Search Results (5825 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-10835 1 Nippon-antenna 2 Scr02hd, Scr02hd Firmware 2025-04-20 N/A
"Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows authenticated attackers to conduct code injection attacks via unspecified vectors.
CVE-2011-0469 1 Suse 1 Opensuse 2025-04-20 N/A
Code injection in openSUSE when running some source services used in the open build service 2.1 before March 11 2011.
CVE-2017-4964 1 Cloudfoundry 1 Bosh Azure Cpi 2025-04-20 8.8 High
Cloud Foundry Foundation BOSH Azure CPI v22 could potentially allow a maliciously crafted stemcell to execute arbitrary code on VMs created by the director, aka a "CPI code injection vulnerability."
CVE-2014-3927 1 Mrlg4php Project 1 Mrlg4php 2025-04-20 N/A
mrlg-lib.php in mrlg4php before 1.0.8 allows remote attackers to execute arbitrary shell code.
CVE-2017-16783 1 Cmsmadesimple 1 Cms Made Simple 2025-04-20 9.8 Critical
In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate parameter.
CVE-2017-3753 1 Lenovo 219 63, 63 Firmware, H50-30g and 216 more 2025-04-20 N/A
A vulnerability has been identified in some Lenovo products that use UEFI (BIOS) code developed by American Megatrends, Inc. (AMI). With this vulnerability, conditions exist where an attacker with administrative privileges or physical access to a system may be able to run specially crafted code that can allow them to bypass system protections such as Device Guard and Hyper-V.
CVE-2017-10844 1 Basercms 1 Basercms 2025-04-20 N/A
baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows an attacker to execute arbitrary PHP code on the server via unspecified vectors.
CVE-2017-15935 1 Artica 1 Pandora Fms 2025-04-20 N/A
Artica Pandora FMS version 7.0 is vulnerable to remote PHP code execution through the manager files function. This is only exploitable by administrators who upload a PHP file.
CVE-2016-2242 1 Exponentcms 1 Exponent Cms 2025-04-20 N/A
Exponent CMS 2.x before 2.3.7 Patch 3 allows remote attackers to execute arbitrary code via the sc parameter to install/index.php.
CVE-2017-0899 3 Debian, Redhat, Rubygems 10 Debian Linux, Enterprise Linux, Enterprise Linux Desktop and 7 more 2025-04-20 N/A
RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences.
CVE-2017-11421 1 Gnome-exe-thumbnailer Project 1 Gnome-exe-thumbnailer 2025-04-20 N/A
gnome-exe-thumbnailer before 0.9.5 is prone to a VBScript Injection when generating thumbnails for MSI files, aka the "Bad Taste" issue. There is a local attack if the victim uses the GNOME Files file manager, and navigates to a directory containing a .msi file with VBScript code in its filename.
CVE-2017-7570 1 Pivotx 1 Pivotx 2025-04-20 N/A
PivotX 2.3.11 allows remote authenticated Advanced users to execute arbitrary PHP code by performing an upload with a safe file extension (such as .jpg) and then invoking the duplicate function to change to the .php extension.
CVE-2017-9807 1 Openwebif Project 1 Openwebif 2025-04-20 N/A
An issue was discovered in the OpenWebif plugin through 1.2.4 for E2 open devices. The saveConfig function of "plugin/controllers/models/config.py" performs an eval() call on the contents of the "key" HTTP GET parameter. This allows an unauthenticated remote attacker to execute arbitrary Python code or OS commands via api/saveconfig.
CVE-2017-14764 1 Genixcms 1 Genixcms 2025-04-20 N/A
In the Upload Modules page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a module.
CVE-2017-9771 1 Websitebaker 1 Websitebaker 2025-04-20 N/A
install\save.php in WebsiteBaker v2.10.0 allows remote attackers to execute arbitrary PHP code via the database_username, database_host, or database_password parameter.
CVE-2017-7694 1 Getsymphony 1 Symphony 2025-04-20 N/A
Remote Code Execution vulnerability in symphony/content/content.blueprintsdatasources.php in Symphony CMS through 2.6.11 allows remote attackers to execute code and get a webshell from the back-end. The attacker must be authenticated and enter PHP code in the datasource editor or event editor.
CVE-2017-15376 1 Mobatek 1 Mobaxterm 2025-04-20 9.8 Critical
The TELNET service in Mobatek MobaXterm 10.4 does not require authentication, which allows remote attackers to execute arbitrary commands via TCP port 23.
CVE-2017-9774 1 Horde 1 Horde Image Api 2025-04-20 N/A
Remote Code Execution was found in Horde_Image 2.x before 2.5.0 via a crafted GET request. Exploitation requires authentication.
CVE-2017-15806 1 Zetacomponents 1 Mail 2025-04-20 N/A
The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow remote attackers to execute arbitrary code via a crafted email address, as demonstrated by one containing "-X/path/to/wwwroot/file.php."
CVE-2016-5726 1 Simplemachines 1 Simple Machines Forum 2025-04-20 N/A
Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the themechanges array parameter.