CWE:
 

Topic
Date
Author
High
Netsweeper WebAdmin unixlogin.php Python Code Injection
13.05.2020
wvu
Med.
Total.js CMS 12 Widget JavaScript Code Injection (Metasploit)
23.10.2019
sinn3r
Med.
Total.js CMS 12 Widget JavaScript Code Injection
22.10.2019
sinn3r
High
pfSense 2.3.4 / 2.4.4-p3 Remote Code Injection
25.09.2019
Nassim Asrir
High
Totaljs CMS 12.0 Widget Creation Code Injection
05.09.2019
Riccardo Krauter
Med.
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 JS/HTML Code Injection
10.01.2019
Gjoko 'LiquidWorm' Krs...
Med.
Wifi-soft Unibox 2.x Remote Command / Code Injection
10.01.2019
Sahil Dhar
High
National Instruments Linux Driver Remote Code Injection
21.07.2018
Enrico Weigelt
Med.
Dolibarr ERP CRM 7.0.3 Code Injection
02.07.2018
om3rcitak
High
phpMyFAQ 2.9.9 Code Injection
18.11.2017
tomplixsee
Low
jRank - Topsites Script 1.0 - Cross-Site Request Forgery
11.09.2017
Ihsan Sencan
Med.
VMware Horizons macOS Client Code Injection
12.07.2017
Florian Bogner
Med.
BanManager WebUI 1.5.8 Code Injection / Cross Site Scripting
11.05.2017
HaHwul
High
XenForo 1.5.x Remote Code Execution
16.12.2016
Vishal Mishra
Med.
Trend Micro Smart Protection Server Exec Remote Code Injection
15.11.2016
Keiser
High
SPIP 3.1.2 Template Compiler / Composer PHP Code Execution
20.10.2016
Nicolas CHATELAIN
High
Lepton CMS 2.2.0 / 2.2.1 PHP Code Injection
17.08.2016
hyp3rlinx
High
IPS Community Suite 4.1.12.3 PHP Code Injection
09.07.2016
Egidio Romano
High
SugarCRM <= 6.5.18 Two PHP Code Injection Vulnerabilities
24.06.2016
Egidio Romano
High
Exponent 2.3.7 PHP Code Execution
12.02.2016
High-Tech Bridge Secur...
High
phpMyFAQ 2.7.9 PHP Code Injection
23.12.2015
indoushkan
Low
WordPress woocommerce plugin v2.4.12 PHP Code Injection Vulnerability
21.12.2015
indoushka
High
DMarket 1.0 Remote PHP Code Injection
08.12.2015
indoushka
High
Advantech Switch Bash Environment Variable Code Injection
02.12.2015
hdm
High
ATutor 2.2 PHP Code Injection
05.11.2015
Egidio Romano.
High
WordPress eShop 6.3.11 Code Execution
06.05.2015
High-Tech Bridge Secur...
Med.
Webshop hun v1.062S /index.php Multiple Parameters SQL
05.03.2015
Wang Jing
Low
RelateIQ Mail Encoding Script Code Injection
17.12.2014
Vulnerability Lab
High
WordPress CM Download Manager 2.0.0 Code Injection
21.11.2014
Phi Le Ngoc
High
MantisBT XmlImportExport Plugin PHP Code Injection
18.11.2014
Juan Escobar
High
CUPS Filter Bash Environment Variable Code Injection
29.10.2014
Brendan Coles
High
SAP HANA Web-based Development Workbench Code Injection
09.10.2014
Will Vandevanter
High
Pure-FTPd External Authentication Bash Environment Variable Code Injection
02.10.2014
Spencer
High
DHCP Client Bash Environment Variable Code Injection
29.09.2014
Ramon
High
Apache mod_cgi Bash Environment Variable Code Injection
28.09.2014
Juan vazquez
High
CGI Remote Code Injection by Bash Proof Of Concept
25.09.2014
Prakhar Prasad && Subh...
High
PayPal SecurityKey Card Serialnumber Module Code Injection
19.06.2014
Vulnerability Lab
High
EGroupware 1.8.006 Cross Site Request Forgery / Code Injection
16.05.2014
High-Tech Bridge Secur...
High
Eventum 2.3.4 Incorrect Permissions / Code Injection
29.01.2014
High-Tech Bridge Secur...
High
bloofoxCMS 0.5.0 CSRF / PHP Code Injection
18.01.2014
AtT4CKxT3rR0r1ST
High
openSIS 5.2 PHP Code Injection
08.12.2013
Egidio Romano
High
Eaton Network Shutdown Module 3.21 PHP Code Injection
07.12.2013
Filip Waeytens
High
ZoneDirector Code Injection
13.11.2013
Erik van Eijk
High
GLPI 0.84.1 Access Control & Code Injection
03.10.2013
High-Tech Bridge Secur...
High
vtiger CRM 5.4.0 PHP Code Injection
02.08.2013
Egidio Romano
High
Foreman (Red Hat OpenStack/Satellite) Code Injection
23.07.2013
Ramon de C Valle
High
230 CMS 1.1.2012 PHP Code Injection
13.06.2013
CWH Underground
High
mkCMS 3.6 PHP Code Injection
12.06.2013
CWH Underground
High
Lokboard 1.1 PHP Code Injection
11.06.2013
CWH Underground
High
MaxForum 2.0.0 Multiple Vulnerabilities
10.06.2013
CWH Underground
