Search Results (6913 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-6325 1 Symantec 1 Messaging Gateway 2025-04-20 N/A
The Symantec Messaging Gateway can encounter a file inclusion vulnerability, which is a type of vulnerability that is most commonly found to affect web applications that rely on a scripting run time. This issue is caused when an application builds a path to executable code using an attacker-controlled variable in a way that allows the attacker to control which file is executed at run time. This file inclusion vulnerability subverts how an application loads code for execution. Successful exploitation of a file inclusion vulnerability will result in remote code execution on the web server that runs the affected web application.
CVE-2017-15376 1 Mobatek 1 Mobaxterm 2025-04-20 9.8 Critical
The TELNET service in Mobatek MobaXterm 10.4 does not require authentication, which allows remote attackers to execute arbitrary commands via TCP port 23.
CVE-2017-9774 1 Horde 1 Horde Image Api 2025-04-20 N/A
Remote Code Execution was found in Horde_Image 2.x before 2.5.0 via a crafted GET request. Exploitation requires authentication.
CVE-2014-4000 1 Cacti 1 Cacti 2025-04-20 N/A
Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserialize(stripslashes()).
CVE-2017-4964 1 Cloudfoundry 1 Bosh Azure Cpi 2025-04-20 8.8 High
Cloud Foundry Foundation BOSH Azure CPI v22 could potentially allow a maliciously crafted stemcell to execute arbitrary code on VMs created by the director, aka a "CPI code injection vulnerability."
CVE-2015-9227 1 Alegrocart 1 Alegrocart 2025-04-20 N/A
PHP remote file inclusion vulnerability in the get_file function in upload/admin2/controller/report_logs.php in AlegroCart 1.2.8 allows remote administrators to execute arbitrary PHP code via a URL in the file_path parameter to upload/admin2.
CVE-2014-3927 1 Mrlg4php Project 1 Mrlg4php 2025-04-20 N/A
mrlg-lib.php in mrlg4php before 1.0.8 allows remote attackers to execute arbitrary shell code.
CVE-2017-7411 1 Enalean 1 Tuleap 2025-04-20 N/A
An issue was discovered in Enalean Tuleap 9.6 and prior versions. The vulnerability exists because the User::getRecentElements() method is using the unserialize() function with a preference value that can be arbitrarily manipulated by malicious users through the REST API interface, and this can be exploited to inject arbitrary PHP objects into the application scope, allowing an attacker to perform a variety of attacks (including but not limited to Remote Code Execution).
CVE-2017-11459 1 Sap 1 Trex 2025-04-20 N/A
SAP TREX 7.10 allows remote attackers to (1) read arbitrary files via an fget command or (2) write to arbitrary files and consequently execute arbitrary code via an fdir command, aka SAP Security Note 2419592.
CVE-2017-9442 1 Bigtreecms 1 Bigtree Cms 2025-04-20 N/A
BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary code by uploading a crafted package containing a PHP web shell, related to extraction of a ZIP archive to filename patterns such as cache/package/xxx/yyy.php. This issue exists in core\admin\modules\developer\extensions\install\unpack.php and core\admin\modules\developer\packages\install\unpack.php. NOTE: the vendor states "You must implicitly trust any package or extension you install as they all have the ability to write PHP files.
CVE-2017-14198 1 Squiz 1 Matrix 2025-04-20 N/A
An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. Authenticated users with permissions to edit design assets can cause Remote Code Execution (RCE) via a maliciously crafted time_format tag.
CVE-2017-10835 1 Nippon-antenna 2 Scr02hd, Scr02hd Firmware 2025-04-20 N/A
"Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows authenticated attackers to conduct code injection attacks via unspecified vectors.
CVE-2016-4895 1 Setucocms Project 1 Setucocms 2025-04-20 N/A
SetsucoCMS all versions allows remote authenticated attackers to conduct code injection attacks via unspecified vectors.
CVE-2017-2809 1 Ansible-vault Project 1 Ansible-vault 2025-04-20 N/A
An exploitable vulnerability exists in the yaml loading functionality of ansible-vault before 1.0.5. A specially crafted vault can execute arbitrary python commands resulting in command execution. An attacker can insert python into the vault to trigger this vulnerability.
CVE-2017-14146 1 Helpdezk 1 Helpdezk 2025-04-20 N/A
HelpDEZk 1.1.1 allows remote authenticated users to execute arbitrary PHP code by uploading a .php attachment and then requesting it in the helpdezk\app\uploads\helpdezk\attachments\ directory.
CVE-2017-10844 1 Basercms 1 Basercms 2025-04-20 N/A
baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows an attacker to execute arbitrary PHP code on the server via unspecified vectors.
CVE-2017-5543 1 Intelliants 1 Subrion 2025-04-20 N/A
includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote attackers to conduct PHP Object Injection attacks via crafted serialized data in a salt cookie in a login request.
CVE-2017-7321 1 Modx 1 Modx Revolution 2025-04-20 9.8 Critical
setup/controllers/welcome.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the config_key parameter to the setup/index.php?action=welcome URI.
CVE-2017-14077 1 Phpcaptcha 1 Securimage 2025-04-20 N/A
HTML Injection in Securimage 3.6.4 and earlier allows remote attackers to inject arbitrary HTML into an e-mail message body via the $_SERVER['HTTP_USER_AGENT'] parameter to example_form.ajax.php or example_form.php.
CVE-2016-10157 1 Akamai 1 Netsession 2025-04-20 N/A
Akamai NetSession 1.9.3.1 is vulnerable to DLL Hijacking: it tries to load CSUNSAPI.dll without supplying the complete path. The issue is aggravated because the mentioned DLL is missing from the installation, thus making it possible to hijack the DLL and subsequently inject code within the Akamai NetSession process space.