Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
CWE
:
Topic
Date
Author
High
Eramba 3.19.1 Remote Command Execution
01.08.2023
Sergey Makarov
High
WordPress Ninja Forms Code Injection
20.06.2022
Ramuel Gall
Med.
SAP Application Server ABAP / ABAP Platform Code Injection / SQL Injection / Missing Authorization
22.05.2022
Fabian Hagg
High
iTop < 2.7.6 - (Authenticated) Remote command execution
22.05.2022
Alexandre Zanni
Low
FLEX 1085 Web 1.6.0 - HTML Injection
10.03.2022
Mr Empy
Med.
SAP Netweaver IUUC_RECON_RC_COUNT_TABLE_BIG ABAP Code Injection
16.12.2021
Raschin Tavakoli
High
SAP Netweaver IUUC_GENERATE_ACPLAN_DELIMITER ABAP Code Injection
16.12.2021
Raschin Tavakoli
High
Dolibarr ERP / CRM 13.0.2 Remote Code Execution
10.11.2021
Nick Decker
High
SAP XMII Remote Code Execution
15.06.2021
Nicolas Raus
High
IPS Community Suite 4.5.4.2 PHP Code Injection
31.05.2021
EgiX
High
WP Super Cache WordPress Plugin <= 1.7.1 - Authenticated RCE / XSS -> RCE
19.03.2021
m0ze
Med.
ExpressionEngine 6.0.2 PHP Code Injection
17.03.2021
EgiX
Med.
OpenMediaVault rpc.php Authenticated PHP Code Injection
25.11.2020
Anastasios Stasinopoul...
High
Netsweeper WebAdmin unixlogin.php Python Code Injection
13.05.2020
wvu
Med.
Total.js CMS 12 Widget JavaScript Code Injection (Metasploit)
23.10.2019
sinn3r
Med.
Total.js CMS 12 Widget JavaScript Code Injection
22.10.2019
sinn3r
High
pfSense 2.3.4 / 2.4.4-p3 Remote Code Injection
25.09.2019
Nassim Asrir
High
Totaljs CMS 12.0 Widget Creation Code Injection
05.09.2019
Riccardo Krauter
Med.
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 JS/HTML Code Injection
10.01.2019
Gjoko 'LiquidWorm' Krs...
Med.
Wifi-soft Unibox 2.x Remote Command / Code Injection
10.01.2019
Sahil Dhar
High
National Instruments Linux Driver Remote Code Injection
21.07.2018
Enrico Weigelt
Med.
Dolibarr ERP CRM 7.0.3 Code Injection
02.07.2018
om3rcitak
High
phpMyFAQ 2.9.9 Code Injection
18.11.2017
tomplixsee
Low
jRank - Topsites Script 1.0 - Cross-Site Request Forgery
11.09.2017
Ihsan Sencan
Med.
VMware Horizons macOS Client Code Injection
12.07.2017
Florian Bogner
Med.
BanManager WebUI 1.5.8 Code Injection / Cross Site Scripting
11.05.2017
HaHwul
High
XenForo 1.5.x Remote Code Execution
16.12.2016
Vishal Mishra
Med.
Trend Micro Smart Protection Server Exec Remote Code Injection
15.11.2016
Keiser
High
SPIP 3.1.2 Template Compiler / Composer PHP Code Execution
20.10.2016
Nicolas CHATELAIN
High
Lepton CMS 2.2.0 / 2.2.1 PHP Code Injection
17.08.2016
hyp3rlinx
High
IPS Community Suite 4.1.12.3 PHP Code Injection
09.07.2016
Egidio Romano
High
SugarCRM <= 6.5.18 Two PHP Code Injection Vulnerabilities
24.06.2016
Egidio Romano
High
Exponent 2.3.7 PHP Code Execution
12.02.2016
High-Tech Bridge Secur...
High
phpMyFAQ 2.7.9 PHP Code Injection
23.12.2015
indoushkan
Low
WordPress woocommerce plugin v2.4.12 PHP Code Injection Vulnerability
21.12.2015
indoushka
High
DMarket 1.0 Remote PHP Code Injection
08.12.2015
indoushka
High
Advantech Switch Bash Environment Variable Code Injection
02.12.2015
hdm
High
ATutor 2.2 PHP Code Injection
05.11.2015
Egidio Romano.
High
WordPress eShop 6.3.11 Code Execution
06.05.2015
High-Tech Bridge Secur...
Med.