High
Napata CMS 1.5.2013 PHP Code Injection
06.06.2013
CWH Underground
High
CMS Gratis Indonesia PHP Code Injection
05.06.2013
CWH Underground
Low
PHP4DVD 2.0 Code Injection
03.06.2013
CWH Underground
High
PHPvocabtionary Code Injection
08.05.2013
Slotleet
High
phpMyAdmin 3.5.8 Authenticated Remote Code Execution Exploit
30.04.2013
Ben Campbell
High
phpMyAdmin 3.5.8 LFI & Array Overwrite & Remote code execution
25.04.2013
waraxe
High
SAP NetWeaver Remote ABAP Code Injection
25.04.2013
ESNC
High
FUDforum 3.0.4 Code Injection
04.04.2013
High-Tech Bridge Secur...
High
SQLiteManager 1.2.4 PHP Code Injection
26.01.2013
RealGame
High
PHP Lite Admin 1.9.3 Code Injection
11.01.2013
L@usch
High
Elastix 2.3 PHP Code Injection
05.01.2013
Faris AKA i-Hmx
Low
Apple WGT Dictionnaire 1.3 Script Code Injection
28.11.2012
Vulnerability Lab
High
Wordpress Plugin BackWPup 1.6.1 Remote auth bypass
16.10.2012
Sense of Security
High
PhpTax pfilez Parameter Exec Remote Code Injection
10.10.2012
sinn3r
High
Am4ss 1.2 PHP Code Injection
04.08.2012
Faris , aka i-Hmx
High
MyWebFTP 5.3.3 & OurWebFTP 5.3.4 Remote PHP Code Execution Vulnerability
24.07.2012
condis
High
Pligg 0.9 BETA / 1.1.1 Multiple Vuln / Remote Code Execution
22.07.2012
BlackHawk
High
Log1 CMS writeInfo() PHP Code Injection
05.06.2012
sinn3r
Med.
ispVM System 18.0.2 XCF File Handling Overflow
30.05.2012
Unknown
High
Small CMS PHP Code Injection
28.05.2012
L3b-r1'z
High
PHP List 2.10.9 PHP Code Injection
28.05.2012
L3b-r1'z
High
WeBid converter.php Remote PHP Code Injection
26.05.2012
EgiX
High
OpenOffice OLE Importer DocumentSummaryInformation Stream Handling Overflow
24.05.2012
juan vazquez
High
Active Collab \"chat module\" 2.3.8 Remote PHP Code Injection
22.05.2012
mr_me
High
eLearning Server 4G Remote File Inclusion / SQL Injection
11.05.2012
Eugene Salov
High
phpEnter Code Injection
09.05.2012
L3b-r1'z
High
WebCalendar 1.2.4 Remote Code Injection (Metasploit)
01.05.2012
sinn3r
High
Microsoft MSCOMCTL ActiveX Buffer Overflow (MS12-027)
26.04.2012
juan vazquez and sinn3...
High
swDesk Shell Upload / Code Injection / XSS
02.02.2012
Red Security TEAM
Low
HostBill 2.3 Remote Code Injection
31.01.2012
Dr.DaShE
High
vBSEO 3.6.0 PHP Code Injection
31.01.2012
EgiX
High
Tiki Wiki CMS Groupware <= 8.2 (snarf_ajax.php) Remote PHP Code Injection
30.12.2011
Egidio Romano aka EgiX
High
PHP 5.3.7+ issue is_a function
11.11.2011
Cipriano Groenendal
High
Groones Simple Contact Form (abspath) Remote File Inclusion Vulnerability
11.11.2011
g1xsystem
High
HINNENDAHL.COM Gaestebuch 1.2 Remote File Inclusion Vulnerability
12.10.2011
bd0rk
High
HP Easy Printer Care XMLSimpleAccessor Class ActiveX Control Remote Code Execution
26.08.2011
HP
High
Symantec System Center Alert Management System (xfr.exe) Arbitrary Command Execution
24.08.2011
IBM
High
phpMyAdmin 3.x Multiple Remote Code Executions
19.07.2011
Mango
High
HP Service Manager and HP Service Center Multiple Vulns
16.06.2011
HP
High
AWStats Totals =< v1.14 multisort Remote Command Execution
27.05.2011
metasploit
High
Symantec IM Manager Eval Code Injection Remote Code Execution Vulnerability
03.02.2011
ZDI
Med.
Simploo CMS Community Edition - Remote PHP Code Execution Issue
19.01.2011
David Vieira-Kurz of M...
High
Real Networks RealPlayer SP \'RecordClip\' Method Remote Code Execution
15.01.2011
Sean de Regge
High
SiteScape Enterprise Forum 7 TCL Injection
15.01.2011
Spencer McIntyre
High
Pandora FMS Authentication Bypass and Multiple Input Validation Vulnerabilities
07.12.2010
Juan Galiana Lara
High
AWStats 6.95 and Older Remote Command Execution When Installed on Windows Apache Tomcat
03.12.2010
StenoPlasma
High
Cisco Unified Videoconferencing multiple vulnerabilities
24.11.2010
Florent Daigniere
High
Landesk OS command injection
18.11.2010
Aureliano Calvo
High
Microsoft Office HtmlDlgHelper class memory corruption
17.10.2010
CORE
High
Firefox 3.5.10 & 3.6.6 WMP Memory Corruption Using Popups
15.10.2010
SkyLined


