CWE:
 

Topic
Date
Author
High
Eramba 3.19.1 Remote Command Execution
01.08.2023
Sergey Makarov
High
WordPress Ninja Forms Code Injection
20.06.2022
Ramuel Gall
Med.
SAP Application Server ABAP / ABAP Platform Code Injection / SQL Injection / Missing Authorization
22.05.2022
Fabian Hagg
High
iTop < 2.7.6 - (Authenticated) Remote command execution
22.05.2022
Alexandre Zanni
Low
FLEX 1085 Web 1.6.0 - HTML Injection
10.03.2022
Mr Empy
Med.
SAP Netweaver IUUC_RECON_RC_COUNT_TABLE_BIG ABAP Code Injection
16.12.2021
Raschin Tavakoli
High
SAP Netweaver IUUC_GENERATE_ACPLAN_DELIMITER ABAP Code Injection
16.12.2021
Raschin Tavakoli
High
Dolibarr ERP / CRM 13.0.2 Remote Code Execution
10.11.2021
Nick Decker
High
SAP XMII Remote Code Execution
15.06.2021
Nicolas Raus
High
IPS Community Suite 4.5.4.2 PHP Code Injection
31.05.2021
EgiX
High
WP Super Cache WordPress Plugin <= 1.7.1 - Authenticated RCE / XSS -> RCE
19.03.2021
m0ze
Med.
ExpressionEngine 6.0.2 PHP Code Injection
17.03.2021
EgiX
Med.
OpenMediaVault rpc.php Authenticated PHP Code Injection
25.11.2020
Anastasios Stasinopoul...
High
Netsweeper WebAdmin unixlogin.php Python Code Injection
13.05.2020
wvu
Med.
Total.js CMS 12 Widget JavaScript Code Injection (Metasploit)
23.10.2019
sinn3r
Med.
Total.js CMS 12 Widget JavaScript Code Injection
22.10.2019
sinn3r
High
pfSense 2.3.4 / 2.4.4-p3 Remote Code Injection
25.09.2019
Nassim Asrir
High
Totaljs CMS 12.0 Widget Creation Code Injection
05.09.2019
Riccardo Krauter
Med.
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 JS/HTML Code Injection
10.01.2019
Gjoko 'LiquidWorm' Krs...
Med.
Wifi-soft Unibox 2.x Remote Command / Code Injection
10.01.2019
Sahil Dhar
High
National Instruments Linux Driver Remote Code Injection
21.07.2018
Enrico Weigelt
Med.
Dolibarr ERP CRM 7.0.3 Code Injection
02.07.2018
om3rcitak
High
phpMyFAQ 2.9.9 Code Injection
18.11.2017
tomplixsee
Low
jRank - Topsites Script 1.0 - Cross-Site Request Forgery
11.09.2017
Ihsan Sencan
Med.
VMware Horizons macOS Client Code Injection
12.07.2017
Florian Bogner
Med.
BanManager WebUI 1.5.8 Code Injection / Cross Site Scripting
11.05.2017
HaHwul
High
XenForo 1.5.x Remote Code Execution
16.12.2016
Vishal Mishra
Med.
Trend Micro Smart Protection Server Exec Remote Code Injection
15.11.2016
Keiser
High
SPIP 3.1.2 Template Compiler / Composer PHP Code Execution
20.10.2016
Nicolas CHATELAIN
High
Lepton CMS 2.2.0 / 2.2.1 PHP Code Injection
17.08.2016
hyp3rlinx
High
IPS Community Suite 4.1.12.3 PHP Code Injection
09.07.2016
Egidio Romano
High
SugarCRM <= 6.5.18 Two PHP Code Injection Vulnerabilities
24.06.2016
Egidio Romano
High
Exponent 2.3.7 PHP Code Execution
12.02.2016
High-Tech Bridge Secur...
High
phpMyFAQ 2.7.9 PHP Code Injection
23.12.2015
indoushkan
Low
WordPress woocommerce plugin v2.4.12 PHP Code Injection Vulnerability
21.12.2015
indoushka
High
DMarket 1.0 Remote PHP Code Injection
08.12.2015
indoushka
High
Advantech Switch Bash Environment Variable Code Injection
02.12.2015
hdm
High
ATutor 2.2 PHP Code Injection
05.11.2015
Egidio Romano.
High
WordPress eShop 6.3.11 Code Execution
06.05.2015
High-Tech Bridge Secur...
Med.
Webshop hun v1.062S /index.php Multiple Parameters SQL
05.03.2015
Wang Jing
Low
RelateIQ Mail Encoding Script Code Injection
17.12.2014
Vulnerability Lab
High
WordPress CM Download Manager 2.0.0 Code Injection
21.11.2014
Phi Le Ngoc
High
MantisBT XmlImportExport Plugin PHP Code Injection
18.11.2014
Juan Escobar
High
CUPS Filter Bash Environment Variable Code Injection
29.10.2014
Brendan Coles
High
SAP HANA Web-based Development Workbench Code Injection
09.10.2014
Will Vandevanter
High
Pure-FTPd External Authentication Bash Environment Variable Code Injection
02.10.2014
Spencer
High
DHCP Client Bash Environment Variable Code Injection
29.09.2014
Ramon
High
Apache mod_cgi Bash Environment Variable Code Injection
28.09.2014
Juan vazquez
High
CGI Remote Code Injection by Bash Proof Of Concept
