Total
5490 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-14198 | 1 Squiz | 1 Matrix | 2025-04-20 | N/A |
| An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. Authenticated users with permissions to edit design assets can cause Remote Code Execution (RCE) via a maliciously crafted time_format tag. | ||||
| CVE-2017-14077 | 1 Phpcaptcha | 1 Securimage | 2025-04-20 | N/A |
| HTML Injection in Securimage 3.6.4 and earlier allows remote attackers to inject arbitrary HTML into an e-mail message body via the $_SERVER['HTTP_USER_AGENT'] parameter to example_form.ajax.php or example_form.php. | ||||
| CVE-2017-13676 | 1 Norton | 1 Remove \& Reinstall | 2025-04-20 | N/A |
| Norton Remove & Reinstall can be susceptible to a DLL preloading vulnerability. These types of issues occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application. A Norton Remove & Reinstall update, version 4.4.0.58, has been released which addresses the aforementioned vulnerability. | ||||
| CVE-2017-11760 | 1 Projeqtor | 1 Projeqtor | 2025-04-20 | N/A |
| uploadImage.php in ProjeQtOr before 6.3.2 allows remote authenticated users to execute arbitrary PHP code by uploading a .php file composed of concatenated image data and script data, as demonstrated by uploading as an image within the description text area. | ||||
| CVE-2017-11715 | 1 Metinfo Project | 1 Metinfo | 2025-04-20 | N/A |
| job/uploadfile_save.php in MetInfo through 5.3.17 blocks the .php extension but not related extensions, which might allow remote authenticated admins to execute arbitrary PHP code by uploading a .phtml file after certain actions involving admin/system/safe.php and job/cv.php. | ||||
| CVE-2017-11675 | 1 Zen-cart | 1 Zen Cart | 2025-04-20 | N/A |
| The traverseStrictSanitize function in admin_dir/includes/classes/AdminRequestSanitizer.php in ZenCart 1.5.5e mishandles key strings, which allows remote authenticated users to execute arbitrary PHP code by placing that code into an invalid array index of the admin_name array parameter to admin_dir/login.php, if there is an export of an error-log entry for that invalid array index. | ||||
| CVE-2017-11585 | 1 Finecms | 1 Finecms | 2025-04-20 | N/A |
| dayrui FineCms 5.0.9 has remote PHP code execution via the param parameter in an action=cache request to libraries/Template.php, aka Eval Injection. | ||||
| CVE-2017-11459 | 1 Sap | 1 Trex | 2025-04-20 | N/A |
| SAP TREX 7.10 allows remote attackers to (1) read arbitrary files via an fget command or (2) write to arbitrary files and consequently execute arbitrary code via an fdir command, aka SAP Security Note 2419592. | ||||
| CVE-2017-11167 | 1 Finecms Project | 1 Finecms | 2025-04-20 | N/A |
| FineCMS 2.1.0 allows remote attackers to execute arbitrary PHP code by using a URL Manager "Add Site" action to enter this code after a ', sequence in a domain name, as demonstrated by the ',phpinfo() input value. | ||||
| CVE-2017-10844 | 1 Basercms | 1 Basercms | 2025-04-20 | N/A |
| baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows an attacker to execute arbitrary PHP code on the server via unspecified vectors. | ||||
| CVE-2017-10835 | 1 Nippon-antenna | 2 Scr02hd, Scr02hd Firmware | 2025-04-20 | N/A |
| "Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows authenticated attackers to conduct code injection attacks via unspecified vectors. | ||||
| CVE-2017-1001004 | 1 Typed Function Project | 1 Typed Function | 2025-04-20 | N/A |
| typed-function before 0.10.6 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution. | ||||
| CVE-2017-1001002 | 1 Mathjs | 1 Math.js | 2025-04-20 | N/A |
| math.js before 3.17.0 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution. | ||||
| CVE-2016-8354 | 1 Schneider-electric | 1 Unity Pro | 2025-04-20 | N/A |
| An issue was discovered in Schneider Electric Unity PRO prior to V11.1. Unity projects can be compiled as x86 instructions and loaded onto the PLC Simulator delivered with Unity PRO. These x86 instructions are subsequently executed directly by the simulator. A specially crafted patched Unity project file can make the simulator execute malicious code by redirecting the control flow of these instructions. | ||||
| CVE-2016-8020 | 1 Mcafee | 1 Virusscan Enterprise | 2025-04-20 | N/A |
| Improper control of generation of code vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to execute arbitrary code via a crafted HTTP request parameter. | ||||
| CVE-2016-7102 | 1 Owncloud | 1 Owncloud Desktop Client | 2025-04-20 | N/A |
| ownCloud Desktop before 2.2.3 allows local users to execute arbitrary code and possibly gain privileges via a Trojan library in a "special path" in the C: drive. | ||||
| CVE-2017-1336 | 1 Ibm | 1 Infosphere Biginsights | 2025-04-20 | N/A |
| IBM Infosphere BigInsights 4.2.0 could allow an attacker to inject code that could allow access to restricted data and files. IBM X-Force ID: 126244. | ||||
| CVE-2016-5727 | 1 Simplemachines | 1 Simple Machines Forum | 2025-04-20 | N/A |
| LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input in a foreach loop. | ||||
| CVE-2016-5726 | 1 Simplemachines | 1 Simple Machines Forum | 2025-04-20 | N/A |
| Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the themechanges array parameter. | ||||
| CVE-2016-6175 | 1 Php-gettext Project | 1 Php-gettext | 2025-04-20 | N/A |
| Eval injection vulnerability in php-gettext 1.0.12 and earlier allows remote attackers to execute arbitrary PHP code via a crafted plural forms header. | ||||