CVEMAP Search Results

CVE
Details
Description
2020-09-11
Medium
CVE-2020-1218

Vendor: Microsoft
Software: 365 apps
 

 
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1338.

 
Medium
CVE-2020-1338

Vendor: Microsoft
Software: 365 apps
 

 
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1218.

 
High
CVE-2020-1508

Vendor: Microsoft
Software: Windows 10
 

 
A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects, aka 'Windows Media Audio Decoder Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1593.

 
High
CVE-2020-16874

Vendor: Microsoft
Software: Visual studio
 

 
A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory, aka 'Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16856.

 
High
CVE-2020-16875

Vendor: Microsoft
Software: Exchange server
 

 
A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user, aka 'Microsoft Exchange Server Remote Code Execution Vulnerability'.

 
2020-09-10
Medium
CVE-2020-15171

Vendor: Xwiki
Software: Xwiki
 

 
In XWiki before versions 11.10.5 or 12.2.1, any user with SCRIPT right (EDIT right before XWiki 7.4) can gain access to the application server Servlet context which contains tools allowing to instantiate arbitrary Java objects and invoke methods that may lead to arbitrary code execution. The only workaround is to give SCRIPT right only to trusted users.

 
2020-09-09
Medium
CVE-2020-6318

Vendor: SAP
Software: Abap platform
 

 
A Remote Code Execution vulnerability exists in the SAP NetWeaver (ABAP Server, up to release 7.40) and ABAP Platform (> release 7.40).Because of this, an attacker can exploit these products via Code Injection, and potentially enabling to take complete control of the products, including viewing, changing, or deleting data by injecting code into the working memory which is subsequently executed by the application. It can also be used to cause a general fault in the product, causing the products to terminate.

 
2020-09-03
Medium
CVE-2020-7381

Vendor: Rapid7
Software: Nexpose
 

 
In Rapid7 Nexpose installer versions prior to 6.6.40, the Nexpose installer calls an executable which can be placed in the appropriate directory by an attacker with access to the local machine. This would prevent the installer from distinguishing between a valid executable called during a Security Console installation and any arbitrary code executable using the same file name.

 
High
CVE-2020-9199

Updating...
 

 
B2368-22 V100R001C00;B2368-57 V100R001C00;B2368-66 V100R001C00 have a command injection vulnerability. An attacker with high privileges may exploit this vulnerability through some operations on the LAN. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject commands to the target device.

 
2020-09-02
Waiting for details
CVE-2020-15167

Updating...
 

 
In Miller (command line utility) using the configuration file support introduced in version 5.9.0, it is possible for an attacker to cause Miller to run arbitrary code by placing a malicious `.mlrrc` file in the working directory. See linked GitHub Security Advisory for complete details. A fix is ready and will be released as Miller 5.9.1.

 

 


Copyright 2020, cxsecurity.com

 

Back to Top