Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
arbitrary code vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-6619
Unrestricted file upload vulnerability in class/ApplyDB.php in ClassSystem 2.3 allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in class/UploadHomepage/.
Netlab Classsystem 2.3
1 EDB exploit
NA
CVE-2011-2745
upload_handler.php in the swfupload extension in Chyrp 2.0 and previous versions relies on client-side JavaScript code to restrict the file extensions of uploaded files, which allows remote authenticated users to upload a .php file, and consequently execute arbitrary PHP code, vi...
Chyrp Chyrp
1 EDB exploit
7.8
CVSSv3
CVE-2019-1605
A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, local malicious user to execute arbitrary code as root. The vulnerability is due to incorrect input validation in the NX-API feature. An attacker could exploit this vulnerability by sendin...
Cisco Nx-os
9.8
CVSSv3
CVE-2022-29464
Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /fileupload endpoint with a Content-Disposition directory traversal sequence to reach a directory under the web root, such as a ../../../../repository/deployment/ser...
Wso2 Identity Server Analytics 5.5.0
Wso2 Identity Server Analytics 5.4.1
Wso2 Identity Server Analytics 5.6.0
Wso2 Identity Server Analytics 5.4.0
Wso2 Api Manager
Wso2 Identity Server
Wso2 Enterprise Integrator
Wso2 Identity Server As Key Manager
32 Github repositories
7.8
CVSSv3
CVE-2023-31873
Gin 0.7.4 allows execution of arbitrary code when a crafted file is opened, e.g., via require('child_process').
Gin Project Gin 0.7.4
NA
CVE-2013-7050
The get_main_source_dir function in scripts/uscan.pl in devscripts prior to 2.13.8, when using USCAN_EXCLUSION, allows remote malicious users to execute arbitrary commands via shell metacharacters in a directory name.
Devscripts Devel Team Devscripts 2.13.5
Devscripts Devel Team Devscripts 2.13.2
Devscripts Devel Team Devscripts
Devscripts Devel Team Devscripts 2.13.4
Devscripts Devel Team Devscripts 2.13.1
Devscripts Devel Team Devscripts 2.13.0
Devscripts Devel Team Devscripts 2.13.6
Devscripts Devel Team Devscripts 2.13.3
8.8
CVSSv3
CVE-2023-42222
WebCatalog prior to 49.0 is vulnerable to Incorrect Access Control. WebCatalog calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances.
Webcatalog Webcatalog
1 Github repository
NA
CVE-2010-3036
Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services prior to 4.0 allow remote malicious users to execute arbitrary code via a session on TCP port (1) 443 or (2) 1741, aka Bug ID CSCti41352.
Cisco Ciscoworks Common Services 3.2
Cisco Ciscoworks Common Services 3.3
Cisco Ciscoworks Common Services 3.0.5
Cisco Ciscoworks Common Services 3.0.6
Cisco Ciscoworks Common Services 3.1
Cisco Ciscoworks Common Services 3.1.1
Cisco Unified Operations Manager 2.0.2
Cisco Unified Operations Manager 2.0.3
Cisco Ciscoworks Lan Management Solution 3.0
Cisco Ciscoworks Lan Management Solution 3.1
Cisco Unified Service Monitor 2.0.1
Cisco Qos Policy Manager 4.0
Cisco Ciscoworks Lan Management Solution 3.2
Cisco Security Manager 3.0.2
Cisco Security Manager 3.2
Cisco Qos Policy Manager 4.0.1
Cisco Qos Policy Manager 4.0.2
Cisco Telepresence Readiness Assessment Manager 1.0
Cisco Unified Operations Manager 2.0.1
Cisco Ciscoworks Lan Management Solution 2.6
NA
CVE-2001-0400
nph-maillist.pl allows remote malicious users to execute arbitrary commands via shell metacharacters ("`") in the email address.
Matt Tourtillott Nph-maillist 3.0
Matt Tourtillott Nph-maillist 3.5
1 EDB exploit
NA
CVE-2008-2960
Cross-site scripting (XSS) vulnerability in phpMyAdmin prior to 2.11.7, when register_globals is enabled and .htaccess support is disabled, allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors involving scripts in libraries/.
Phpmyadmin Phpmyadmin 2.10.0
Phpmyadmin Phpmyadmin 2.10.0.1
Phpmyadmin Phpmyadmin 2.11.0rc1
Phpmyadmin Phpmyadmin 2.11.1
Phpmyadmin Phpmyadmin 2.11.3
Phpmyadmin Phpmyadmin 2.11.3rc1
Phpmyadmin Phpmyadmin 2.11.6
Phpmyadmin Phpmyadmin 2.11.6rc1
Phpmyadmin Phpmyadmin 2.10.3
Phpmyadmin Phpmyadmin 2.10.3rc1
Phpmyadmin Phpmyadmin 2.11.1rc1
Phpmyadmin Phpmyadmin 2.11.2
Phpmyadmin Phpmyadmin 2.11.5
Phpmyadmin Phpmyadmin 2.11.5.1
Phpmyadmin Phpmyadmin 2.10.0.2
Phpmyadmin Phpmyadmin 2.10.1
Phpmyadmin Phpmyadmin 2.10.2
Phpmyadmin Phpmyadmin 2.11.1.1
Phpmyadmin Phpmyadmin 2.11.1.2
Phpmyadmin Phpmyadmin 2.11.4
Phpmyadmin Phpmyadmin 2.11.4rc1
Phpmyadmin Phpmyadmin 2.11.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »