Total
5664 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-1279 | 1 Adobe | 1 Photoshop Cs4 | 2025-04-11 | 9.3 HIGH | N/A |
| Multiple unspecified vulnerabilities in Adobe Photoshop CS4 11.x before 11.0.1 allow user-assisted remote attackers to execute arbitrary code via a crafted TIFF file. | |||||
| CVE-2012-0209 | 1 Horde | 2 Groupware, Horde | 2025-04-11 | 7.5 HIGH | N/A |
| Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edition 1.2.10, as distributed by FTP between November 2011 and February 2012, contains an externally introduced modification (Trojan Horse) in templates/javascript/open_calendar.js, which allows remote attackers to execute arbitrary PHP code. | |||||
| CVE-2010-1978 | 1 Freephpblogsoftware | 1 Freephpblogsoftware | 2025-04-11 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in default_theme.php in FreePHPBlogSoftware 1.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the phpincdir parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2013-3174 | 1 Microsoft | 7 Windows 7, Windows 8, Windows Server 2003 and 4 more | 2025-04-11 | 9.3 HIGH | N/A |
| DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted GIF file, aka "DirectShow Arbitrary Memory Overwrite Vulnerability." | |||||
| CVE-2010-2145 | 1 Richrumble | 1 Clearsite | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in ClearSite Beta 4.50, and possibly other versions, allow remote attackers to execute arbitrary PHP code via a URL in the cs_base_path parameter to (1) docs.php and (2) include/admin/device_admin.php. NOTE: the header.php vector is already covered by CVE-2009-3306. NOTE: this issue may be due to a variable extraction error. | |||||
| CVE-2012-1875 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2025-04-11 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Same ID Property Remote Code Execution Vulnerability." | |||||
| CVE-2013-3239 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | 4.6 MEDIUM | N/A |
| phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename. | |||||
| CVE-2012-1879 | 1 Microsoft | 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more | 2025-04-11 | 9.3 HIGH | 8.1 HIGH |
| Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access an undefined memory location, aka "insertAdjacentText Remote Code Execution Vulnerability." | |||||
| CVE-2013-1899 | 2 Canonical, Postgresql | 2 Ubuntu Linux, Postgresql | 2025-04-11 | 6.5 MEDIUM | N/A |
| Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a "-" (hyphen). | |||||
| CVE-2010-1272 | 1 Komputer.boo | 1 Gnat-tgp | 2025-04-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/tgpinc.php in Gnat-TGP 1.2.20 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter. | |||||
| CVE-2009-4623 | 1 Plohni | 1 Advanced Comment System | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Advanced Comment System 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the ACS_path parameter to (1) index.php and (2) admin.php in advanced_comment_system/. NOTE: this might only be a vulnerability when the administrator has not followed installation instructions in install.php. NOTE: this might be the same as CVE-2020-35598. | |||||
| CVE-2010-1900 | 1 Microsoft | 6 Office, Office Compatibility Pack, Office Word Viewer and 3 more | 2025-04-11 | 9.3 HIGH | N/A |
| Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and Works 9 do not properly handle malformed records in a Word file, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, aka "Word Record Parsing Vulnerability." | |||||
| CVE-2010-1249 | 1 Microsoft | 3 Excel, Office, Open Xml File Format Converter | 2025-04-11 | 9.3 HIGH | N/A |
| Buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed ExternName (0x23) record, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1247. | |||||
| CVE-2010-2771 | 1 Ibm | 1 Soliddb | 2025-04-11 | 10.0 HIGH | N/A |
| solid.exe in IBM solidDB before 6.5 FP2 allows remote attackers to execute arbitrary code via a long username field in the first handshake packet. | |||||
| CVE-2010-1299 | 1 Dynpg | 1 Dynpg | 2025-04-11 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in DynPG CMS 4.1.0, and possibly earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) DefineRootToTool parameter to counter.php, (2) PathToRoot parameter to plugins/DPGguestbook/guestbookaction.php and (3) get_popUpResource parameter to backendpopup/popup.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2012-6535 | 1 Djvulibre Project | 1 Djvulibre | 2025-04-11 | 9.3 HIGH | N/A |
| DjVuLibre before 3.5.25.3, as used in Evince, Sumatra PDF Reader, VuDroid, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted DjVu (aka .djv) file. | |||||
| CVE-2010-1165 | 1 Atlassian | 1 Jira | 2025-04-11 | 9.0 HIGH | N/A |
| Atlassian JIRA 3.12 through 4.1 allows remote authenticated administrators to execute arbitrary code by modifying the (1) attachment (aka attachments), (2) index (aka indexing), or (3) backup path and then uploading a file, as exploited in the wild in April 2010. | |||||
| CVE-2011-4639 | 1 Spamtitan | 1 Webtitan | 2025-04-11 | 6.5 MEDIUM | N/A |
| The (1) Traceroute and (2) Ping implementations in tools.php in SpamTitan WebTitan before 3.60 allow remote authenticated users to execute arbitrary commands via shell metacharacters in an argument, as demonstrated by an && (ampersand ampersand) sequence. | |||||
| CVE-2012-4840 | 1 Ibm | 1 Cognos Business Intelligence | 2025-04-11 | 5.0 MEDIUM | N/A |
| IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows remote attackers to conduct XPath injection attacks, and call XPath extension functions, via unspecified vectors. | |||||
| CVE-2010-1114 | 1 Comscripts | 1 Web Server Creator Web Portal | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Web Server Creator - Web Portal 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) pg parameter to index.php and the (2) path parameter to news/form.php. | |||||