Total
3411 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-5647 | 1 Cybozu | 1 Garoon | 2015-10-13 | 8.5 HIGH | N/A |
| The RSS Reader component in Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-866. | |||||
| CVE-2015-5646 | 1 Cybozu | 1 Garoon | 2015-10-13 | 8.5 HIGH | N/A |
| Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-863 and CyVDB-867. | |||||
| CVE-2015-0845 | 1 Sixapart | 1 Movabletype | 2015-10-09 | 7.5 HIGH | N/A |
| Format string vulnerability in Movable Type Pro, Open Source, and Advanced before 5.2.13 and Pro and Advanced 6.0.x before 6.0.8 allows remote attackers to execute arbitrary code via vectors related to localization of templates. | |||||
| CVE-2015-5643 | 1 Icz | 1 Matchasns | 2015-10-07 | 6.8 MEDIUM | N/A |
| The installer in ICZ MATCHA INVOICE before 2.5.7 does not properly configure the database, which allows remote attackers to execute arbitrary PHP code via unspecified vectors. | |||||
| CVE-2015-5644 | 1 Icz | 1 Matchasns | 2015-10-07 | 6.8 MEDIUM | N/A |
| The installer in ICZ MATCHA SNS before 1.3.7 does not properly configure the database, which allows remote attackers to execute arbitrary PHP code via unspecified vectors. | |||||
| CVE-2015-5687 | 1 Anchorcms | 1 Anchor Cms | 2015-10-06 | 7.5 HIGH | N/A |
| system/session/drivers/cookie.php in Anchor CMS 0.9.x allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in a cookie. | |||||
| CVE-2014-6446 | 1 Infusionsoft Gravity Forms Project | 1 Infusionsoft Gravity Forms | 2015-10-01 | 7.5 HIGH | N/A |
| The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for WordPress does not properly restrict access, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code via a request to utilities/code_generator.php. | |||||
| CVE-2015-7381 | 1 Refbase | 1 Refbase | 2015-09-29 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in install.php in Web Reference Database (aka refbase) through 0.9.6 allow remote attackers to execute arbitrary PHP code via the (1) pathToMYSQL or (2) databaseStructureFile parameter, a different issue than CVE-2015-6008. | |||||
| CVE-2014-2331 | 1 Check Mk Project | 1 Check Mk | 2015-09-01 | 8.5 HIGH | N/A |
| Check_MK 1.2.2p2, 1.2.2p3, and 1.2.3i5 allows remote authenticated users to execute arbitrary Python code via a crafted rules.mk file in a snapshot. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2330. | |||||
| CVE-2015-4338 | 1 Xcloner | 1 Xcloner | 2015-06-18 | 6.5 MEDIUM | N/A |
| Static code injection vulnerability in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to inject arbitrary PHP code into the language files via a Translation LM_FRONT_* field for a language, as demonstrated by language/italian.php. | |||||
| CVE-2015-2945 | 1 H-fj | 1 Mt-phpincgi | 2015-05-27 | 7.5 HIGH | N/A |
| mt-phpincgi.php in Hajime Fujimoto mt-phpincgi before 2015-05-15 does not properly restrict URLs, which allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted request, as exploited in the wild in May 2015. | |||||
| CVE-2015-0898 | 1 Futomi | 1 Mp Form Mail Cgi | 2015-03-27 | 7.5 HIGH | N/A |
| futomi CGI Cafe MP Form Mail CGI eCommerce before 2.0.12 on Windows allows remote attackers to execute arbitrary Perl code via unspecified vectors. | |||||
| CVE-2014-3065 | 1 Ibm | 1 Java | 2015-03-18 | 6.9 MEDIUM | N/A |
| Unspecified vulnerability in IBM Java Runtime Environment (JRE) 7 R1 before SR2 (7.1.2.0), 7 before SR8 (7.0.8.0), 6 R1 before SR8 FP2 (6.1.8.2), 6 before SR16 FP2 (6.0.16.2), and before SR16 FP8 (5.0.16.8) allows local users to execute arbitrary code via vectors related to the shared classes cache. | |||||
| CVE-2015-1597 | 1 Siemens | 1 Spcanywhere | 2015-03-09 | 6.8 MEDIUM | N/A |
| The Siemens SPCanywhere application for Android does not use encryption during the loading of code, which allows man-in-the-middle attackers to execute arbitrary code by modifying the client-server data stream. | |||||
| CVE-2015-1501 | 1 Solarwinds | 1 Server And Application Monitor | 2015-02-17 | 6.8 MEDIUM | N/A |
| The factory.loadExtensionFactory function in TSUnicodeGraphEditorControl in SolarWinds Server and Application Monitor (SAM) allow remote attackers to execute arbitrary code via a UNC path to a crafted binary. | |||||
| CVE-2014-0603 | 1 Attachmate | 1 Reflection Ftp Client | 2015-02-09 | 10.0 HIGH | N/A |
| The rftpcom.dll ActiveX control in Attachmate Reflection FTP Client before 14.1.429 allows remote attackers to cause a denial of service (memory corruption) and execute arbitrary code via vectors related to the (1) GetGlobalSettings or (2) GetSiteProperties3 methods, which triggers a dereference of an arbitrary memory address. NOTE: this issue was MERGED with CVE-2014-0606 because it is the same type of vulnerability, affecting the same set of versions, and discovered by the same researcher. | |||||
| CVE-2015-0925 | 1 Ipass | 1 Ipass Open Mobile | 2015-01-24 | 9.0 HIGH | N/A |
| The client in iPass Open Mobile before 2.4.5 on Windows allows remote authenticated users to execute arbitrary code via a DLL pathname in a crafted Unicode string that is improperly handled by a subprocess reached through a named pipe, as demonstrated by a UNC share pathname. | |||||
| CVE-2013-2035 | 1 Redhat | 1 Hawtjni | 2015-01-18 | 4.4 MEDIUM | N/A |
| Race condition in hawtjni-runtime/src/main/java/org/fusesource/hawtjni/runtime/Library.java in HawtJNI before 1.8, when a custom library path is not specified, allows local users to execute arbitrary Java code by overwriting a temporary JAR file with a predictable name in /tmp. | |||||
| CVE-2014-2223 | 1 Plogger | 1 Plogger | 2015-01-08 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in plog-admin/plog-upload.php in Plogger 1.0 RC1 and earlier allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a PHP file and a non-zero length PNG file, then accessing the PHP file via a direct request to it in plog-content/uploads/archive/. | |||||
| CVE-2014-2208 | 1 Facebook | 1 Hiphop Virtual Machine | 2014-12-30 | 7.5 HIGH | N/A |
| CRLF injection vulnerability in the LightProcess protocol implementation in hphp/util/light-process.cpp in Facebook HipHop Virtual Machine (HHVM) before 2.4.2 allows remote attackers to execute arbitrary commands by entering a \n (newline) character before the end of a string. | |||||