Total
5306 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-0294 | 1 Microsoft | 1 Microsoft Forefront Protection 2010 | 2025-04-11 | N/A |
| Microsoft Forefront Protection 2010 for Exchange Server does not properly parse e-mail content, which might allow remote attackers to execute arbitrary code via a crafted message, aka "RCE Vulnerability." | ||||
| CVE-2012-0671 | 1 Apple | 1 Quicktime | 2025-04-11 | N/A |
| Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .pict file. | ||||
| CVE-2010-2132 | 1 Danny Ho | 1 Oes | 2025-04-11 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Open Education System (OES) 0.1 beta allow remote attackers to execute arbitrary PHP code via a URL in the CONF_INCLUDE_PATH parameter to (1) forum/admin.php and (2) plotgraph/index.php in admin/modules/modules/, and (3) admin_user/mod_admuser.php and (4) ogroup/mod_group.php in admin/modules/user_account/, different vectors than CVE-2007-1446. | ||||
| CVE-2013-6829 | 1 Pineapp | 1 Mail-secure | 2025-04-11 | N/A |
| admin/confnetworking.html in PineApp Mail-SeCure allows remote attackers to execute arbitrary commands via shell metacharacters in the pinghost parameter during a ping operation. | ||||
| CVE-2012-1879 | 1 Microsoft | 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more | 2025-04-11 | 8.1 High |
| Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access an undefined memory location, aka "insertAdjacentText Remote Code Execution Vulnerability." | ||||
| CVE-2010-1180 | 1 Apple | 2 Iphone Os, Safari | 2025-04-11 | N/A |
| Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long exception string in a throw statement, possibly a related issue to CVE-2009-1514. | ||||
| CVE-2010-2677 | 1 Openwebanalytics | 1 Open Web Analytics | 2025-04-11 | N/A |
| PHP remote file inclusion vulnerability in mw_plugin.php in Open Web Analytics (OWA) 1.2.3, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2011-0554 | 1 Symantec | 1 Im Manager | 2025-04-11 | N/A |
| The management console in Symantec IM Manager before 8.4.18 allows remote attackers to execute arbitrary code via unspecified vectors, related to a "code injection issue." | ||||
| CVE-2013-6671 | 6 Canonical, Fedoraproject, Mozilla and 3 more | 18 Ubuntu Linux, Fedora, Firefox and 15 more | 2025-04-11 | 9.8 Critical |
| The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements. | ||||
| CVE-2011-0092 | 1 Microsoft | 1 Visio | 2025-04-11 | N/A |
| The LZW stream decompression functionality in ORMELEMS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 allows remote attackers to execute arbitrary code via a Visio file with a malformed VisioDocument stream that triggers an exception handler that accesses an object that has not been fully initialized, which triggers memory corruption, aka "Visio Object Memory Corruption Vulnerability." | ||||
| CVE-2010-2127 | 1 Jv2design | 1 Jv2 Folder Gallery | 2025-04-11 | N/A |
| PHP remote file inclusion vulnerability in gallery.php in JV2 Folder Gallery 3.1 allows remote attackers to execute arbitrary PHP code via a URL in the lang_file parameter. | ||||
| CVE-2013-2950 | 1 Ibm | 1 Websphere Portal | 2025-04-11 | N/A |
| CRLF injection vulnerability in IBM WebSphere Portal 6.1.0.x before 6.1.0.3 CF26, 6.1.5.x before 6.1.5 CF26, 7.0.0.x before 7.0.0.2 CF21, and 8.0.0.x through 8.0.0.1 CF5, when home substitution (aka uri.home.substitution) is enabled, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | ||||
| CVE-2010-5038 | 1 Groonesworld | 1 Simple Contact Form | 2025-04-11 | N/A |
| PHP remote file inclusion vulnerability in contact/contact.php in Groone's Simple Contact Form allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter. | ||||
| CVE-2011-2747 | 1 Google | 1 Picasa | 2025-04-11 | N/A |
| Google Picasa before 3.6 Build 105.67 does not properly handle invalid properties in JPEG images, which allows remote attackers to execute arbitrary code via a crafted image file. | ||||
| CVE-2010-4879 | 1 Digitaljunkies | 1 Dompdf | 2025-04-11 | N/A |
| PHP remote file inclusion vulnerability in dompdf.php in dompdf 0.6.0 beta1 allows remote attackers to execute arbitrary PHP code via a URL in the input_file parameter. | ||||
| CVE-2010-4878 | 1 Hinnendahl | 1 Kontakt Formular | 2025-04-11 | N/A |
| PHP remote file inclusion vulnerability in formmailer.php in Kontakt Formular 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the script_pfad parameter. | ||||
| CVE-2012-0136 | 1 Microsoft | 1 Visio Viewer | 2025-04-11 | N/A |
| Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0137, and CVE-2012-0138. | ||||
| CVE-2011-3231 | 1 Apple | 3 Mac Os X, Mac Os X Server, Safari | 2025-04-11 | N/A |
| The SSL implementation in Apple Safari before 5.1.1 on Mac OS X before 10.7 accesses uninitialized memory during the processing of X.509 certificates, which allows remote web servers to execute arbitrary code via a crafted certificate. | ||||
| CVE-2012-1661 | 1 Esri | 1 Arcmap | 2025-04-11 | N/A |
| ESRI ArcMap 9 and ArcGIS 10.0.2.3200 and earlier does not properly prompt users before executing embedded VBA macros, which allows user-assisted remote attackers to execute arbitrary VBA code via a crafted map (.mxd) file. | ||||
| CVE-2011-3232 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-11 | N/A |
| YARR, as used in Mozilla Firefox before 7.0, Thunderbird before 7.0, and SeaMonkey before 2.4, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript. | ||||