Webshop hun v1.062S /index.php Multiple Parameters SQL
05.03.2015
Wang Jing
Low
RelateIQ Mail Encoding Script Code Injection
17.12.2014
Vulnerability Lab
High
WordPress CM Download Manager 2.0.0 Code Injection
21.11.2014
Phi Le Ngoc
High
MantisBT XmlImportExport Plugin PHP Code Injection
18.11.2014
Juan Escobar
High
CUPS Filter Bash Environment Variable Code Injection
29.10.2014
Brendan Coles
High
SAP HANA Web-based Development Workbench Code Injection
09.10.2014
Will Vandevanter
High
Pure-FTPd External Authentication Bash Environment Variable Code Injection
02.10.2014
Spencer
High
DHCP Client Bash Environment Variable Code Injection
29.09.2014
Ramon
High
Apache mod_cgi Bash Environment Variable Code Injection
28.09.2014
Juan vazquez
High
CGI Remote Code Injection by Bash Proof Of Concept
25.09.2014
Prakhar Prasad && Subh...
High
PayPal SecurityKey Card Serialnumber Module Code Injection
19.06.2014
Vulnerability Lab
High
EGroupware 1.8.006 Cross Site Request Forgery / Code Injection
16.05.2014
High-Tech Bridge Secur...
High
Eventum 2.3.4 Incorrect Permissions / Code Injection
29.01.2014
High-Tech Bridge Secur...
High
bloofoxCMS 0.5.0 CSRF / PHP Code Injection
18.01.2014
AtT4CKxT3rR0r1ST
High
openSIS 5.2 PHP Code Injection
08.12.2013
Egidio Romano
High
Eaton Network Shutdown Module 3.21 PHP Code Injection
07.12.2013
Filip Waeytens
High
ZoneDirector Code Injection
13.11.2013
Erik van Eijk
High
GLPI 0.84.1 Access Control & Code Injection
03.10.2013
High-Tech Bridge Secur...
High
vtiger CRM 5.4.0 PHP Code Injection
02.08.2013
Egidio Romano
High
Foreman (Red Hat OpenStack/Satellite) Code Injection
23.07.2013
Ramon de C Valle
High
230 CMS 1.1.2012 PHP Code Injection
13.06.2013
CWH Underground
High
mkCMS 3.6 PHP Code Injection
12.06.2013
CWH Underground
High
Lokboard 1.1 PHP Code Injection
11.06.2013
CWH Underground
High
MaxForum 2.0.0 Multiple Vulnerabilities
10.06.2013
CWH Underground
High
Napata CMS 1.5.2013 PHP Code Injection
06.06.2013
CWH Underground
High
CMS Gratis Indonesia PHP Code Injection
05.06.2013
CWH Underground
Low
PHP4DVD 2.0 Code Injection
03.06.2013
CWH Underground
High
PHPvocabtionary Code Injection
08.05.2013
Slotleet
High
phpMyAdmin 3.5.8 Authenticated Remote Code Execution Exploit
30.04.2013
Ben Campbell
High
phpMyAdmin 3.5.8 LFI & Array Overwrite & Remote code execution
25.04.2013
waraxe
High
SAP NetWeaver Remote ABAP Code Injection
25.04.2013
ESNC
High
FUDforum 3.0.4 Code Injection
04.04.2013
High-Tech Bridge Secur...
High
SQLiteManager 1.2.4 PHP Code Injection
26.01.2013
RealGame
High
PHP Lite Admin 1.9.3 Code Injection
11.01.2013
L@usch
High
Elastix 2.3 PHP Code Injection
05.01.2013
Faris AKA i-Hmx
Low
Apple WGT Dictionnaire 1.3 Script Code Injection
28.11.2012
Vulnerability Lab
High
Wordpress Plugin BackWPup 1.6.1 Remote auth bypass
16.10.2012
Sense of Security
High
PhpTax pfilez Parameter Exec Remote Code Injection
10.10.2012
sinn3r
High
Am4ss 1.2 PHP Code Injection
04.08.2012
Faris , aka i-Hmx
High
MyWebFTP 5.3.3 & OurWebFTP 5.3.4 Remote PHP Code Execution Vulnerability
24.07.2012
condis
High
Pligg 0.9 BETA / 1.1.1 Multiple Vuln / Remote Code Execution
22.07.2012
BlackHawk
High
Log1 CMS writeInfo() PHP Code Injection
05.06.2012
sinn3r
Med.