25.09.2014
Prakhar Prasad && Subh...
High
PayPal SecurityKey Card Serialnumber Module Code Injection
19.06.2014
Vulnerability Lab
High
EGroupware 1.8.006 Cross Site Request Forgery / Code Injection
16.05.2014
High-Tech Bridge Secur...
High
Eventum 2.3.4 Incorrect Permissions / Code Injection
29.01.2014
High-Tech Bridge Secur...
High
bloofoxCMS 0.5.0 CSRF / PHP Code Injection
18.01.2014
AtT4CKxT3rR0r1ST
High
openSIS 5.2 PHP Code Injection
08.12.2013
Egidio Romano
High
Eaton Network Shutdown Module 3.21 PHP Code Injection
07.12.2013
Filip Waeytens
High
ZoneDirector Code Injection
13.11.2013
Erik van Eijk
High
GLPI 0.84.1 Access Control & Code Injection
03.10.2013
High-Tech Bridge Secur...
High
vtiger CRM 5.4.0 PHP Code Injection
02.08.2013
Egidio Romano
High
Foreman (Red Hat OpenStack/Satellite) Code Injection
23.07.2013
Ramon de C Valle
High
230 CMS 1.1.2012 PHP Code Injection
13.06.2013
CWH Underground
High
mkCMS 3.6 PHP Code Injection
12.06.2013
CWH Underground
High
Lokboard 1.1 PHP Code Injection
11.06.2013
CWH Underground
High
MaxForum 2.0.0 Multiple Vulnerabilities
10.06.2013
CWH Underground
High
Napata CMS 1.5.2013 PHP Code Injection
06.06.2013
CWH Underground
High
CMS Gratis Indonesia PHP Code Injection
05.06.2013
CWH Underground
Low
PHP4DVD 2.0 Code Injection
03.06.2013
CWH Underground
High
PHPvocabtionary Code Injection
08.05.2013
Slotleet
High
phpMyAdmin 3.5.8 Authenticated Remote Code Execution Exploit
30.04.2013
Ben Campbell
High
phpMyAdmin 3.5.8 LFI & Array Overwrite & Remote code execution
25.04.2013
waraxe
High
SAP NetWeaver Remote ABAP Code Injection
25.04.2013
ESNC
High
FUDforum 3.0.4 Code Injection
04.04.2013
High-Tech Bridge Secur...
High
SQLiteManager 1.2.4 PHP Code Injection
26.01.2013
RealGame
High
PHP Lite Admin 1.9.3 Code Injection
11.01.2013
L@usch
High
Elastix 2.3 PHP Code Injection
05.01.2013
Faris AKA i-Hmx
Low
Apple WGT Dictionnaire 1.3 Script Code Injection
28.11.2012
Vulnerability Lab
High
Wordpress Plugin BackWPup 1.6.1 Remote auth bypass
16.10.2012
Sense of Security
High
PhpTax pfilez Parameter Exec Remote Code Injection
10.10.2012
sinn3r
High
Am4ss 1.2 PHP Code Injection
04.08.2012
Faris , aka i-Hmx
High
MyWebFTP 5.3.3 & OurWebFTP 5.3.4 Remote PHP Code Execution Vulnerability
24.07.2012
condis
High
Pligg 0.9 BETA / 1.1.1 Multiple Vuln / Remote Code Execution
22.07.2012
BlackHawk
High
Log1 CMS writeInfo() PHP Code Injection
05.06.2012
sinn3r
Med.
ispVM System 18.0.2 XCF File Handling Overflow
30.05.2012
Unknown
High
Small CMS PHP Code Injection
28.05.2012
L3b-r1'z
High
PHP List 2.10.9 PHP Code Injection
28.05.2012
L3b-r1'z
High
WeBid converter.php Remote PHP Code Injection
26.05.2012
EgiX
High
OpenOffice OLE Importer DocumentSummaryInformation Stream Handling Overflow
24.05.2012
juan vazquez
High
Active Collab \"chat module\" 2.3.8 Remote PHP Code Injection
22.05.2012
mr_me
High
eLearning Server 4G Remote File Inclusion / SQL Injection
11.05.2012
Eugene Salov
High
phpEnter Code Injection
09.05.2012
L3b-r1'z
High
WebCalendar 1.2.4 Remote Code Injection (Metasploit)
01.05.2012
sinn3r
High
Microsoft MSCOMCTL ActiveX Buffer Overflow (MS12-027)
26.04.2012
juan vazquez and sinn3...
High
swDesk Shell Upload / Code Injection / XSS
02.02.2012
Red Security TEAM
Low
HostBill 2.3 Remote Code Injection
31.01.2012
Dr.DaShE
High
vBSEO 3.6.0 PHP Code Injection
31.01.2012
EgiX
High
Tiki Wiki CMS Groupware <= 8.2 (snarf_ajax.php) Remote PHP Code Injection
30.12.2011
Egidio Romano aka EgiX
High
PHP 5.3.7+ issue is_a function
11.11.2011
Cipriano Groenendal
High
Groones Simple Contact Form (abspath) Remote File Inclusion Vulnerability
11.11.2011
g1xsystem
High
HINNENDAHL.COM Gaestebuch 1.2 Remote File Inclusion Vulnerability
12.10.2011
bd0rk
High
HP Easy Printer Care XMLSimpleAccessor Class ActiveX Control Remote Code Execution
26.08.2011
HP
High
Symantec System Center Alert Management System (xfr.exe) Arbitrary Command Execution
24.08.2011
IBM


