Total
6607 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-2582 | 1 Simplemachines | 1 Simple Machines Forum | 2025-04-21 | 3.5 Low |
| A vulnerability was found in SimpleMachines SMF 2.1.4 and classified as problematic. Affected by this issue is some unknown functionality of the file ManageAttachments.php. The manipulation of the argument Notice leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor does not declare this issue a security vulnerability due to authentication requirements before being able to access any feature in the software that allows file modification. | ||||
| CVE-2017-15806 | 1 Zetacomponents | 1 Mail | 2025-04-20 | N/A |
| The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow remote attackers to execute arbitrary code via a crafted email address, as demonstrated by one containing "-X/path/to/wwwroot/file.php." | ||||
| CVE-2017-1469 | 1 Ibm | 1 Infosphere Information Server | 2025-04-20 | N/A |
| IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a local user to gain elevated privileges by placing arbitrary files in installation directories. IBM X-Force ID: 128468. | ||||
| CVE-2017-14077 | 1 Phpcaptcha | 1 Securimage | 2025-04-20 | N/A |
| HTML Injection in Securimage 3.6.4 and earlier allows remote attackers to inject arbitrary HTML into an e-mail message body via the $_SERVER['HTTP_USER_AGENT'] parameter to example_form.ajax.php or example_form.php. | ||||
| CVE-2017-4964 | 1 Cloudfoundry | 1 Bosh Azure Cpi | 2025-04-20 | 8.8 High |
| Cloud Foundry Foundation BOSH Azure CPI v22 could potentially allow a maliciously crafted stemcell to execute arbitrary code on VMs created by the director, aka a "CPI code injection vulnerability." | ||||
| CVE-2017-8912 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-04-20 | 7.2 High |
| CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to admin/editusertag.php, related to the CreateTagFunction and CallUserTag functions. NOTE: the vendor reportedly has stated this is "a feature, not a bug. | ||||
| CVE-2015-6531 | 1 Paloaltonetworks | 1 Pan-os | 2025-04-20 | N/A |
| Palo Alto Networks Panorama VM Appliance with PAN-OS before 6.0.1 might allow remote attackers to execute arbitrary Python code via a crafted firmware image file. | ||||
| CVE-2017-7321 | 1 Modx | 1 Modx Revolution | 2025-04-20 | 9.8 Critical |
| setup/controllers/welcome.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the config_key parameter to the setup/index.php?action=welcome URI. | ||||
| CVE-2017-7324 | 1 Modx | 1 Modx Revolution | 2025-04-20 | 9.8 Critical |
| setup/templates/findcore.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the core_path parameter. | ||||
| CVE-2017-9774 | 1 Horde | 1 Horde Image Api | 2025-04-20 | N/A |
| Remote Code Execution was found in Horde_Image 2.x before 2.5.0 via a crafted GET request. Exploitation requires authentication. | ||||
| CVE-2014-8872 | 1 Avm | 4 Fritz\!box 6810 Lte, Fritz\!box 6810 Lte Firmware, Fritz\!box 6840 Lte and 1 more | 2025-04-20 | N/A |
| Improper Verification of Cryptographic Signature in AVM FRITZ!Box 6810 LTE after firmware 5.22, FRITZ!Box 6840 LTE after firmware 5.23, and other models with firmware 5.50. | ||||
| CVE-2016-7102 | 1 Owncloud | 1 Owncloud Desktop Client | 2025-04-20 | N/A |
| ownCloud Desktop before 2.2.3 allows local users to execute arbitrary code and possibly gain privileges via a Trojan library in a "special path" in the C: drive. | ||||
| CVE-2017-7911 | 1 Cybervision | 1 Kaa Iot Platform | 2025-04-20 | N/A |
| A Code Injection issue was discovered in CyberVision Kaa IoT Platform, Version 0.7.4. An insufficient-encapsulation vulnerability has been identified, which may allow remote code execution. | ||||
| CVE-2015-3638 | 1 Phpmybackuppro | 1 Phpmybackuppro | 2025-04-20 | N/A |
| phpMyBackupPro before 2.5 does not validate integer input, which allows remote authenticated users to execute arbitrary PHP code by injecting scripts via the path, filename, and period parameters to scheduled.php, and making requests to injected scripts, or by injecting PHP into a PHP configuration variable via a PHP variable variable. | ||||
| CVE-2017-6455 | 1 Ntp | 1 Ntp | 2025-04-20 | N/A |
| NTP before 4.2.8p10 and 4.3.x before 4.3.94, when using PPSAPI, allows local users to gain privileges via a DLL in the PPSAPI_DLLS environment variable. | ||||
| CVE-2017-11715 | 1 Metinfo Project | 1 Metinfo | 2025-04-20 | N/A |
| job/uploadfile_save.php in MetInfo through 5.3.17 blocks the .php extension but not related extensions, which might allow remote authenticated admins to execute arbitrary PHP code by uploading a .phtml file after certain actions involving admin/system/safe.php and job/cv.php. | ||||
| CVE-2014-4000 | 1 Cacti | 1 Cacti | 2025-04-20 | N/A |
| Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserialize(stripslashes()). | ||||
| CVE-2015-8351 | 1 Gwolle Guestbook Project | 1 Gwolle Guestbook | 2025-04-20 | N/A |
| PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.5.4 for WordPress, when allow_url_include is enabled, allows remote authenticated users to execute arbitrary PHP code via a URL in the abspath parameter to frontend/captcha/ajaxresponse.php. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences regardless of whether allow_url_include is enabled. | ||||
| CVE-2017-14146 | 1 Helpdezk | 1 Helpdezk | 2025-04-20 | N/A |
| HelpDEZk 1.1.1 allows remote authenticated users to execute arbitrary PHP code by uploading a .php attachment and then requesting it in the helpdezk\app\uploads\helpdezk\attachments\ directory. | ||||
| CVE-2017-14353 | 1 Hp | 1 Ucmdb Foundation Software | 2025-04-20 | N/A |
| A remote code execution vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33, could be remotely exploited to allow code execution. | ||||