Search Results (6924 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-5369 1 Ibm 1 Spss Analytical Decision Management 2025-04-11 N/A
IBM SPSS Analytical Decision Management 6.1 before IF1, 6.2 before IF1, and 7.0 before FP1 IF6 might allow remote attackers to execute arbitrary code by deploying and accessing a service.
CVE-2013-6009 1 Open-xchange 1 Open-xchange Appsuite 2025-04-11 N/A
CRLF injection vulnerability in Open-Xchange AppSuite before 7.2.2, when using AJP in certain conditions, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the ajax/defer servlet.
CVE-2013-6025 1 Sybase 1 Adaptive Server Enterprise 2025-04-11 N/A
The XMLParse procedure in SAP Sybase Adaptive Server Enterprise (ASE) 15.7 ESD 2 allows remote authenticated users to read arbitrary files via a SQL statement containing an XML document with an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2013-6385 1 Drupal 1 Drupal 2025-04-11 N/A
The form API in Drupal 6.x before 6.29 and 7.x before 7.24, when used with unspecified third-party modules, performs form validation even when CSRF validation has failed, which might allow remote attackers to trigger application-specific impacts such as arbitrary code execution via application-specific vectors.
CVE-2013-6829 1 Pineapp 1 Mail-secure 2025-04-11 N/A
admin/confnetworking.html in PineApp Mail-SeCure allows remote attackers to execute arbitrary commands via shell metacharacters in the pinghost parameter during a ping operation.
CVE-2013-7086 1 Webbynode 1 Webbynode 2025-04-11 N/A
The message function in lib/webbynode/notify.rb in the Webbynode gem 1.0.5.3 and earlier for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a growlnotify message.
CVE-2014-0661 1 Cisco 14 Telepresence System 1000, Telepresence System 1100, Telepresence System 1300-65 and 11 more 2025-04-11 N/A
The System Status Collection Daemon (SSCD) in Cisco TelePresence System 500-37, 1000, 1300-65, and 3xxx before 1.10.2(42), and 500-32, 1300-47, TX1310 65, and TX9xxx before 6.0.4(11), allows remote attackers to execute arbitrary commands or cause a denial of service (stack memory corruption) via a crafted XML-RPC message, aka Bug ID CSCui32796.
CVE-2010-1120 1 Apple 2 Mac Os X, Safari 2025-04-11 N/A
Unspecified vulnerability in Safari 4 on Apple Mac OS X 10.6 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Charlie Miller during a Pwn2Own competition at CanSecWest 2010.
CVE-2010-1121 2 Mozilla, Redhat 2 Firefox, Enterprise Linux 2025-04-11 N/A
Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another, which allows remote attackers to conduct use-after-free attacks and execute arbitrary code via unspecified vectors involving improper interaction with garbage collection, as demonstrated by Nils during a Pwn2Own competition at CanSecWest 2010.
CVE-2010-1177 1 Apple 2 Iphone Os, Safari 2025-04-11 N/A
Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving document.write calls with long crafted strings.
CVE-2010-1180 1 Apple 2 Iphone Os, Safari 2025-04-11 N/A
Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long exception string in a throw statement, possibly a related issue to CVE-2009-1514.
CVE-2013-4330 2 Apache, Redhat 10 Camel, Fuse Esb Enterprise, Fuse Management Console and 7 more 2025-04-11 N/A
Apache Camel before 2.9.7, 2.10.0 before 2.10.7, 2.11.0 before 2.11.2, and 2.12.0 allows remote attackers to execute arbitrary simple language expressions by including "$simple{}" in a CamelFileName message header to a (1) FILE or (2) FTP producer.
CVE-2021-38117 2 Microfocus, Opentext 2 Imanager, Imanager 2025-04-10 8.8 High
Possible Command injection Vulnerability in iManager has been discovered in OpenTextâ„¢ iManager 3.2.4.0000.
CVE-2024-25706 1 Esri 1 Portal For Arcgis 2025-04-10 6.1 Medium
There is an HTML injection vulnerability in Esri Portal for ArcGIS 11.0 and below that may allow a remote, unauthenticated attacker to craft a URL which, when clicked, could potentially generate a message that may entice an unsuspecting victim to visit an arbitrary website. This could simplify phishing attacks.
CVE-2022-4800 1 Usememos 1 Memos 2025-04-10 6.5 Medium
Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.
CVE-2024-51298 1 Draytek 2 Vigor3900, Vigor3900 Firmware 2025-04-10 9.8 Critical
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doGRETunnel function.
CVE-2022-38193 1 Esri 1 Portal For Arcgis 2025-04-10 6.1 Medium
There is a code injection vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below that may allow a remote, unauthenticated attacker to pass strings which could potentially cause arbitrary code execution.
CVE-2024-3788 1 Whitebearsolutions 1 Wbsairback 2025-04-10 6.6 Medium
Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through License (/admin/CDPUsers). Exploitation of this vulnerability could allow a remote user to execute arbitrary code.
CVE-2024-3785 1 Whitebearsolutions 1 Wbsairback 2025-04-10 6.6 Medium
Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through Device NAS shared section (/admin/DeviceNAS). Exploitation of this vulnerability could allow a remote user to execute arbitrary code.
CVE-2024-3786 1 Whitebearsolutions 1 Wbsairback 2025-04-10 6.6 Medium
Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through Device Synchronizations (/admin/DeviceReplication). Exploitation of this vulnerability could allow a remote user to execute arbitrary code.