CVEMAP Search Results

CVE
Details
Description
2024-09-10
Waiting for details
CVE-2024-8478

Updating...
 

 
The The Affiliate Super Assistent plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.5.3. This is due to the software allowing users to supply arbitrary shortcodes in comments when the 'Parse comments' option is enabled. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.

 
Waiting for details
CVE-2024-8268

Updating...
 

 
The Frontend Dashboard plugin for WordPress is vulnerable to unauthorized code execution due to insufficient filtering on callable methods/functions via the ajax_request() function in all versions up to, and including, 2.2.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to call arbitrary functions that can be leverage for privilege escalation by changing user's passwords.

 
Waiting for details
CVE-2024-6596

Updating...
 

 
An unauthenticated remote attacker can run malicious c# code included in curve files and execute commands in the users context.

 
Waiting for details
CVE-2024-43469

Updating...
 

 
Azure CycleCloud Remote Code Execution Vulnerability

 
2024-09-07
Waiting for details
CVE-2024-8523

Updating...
 

 
A vulnerability was found in lmxcms up to 1.4 and classified as critical. Affected by this issue is the function formatData of the file /admin.php?m=Acquisi&a=testcj&lid=1 of the component SQL Command Execution Module. The manipulation of the argument data leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

 
2024-09-05
Waiting for details
CVE-2024-7627

Updating...
 

 
The Bit File Manager plugin for WordPress is vulnerable to Remote Code Execution in versions 6.0 to 6.5.5 via the 'checkSyntax' function. This is due to writing a temporary file to a publicly accessible directory before performing file validation. This makes it possible for unauthenticated attackers to execute code on the server if an administrator has allowed Guest User read permissions.

 
2024-09-04
Waiting for details
CVE-2024-45507

Updating...
 

 
Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue.

 
2024-08-20
Waiting for details
CVE-2024-43202

Updating...
 

 
Exposure of Remote Code Execution in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.2. We recommend users to upgrade Apache DolphinScheduler to version 3.2.2, which fixes the issue.

 
2024-08-17
Waiting for details
CVE-2024-7899

Updating...
 

 
A vulnerability, which was classified as critical, has been found in InnoCMS 0.3.1. This issue affects some unknown processing of the file /panel/pages/1/edit of the component Backend. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

 
2024-08-14
Waiting for details
CVE-2024-35136

Updating...
 

 
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) federated server 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain conditions. IBM X-Force ID: 291307.

 

 


Copyright 2024, cxsecurity.com

 

Back to Top