Search Results (6950 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-1001004 1 Typed Function Project 1 Typed Function 2025-04-20 N/A
typed-function before 0.10.6 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution.
CVE-2017-14146 1 Helpdezk 1 Helpdezk 2025-04-20 N/A
HelpDEZk 1.1.1 allows remote authenticated users to execute arbitrary PHP code by uploading a .php attachment and then requesting it in the helpdezk\app\uploads\helpdezk\attachments\ directory.
CVE-2015-0855 1 Pitivi 1 Pitivi 2025-04-20 N/A
The _mediaLibraryPlayCb function in mainwindow.py in pitivi before 0.95 allows attackers to execute arbitrary code via shell metacharacters in a file path.
CVE-2016-4895 1 Setucocms Project 1 Setucocms 2025-04-20 N/A
SetsucoCMS all versions allows remote authenticated attackers to conduct code injection attacks via unspecified vectors.
CVE-2017-11715 1 Metinfo Project 1 Metinfo 2025-04-20 N/A
job/uploadfile_save.php in MetInfo through 5.3.17 blocks the .php extension but not related extensions, which might allow remote authenticated admins to execute arbitrary PHP code by uploading a .phtml file after certain actions involving admin/system/safe.php and job/cv.php.
CVE-2017-7911 1 Cybervision 1 Kaa Iot Platform 2025-04-20 N/A
A Code Injection issue was discovered in CyberVision Kaa IoT Platform, Version 0.7.4. An insufficient-encapsulation vulnerability has been identified, which may allow remote code execution.
CVE-2017-9442 1 Bigtreecms 1 Bigtree Cms 2025-04-20 N/A
BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary code by uploading a crafted package containing a PHP web shell, related to extraction of a ZIP archive to filename patterns such as cache/package/xxx/yyy.php. This issue exists in core\admin\modules\developer\extensions\install\unpack.php and core\admin\modules\developer\packages\install\unpack.php. NOTE: the vendor states "You must implicitly trust any package or extension you install as they all have the ability to write PHP files.
CVE-2016-7102 1 Owncloud 1 Owncloud Desktop Client 2025-04-20 N/A
ownCloud Desktop before 2.2.3 allows local users to execute arbitrary code and possibly gain privileges via a Trojan library in a "special path" in the C: drive.
CVE-2017-6325 1 Symantec 1 Messaging Gateway 2025-04-20 N/A
The Symantec Messaging Gateway can encounter a file inclusion vulnerability, which is a type of vulnerability that is most commonly found to affect web applications that rely on a scripting run time. This issue is caused when an application builds a path to executable code using an attacker-controlled variable in a way that allows the attacker to control which file is executed at run time. This file inclusion vulnerability subverts how an application loads code for execution. Successful exploitation of a file inclusion vulnerability will result in remote code execution on the web server that runs the affected web application.
CVE-2016-8020 1 Mcafee 1 Virusscan Enterprise 2025-04-20 N/A
Improper control of generation of code vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to execute arbitrary code via a crafted HTTP request parameter.
CVE-2017-1469 1 Ibm 1 Infosphere Information Server 2025-04-20 N/A
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a local user to gain elevated privileges by placing arbitrary files in installation directories. IBM X-Force ID: 128468.
CVE-2015-9227 1 Alegrocart 1 Alegrocart 2025-04-20 N/A
PHP remote file inclusion vulnerability in the get_file function in upload/admin2/controller/report_logs.php in AlegroCart 1.2.8 allows remote administrators to execute arbitrary PHP code via a URL in the file_path parameter to upload/admin2.
CVE-2017-10844 1 Basercms 1 Basercms 2025-04-20 N/A
baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows an attacker to execute arbitrary PHP code on the server via unspecified vectors.
CVE-2017-11421 1 Gnome-exe-thumbnailer Project 1 Gnome-exe-thumbnailer 2025-04-20 N/A
gnome-exe-thumbnailer before 0.9.5 is prone to a VBScript Injection when generating thumbnails for MSI files, aka the "Bad Taste" issue. There is a local attack if the victim uses the GNOME Files file manager, and navigates to a directory containing a .msi file with VBScript code in its filename.
CVE-2014-3582 1 Apache 1 Ambari 2025-04-20 N/A
In Ambari 1.2.0 through 2.2.2, it may be possible to execute arbitrary system commands on the Ambari Server host while generating SSL certificates for hosts in an Ambari cluster.
CVE-2016-5713 1 Puppet 1 Puppet Agent 2025-04-20 N/A
Versions of Puppet Agent prior to 1.6.0 included a version of the Puppet Execution Protocol (PXP) agent that passed environment variables through to Puppet runs. This could allow unauthorized code to be loaded. This bug was first introduced in Puppet Agent 1.3.0.
CVE-2016-5727 1 Simplemachines 1 Simple Machines Forum 2025-04-20 N/A
LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input in a foreach loop.
CVE-2017-11459 1 Sap 1 Trex 2025-04-20 N/A
SAP TREX 7.10 allows remote attackers to (1) read arbitrary files via an fget command or (2) write to arbitrary files and consequently execute arbitrary code via an fdir command, aka SAP Security Note 2419592.
CVE-2016-5726 1 Simplemachines 1 Simple Machines Forum 2025-04-20 N/A
Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the themechanges array parameter.
CVE-2015-2252 1 Huawei 2 Oceanstor Uds, Oceanstor Uds Firmware 2025-04-20 N/A
Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to execute arbitrary code with root privileges via a crafted UDS patch with shell scripts.