Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
arbitrary code vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-1585
Apple QuickTime prior to 7.5 uses the url.dll!FileProtocolHandler handler for unrecognized URIs in qt:next attributes within SMIL text in video files, which sends these URIs to explorer.exe and thereby allows remote malicious users to execute arbitrary programs, as originally dem...
Apple Quicktime
NA
CVE-2013-7050
The get_main_source_dir function in scripts/uscan.pl in devscripts prior to 2.13.8, when using USCAN_EXCLUSION, allows remote malicious users to execute arbitrary commands via shell metacharacters in a directory name.
Devscripts Devel Team Devscripts 2.13.5
Devscripts Devel Team Devscripts 2.13.2
Devscripts Devel Team Devscripts
Devscripts Devel Team Devscripts 2.13.4
Devscripts Devel Team Devscripts 2.13.1
Devscripts Devel Team Devscripts 2.13.0
Devscripts Devel Team Devscripts 2.13.6
Devscripts Devel Team Devscripts 2.13.3
8.8
CVSSv3
CVE-2013-7325
An issue exists in uscan in devscripts prior to 2.13.19, which could let a remote malicious user execute arbitrary code via a crafted tarball.
Debian Devscripts
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
NA
CVE-2003-0372
Signed integer vulnerability in libnasl in Nessus prior to 2.0.6 allows local users with plugin upload privileges to cause a denial of service (core dump) and possibly execute arbitrary code by causing a negative argument to be provided to the insstr function as used in a NASL sc...
Nessus Nessus
1 EDB exploit
8.8
CVSSv3
CVE-2023-42222
WebCatalog prior to 49.0 is vulnerable to Incorrect Access Control. WebCatalog calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances.
Webcatalog Webcatalog
1 Github repository
NA
CVE-2013-4495
The send_the_mail function in server/svr_mail.c in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) prior to 4.2.6 allows remote malicious users to execute arbitrary commands via shell metacharacters in the email (-M switch) to qsub.
Adaptivecomputing Torque Resource Manager
Adaptivecomputing Torque Resource Manager 4.1.5.1
Adaptivecomputing Torque Resource Manager 4.1.3
Adaptivecomputing Torque Resource Manager 3.0.4
Adaptivecomputing Torque Resource Manager 3.0.3
Adaptivecomputing Torque Resource Manager 2.5.6
Adaptivecomputing Torque Resource Manager 2.5.5
Adaptivecomputing Torque Resource Manager 2.5.10
Adaptivecomputing Torque Resource Manager 2.5.1
Adaptivecomputing Torque Resource Manager 2.5.0
Adaptivecomputing Torque Resource Manager 2.4.3
Adaptivecomputing Torque Resource Manager 2.4.2
Adaptivecomputing Torque Resource Manager 2.4.11
Adaptivecomputing Torque Resource Manager 2.4.10
Adaptivecomputing Torque Resource Manager 2.3.3
Adaptivecomputing Torque Resource Manager 2.3.2
Adaptivecomputing Torque Resource Manager 2.3.13
Adaptivecomputing Torque Resource Manager 2.2.0
Adaptivecomputing Torque Resource Manager 2.1.9
Adaptivecomputing Torque Resource Manager 2.1.10
Adaptivecomputing Torque Resource Manager 2.0.0
Adaptivecomputing Torque Resource Manager 4.2.4.1
NA
CVE-2012-1826
dotCMS 1.9 prior to 1.9.5.1 allows remote authenticated users to execute arbitrary Java code via a crafted (1) XSLT or (2) Velocity template.
Dotcms Dotcms 1.9.2.1
Dotcms Dotcms 1.9
9.8
CVSSv3
CVE-2022-29464
Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /fileupload endpoint with a Content-Disposition directory traversal sequence to reach a directory under the web root, such as a ../../../../repository/deployment/ser...
Wso2 Identity Server Analytics 5.5.0
Wso2 Identity Server Analytics 5.4.1
Wso2 Identity Server Analytics 5.6.0
Wso2 Identity Server Analytics 5.4.0
Wso2 Api Manager
Wso2 Identity Server
Wso2 Enterprise Integrator
Wso2 Identity Server As Key Manager
31 Github repositories
7.8
CVSSv3
CVE-2019-20357
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vul...
Trendmicro Antivirus \\+ Security 2019 15.0
Trendmicro Antivirus \\+ Security 2020 16.0
Trendmicro Internet Security 2019 15.0
Trendmicro Internet Security 2020 16.0
Trendmicro Maximum Security 2019 15.0
Trendmicro Maximum Security 2020 16.0
Trendmicro Premium Security 2019 15.0
Trendmicro Premium Security 2020 16.0
NA
CVE-2011-2040
The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) prior to 2.5.3041, and 3.0.x prior to 3.0.629, on Linux and Mac OS X downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote m...
Cisco Anyconnect Secure Mobility Client 2.3
Cisco Anyconnect Secure Mobility Client 2.3.2016
Cisco Anyconnect Secure Mobility Client
Cisco Anyconnect Secure Mobility Client 2.5.2018
Cisco Anyconnect Secure Mobility Client 2.5.1025
Cisco Anyconnect Secure Mobility Client 3.0
Cisco Anyconnect Secure Mobility Client 2.2.128
Cisco Anyconnect Secure Mobility Client 2.0
Cisco Anyconnect Secure Mobility Client 2.4
Cisco Anyconnect Secure Mobility Client 2.4.1012
Cisco Anyconnect Secure Mobility Client 2.5.2011
Cisco Anyconnect Secure Mobility Client 2.5.2010
Cisco Anyconnect Secure Mobility Client 2.2
Cisco Anyconnect Secure Mobility Client 2.1
Cisco Anyconnect Secure Mobility Client 2.2.140
Cisco Anyconnect Secure Mobility Client 2.4.0202
Cisco Anyconnect Secure Mobility Client 2.5
Cisco Anyconnect Secure Mobility Client 2.5.2006
Cisco Anyconnect Secure Mobility Client 2.5.2001
Cisco Anyconnect Secure Mobility Client 2.2.136
Cisco Anyconnect Secure Mobility Client 2.2.133
Cisco Anyconnect Secure Mobility Client 2.3.254
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »