Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
CWE
:
Topic
Date
Author
High
Eramba 3.19.1 Remote Command Execution
01.08.2023
Sergey Makarov
High
WordPress Ninja Forms Code Injection
20.06.2022
Ramuel Gall
Med.
SAP Application Server ABAP / ABAP Platform Code Injection / SQL Injection / Missing Authorization
22.05.2022
Fabian Hagg
High
iTop < 2.7.6 - (Authenticated) Remote command execution
22.05.2022
Alexandre Zanni
Low
FLEX 1085 Web 1.6.0 - HTML Injection
10.03.2022
Mr Empy
Med.
SAP Netweaver IUUC_RECON_RC_COUNT_TABLE_BIG ABAP Code Injection
16.12.2021
Raschin Tavakoli
High
SAP Netweaver IUUC_GENERATE_ACPLAN_DELIMITER ABAP Code Injection
16.12.2021
Raschin Tavakoli
High
Dolibarr ERP / CRM 13.0.2 Remote Code Execution
10.11.2021
Nick Decker
High
SAP XMII Remote Code Execution
15.06.2021
Nicolas Raus
High
IPS Community Suite 4.5.4.2 PHP Code Injection
31.05.2021
EgiX
High
WP Super Cache WordPress Plugin <= 1.7.1 - Authenticated RCE / XSS -> RCE
19.03.2021
m0ze
Med.
ExpressionEngine 6.0.2 PHP Code Injection
17.03.2021
EgiX
Med.
OpenMediaVault rpc.php Authenticated PHP Code Injection
25.11.2020
Anastasios Stasinopoul...
High
Netsweeper WebAdmin unixlogin.php Python Code Injection
13.05.2020
wvu
Med.
Total.js CMS 12 Widget JavaScript Code Injection (Metasploit)
23.10.2019
sinn3r
Med.
Total.js CMS 12 Widget JavaScript Code Injection
22.10.2019
sinn3r
High
pfSense 2.3.4 / 2.4.4-p3 Remote Code Injection
25.09.2019
Nassim Asrir
High
Totaljs CMS 12.0 Widget Creation Code Injection
05.09.2019
Riccardo Krauter
Med.
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 JS/HTML Code Injection
10.01.2019
Gjoko 'LiquidWorm' Krs...
Med.
Wifi-soft Unibox 2.x Remote Command / Code Injection
10.01.2019
Sahil Dhar
High
National Instruments Linux Driver Remote Code Injection
21.07.2018
Enrico Weigelt
Med.
Dolibarr ERP CRM 7.0.3 Code Injection
02.07.2018
om3rcitak
High
phpMyFAQ 2.9.9 Code Injection
18.11.2017
tomplixsee
Low
jRank - Topsites Script 1.0 - Cross-Site Request Forgery
11.09.2017
Ihsan Sencan
Med.
VMware Horizons macOS Client Code Injection
12.07.2017
Florian Bogner
Med.
BanManager WebUI 1.5.8 Code Injection / Cross Site Scripting
11.05.2017
HaHwul
High
XenForo 1.5.x Remote Code Execution
16.12.2016
Vishal Mishra
Med.
Trend Micro Smart Protection Server Exec Remote Code Injection
15.11.2016
Keiser
High
SPIP 3.1.2 Template Compiler / Composer PHP Code Execution
20.10.2016
Nicolas CHATELAIN
High
Lepton CMS 2.2.0 / 2.2.1 PHP Code Injection
17.08.2016
hyp3rlinx
High
IPS Community Suite 4.1.12.3 PHP Code Injection
09.07.2016
Egidio Romano
High
SugarCRM <= 6.5.18 Two PHP Code Injection Vulnerabilities
24.06.2016
Egidio Romano
High
Exponent 2.3.7 PHP Code Execution
12.02.2016
High-Tech Bridge Secur...
High
phpMyFAQ 2.7.9 PHP Code Injection
23.12.2015
indoushkan
Low
WordPress woocommerce plugin v2.4.12 PHP Code Injection Vulnerability
21.12.2015
indoushka
High
DMarket 1.0 Remote PHP Code Injection
08.12.2015
indoushka
High
Advantech Switch Bash Environment Variable Code Injection
02.12.2015
hdm
High
ATutor 2.2 PHP Code Injection
05.11.2015
Egidio Romano.
High
WordPress eShop 6.3.11 Code Execution
06.05.2015
High-Tech Bridge Secur...
Med.
Webshop hun v1.062S /index.php Multiple Parameters SQL
05.03.2015
Wang Jing
Low
RelateIQ Mail Encoding Script Code Injection
17.12.2014
Vulnerability Lab
High
WordPress CM Download Manager 2.0.0 Code Injection
21.11.2014
Phi Le Ngoc
High
MantisBT XmlImportExport Plugin PHP Code Injection
18.11.2014
Juan Escobar
High
CUPS Filter Bash Environment Variable Code Injection
29.10.2014
Brendan Coles
High
SAP HANA Web-based Development Workbench Code Injection
09.10.2014
Will Vandevanter
High
Pure-FTPd External Authentication Bash Environment Variable Code Injection
02.10.2014
Spencer
High
DHCP Client Bash Environment Variable Code Injection
29.09.2014
Ramon
High
Apache mod_cgi Bash Environment Variable Code Injection
28.09.2014
Juan vazquez
High
CGI Remote Code Injection by Bash Proof Of Concept
25.09.2014
Prakhar Prasad && Subh...
