Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
arbitrary code vulnerabilities and exploits
(subscribe to this query)
6
CVSSv2
CVE-2012-1826
dotCMS 1.9 prior to 1.9.5.1 allows remote authenticated users to execute arbitrary Java code via a crafted (1) XSLT or (2) Velocity template.
Dotcms Dotcms 1.9.2.1
Dotcms Dotcms 1.9
5
CVSSv2
CVE-2020-5849
Unraid 6.8.0 allows authentication bypass.
Unraid Unraid 6.8.0
1 Github repository
2.6
CVSSv2
CVE-2008-2960
Cross-site scripting (XSS) vulnerability in phpMyAdmin prior to 2.11.7, when register_globals is enabled and .htaccess support is disabled, allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors involving scripts in libraries/.
Phpmyadmin Phpmyadmin 2.10.0
Phpmyadmin Phpmyadmin 2.10.0.1
Phpmyadmin Phpmyadmin 2.11.0rc1
Phpmyadmin Phpmyadmin 2.11.1
Phpmyadmin Phpmyadmin 2.11.3
Phpmyadmin Phpmyadmin 2.11.3rc1
Phpmyadmin Phpmyadmin 2.11.6
Phpmyadmin Phpmyadmin 2.11.6rc1
Phpmyadmin Phpmyadmin 2.10.3
Phpmyadmin Phpmyadmin 2.10.3rc1
Phpmyadmin Phpmyadmin 2.11.1rc1
Phpmyadmin Phpmyadmin 2.11.2
Phpmyadmin Phpmyadmin 2.11.5
Phpmyadmin Phpmyadmin 2.11.5.1
Phpmyadmin Phpmyadmin 2.10.0.2
Phpmyadmin Phpmyadmin 2.10.1
Phpmyadmin Phpmyadmin 2.10.2
Phpmyadmin Phpmyadmin 2.11.1.1
Phpmyadmin Phpmyadmin 2.11.1.2
Phpmyadmin Phpmyadmin 2.11.4
Phpmyadmin Phpmyadmin 2.11.4rc1
Phpmyadmin Phpmyadmin 2.11.0
6.5
CVSSv2
CVE-2013-7325
An issue exists in uscan in devscripts prior to 2.13.19, which could let a remote malicious user execute arbitrary code via a crafted tarball.
Debian Devscripts
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
4.6
CVSSv2
CVE-2003-0372
Signed integer vulnerability in libnasl in Nessus prior to 2.0.6 allows local users with plugin upload privileges to cause a denial of service (core dump) and possibly execute arbitrary code by causing a negative argument to be provided to the insstr function as used in a NASL sc...
Nessus Nessus
1 EDB exploit
7.5
CVSSv2
CVE-2005-2612
Direct code injection vulnerability in WordPress 1.5.1.3 and previous versions allows remote malicious users to execute arbitrary PHP code via the cache_lastpostdate[server] cookie.
Wordpress Wordpress 1.5.1
Wordpress Wordpress 1.5.1.2
Wordpress Wordpress 1.5.1.3
Wordpress Wordpress 1.0
Wordpress Wordpress 1.0.1
Wordpress Wordpress 1.2
Wordpress Wordpress 1.0.2
Wordpress Wordpress 1.5
1 EDB exploit
6.8
CVSSv2
CVE-2008-1585
Apple QuickTime prior to 7.5 uses the url.dll!FileProtocolHandler handler for unrecognized URIs in qt:next attributes within SMIL text in video files, which sends these URIs to explorer.exe and thereby allows remote malicious users to execute arbitrary programs, as originally dem...
Apple Quicktime
9.3
CVSSv2
CVE-2011-2040
The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) prior to 2.5.3041, and 3.0.x prior to 3.0.629, on Linux and Mac OS X downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote m...
Cisco Anyconnect Secure Mobility Client 2.3
Cisco Anyconnect Secure Mobility Client 2.3.2016
Cisco Anyconnect Secure Mobility Client
Cisco Anyconnect Secure Mobility Client 2.5.2018
Cisco Anyconnect Secure Mobility Client 2.5.1025
Cisco Anyconnect Secure Mobility Client 3.0
Cisco Anyconnect Secure Mobility Client 2.2.128
Cisco Anyconnect Secure Mobility Client 2.0
Cisco Anyconnect Secure Mobility Client 2.4
Cisco Anyconnect Secure Mobility Client 2.4.1012
Cisco Anyconnect Secure Mobility Client 2.5.2011
Cisco Anyconnect Secure Mobility Client 2.5.2010
Cisco Anyconnect Secure Mobility Client 2.2
Cisco Anyconnect Secure Mobility Client 2.1
Cisco Anyconnect Secure Mobility Client 2.2.140
Cisco Anyconnect Secure Mobility Client 2.4.0202
Cisco Anyconnect Secure Mobility Client 2.5
Cisco Anyconnect Secure Mobility Client 2.5.2006
Cisco Anyconnect Secure Mobility Client 2.5.2001
Cisco Anyconnect Secure Mobility Client 2.2.136
Cisco Anyconnect Secure Mobility Client 2.2.133
Cisco Anyconnect Secure Mobility Client 2.3.254
6.8
CVSSv2
CVE-2013-7050
The get_main_source_dir function in scripts/uscan.pl in devscripts prior to 2.13.8, when using USCAN_EXCLUSION, allows remote malicious users to execute arbitrary commands via shell metacharacters in a directory name.
Devscripts Devel Team Devscripts 2.13.5
Devscripts Devel Team Devscripts 2.13.2
Devscripts Devel Team Devscripts
Devscripts Devel Team Devscripts 2.13.4
Devscripts Devel Team Devscripts 2.13.1
Devscripts Devel Team Devscripts 2.13.0
Devscripts Devel Team Devscripts 2.13.6
Devscripts Devel Team Devscripts 2.13.3
6.8
CVSSv2
CVE-2011-2657
Directory traversal vulnerability in the LaunchProcess function in the LaunchHelp.HelpLauncher.1 ActiveX control in LaunchHelp.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.2, 10.3, and 11 SP1 allows remote malicious users to execute arbitrary commands v...
Novell Zenworks Configuration Management 10.2
Novell Zenworks Configuration Management 10.3
Novell Zenworks Configuration Management 11
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
7
8
9
10
NEXT »