Total
3411 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3306 | 1 Richrumble | 1 Clearsite | 2018-10-10 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in include/header.php in ClearSite 4.50 allows remote attackers to execute arbitrary PHP code via a URL in the cs_base_path parameter. | |||||
| CVE-2009-3220 | 1 Tecnick | 1 Aiocp | 2018-10-10 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in cp_html2txt.php in All In One Control Panel (AIOCP) 1.4.001 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | |||||
| CVE-2009-3114 | 1 Ibm | 1 Lotus Notes | 2018-10-10 | 7.5 HIGH | N/A |
| The RSS reader widget in IBM Lotus Notes 8.0 and 8.5 saves items from an RSS feed as local HTML documents, which allows remote attackers to execute arbitrary script in Internet Explorer's Local Machine Zone via a crafted feed, aka SPR RGAU7RDJ9K. | |||||
| CVE-2009-2628 | 1 Vmware | 4 Ace, Movie Decoder, Player and 1 more | 2018-10-10 | 9.3 HIGH | N/A |
| The VMnc media codec in vmnc.dll in VMware Movie Decoder before 6.5.3 build 185404, VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, and VMware ACE 2.5.x before 2.5.3 build 185404 on Windows does not properly handle certain small heights in video content, which might allow remote attackers to execute arbitrary code via a crafted AVI file that triggers heap memory corruption. | |||||
| CVE-2009-2353 | 1 Eaccelerator | 1 Eaccelerator | 2018-10-10 | 6.8 MEDIUM | N/A |
| encoder.php in eAccelerator allows remote attackers to execute arbitrary code by copying a local executable file to a location under the web root via the -o option, and then making a direct request to this file, related to upload of image files. | |||||
| CVE-2009-2270 | 1 Dedecms | 1 Dedecms | 2018-10-10 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in member/uploads_edit.php in dedecms 5.3 allows remote attackers to execute arbitrary code by uploading a file with a double extension in the filename, then accessing this file via unspecified vectors, as demonstrated by a .jpg.php filename. | |||||
| CVE-2009-2262 | 1 Myiosoft | 1 Ajaxportal | 2018-10-10 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in install/di.php in AjaxPortal 3.0 allows remote attackers to execute arbitrary PHP code via a URL in the pathtoserverdata parameter. NOTE: the installation instructions specify deleting the install/ folder. | |||||
| CVE-2009-1719 | 2 Apple, Sun | 3 Mac Os X, Mac Os X Server, Jre | 2018-10-10 | 7.5 HIGH | N/A |
| The Aqua Look and Feel for Java implementation in Java 1.5 on Mac OS X 10.5 allows remote attackers to execute arbitrary code via a call to the undocumented apple.laf.CColourUIResource constructor with a crafted value in the first argument, which is dereferenced as a pointer. | |||||
| CVE-2009-1571 | 1 Mozilla | 2 Firefox, Seamonkey | 2018-10-10 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to execute arbitrary code via unspecified method calls that attempt to access freed objects in low-memory situations. | |||||
| CVE-2009-1469 | 1 Icewarp | 2 Email Server, Webmail Server | 2018-10-10 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in the Forgot Password implementation in server/webmail.php in IceWarp eMail Server and WebMail Server before 9.4.2 makes it easier for remote attackers to trick a user into disclosing credentials via CRLF sequences preceding a Reply-To header in the subject element of an XML document, as demonstrated by triggering an e-mail message from the server that contains a user's correct credentials, and requests that the user compose a reply that includes this message. | |||||
| CVE-2009-1383 | 1 Forkosh | 1 Mathtex | 2018-10-10 | 7.5 HIGH | N/A |
| The getdirective function in mathtex.cgi in mathTeX, when downloaded before 20090713, allows remote attackers to execute arbitrary commands via shell metacharacters in the dpi tag. | |||||
| CVE-2009-1102 | 1 Sun | 1 Java | 2018-10-10 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "code generation." | |||||
| CVE-2009-1088 | 1 Hannonhill | 1 Cascade | 2018-10-10 | 9.0 HIGH | N/A |
| Hannon Hill Cascade Server 5.7 and other versions allows remote authenticated users to execute arbitrary programs or Java code via a crafted XSLT stylesheet with "extension elements and extension functions" that trigger code execution by Xalan-Java, as demonstrated using xalan://java.lang.Runtime. | |||||
| CVE-2009-0945 | 2 Apple, Microsoft | 5 Mac Os X, Mac Os X Server, Safari and 2 more | 2018-10-10 | 9.3 HIGH | N/A |
| Array index error in the insertItemBefore method in WebKit, as used in Apple Safari before 3.2.3 and 4 Public Beta, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome Stable before 1.0.154.65, and possibly other products allows remote attackers to execute arbitrary code via a document with a SVGPathList data structure containing a negative index in the (1) SVGTransformList, (2) SVGStringList, (3) SVGNumberList, (4) SVGPathSegList, (5) SVGPointList, or (6) SVGLengthList SVGList object, which triggers memory corruption. | |||||
| CVE-2009-0811 | 1 Sopcast | 1 Sopcore Activex Control | 2018-10-10 | 9.3 HIGH | N/A |
| Insecure method vulnerability in the SopCast SopCore ActiveX control in sopocx.ocx 3.0.3.501 allows remote attackers to execute arbitrary programs via an executable file name in the argument to the SetExternalPlayer method. | |||||
| CVE-2009-0677 | 1 Ravenphpscripts | 1 Ravennuke | 2018-10-10 | 6.5 MEDIUM | N/A |
| avatarlist.php in the Your Account module, reached through modules.php, in Raven Web Services RavenNuke 2.30 allows remote authenticated users to execute arbitrary code via PHP sequences in an element of the replacements array, which is processed by the preg_replace function with the eval switch, as specified in an element of the patterns array. | |||||
| CVE-2009-0674 | 1 Ravenphpscripts | 1 Ravennuke | 2018-10-10 | 6.0 MEDIUM | N/A |
| images/captcha.php in Raven Web Services RavenNuke 2.30, when register_globals and display_errors are enabled, allows remote attackers to determine the existence of local files by sending requests with full pathnames in the aFonts array parameter, and then observing the error messages, which differ between existing and nonexistent pathnames. | |||||
| CVE-2009-0673 | 1 Ravenphpscripts | 1 Ravennuke | 2018-10-10 | 6.5 MEDIUM | N/A |
| Eval injection vulnerability in the Custom Fields feature in the Your Account module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary PHP code via the ID Field Name box in a yaCustomFields action to admin.php. | |||||
| CVE-2009-0572 | 1 Flatnux | 1 Flatnux | 2018-10-10 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in include/flatnux.php in FlatnuX CMS (aka Flatnuke3) 2009-01-27 and 2009-02-04, when register_globals is enabled and magic_quotes_gpc disabled, allows remote attackers to execute arbitrary PHP code via a URL in the _FNROOTPATH parameter to (1) index.php and (2) filemanager.php. | |||||
| CVE-2016-2242 | 1 Exponentcms | 1 Exponent Cms | 2018-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| Exponent CMS 2.x before 2.3.7 Patch 3 allows remote attackers to execute arbitrary code via the sc parameter to install/index.php. | |||||