Total
5306 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-4257 | 1 Realnetworks | 1 Realplayer | 2025-04-11 | N/A |
| The Cook codec in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via crafted channel data. | ||||
| CVE-2010-0020 | 1 Microsoft | 6 Windows 2000, Windows 2003 Server, Windows 7 and 3 more | 2025-04-11 | N/A |
| The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate request fields, which allows remote authenticated users to execute arbitrary code via a malformed request, aka "SMB Pathname Overflow Vulnerability." | ||||
| CVE-2011-4786 | 1 Hp | 1 Easy Printer Care Software | 2025-04-11 | N/A |
| A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-2404 and CVE-2011-4787. | ||||
| CVE-2012-1933 | 1 Sourcefabric | 1 Newscoop | 2025-04-11 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Newscoop 3.5.x before 3.5.5 and 4 before RC4, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[g_campsiteDir] parameter to (1) include/phorum_load.php, (2) conf/install_conf.php, or (3) conf/liveuser_configuration.php. | ||||
| CVE-2013-2134 | 1 Apache | 1 Struts | 2025-04-11 | N/A |
| Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135. | ||||
| CVE-2011-3186 | 1 Rubyonrails | 1 Rails | 2025-04-11 | N/A |
| CRLF injection vulnerability in actionpack/lib/action_controller/response.rb in Ruby on Rails 2.3.x before 2.3.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the Content-Type header. | ||||
| CVE-2011-3310 | 2 Cisco, Microsoft | 2 Ciscoworks Common Services, Windows | 2025-04-11 | N/A |
| The Home Page component in Cisco CiscoWorks Common Services before 4.1 on Windows, as used in CiscoWorks LAN Management Solution, Cisco Security Manager, Cisco Unified Service Monitor, Cisco Unified Operations Manager, CiscoWorks QoS Policy Manager, and CiscoWorks Voice Manager, allows remote authenticated users to execute arbitrary commands via a crafted URL, aka Bug IDs CSCtq48990, CSCtq63992, CSCtq64011, CSCtq64019, CSCtr23090, and CSCtt25535. | ||||
| CVE-2013-1898 | 1 Digineo | 1 Thumbshooter | 2025-04-11 | N/A |
| lib/thumbshooter.rb in the Thumbshooter 0.1.5 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL. | ||||
| CVE-2010-2146 | 1 Graviton-mediatech | 1 Visitor Logger | 2025-04-11 | N/A |
| PHP remote file inclusion vulnerability in banned.php in Visitor Logger allows remote attackers to execute arbitrary PHP code via a URL in the VL_include_path parameter. | ||||
| CVE-2013-6830 | 1 Pineapp | 1 Mail-secure 5099sk | 2025-04-11 | N/A |
| admin/confnetworking.html in PineApp Mail-SeCure 3.70 and earlier on 5099SK and earlier platforms allows remote attackers to execute arbitrary commands via shell metacharacters in the nsserver parameter during an nslookup operation. | ||||
| CVE-2011-4260 | 1 Realnetworks | 1 Realplayer | 2025-04-11 | N/A |
| RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a malformed header in an MP4 file. | ||||
| CVE-2011-2984 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2025-04-11 | N/A |
| Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly handle the dropping of a tab element, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by establishing a content area and registering for drop events. | ||||
| CVE-2011-2964 | 2 Linuxfoundation, Redhat | 2 Foomatic, Enterprise Linux | 2025-04-11 | N/A |
| foomaticrip.c in foomatic-rip in foomatic-filters in Foomatic 4.0.6 allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPCommandLine field in a .ppd file, a different vulnerability than CVE-2011-2697. | ||||
| CVE-2011-4251 | 1 Realnetworks | 1 Realplayer | 2025-04-11 | N/A |
| RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted sample size in a RealAudio file. | ||||
| CVE-2012-0927 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2025-04-11 | N/A |
| Unspecified vulnerability in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via vectors involving the coded_frame_size value in a RealAudio audio stream. | ||||
| CVE-2013-6948 | 1 Belkin | 1 Wemo Home Automation Firmware | 2025-04-11 | N/A |
| The peerAddresses API in the Belkin WeMo Home Automation firmware before 3949 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | ||||
| CVE-2013-1349 | 1 Os4ed | 1 Opensis | 2025-04-11 | N/A |
| Eval injection vulnerability in ajax.php in openSIS 4.5 through 5.2 allows remote attackers to execute arbitrary PHP code via the modname parameter. | ||||
| CVE-2013-0614 | 2 Adobe, Redhat | 3 Acrobat, Acrobat Reader, Rhel Extras | 2025-04-11 | N/A |
| Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error," a different vulnerability than CVE-2013-0607, CVE-2013-0608, CVE-2013-0611, and CVE-2013-0618. | ||||
| CVE-2013-4830 | 1 Hp | 1 Service Manager | 2025-04-11 | N/A |
| HP Service Manager 9.30 through 9.32 allows remote attackers to execute arbitrary code via an unspecified "injection" approach. | ||||
| CVE-2012-0138 | 1 Microsoft | 1 Visio Viewer | 2025-04-11 | N/A |
| Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0137. | ||||