Total
5730 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-9862 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-12 | N/A |
| An issue was discovered in phpMyAdmin. With a crafted login request it is possible to inject BBCode in the login page. All 4.6.x versions (prior to 4.6.5) are affected. | ||||
| CVE-2016-3154 | 1 Spip | 1 Spip | 2025-04-12 | N/A |
| The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object. | ||||
| CVE-2014-0251 | 1 Microsoft | 8 Office Web Apps Server, Project Server, Sharepoint Designer and 5 more | 2025-04-12 | N/A |
| Microsoft Windows SharePoint Services 3.0 SP3; SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 Gold and SP1; SharePoint Foundation 2010 SP1 and SP2 and 2013 Gold and SP1; Project Server 2010 SP1 and SP2 and 2013 Gold and SP1; Web Applications 2010 SP1 and SP2; Office Web Apps Server 2013 Gold and SP1; SharePoint Server 2013 Client Components SDK; and SharePoint Designer 2007 SP3, 2010 SP1 and SP2, and 2013 Gold and SP1 allow remote authenticated users to execute arbitrary code via crafted page content, aka "SharePoint Page Content Vulnerability." | ||||
| CVE-2015-7905 | 1 Unitronics | 1 Visilogic Oplc Ide | 2025-04-12 | N/A |
| Unitronics VisiLogic OPLC IDE before 9.8.02 allows remote attackers to execute unspecified code via unknown vectors. | ||||
| CVE-2015-7729 | 1 Sap | 1 Hana | 2025-04-12 | N/A |
| Eval injection in test-net.xsjs in the Web-based Development Workbench in SAP HANA Developer Edition DB 1.00.091.00.1418659308 allows remote authenticated users to execute arbitrary XSJS code via unspecified vectors, aka SAP Security Note 2153892. | ||||
| CVE-2015-7381 | 1 Refbase | 1 Refbase | 2025-04-12 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in install.php in Web Reference Database (aka refbase) through 0.9.6 allow remote attackers to execute arbitrary PHP code via the (1) pathToMYSQL or (2) databaseStructureFile parameter, a different issue than CVE-2015-6008. | ||||
| CVE-2015-6555 | 1 Symantec | 1 Endpoint Protection Manager | 2025-04-12 | N/A |
| Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 allows remote attackers to execute arbitrary Java code by connecting to the console Java port. | ||||
| CVE-2015-4338 | 1 Xcloner | 1 Xcloner | 2025-04-12 | N/A |
| Static code injection vulnerability in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to inject arbitrary PHP code into the language files via a Translation LM_FRONT_* field for a language, as demonstrated by language/italian.php. | ||||
| CVE-2015-5970 | 1 Novell | 1 Zenworks Configuration Management | 2025-04-12 | N/A |
| The ChangePassword RPC method in Novell ZENworks Configuration Management (ZCM) 11.3 and 11.4 allows remote attackers to conduct XPath injection attacks, and read arbitrary text files, via a malformed query involving a system entity reference. | ||||
| CVE-2015-5693 | 1 Symantec | 1 Web Gateway | 2025-04-12 | N/A |
| The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary commands via vectors related to "traffic capture." | ||||
| CVE-2015-5687 | 1 Anchorcms | 1 Anchor Cms | 2025-04-12 | N/A |
| system/session/drivers/cookie.php in Anchor CMS 0.9.x allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in a cookie. | ||||
| CVE-2015-5647 | 1 Cybozu | 1 Garoon | 2025-04-12 | N/A |
| The RSS Reader component in Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-866. | ||||
| CVE-2015-5646 | 1 Cybozu | 1 Garoon | 2025-04-12 | N/A |
| Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-863 and CyVDB-867. | ||||
| CVE-2015-5644 | 1 Icz | 1 Matchasns | 2025-04-12 | N/A |
| The installer in ICZ MATCHA SNS before 1.3.7 does not properly configure the database, which allows remote attackers to execute arbitrary PHP code via unspecified vectors. | ||||
| CVE-2015-5603 | 1 Atlassian | 1 Hipchat | 2025-04-12 | N/A |
| The HipChat for JIRA plugin before 6.30.0 for Atlassian JIRA allows remote authenticated users to execute arbitrary Java code via unspecified vectors, related to "Velocity Template Injection Vulnerability." | ||||
| CVE-2015-4726 | 1 Audiosharescript | 1 Audioshare | 2025-04-12 | N/A |
| PHP remote file inclusion vulnerability in ajax/myajaxphp.php in AudioShare 2.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the config['basedir'] parameter. | ||||
| CVE-2015-3446 | 1 Alienvault | 1 Unified Security Management | 2025-04-12 | N/A |
| The Framework Daemon in AlienVault Unified Security Management before 4.15 allows remote attackers to execute arbitrary Python code via a crafted plugin configuration file (.cfg). | ||||
| CVE-2014-3065 | 2 Ibm, Redhat | 3 Java, Network Satellite, Rhel Extras | 2025-04-12 | N/A |
| Unspecified vulnerability in IBM Java Runtime Environment (JRE) 7 R1 before SR2 (7.1.2.0), 7 before SR8 (7.0.8.0), 6 R1 before SR8 FP2 (6.1.8.2), 6 before SR16 FP2 (6.0.16.2), and before SR16 FP8 (5.0.16.8) allows local users to execute arbitrary code via vectors related to the shared classes cache. | ||||
| CVE-2015-8761 | 1 Values Project | 1 Values | 2025-04-12 | N/A |
| The Values module 7.x-1.x before 7.x-1.2 for Drupal does not properly check permissions, which allows remote administrators with the "Import value sets" permission to execute arbitrary PHP code via the exported values list in a ctools import. | ||||
| CVE-2015-2171 | 1 Slimframework | 1 Slim | 2025-04-12 | N/A |
| Middleware/SessionCookie.php in Slim before 2.6.0 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted session data. | ||||