Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
code execution vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2019-19509
An issue exists in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a GET request to ajaxArchiveFiles.php because the path parameter is passed to the exec function without filtering, which can lead to command execution.
Rconfig Rconfig 3.9.3
1 EDB exploit
1 Github repository
9.8
CVSSv3
CVE-2017-14143
The getUserzoneCookie function in Kaltura prior to 13.2.0 uses a hardcoded cookie secret to validate cookie signatures, which allows remote malicious users to bypass an intended protection mechanism and consequently conduct PHP object injection attacks and execute arbitrary PHP c...
Kaltura Kaltura Server
2 EDB exploits
NA
CVE-2011-3230
Apple Safari prior to 5.1.1 on Mac OS X does not enforce an intended policy for file: URLs, which allows remote malicious users to execute arbitrary code via a crafted web site.
Apple Safari
Apple Safari 5.0.6
Apple Safari 4.1.2
Apple Safari 4.1.1
Apple Safari 4.1
Apple Safari 4.0.0b
Apple Safari 4.0
Apple Safari 3.1.2b
Apple Safari 3.1.2
Apple Safari 3.0.4b
Apple Safari 3.0.4
Apple Safari 3.0.2b
Apple Safari 3.0.2
Apple Safari 3.0.0b
Apple Safari 2.0.3
Apple Safari 2
Apple Safari 1.3.2
Apple Safari 1.2.4
Apple Safari 1.2.3
Apple Safari 1.0b1
Apple Safari 1.0
Apple Safari 1.0.0b2
1 EDB exploit
8.8
CVSSv3
CVE-2018-1133
An issue exists in Moodle 3.x. A Teacher creating a Calculated question can intentionally cause remote code execution on the server, aka eval injection.
Moodle Moodle
1 EDB exploit
4 Github repositories
7.5
CVSSv3
CVE-2018-19585
GitLab CE/EE versions 8.18 up to 11.x prior to 11.3.11, 11.4.x prior to 11.4.8, and 11.5.x prior to 11.5.1 have CRLF Injection in Project Mirroring when using the Git protocol.
Gitlab Gitlab
5 Github repositories
8.8
CVSSv3
CVE-2019-14422
An issue exists in in TortoiseSVN 1.12.1. The Tsvncmd: URI handler allows a customised diff operation on Excel workbooks, which could be used to open remote workbooks without protection from macro security settings to execute arbitrary code. A tsvncmd:command:diff?path:[file1]?pa...
Tortoisesvn Tortoisesvn 1.12.1
1 EDB exploit
7.7
CVSSv3
CVE-2018-19571
GitLab CE/EE, versions 8.18 up to 11.x prior to 11.3.11, 11.4 prior to 11.4.8, and 11.5 prior to 11.5.1, are vulnerable to an SSRF vulnerability in webhooks.
Gitlab Gitlab
6 Github repositories
8.8
CVSSv3
CVE-2019-13024
Centreon 18.x prior to 18.10.6, 19.x prior to 19.04.3, and Centreon web prior to 2.8.29 allows the malicious user to execute arbitrary system commands by using the value "init_script"-"Monitoring Engine Binary" in main.get.php to insert a arbitrary command int...
Centreon Centreon 19.04.0
1 EDB exploit
4 Github repositories
8.8
CVSSv3
CVE-2012-1496
Local file inclusion in WebCalendar prior to 1.2.5.
Webcalendar Project Webcalendar
1 EDB exploit
6.1
CVSSv3
CVE-2018-11522
Yosoro 1.0.4 has stored XSS.
Yosoro Project Yosoro 1.0.4
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
firmware
CVE-2023-52866
CVE-2024-4367
CVE-2024-1721
CVE-2023-34992
XML injection
CVE-2023-52817
SQL
CVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »