CWE:
 

Topic
Date
Author
High
phpMyFAQ 2.9.9 Code Injection
18.11.2017
tomplixsee
Low
jRank - Topsites Script 1.0 - Cross-Site Request Forgery
11.09.2017
Ihsan Sencan
Med.
VMware Horizons macOS Client Code Injection
12.07.2017
Florian Bogner
Med.
BanManager WebUI 1.5.8 Code Injection / Cross Site Scripting
11.05.2017
HaHwul
High
XenForo 1.5.x Remote Code Execution
16.12.2016
Vishal Mishra
Med.
Trend Micro Smart Protection Server Exec Remote Code Injection
15.11.2016
Keiser
High
SPIP 3.1.2 Template Compiler / Composer PHP Code Execution
20.10.2016
Nicolas CHATELAIN
High
Lepton CMS 2.2.0 / 2.2.1 PHP Code Injection
17.08.2016
hyp3rlinx
High
IPS Community Suite 4.1.12.3 PHP Code Injection
09.07.2016
Egidio Romano
High
SugarCRM <= 6.5.18 Two PHP Code Injection Vulnerabilities
24.06.2016
Egidio Romano
High
Exponent 2.3.7 PHP Code Execution
12.02.2016
High-Tech Bridge Secur...
High
phpMyFAQ 2.7.9 PHP Code Injection
23.12.2015
indoushkan
Low
WordPress woocommerce plugin v2.4.12 PHP Code Injection Vulnerability
21.12.2015
indoushka
High
DMarket 1.0 Remote PHP Code Injection
08.12.2015
indoushka
High
Advantech Switch Bash Environment Variable Code Injection
02.12.2015
hdm
High
ATutor 2.2 PHP Code Injection
05.11.2015
Egidio Romano.
High
WordPress eShop 6.3.11 Code Execution
06.05.2015
High-Tech Bridge Secur...
Med.
Webshop hun v1.062S /index.php Multiple Parameters SQL
05.03.2015
Wang Jing
Low
RelateIQ Mail Encoding Script Code Injection
17.12.2014
Vulnerability Lab
High
WordPress CM Download Manager 2.0.0 Code Injection
21.11.2014
Phi Le Ngoc
High
MantisBT XmlImportExport Plugin PHP Code Injection
18.11.2014
Juan Escobar
High
CUPS Filter Bash Environment Variable Code Injection
29.10.2014
Brendan Coles
High
SAP HANA Web-based Development Workbench Code Injection
09.10.2014
Will Vandevanter
High
Pure-FTPd External Authentication Bash Environment Variable Code Injection
02.10.2014
Spencer
High
DHCP Client Bash Environment Variable Code Injection
29.09.2014
Ramon
High
Apache mod_cgi Bash Environment Variable Code Injection
28.09.2014
Juan vazquez
High
CGI Remote Code Injection by Bash Proof Of Concept
25.09.2014
Prakhar Prasad && Subh...
High
PayPal SecurityKey Card Serialnumber Module Code Injection
19.06.2014
Vulnerability Lab
High
EGroupware 1.8.006 Cross Site Request Forgery / Code Injection
16.05.2014
High-Tech Bridge Secur...
High
Eventum 2.3.4 Incorrect Permissions / Code Injection
29.01.2014
High-Tech Bridge Secur...
High
bloofoxCMS 0.5.0 CSRF / PHP Code Injection
18.01.2014
AtT4CKxT3rR0r1ST
High
openSIS 5.2 PHP Code Injection
08.12.2013
Egidio Romano
High
Eaton Network Shutdown Module 3.21 PHP Code Injection
07.12.2013
Filip Waeytens
High
ZoneDirector Code Injection
13.11.2013
Erik van Eijk
High
GLPI 0.84.1 Access Control & Code Injection
03.10.2013
High-Tech Bridge Secur...
High
vtiger CRM 5.4.0 PHP Code Injection
02.08.2013
Egidio Romano
High
Foreman (Red Hat OpenStack/Satellite) Code Injection
23.07.2013
Ramon de C Valle
High
230 CMS 1.1.2012 PHP Code Injection
13.06.2013
CWH Underground
High
mkCMS 3.6 PHP Code Injection
12.06.2013
CWH Underground
High
Lokboard 1.1 PHP Code Injection
11.06.2013
CWH Underground
High
MaxForum 2.0.0 Multiple Vulnerabilities
10.06.2013
CWH Underground
High
Napata CMS 1.5.2013 PHP Code Injection
06.06.2013
CWH Underground
High
CMS Gratis Indonesia PHP Code Injection
05.06.2013
CWH Underground
Low
PHP4DVD 2.0 Code Injection
03.06.2013
CWH Underground
High
PHPvocabtionary Code Injection
08.05.2013
Slotleet
High
phpMyAdmin 3.5.8 Authenticated Remote Code Execution Exploit
30.04.2013
Ben Campbell
High
phpMyAdmin 3.5.8 LFI & Array Overwrite & Remote code execution
25.04.2013
waraxe
High
SAP NetWeaver Remote ABAP Code Injection
25.04.2013
ESNC
High
FUDforum 3.0.4 Code Injection
04.04.2013
High-Tech Bridge Secur...
High
SQLiteManager 1.2.4 PHP Code Injection
26.01.2013
RealGame
High
PHP Lite Admin 1.9.3 Code Injection
11.01.2013
L@usch
High
Elastix 2.3 PHP Code Injection
05.01.2013
Faris AKA i-Hmx
Low
Apple WGT Dictionnaire 1.3 Script Code Injection
28.11.2012
Vulnerability Lab
High
Wordpress Plugin BackWPup 1.6.1 Remote auth bypass
16.10.2012
Sense of Security
High
PhpTax pfilez Parameter Exec Remote Code Injection
10.10.2012
sinn3r
High
Am4ss 1.2 PHP Code Injection
04.08.2012
Faris , aka i-Hmx
High
MyWebFTP 5.3.3 & OurWebFTP 5.3.4 Remote PHP Code Execution Vulnerability
24.07.2012
condis
High
Pligg 0.9 BETA / 1.1.1 Multiple Vuln / Remote Code Execution
22.07.2012
BlackHawk
High
Log1 CMS writeInfo() PHP Code Injection
05.06.2012
sinn3r
Med.
ispVM System 18.0.2 XCF File Handling Overflow
30.05.2012
Unknown
High
Small CMS PHP Code Injection
28.05.2012
L3b-r1'z
High
PHP List 2.10.9 PHP Code Injection
28.05.2012
L3b-r1'z
High
WeBid converter.php Remote PHP Code Injection
26.05.2012
EgiX
High
OpenOffice OLE Importer DocumentSummaryInformation Stream Handling Overflow
24.05.2012
juan vazquez
High
Active Collab \"chat module\" 2.3.8 Remote PHP Code Injection
22.05.2012
mr_me
High
eLearning Server 4G Remote File Inclusion / SQL Injection
11.05.2012
Eugene Salov
High
phpEnter Code Injection
09.05.2012
L3b-r1'z
High
WebCalendar 1.2.4 Remote Code Injection (Metasploit)
01.05.2012
sinn3r
High
Microsoft MSCOMCTL ActiveX Buffer Overflow (MS12-027)
26.04.2012
juan vazquez and sinn3...
High
swDesk Shell Upload / Code Injection / XSS
02.02.2012
Red Security TEAM
Low
HostBill 2.3 Remote Code Injection
31.01.2012
Dr.DaShE
High
vBSEO 3.6.0 PHP Code Injection
31.01.2012
EgiX
High
Tiki Wiki CMS Groupware <= 8.2 (snarf_ajax.php) Remote PHP Code Injection
30.12.2011
Egidio Romano aka EgiX
High
PHP 5.3.7+ issue is_a function
11.11.2011
Cipriano Groenendal
High
Groones Simple Contact Form (abspath) Remote File Inclusion Vulnerability
11.11.2011
g1xsystem
High
HINNENDAHL.COM Gaestebuch 1.2 Remote File Inclusion Vulnerability
12.10.2011
bd0rk
High
HP Easy Printer Care XMLSimpleAccessor Class ActiveX Control Remote Code Execution
26.08.2011
HP
High
Symantec System Center Alert Management System (xfr.exe) Arbitrary Command Execution
24.08.2011
IBM
High
phpMyAdmin 3.x Multiple Remote Code Executions
19.07.2011
Mango
High
HP Service Manager and HP Service Center Multiple Vulns
16.06.2011
HP
High
AWStats Totals =< v1.14 multisort Remote Command Execution
27.05.2011
metasploit
High
Symantec IM Manager Eval Code Injection Remote Code Execution Vulnerability
03.02.2011
ZDI
Med.
Simploo CMS Community Edition - Remote PHP Code Execution Issue
19.01.2011
David Vieira-Kurz of M...
High
Real Networks RealPlayer SP \'RecordClip\' Method Remote Code Execution
15.01.2011
Sean de Regge
High
SiteScape Enterprise Forum 7 TCL Injection
15.01.2011
Spencer McIntyre
High
Pandora FMS Authentication Bypass and Multiple Input Validation Vulnerabilities
07.12.2010
Juan Galiana Lara
High
AWStats 6.95 and Older Remote Command Execution When Installed on Windows Apache Tomcat
03.12.2010
StenoPlasma
High
Cisco Unified Videoconferencing multiple vulnerabilities
24.11.2010
Florent Daigniere
High
Landesk OS command injection
18.11.2010
Aureliano Calvo
High
Microsoft Office HtmlDlgHelper class memory corruption
17.10.2010
CORE
High
Firefox 3.5.10 & 3.6.6 WMP Memory Corruption Using Popups
15.10.2010
SkyLined
High
IBM TSM FastBack Server _SendToLog Remote Code Execution VulnerabilityBM TSM FastBack Server _SendToLog Remote Code Execution Vu
07.10.2010
ZDI
High
IBM TSM FastBack Mount Service Arbitrary Overwrite Remote Code Execution Vulnerability
07.10.2010
ZDI
Med.
FFmpeg/libavcodec arbitrary offset dereference
06.10.2010
Andrea Barisani
High
Microsoft Excel SxView Record Parsing Heap Memory Corruption
01.10.2010
Abysssec
High
Microsoft Internet Explorer MSHTML Findtext Processing Issue
01.10.2010
Abysssec
High
Microsoft Excel OBJ Record Stack Overflow
30.09.2010
Abysssec
High
Microsoft Cinepak Codec CVDecompress Heap Overflow
30.09.2010
Abysssec
High
Microsoft Excel OBJ Record Stack Overflow
28.09.2010
Abysssec
High
Microsoft Excel WOPT Record Parsing Heap Memory Corruption
22.09.2010
Abysssec


CVEMAP Search Results

CVE
Details
Description
2018-05-11
Medium
CVE-2018-1260

Vendor: Pivotal
Software: Spring secur...
 

 
Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the authorization endpoint that can lead to remote code execution when the resource owner is forwarded to the approval endpoint.

 
2018-05-09
Medium
CVE-2018-2418

Updating...
 

 
SAP MaxDB ODBC driver (all versions before 7.9.09.07) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.

 
2018-05-04
Medium
CVE-2018-10740

Vendor: Axublog
Software: Axublog
 

 
Axublog 1.1.0 allows remote Code Execution as demonstrated by injection of PHP code (contained in the webkeywords parameter) into the cmsconfig.php file.

 
2018-05-02
Medium
CVE-2018-1104

Vendor: Redhat
Software: Ansible tower
 

 
Ansible Tower through version 3.2.3 has a vulnerability that allows users only with access to define variables for a job template to execute arbitrary code on the Tower server.

 
2018-05-01
Medium
CVE-2018-8938

Vendor: Ipswitch
Software: Whatsup gold
 

 
A Code Injection issue was discovered in DlgSelectMibFile.asp in Ipswitch WhatsUp Gold before 2018 (18.0). Malicious actors can inject a specially crafted SNMP MIB file that could allow them to execute arbitrary commands and code on the WhatsUp Gold server.

 
Medium
CVE-2018-10255

Vendor: Clustercoding
Software: Blog master pro
 

 
A CSV Injection vulnerability was discovered in clustercoding Blog Master Pro v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.

 
Medium
CVE-2018-10257

Vendor: Hrsale project
Software: Hrsale
 

 
A CSV Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.

 
Medium
CVE-2018-10258

Vendor: Codeslab
Software: Shopy point ...
 

 
A CSV Injection vulnerability was discovered in Shopy Point of Sale v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.

 
2018-04-30
Medium
CVE-2018-10574

Vendor: Bigtreecms
Software: Bigtree cms
 

 
site/index.php/admin/trees/add/ in BigTree 4.2.22 and earlier allows remote attackers to upload and execute arbitrary PHP code because the BigTreeStorage class in core/inc/bigtree/apis/storage.php does not prevent uploads of .htaccess files.

 
2018-04-27
Medium
CVE-2018-10515

Vendor: Cmsmadesimple
Software: Cms made simple
 

 
In CMS Made Simple (CMSMS) through 2.2.7, the "file unpack" operation in the admin dashboard contains a remote code execution vulnerability exploitable by an admin user because a .php file can be present in the extracted ZIP archive.

 

 


Copyright 2018, cxsecurity.com

 

Back to Top