Total
4764 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-3154 | 1 Spip | 1 Spip | 2025-04-12 | N/A |
| The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object. | ||||
| CVE-2016-2098 | 3 Debian, Redhat, Rubyonrails | 4 Debian Linux, Rhel Software Collections, Rails and 1 more | 2025-04-12 | N/A |
| Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method. | ||||
| CVE-2016-1986 | 1 Hp | 1 Continuous Delivery Automation | 2025-04-12 | N/A |
| HP Continuous Delivery Automation (CDA) 1.30 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. | ||||
| CVE-2016-2119 | 2 Redhat, Samba | 3 Enterprise Linux, Storage, Samba | 2025-04-12 | 7.5 High |
| libcli/smb/smbXcli_base.c in Samba 4.x before 4.2.14, 4.3.x before 4.3.11, and 4.4.x before 4.4.5 allows man-in-the-middle attackers to bypass a client-signing protection mechanism, and consequently spoof SMB2 and SMB3 servers, via the (1) SMB2_SESSION_FLAG_IS_GUEST or (2) SMB2_SESSION_FLAG_IS_NULL flag. | ||||
| CVE-2016-1413 | 1 Cisco | 1 Secure Firewall Management Center | 2025-04-12 | N/A |
| The web interface in Cisco Firepower Management Center 5.4.0 through 6.0.0.1 allows remote authenticated users to modify pages by placing crafted code in a parameter value, aka Bug ID CSCuy76517. | ||||
| CVE-2016-1000003 | 1 Mirror Manager Project | 1 Mirror Manager | 2025-04-12 | N/A |
| Mirror Manager version 0.7.2 and older is vulnerable to remote code execution in the checkin code. | ||||
| CVE-2016-0033 | 1 Microsoft | 1 .net Framework | 2025-04-12 | N/A |
| Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 does not prevent recursive compilation of XSLT transforms, which allows remote attackers to cause a denial of service (performance degradation) via crafted XSLT data, aka ".NET Framework Stack Overflow Denial of Service Vulnerability." | ||||
| CVE-2016-10072 | 1 Wampserver | 1 Wampserver | 2025-04-12 | 5.3 Medium |
| WampServer 3.0.6 has two files called 'wampmanager.exe' and 'unins000.exe' with a weak ACL for Modify. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. To properly exploit this vulnerability, the local attacker must insert an executable file called wampmanager.exe or unins000.exe and replace the original files. The next time one of these programs is launched by a more privileged user, malicious code chosen by the local attacker will run. NOTE: the vendor disputes the relevance of this report, taking the position that a configuration in which "'someone' (an attacker) is able to replace files on a PC" is not "the fault of WampServer. | ||||
| CVE-2016-1985 | 2 Hp, Microsoft | 2 Operations Manager, Windows | 2025-04-12 | N/A |
| HPE Operations Manager 8.x and 9.0 on Windows allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. | ||||
| CVE-2015-7729 | 1 Sap | 1 Hana | 2025-04-12 | N/A |
| Eval injection in test-net.xsjs in the Web-based Development Workbench in SAP HANA Developer Edition DB 1.00.091.00.1418659308 allows remote authenticated users to execute arbitrary XSJS code via unspecified vectors, aka SAP Security Note 2153892. | ||||
| CVE-2015-7905 | 1 Unitronics | 1 Visilogic Oplc Ide | 2025-04-12 | N/A |
| Unitronics VisiLogic OPLC IDE before 9.8.02 allows remote attackers to execute unspecified code via unknown vectors. | ||||
| CVE-2015-6555 | 1 Symantec | 1 Endpoint Protection Manager | 2025-04-12 | N/A |
| Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 allows remote attackers to execute arbitrary Java code by connecting to the console Java port. | ||||
| CVE-2015-7381 | 1 Refbase | 1 Refbase | 2025-04-12 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in install.php in Web Reference Database (aka refbase) through 0.9.6 allow remote attackers to execute arbitrary PHP code via the (1) pathToMYSQL or (2) databaseStructureFile parameter, a different issue than CVE-2015-6008. | ||||
| CVE-2015-5721 | 1 Misp-project | 1 Malware Information Sharing Platform | 2025-04-12 | N/A |
| Malware Information Sharing Platform (MISP) before 2.3.90 allows remote attackers to conduct PHP object injection attacks via crafted serialized data, related to TemplatesController.php and populate_event_from_template_attributes.ctp. | ||||
| CVE-2015-5693 | 1 Symantec | 1 Web Gateway | 2025-04-12 | N/A |
| The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary commands via vectors related to "traffic capture." | ||||
| CVE-2015-5970 | 1 Novell | 1 Zenworks Configuration Management | 2025-04-12 | N/A |
| The ChangePassword RPC method in Novell ZENworks Configuration Management (ZCM) 11.3 and 11.4 allows remote attackers to conduct XPath injection attacks, and read arbitrary text files, via a malformed query involving a system entity reference. | ||||
| CVE-2015-5647 | 1 Cybozu | 1 Garoon | 2025-04-12 | N/A |
| The RSS Reader component in Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-866. | ||||
| CVE-2015-5646 | 1 Cybozu | 1 Garoon | 2025-04-12 | N/A |
| Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-863 and CyVDB-867. | ||||
| CVE-2015-5687 | 1 Anchorcms | 1 Anchor Cms | 2025-04-12 | N/A |
| system/session/drivers/cookie.php in Anchor CMS 0.9.x allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in a cookie. | ||||
| CVE-2015-8761 | 1 Values Project | 1 Values | 2025-04-12 | N/A |
| The Values module 7.x-1.x before 7.x-1.2 for Drupal does not properly check permissions, which allows remote administrators with the "Import value sets" permission to execute arbitrary PHP code via the exported values list in a ctools import. | ||||