ispVM System 18.0.2 XCF File Handling Overflow
30.05.2012
Unknown
High
Small CMS PHP Code Injection
28.05.2012
L3b-r1'z
High
PHP List 2.10.9 PHP Code Injection
28.05.2012
L3b-r1'z
High
WeBid converter.php Remote PHP Code Injection
26.05.2012
EgiX
High
OpenOffice OLE Importer DocumentSummaryInformation Stream Handling Overflow
24.05.2012
juan vazquez
High
Active Collab \"chat module\" 2.3.8 Remote PHP Code Injection
22.05.2012
mr_me
High
eLearning Server 4G Remote File Inclusion / SQL Injection
11.05.2012
Eugene Salov
High
phpEnter Code Injection
09.05.2012
L3b-r1'z
High
WebCalendar 1.2.4 Remote Code Injection (Metasploit)
01.05.2012
sinn3r
High
Microsoft MSCOMCTL ActiveX Buffer Overflow (MS12-027)
26.04.2012
juan vazquez and sinn3...
High
swDesk Shell Upload / Code Injection / XSS
02.02.2012
Red Security TEAM
Low
HostBill 2.3 Remote Code Injection
31.01.2012
Dr.DaShE
High
vBSEO 3.6.0 PHP Code Injection
31.01.2012
EgiX
High
Tiki Wiki CMS Groupware <= 8.2 (snarf_ajax.php) Remote PHP Code Injection
30.12.2011
Egidio Romano aka EgiX
High
PHP 5.3.7+ issue is_a function
11.11.2011
Cipriano Groenendal
High
Groones Simple Contact Form (abspath) Remote File Inclusion Vulnerability
11.11.2011
g1xsystem
High
HINNENDAHL.COM Gaestebuch 1.2 Remote File Inclusion Vulnerability
12.10.2011
bd0rk
High
HP Easy Printer Care XMLSimpleAccessor Class ActiveX Control Remote Code Execution
26.08.2011
HP
High
Symantec System Center Alert Management System (xfr.exe) Arbitrary Command Execution
24.08.2011
IBM
CVEMAP Search Results
CVE
Details
Description
2024-03-15
CVE-2024-2497
Updating...
A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified as critical. This issue affects some unknown processing of the file includes/provider.php of the component HTTP POST Request Handler. The manipulation of the argument country leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256919. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
2024-03-12
CVE-2024-22127
Updating...
SAP NetWeaver Administrator AS Java (Administrator Log Viewer plug-in) - version 7.50, allows an attacker with high privileges to upload potentially dangerous files which leads to command injection vulnerability. This would enable the attacker to run commands which can cause high impact on confidentiality, integrity and availability of the application.
2024-03-07
CVE-2024-0917
Updating...
confirmed
2024-02-27
CVE-2023-50379
Updating...
Malicious code injection in Apache Ambari in prior to 2.7.8. Users are recommended to upgrade to version 2.7.8, which fixes this issue. Impact: A Cluster Operator can manipulate the request by adding a malicious code injection and gain a root over the cluster main host.
2024-02-22
CVE-2024-0220
Updating...
B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive data. Missing Encryption of Sensitive Data, Cleartext Transmission of Sensitive Information, Improper Control of Generation of Code ('Code Injection'), Inadequate Encryption Strength vulnerability in B&R Industrial Automation B&R Automation Studio (Upgrade Service modules), B&R Industrial Automation Technology Guarding.This issue affects B&R Automation Studio: <4.6; Technology Guarding: <1.4.0.
2024-02-20
CVE-2024-1297
Updating...
Loomio version 2.22.0 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to OS Command Injection.
CVE-2023-51770
Updating...
Arbitrary File Read Vulnerability in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.1. We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue.
CVE-2023-49109
Updating...
Exposure of Remote Code Execution in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.1. We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue.
2024-02-13
CVE-2024-22131
Updating...
In SAP ABA (Application Basis) - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75I, an attacker authenticated as a user with a remote execution authorization can use a vulnerable interface. This allows the attacker to use the interface to invoke an application function to perform actions which they would not normally be permitted to perform. Depending on the function executed, the attack can read or modify any user/business data and can make the entire system unavailable.
CVE-2023-51440
Updating...
A vulnerability has been identified in SIMATIC CP 343-1 (6GK7343-1EX30-0XE0) (All versions), SIMATIC CP 343-1 Lean (6GK7343-1CX10-0XE0) (All versions), SIPLUS NET CP 343-1 (6AG1343-1EX30-7XE0) (All versions), SIPLUS NET CP 343-1 Lean (6AG1343-1CX10-2XE0) (All versions). Affected products incorrectly validate TCP sequence numbers. This could allow an unauthenticated remote attacker to create a denial of service condition by injecting spoofed TCP RST packets.
Copyright
2024
, cxsecurity.com
Back to Top