Search Results (6988 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-2119 2 Redhat, Samba 3 Enterprise Linux, Storage, Samba 2025-04-12 7.5 High
libcli/smb/smbXcli_base.c in Samba 4.x before 4.2.14, 4.3.x before 4.3.11, and 4.4.x before 4.4.5 allows man-in-the-middle attackers to bypass a client-signing protection mechanism, and consequently spoof SMB2 and SMB3 servers, via the (1) SMB2_SESSION_FLAG_IS_GUEST or (2) SMB2_SESSION_FLAG_IS_NULL flag.
CVE-2014-2921 1 Pimcore 1 Pimcore 2025-04-12 N/A
The getObjectByToken function in Newsletter.php in the Pimcore_Tool_Newsletter module in pimcore 1.4.9 through 2.0.0 does not properly handle an object obtained by unserializing Lucene search data, which allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via vectors involving a Zend_Pdf_ElementFactory_Proxy object and a pathname with a trailing \0 character.
CVE-2012-2301 1 Ubercart 1 Ubercart 2025-04-12 N/A
The Ubercart module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the "administer product classes" permission to execute arbitrary PHP code via unspecified vectors.
CVE-2012-5649 1 Apache 1 Couchdb 2025-04-12 N/A
Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to execute arbitrary code via a JSONP callback, related to Adobe Flash.
CVE-2016-9949 2 Apport Project, Canonical 2 Apport, Ubuntu Linux 2025-04-12 N/A
An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "{". This allows remote attackers to execute arbitrary Python code.
CVE-2013-4444 1 Apache 1 Tomcat 2025-04-12 N/A
Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file.
CVE-2013-4581 1 Gitlab 2 Gitlab, Gitlab-shell 2025-04-12 N/A
GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote attackers to execute arbitrary code via a crafted change using SSH.
CVE-2013-4537 1 Qemu 1 Qemu 2025-04-12 N/A
The ssi_sd_transfer function in hw/sd/ssi-sd.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted arglen value in a savevm image.
CVE-2013-5036 1 Squash 1 Square Squash 2025-04-12 N/A
The Square Squash allows remote attackers to execute arbitrary code via a YAML document in the (1) namespace parameter to the deobfuscation function or (2) sourcemap parameter to the sourcemap function in app/controllers/api/v1_controller.rb.
CVE-2013-5352 1 Sharetronix 1 Sharetronix 2025-04-12 N/A
Sharetronix 3.1.1.3, 3.1.1, and earlier allows remote attackers to execute arbitrary PHP code via the (1) activities_text parameter to services/activities/set or (2) comments_text parameter to services/comments/set, which is not properly handled when executing the preg_replace function with the e modifier.
CVE-2013-6309 1 Ibm 1 Marketing Platform 2025-04-12 N/A
IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to hijack sessions, and consequently read records, modify records, or conduct transactions, via an unspecified link injection.
CVE-2014-0057 1 Redhat 3 Cloudforms, Cloudforms 3.0 Management Engine, Cloudforms Managementengine 2025-04-12 N/A
The x_button method in the ServiceController (vmdb/app/controllers/service_controller.rb) in Red Hat CloudForms 3.0 Management Engine 5.2 allows remote attackers to execute arbitrary methods via unspecified vectors.
CVE-2014-0111 1 Apache 1 Syncope 2025-04-12 N/A
Apache Syncope 1.0.0 before 1.0.9 and 1.1.0 before 1.1.7 allows remote administrators to execute arbitrary Java code via vectors related to Apache Commons JEXL expressions, "derived schema definition," "user / role templates," and "account links of resource mappings."
CVE-2014-0472 3 Canonical, Djangoproject, Redhat 3 Ubuntu Linux, Django, Openstack 2025-04-12 N/A
The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a "dotted Python path."
CVE-2014-0479 2 Canonical, Debian 2 Reportbug, Reportbug 2025-04-12 N/A
reportbug before 6.4.4+deb7u1 and 6.5.x before 6.5.0+nmu1 allows remote attackers to execute arbitrary commands via vectors related to compare_versions and reportbug/checkversions.py.
CVE-2014-0485 1 S3ql Project 1 S3ql 2025-04-12 N/A
S3QL 1.18.1 and earlier uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object in (1) common.py or (2) local.py in backends/.
CVE-2014-1939 2 Google, Lenovo 2 Android, Shareit 2025-04-12 N/A
java/android/webkit/BrowserFrame.java in Android before 4.4 uses the addJavascriptInterface API in conjunction with creating an object of the SearchBoxImpl class, which allows attackers to execute arbitrary Java code by leveraging access to the searchBoxJavaBridge_ interface at certain Android API levels.
CVE-2014-1999 1 Fuelphp 1 Fuelphp 2025-04-12 N/A
The auto-format feature in the Request_Curl class in FuelPHP 1.1 through 1.7.1 allows remote attackers to execute arbitrary code via a crafted response.
CVE-2014-1979 2 Google, Nttdocomo 2 Android, Spmode Mail Android 2025-04-12 N/A
The NTT DOCOMO sp mode mail application 5900 through 6300 for Android 4.0.x and 6000 through 6620 for Android 4.1 through 4.4 allows remote attackers to execute arbitrary Java methods via Deco-mail emoticon POP data in an e-mail message.
CVE-2014-2866 1 Paperthin 1 Commonspot Content Server 2025-04-12 N/A
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 relies on client JavaScript code for access restrictions, which allows remote attackers to perform unspecified operations by modifying this code.