High
PayPal SecurityKey Card Serialnumber Module Code Injection
19.06.2014
Vulnerability Lab
High
EGroupware 1.8.006 Cross Site Request Forgery / Code Injection
16.05.2014
High-Tech Bridge Secur...
High
Eventum 2.3.4 Incorrect Permissions / Code Injection
29.01.2014
High-Tech Bridge Secur...
High
bloofoxCMS 0.5.0 CSRF / PHP Code Injection
18.01.2014
AtT4CKxT3rR0r1ST
High
openSIS 5.2 PHP Code Injection
08.12.2013
Egidio Romano
High
Eaton Network Shutdown Module 3.21 PHP Code Injection
07.12.2013
Filip Waeytens
High
ZoneDirector Code Injection
13.11.2013
Erik van Eijk
High
GLPI 0.84.1 Access Control & Code Injection
03.10.2013
High-Tech Bridge Secur...
High
vtiger CRM 5.4.0 PHP Code Injection
02.08.2013
Egidio Romano
High
Foreman (Red Hat OpenStack/Satellite) Code Injection
23.07.2013
Ramon de C Valle
High
230 CMS 1.1.2012 PHP Code Injection
13.06.2013
CWH Underground
High
mkCMS 3.6 PHP Code Injection
12.06.2013
CWH Underground
High
Lokboard 1.1 PHP Code Injection
11.06.2013
CWH Underground
High
MaxForum 2.0.0 Multiple Vulnerabilities
10.06.2013
CWH Underground
High
Napata CMS 1.5.2013 PHP Code Injection
06.06.2013
CWH Underground
High
CMS Gratis Indonesia PHP Code Injection
05.06.2013
CWH Underground
Low
PHP4DVD 2.0 Code Injection
03.06.2013
CWH Underground
High
PHPvocabtionary Code Injection
08.05.2013
Slotleet
High
phpMyAdmin 3.5.8 Authenticated Remote Code Execution Exploit
30.04.2013
Ben Campbell
High
phpMyAdmin 3.5.8 LFI & Array Overwrite & Remote code execution
25.04.2013
waraxe
High
SAP NetWeaver Remote ABAP Code Injection
25.04.2013
ESNC
High
FUDforum 3.0.4 Code Injection
04.04.2013
High-Tech Bridge Secur...
High
SQLiteManager 1.2.4 PHP Code Injection
26.01.2013
RealGame
High
PHP Lite Admin 1.9.3 Code Injection
11.01.2013
L@usch
High
Elastix 2.3 PHP Code Injection
05.01.2013
Faris AKA i-Hmx
Low
Apple WGT Dictionnaire 1.3 Script Code Injection
28.11.2012
Vulnerability Lab
High
Wordpress Plugin BackWPup 1.6.1 Remote auth bypass
16.10.2012
Sense of Security
High
PhpTax pfilez Parameter Exec Remote Code Injection
10.10.2012
sinn3r
High
Am4ss 1.2 PHP Code Injection
04.08.2012
Faris , aka i-Hmx
High
MyWebFTP 5.3.3 & OurWebFTP 5.3.4 Remote PHP Code Execution Vulnerability
24.07.2012
condis
High
Pligg 0.9 BETA / 1.1.1 Multiple Vuln / Remote Code Execution
22.07.2012
BlackHawk
High
Log1 CMS writeInfo() PHP Code Injection
05.06.2012
sinn3r
Med.
ispVM System 18.0.2 XCF File Handling Overflow
30.05.2012
Unknown
High
Small CMS PHP Code Injection
28.05.2012
L3b-r1'z
High
PHP List 2.10.9 PHP Code Injection
28.05.2012
L3b-r1'z
High
WeBid converter.php Remote PHP Code Injection
26.05.2012
EgiX
High
OpenOffice OLE Importer DocumentSummaryInformation Stream Handling Overflow
24.05.2012
juan vazquez
High
Active Collab \"chat module\" 2.3.8 Remote PHP Code Injection
22.05.2012
mr_me
High
eLearning Server 4G Remote File Inclusion / SQL Injection
11.05.2012
Eugene Salov
High
phpEnter Code Injection
09.05.2012
L3b-r1'z
High
WebCalendar 1.2.4 Remote Code Injection (Metasploit)
01.05.2012
sinn3r
High
Microsoft MSCOMCTL ActiveX Buffer Overflow (MS12-027)
26.04.2012
juan vazquez and sinn3...
High
swDesk Shell Upload / Code Injection / XSS
02.02.2012
Red Security TEAM
Low
HostBill 2.3 Remote Code Injection
31.01.2012
Dr.DaShE
High
vBSEO 3.6.0 PHP Code Injection
31.01.2012
EgiX
High
Tiki Wiki CMS Groupware <= 8.2 (snarf_ajax.php) Remote PHP Code Injection
30.12.2011
Egidio Romano aka EgiX
High
PHP 5.3.7+ issue is_a function
11.11.2011
Cipriano Groenendal
High
Groones Simple Contact Form (abspath) Remote File Inclusion Vulnerability
11.11.2011
g1xsystem
High
HINNENDAHL.COM Gaestebuch 1.2 Remote File Inclusion Vulnerability
12.10.2011
bd0rk
High
HP Easy Printer Care XMLSimpleAccessor Class ActiveX Control Remote Code Execution
26.08.2011
HP
High
Symantec System Center Alert Management System (xfr.exe) Arbitrary Command Execution
24.08.2011
IBM
CVEMAP Search Results
CVE
Details
Description
2023-11-06
CVE-2023-46731
Updating...
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki doesn't properly escape the section URL parameter that is used in the code for displaying administration sections. This allows any user with read access to the document `XWiki.AdminSheet` (by default, everyone including unauthenticated users) to execute code including Groovy code. This impacts the confidentiality, integrity and availability of the whole XWiki instance. This vulnerability has been patched in XWiki 14.10.14, 15.6 RC1 and 15.5.1. Users are advised to upgrade. Users unablr to upgrade may apply the fix in commit `fec8e0e53f9` manually. Alternatively, to protect against attacks from unauthenticated users, view right for guests can be removed from this document (it is only needed for space and wiki admins).
2023-10-30
CVE-2023-5843
Updating...
The Ads by datafeedr.com plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 1.1.3 via the 'dfads_ajax_load_ads' function. This allows unauthenticated attackers to execute code on the server. The parameters of the callable function are limited, they cannot be specified arbitrarily.
CVE-2023-43792
Updating...
baserCMS is a website development framework. In versions 4.6.0 through 4.7.6, there is a Code Injection vulnerability in the mail form of baserCMS. As of time of publication, no known patched versions are available.
2023-10-16
CVE-2023-4861
Updating...
The File Manager Pro WordPress plugin before 1.8.1 allows admin users to upload arbitrary files, even in environments where such a user should not be able to gain full control of the server, such as a multisite installation. This leads to remote code execution.
2023-10-11
CVE-2023-43661
Updating...
Cachet, the open-source status page system. Prior to the 2.4 branch, a template functionality which allows users to create templates allows them to execute any code on the server during the bad filtration and old twig version. Commit 6fb043e109d2a262ce3974e863c54e9e5f5e0587 of the 2.4 branch contains a patch for this issue.
2023-10-10
CVE-2023-43625
Updating...
A vulnerability has been identified in Simcenter Amesim (All versions < V2021.1). The affected application contains a SOAP endpoint that could allow an unauthenticated remote attacker to perform DLL injection and execute arbitrary code in the context of the affected application process.
2023-10-09
CVE-2023-44392
Updating...
Garden provides automation for Kubernetes development and testing. Prior tov ersions 0.13.17 and 0.12.65, Garden has a dependency on the cryo library, which is vulnerable to code injection due to an insecure implementation of deserialization. Garden stores serialized objects using cryo in the Kubernetes `ConfigMap` resources prefixed with `test-result` and `run-result` to cache Garden test and run results. These `ConfigMaps` are stored either in the `garden-system` namespace or the configured user namespace. When a user invokes the command `garden test` or `garden run` objects stored in the `ConfigMap` are retrieved and deserialized. This can be used by an attacker with access to the Kubernetes cluster to store malicious objects in the `ConfigMap`, which can trigger a remote code execution on the users machine when cryo deserializes the object. In order to exploit this vulnerability, an attacker must have access to the Kubernetes cluster used to deploy garden remote environments. Further, a user must actively invoke either a `garden test` or `garden run` which has previously cached results. The issue has been patched in Garden versions `0.13.17` (Bonsai) and `0.12.65` (Acorn). Only Garden versions prior to these are vulnerable. No known workarounds are available.
2023-09-30
CVE-2023-5201
Updating...
The OpenHook plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.3.0 via the 'php' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to execute code on the server. This requires the [php] shortcode setting to be enabled on the vulnerable site.
2023-09-27
CVE-2023-5221
Updating...
A vulnerability classified as critical has been found in ForU CMS. This affects an unknown part of the file /install/index.php. The manipulation of the argument db_name leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-240363. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-43651
Updating...
JumpServer is an open source bastion host. An authenticated user can exploit a vulnerability in MongoDB sessions to execute arbitrary commands, leading to remote code execution. This vulnerability may further be leveraged to gain root privileges on the system. Through the WEB CLI interface provided by the koko component, a user logs into the authorized mongoDB database and exploits the MongoDB session to execute arbitrary commands. This vulnerability has been addressed in versions 2.28.20 and 3.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Copyright
2023
, cxsecurity.com
Back to Top
