Search Results (6987 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-7102 1 Owncloud 1 Owncloud Desktop Client 2025-04-20 N/A
ownCloud Desktop before 2.2.3 allows local users to execute arbitrary code and possibly gain privileges via a Trojan library in a "special path" in the C: drive.
CVE-2016-1602 1 Suse 3 Linux Enterprise Desktop, Linux Enterprise Server, Suse Linux Enterprise Server 2025-04-20 N/A
A code injection in the supportconfig data collection tool in supportutils in SUSE Linux Enterprise Server 12 and 12-SP1 and SUSE Linux Enterprise Desktop 12 and 12-SP1 could be used by local attackers to execute code as the user running supportconfig (usually root).
CVE-2015-9227 1 Alegrocart 1 Alegrocart 2025-04-20 N/A
PHP remote file inclusion vulnerability in the get_file function in upload/admin2/controller/report_logs.php in AlegroCart 1.2.8 allows remote administrators to execute arbitrary PHP code via a URL in the file_path parameter to upload/admin2.
CVE-2015-8771 1 Gosa Project 1 Gosa Plugin 2025-04-20 N/A
The generate_smb_nt_hash function in include/functions.inc in GOsa allows remote attackers to execute arbitrary commands via a crafted password.
CVE-2015-3640 1 Phpmybackuppro 1 Phpmybackuppro 2025-04-20 N/A
phpMyBackupPro 2.5 and earlier does not properly escape the "." character in request parameters, which allows remote authenticated users with knowledge of a web-accessible and web-writeable directory on the target system to inject and execute arbitrary PHP scripts by injecting scripts via the path, filename, and dirs parameters to scheduled.php, and making requests to injected scripts.
CVE-2015-3638 1 Phpmybackuppro 1 Phpmybackuppro 2025-04-20 N/A
phpMyBackupPro before 2.5 does not validate integer input, which allows remote authenticated users to execute arbitrary PHP code by injecting scripts via the path, filename, and period parameters to scheduled.php, and making requests to injected scripts, or by injecting PHP into a PHP configuration variable via a PHP variable variable.
CVE-2014-8872 1 Avm 4 Fritz\!box 6810 Lte, Fritz\!box 6810 Lte Firmware, Fritz\!box 6840 Lte and 1 more 2025-04-20 N/A
Improper Verification of Cryptographic Signature in AVM FRITZ!Box 6810 LTE after firmware 5.22, FRITZ!Box 6840 LTE after firmware 5.23, and other models with firmware 5.50.
CVE-2014-3582 1 Apache 1 Ambari 2025-04-20 N/A
In Ambari 1.2.0 through 2.2.2, it may be possible to execute arbitrary system commands on the Ambari Server host while generating SSL certificates for hosts in an Ambari cluster.
CVE-2022-23503 1 Typo3 1 Typo3 2025-04-18 7.5 High
TYPO3 is an open source PHP based web content management system. Versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are vulnerable to Code Injection. Due to the lack of separating user-submitted data from the internal configuration in the Form Designer backend module, it is possible to inject code instructions to be processed and executed via TypoScript as PHP code. The existence of individual TypoScript instructions for a particular form item and a valid backend user account with access to the form module are needed to exploit this vulnerability. This issue is patched in versions 8.7.49 ELTS, 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1.
CVE-2024-40673 1 Google 1 Android 2025-04-18 6.5 Medium
In Source of ZipFile.java, there is a possible way for an attacker to execute arbitrary code by manipulating Dynamic Code Loading due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-48236 1 Ofcms Project 1 Ofcms 2025-04-18 6.5 Medium
An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary code via the FileOutputStream function in the write String method of the ofcms-admin\src\main\java\com\ofsoft\cms\core\uitle\FileUtils.java file
CVE-2024-48235 1 Ofcms Project 1 Ofcms 2025-04-18 6.5 Medium
An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary code via the save method of the TemplateController.java file.
CVE-2023-51018 1 Totolink 2 Ex1800t, Ex1800t Firmware 2025-04-17 9.8 Critical
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘opmode’ parameter of the setWiFiApConfig interface of the cstecgi .cgi.
CVE-2023-41783 1 Zte 1 Zxcloud Irai 2025-04-17 4.3 Medium
There is a command injection vulnerability of ZTE's ZXCLOUD iRAI. Due to the  program  failed to adequately validate the user's input, an attacker could exploit this vulnerability  to escalate local privileges.
CVE-2022-23474 1 Codex 1 Editor.js 2025-04-17 6.1 Medium
Editor.js is a block-style editor with clean JSON output. Versions prior to 2.26.0 are vulnerable to Code Injection via pasted input. The processHTML method passes pasted input into wrapper’s innerHTML. This issue is patched in version 2.26.0.
CVE-2021-22646 1 Ovarro 15 Tbox Lt2-530, Tbox Lt2-530 Firmware, Tbox Lt2-532 and 12 more 2025-04-17 8.8 High
The “ipk” package containing the configuration created by TWinSoft can be uploaded, extracted, and executed in Ovarro TBox, allowing malicious code execution.
CVE-2022-43486 1 Buffalo 26 Wcr-1166ds, Wcr-1166ds Firmware, Wex-1800ax4 and 23 more 2025-04-17 6.8 Medium
Hidden functionality vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to enable the debug functionalities and execute an arbitrary command on the affected devices.
CVE-2024-54804 1 Netgear 2 Wnr854t, Wnr854t Firmware 2025-04-17 9.8 Critical
Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. An attacker can send a specially crafted request to post.cgi, updating the nvram parameter wan_hostname and forcing a reboot. This will result in command injection.
CVE-2024-54805 1 Netgear 2 Wnr854t, Wnr854t Firmware 2025-04-17 9.8 Critical
Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. An attacker can send a specially crafted request to post.cgi, updating the nvram parameter get_email. After which, they can visit the send_log.cgi endpoint which uses the parameter in a system call to achieve command execution.
CVE-2024-54806 1 Netgear 2 Wnr854t, Wnr854t Firmware 2025-04-17 9.8 Critical
Netgear WNR854T 1.5.2 (North America) is vulnerable to Arbitrary command execution in cmd.cgi which allows for the execution of system commands via the web interface.