Total
3678 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-3154 | 1 Spip | 1 Spip | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object. | |||||
| CVE-2016-3153 | 2 Debian, Spip | 2 Debian Linux, Spip | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrer_entites function. | |||||
| CVE-2016-2242 | 1 Exponentcms | 1 Exponent Cms | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Exponent CMS 2.x before 2.3.7 Patch 3 allows remote attackers to execute arbitrary code via the sc parameter to install/index.php. | |||||
| CVE-2016-2119 | 1 Samba | 1 Samba | 2024-11-21 | 6.8 MEDIUM | 7.5 HIGH |
| libcli/smb/smbXcli_base.c in Samba 4.x before 4.2.14, 4.3.x before 4.3.11, and 4.4.x before 4.4.5 allows man-in-the-middle attackers to bypass a client-signing protection mechanism, and consequently spoof SMB2 and SMB3 servers, via the (1) SMB2_SESSION_FLAG_IS_GUEST or (2) SMB2_SESSION_FLAG_IS_NULL flag. | |||||
| CVE-2016-1986 | 1 Hp | 1 Continuous Delivery Automation | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| HP Continuous Delivery Automation (CDA) 1.30 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. | |||||
| CVE-2016-1985 | 2 Hp, Microsoft | 2 Operations Manager, Windows | 2024-11-21 | 10.0 HIGH | 10.0 CRITICAL |
| HPE Operations Manager 8.x and 9.0 on Windows allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. | |||||
| CVE-2016-1602 | 1 Suse | 3 Linux Enterprise Desktop, Linux Enterprise Server, Suse Linux Enterprise Server | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| A code injection in the supportconfig data collection tool in supportutils in SUSE Linux Enterprise Server 12 and 12-SP1 and SUSE Linux Enterprise Desktop 12 and 12-SP1 could be used by local attackers to execute code as the user running supportconfig (usually root). | |||||
| CVE-2016-1413 | 1 Cisco | 1 Firepower Management Center | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The web interface in Cisco Firepower Management Center 5.4.0 through 6.0.0.1 allows remote authenticated users to modify pages by placing crafted code in a parameter value, aka Bug ID CSCuy76517. | |||||
| CVE-2016-11064 | 1 Mattermost | 1 Mattermost Desktop | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Mattermost Desktop App before 3.4.0. Strings could be executed as code via injection. | |||||
| CVE-2016-10546 | 1 Pouchdb | 1 Pouchdb | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An arbitrary code injection vector was found in PouchDB 6.0.4 and lesser via the map/reduce functions used in PouchDB temporary views and design documents. The code execution engine for this branch is not properly sandboxed and may be used to run arbitrary JavaScript as well as system commands. | |||||
| CVE-2016-10541 | 1 Shell-quote Project | 1 Shell-quote | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The npm module "shell-quote" 1.6.0 and earlier cannot correctly escape ">" and "<" operator used for redirection in shell. Applications that depend on shell-quote may also be vulnerable. A malicious user could perform code injection. | |||||
| CVE-2016-10157 | 1 Akamai | 1 Netsession | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Akamai NetSession 1.9.3.1 is vulnerable to DLL Hijacking: it tries to load CSUNSAPI.dll without supplying the complete path. The issue is aggravated because the mentioned DLL is missing from the installation, thus making it possible to hijack the DLL and subsequently inject code within the Akamai NetSession process space. | |||||
| CVE-2016-10072 | 1 Wampserver | 1 Wampserver | 2024-11-21 | 6.9 MEDIUM | 5.3 MEDIUM |
| WampServer 3.0.6 has two files called 'wampmanager.exe' and 'unins000.exe' with a weak ACL for Modify. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. To properly exploit this vulnerability, the local attacker must insert an executable file called wampmanager.exe or unins000.exe and replace the original files. The next time one of these programs is launched by a more privileged user, malicious code chosen by the local attacker will run. NOTE: the vendor disputes the relevance of this report, taking the position that a configuration in which "'someone' (an attacker) is able to replace files on a PC" is not "the fault of WampServer. | |||||
| CVE-2016-1000003 | 1 Mirror Manager Project | 1 Mirror Manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Mirror Manager version 0.7.2 and older is vulnerable to remote code execution in the checkin code. | |||||
| CVE-2016-0033 | 1 Microsoft | 1 .net Framework | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 does not prevent recursive compilation of XSLT transforms, which allows remote attackers to cause a denial of service (performance degradation) via crafted XSLT data, aka ".NET Framework Stack Overflow Denial of Service Vulnerability." | |||||
| CVE-2015-9298 | 1 Pixelite | 1 Events Manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The events-manager plugin before 5.6 for WordPress has code injection. | |||||
| CVE-2015-9272 | 1 Videowhisper | 1 Video Presentation | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The videowhisper-video-presentation plugin 3.31.17 for WordPress allows remote attackers to execute arbitrary code because vp/vw_upload.php considers a file safe when "html" are the last four characters, as demonstrated by a .phtml file containing PHP code. | |||||
| CVE-2015-9227 | 1 Alegrocart | 1 Alegrocart | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| PHP remote file inclusion vulnerability in the get_file function in upload/admin2/controller/report_logs.php in AlegroCart 1.2.8 allows remote administrators to execute arbitrary PHP code via a URL in the file_path parameter to upload/admin2. | |||||
| CVE-2015-8771 | 1 Gosa Project | 1 Gosa Plugin | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The generate_smb_nt_hash function in include/functions.inc in GOsa allows remote attackers to execute arbitrary commands via a crafted password. | |||||
| CVE-2015-8761 | 1 Values Project | 1 Values | 2024-11-21 | 6.0 MEDIUM | 9.0 CRITICAL |
| The Values module 7.x-1.x before 7.x-1.2 for Drupal does not properly check permissions, which allows remote administrators with the "Import value sets" permission to execute arbitrary PHP code via the exported values list in a ctools import. | |||||