Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
arbitrary code vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2001-1290
admin.cgi in Active Classifieds Free Edition 1.0, and possibly commercial versions, allows remote malicious users to modify the configuration, gain privileges, and execute arbitrary Perl code via the table_width parameter.
Active Web Suite Technologies Active Classifieds 1.0
1 EDB exploit
NA
CVE-2008-6619
Unrestricted file upload vulnerability in class/ApplyDB.php in ClassSystem 2.3 allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in class/UploadHomepage/.
Netlab Classsystem 2.3
1 EDB exploit
NA
CVE-2011-2745
upload_handler.php in the swfupload extension in Chyrp 2.0 and previous versions relies on client-side JavaScript code to restrict the file extensions of uploaded files, which allows remote authenticated users to upload a .php file, and consequently execute arbitrary PHP code, vi...
Chyrp Chyrp
1 EDB exploit
7.8
CVSSv3
CVE-2019-1605
A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, local malicious user to execute arbitrary code as root. The vulnerability is due to incorrect input validation in the NX-API feature. An attacker could exploit this vulnerability by sendin...
Cisco Nx-os
NA
CVE-2002-0688
ZCatalog plug-in index support capability for Zope 2.4.0 up to and including 2.5.1 allows anonymous users and untrusted code to bypass access restrictions and call arbitrary methods of catalog indexes.
Zope Zope 2.4.0
Zope Zope 2.5.1
NA
CVE-2013-4495
The send_the_mail function in server/svr_mail.c in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) prior to 4.2.6 allows remote malicious users to execute arbitrary commands via shell metacharacters in the email (-M switch) to qsub.
Adaptivecomputing Torque Resource Manager 3.0.3
Adaptivecomputing Torque Resource Manager 2.4.4
Adaptivecomputing Torque Resource Manager 4.2.3
Adaptivecomputing Torque Resource Manager 2.5.5
Adaptivecomputing Torque Resource Manager 2.5.6
Adaptivecomputing Torque Resource Manager 4.2.2
Adaptivecomputing Torque Resource Manager 2.1.3
Adaptivecomputing Torque Resource Manager 2.4.16
Adaptivecomputing Torque Resource Manager 3.0.4
Adaptivecomputing Torque Resource Manager 2.4.17
Adaptivecomputing Torque Resource Manager 2.3.5
Adaptivecomputing Torque Resource Manager 2.3.9
Adaptivecomputing Torque Resource Manager 2.5.2
Adaptivecomputing Torque Resource Manager 3.0.0
Adaptivecomputing Torque Resource Manager 2.3.6
Adaptivecomputing Torque Resource Manager 2.5.0
Adaptivecomputing Torque Resource Manager 4.1.7
Adaptivecomputing Torque Resource Manager 4.2.4.1
Adaptivecomputing Torque Resource Manager 2.4.13
Adaptivecomputing Torque Resource Manager 2.3.11
Adaptivecomputing Torque Resource Manager 2.4.5
Adaptivecomputing Torque Resource Manager 2.5.4
NA
CVE-2008-2960
Cross-site scripting (XSS) vulnerability in phpMyAdmin prior to 2.11.7, when register_globals is enabled and .htaccess support is disabled, allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors involving scripts in libraries/.
Phpmyadmin Phpmyadmin 2.10.3rc1
Phpmyadmin Phpmyadmin 2.11.4
Phpmyadmin Phpmyadmin 2.11.0rc1
Phpmyadmin Phpmyadmin 2.11.1.2
Phpmyadmin Phpmyadmin 2.11.5.1
Phpmyadmin Phpmyadmin 2.11.3rc1
Phpmyadmin Phpmyadmin 2.11.1
Phpmyadmin Phpmyadmin 2.10.0.1
Phpmyadmin Phpmyadmin 2.11.6rc1
Phpmyadmin Phpmyadmin 2.10.2
Phpmyadmin Phpmyadmin 2.11.1rc1
Phpmyadmin Phpmyadmin 2.10.0.2
Phpmyadmin Phpmyadmin 2.10.3
Phpmyadmin Phpmyadmin 2.11.2
Phpmyadmin Phpmyadmin 2.11.5
Phpmyadmin Phpmyadmin 2.11.5.2
Phpmyadmin Phpmyadmin 2.11.2.2
Phpmyadmin Phpmyadmin 2.11.4rc1
Phpmyadmin Phpmyadmin 2.11.5rc1
Phpmyadmin Phpmyadmin 2.11.3
Phpmyadmin Phpmyadmin 2.11.2.1
Phpmyadmin Phpmyadmin 2.10.1
9.8
CVSSv3
CVE-2022-29464
Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /fileupload endpoint with a Content-Disposition directory traversal sequence to reach a directory under the web root, such as a ../../../../repository/deployment/ser...
Wso2 Identity Server Analytics 5.5.0
Wso2 Identity Server Analytics 5.4.1
Wso2 Identity Server Analytics 5.6.0
Wso2 Identity Server Analytics 5.4.0
Wso2 Api Manager
Wso2 Identity Server
Wso2 Enterprise Integrator
Wso2 Identity Server As Key Manager
32 Github repositories
NA
CVE-2008-1585
Apple QuickTime prior to 7.5 uses the url.dll!FileProtocolHandler handler for unrecognized URIs in qt:next attributes within SMIL text in video files, which sends these URIs to explorer.exe and thereby allows remote malicious users to execute arbitrary programs, as originally dem...
Apple Quicktime
NA
CVE-2011-2040
The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) prior to 2.5.3041, and 3.0.x prior to 3.0.629, on Linux and Mac OS X downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote m...
Cisco Anyconnect Secure Mobility Client
Cisco Anyconnect Secure Mobility Client 2.0
Cisco Anyconnect Secure Mobility Client 2.1
Cisco Anyconnect Secure Mobility Client 2.2
Cisco Anyconnect Secure Mobility Client 2.2.128
Cisco Anyconnect Secure Mobility Client 2.2.133
Cisco Anyconnect Secure Mobility Client 2.2.136
Cisco Anyconnect Secure Mobility Client 2.2.140
Cisco Anyconnect Secure Mobility Client 2.3
Cisco Anyconnect Secure Mobility Client 2.3.185
Cisco Anyconnect Secure Mobility Client 2.3.254
Cisco Anyconnect Secure Mobility Client 2.3.2016
Cisco Anyconnect Secure Mobility Client 2.4
Cisco Anyconnect Secure Mobility Client 2.4.0202
Cisco Anyconnect Secure Mobility Client 2.4.1012
Cisco Anyconnect Secure Mobility Client 2.5
Cisco Anyconnect Secure Mobility Client 2.5.1025
Cisco Anyconnect Secure Mobility Client 2.5.2001
Cisco Anyconnect Secure Mobility Client 2.5.2006
Cisco Anyconnect Secure Mobility Client 2.5.2010
Cisco Anyconnect Secure Mobility Client 2.5.2011
Cisco Anyconnect Secure Mobility Client 2.5.2014
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »