewall 9, Windows Xp | 2025-04-11 | 6.2 MEDIUM | 5.3 MEDIUM |
| Race condition in KingSoft Personal Firewall 9 Plus 2009.05.07.70 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute | |||||
| CVE-2010-0195 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2025-04-11 | 9.3 HIGH | N/A |
| Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, do not properly handle fonts, which allows attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2009-4747 | 1 Tecnick | 1 Aiocp | 2025-04-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in public/code/cp_html2xhtmlbasic.php in All In One Control Panel (AIOCP) 1.4.001 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter, a different vector than CVE-2009-3220. | |||||
| CVE-2010-1342 | 1 Directnews | 1 Direct News | 2025-04-11 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Direct News 4.10.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter to (1) admin/menu.php and (2) library/lib.menu.php; and the adminroot parameter to (3) admin/media/update_content.php and (4) library/class.backup.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2013-4557 | 1 Spip | 1 Spip | 2025-04-11 | 7.5 HIGH | N/A |
| The Security Screen (_core_/securite/ecran_securite.php) before 1.1.8 for SPIP, as used in SPIP 3.0.x before 3.0.12, allows remote attackers to execute arbitrary PHP via the connect parameter. | |||||
| CVE-2013-3146 | 1 Microsoft | 1 Internet Explorer | 2025-04-11 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3152. | |||||
| CVE-2010-1335 | 1 Miftahovn | 1 Insky Cms | 2025-04-11 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Insky CMS 006-0111, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the ROOT parameter to (1) city.get/city.get.php, (2) city.get/index.php, (3) message2.send/message.send.php, (4) message.send/message.send.php, and (5) pages.add/pages.add.php in insky/modules/. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-3326 | 1 Microsoft | 4 Internet Explorer, Windows 2003 Server, Windows Server 2003 and 1 more | 2025-04-11 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." | |||||
| CVE-2010-2747 | 1 Microsoft | 2 Office, Word | 2025-04-11 | 9.3 HIGH | N/A |
| Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle an uninitialized pointer during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Uninitialized Pointer Vulnerability." | |||||
| CVE-2011-1969 | 1 Microsoft | 1 Forefront Unified Access Gateway | 2025-04-11 | 9.3 HIGH | N/A |
| Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 provides the MicrosoftClient.jar file containing a signed Java applet, which allows remote attackers to execute arbitrary code on client machines via unspecified vectors, aka "Poisoned Cup of Code Execution Vulnerability." | |||||