Total
5662 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-4879 | 1 Digitaljunkies | 1 Dompdf | 2025-04-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in dompdf.php in dompdf 0.6.0 beta1 allows remote attackers to execute arbitrary PHP code via a URL in the input_file parameter. | |||||
| CVE-2012-5159 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | 7.5 HIGH | N/A |
| phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror during an unspecified time frame in 2012, contains an externally introduced modification (Trojan Horse) in server_sync.php, which allows remote attackers to execute arbitrary PHP code via an eval injection attack. | |||||
| CVE-2010-3228 | 1 Microsoft | 6 .net Framework, Windows 7, Windows Server 2003 and 3 more | 2025-04-11 | 9.3 HIGH | N/A |
| The JIT compiler in Microsoft .NET Framework 4.0 on 64-bit platforms does not properly perform optimizations, which allows remote attackers to execute arbitrary code via a crafted .NET application that triggers memory corruption, aka ".NET Framework x64 JIT Compiler Vulnerability." | |||||
| CVE-2010-2789 | 1 Mediawiki | 1 Mediawiki | 2025-04-11 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in MediaWikiParserTest.php in MediaWiki 1.16 beta, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via unspecified vectors. | |||||
| CVE-2010-2235 | 1 Michael Dehaan | 1 Cobbler | 2025-04-11 | 8.5 HIGH | N/A |
| template_api.py in Cobbler before 2.0.7, as used in Red Hat Network Satellite Server and other products, does not disable the ability of the Cheetah template engine to execute Python statements contained in templates, which allows remote authenticated administrators to execute arbitrary code via a crafted kickstart template file, a different vulnerability than CVE-2008-6954. | |||||
| CVE-2010-0492 | 1 Microsoft | 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more | 2025-04-11 | 9.3 HIGH | 8.1 HIGH |
| Use-after-free vulnerability in mstime.dll in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via vectors related to the TIME2 behavior, the CTimeAction object, and destruction of markup, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability." | |||||
| CVE-2010-0103 | 1 Energizer | 1 Duo Usb | 2025-04-11 | 9.3 HIGH | N/A |
| UsbCharger.dll in the Energizer DUO USB battery charger software contains a backdoor that is implemented through the Arucer.dll file in the %WINDIR%\system32 directory, which allows remote attackers to download arbitrary programs onto a Windows PC, and execute these programs, via a request to TCP port 7777. | |||||
| CVE-2011-3655 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-11 | 9.3 HIGH | N/A |
| Mozilla Firefox 4.x through 7.0 and Thunderbird 5.0 through 7.0 perform access control without checking for use of the NoWaiverWrapper wrapper, which allows remote attackers to gain privileges via a crafted web site. | |||||
| CVE-2010-2216 | 1 Adobe | 3 Adobe Air, Flash Player, Flash Player For Linux | 2025-04-11 | 9.3 HIGH | N/A |
| Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-0209, CVE-2010-2213, and CVE-2010-2214. | |||||
| CVE-2009-4834 | 1 Xpressengine | 1 Zeroboard | 2025-04-11 | 6.8 MEDIUM | N/A |
| lib.php in Zeroboard 4.1 pl7 allows remote attackers to execute arbitrary PHP code via a crafted parameter name, possibly related to now_connect.php. | |||||
| CVE-2010-2750 | 1 Microsoft | 2 Office, Word | 2025-04-11 | 9.3 HIGH | N/A |
| Array index error in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Vulnerability." | |||||
| CVE-2010-2358 | 1 Jeffkilroy | 1 Nakid Cms | 2025-04-11 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in modules/catalog/upload_photo.php in Nakid CMS 0.5.2, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the core[system_path] parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2013-4203 | 1 Richard Cook | 1 Rgpg | 2025-04-11 | 7.5 HIGH | N/A |
| The self.run_gpg function in lib/rgpg/gpg_helper.rb in the rgpg gem before 0.2.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors. | |||||
| CVE-2011-2605 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-11 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374. | |||||
| CVE-2010-4558 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-11 | 7.5 HIGH | N/A |
| phpMyFAQ 2.6.11 and 2.6.12, as distributed between December 4th and December 15th 2010, contains an externally introduced modification (Trojan Horse) in the getTopTen method in inc/Faq.php, which allows remote attackers to execute arbitrary PHP code. | |||||
| CVE-2012-2596 | 1 Siemens | 1 Wincc | 2025-04-11 | 5.5 MEDIUM | N/A |
| The XPath functionality in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 does not properly handle special characters in parameters, which allows remote authenticated users to read or modify settings via a crafted URL, related to an "XML injection" attack. | |||||
| CVE-2013-6829 | 1 Pineapp | 1 Mail-secure | 2025-04-11 | 7.5 HIGH | N/A |
| admin/confnetworking.html in PineApp Mail-SeCure allows remote attackers to execute arbitrary commands via shell metacharacters in the pinghost parameter during a ping operation. | |||||
| CVE-2010-2208 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2025-04-11 | 9.3 HIGH | N/A |
| Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, dereference a heap object after this object's deletion, which allows attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2011-3232 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-11 | 9.3 HIGH | N/A |
| YARR, as used in Mozilla Firefox before 7.0, Thunderbird before 7.0, and SeaMonkey before 2.4, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript. | |||||
| CVE-2011-4257 | 1 Realnetworks | 1 Realplayer | 2025-04-11 | 9.3 HIGH | N/A |
| The Cook codec in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via crafted channel data. | |||||