Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
code injection vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2019-16701
pfSense up to and including 2.3.4 up to and including 2.4.4-p3 allows Remote Code Injection via a methodCall XML document with a pfsense.exec_php call containing shell metacharacters in a parameter value.
Netgate Pfsense 2.4.4
Netgate Pfsense
1 EDB exploit
8.1
CVSSv3
CVE-2016-6174
applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) prior to 4.1.13, when used with PHP prior to 5.4.24 or 5.5.x prior to 5.5.8, allows remote malicious users to execute arbitrary code v...
Invisioncommunity Invision Power Board
Php Php 5.5.2
Php Php 5.5.1
Php Php 5.5.0
Php Php 5.5.7
Php Php 5.5.6
Php Php 5.5.5
Php Php 5.5.4
Php Php 5.5.3
Php Php
1 EDB exploit
NA
CVE-2013-7387
Session fixation vulnerability in DataLife Engine (DLE) 9.7 and previous versions allows remote malicious users to hijack web sessions via the PHPSESSID cookie.
Dleviet Datalife Engine
2 EDB exploits
NA
CVE-2013-1412
DataLife Engine (DLE) 9.7 allows remote malicious users to execute arbitrary PHP code via the catlist[] parameter to engine/preview.php, which is used in a preg_replace function call with an e modifier.
Dleviet Datalife Engine 9.7
2 EDB exploits
NA
CVE-2012-3075
The administrative web interface on Cisco TelePresence Immersive Endpoint Devices prior to 1.7.4 allows remote authenticated users to execute arbitrary commands via a malformed request on TCP port 443, aka Bug ID CSCtn99724.
Cisco Telepresence System Software 1.7.0.1\\(4764\\)
Cisco Telepresence System Software 1.6.7\\(4212\\)
Cisco Telepresence System Software 1.5.3\\(2115\\)
Cisco Telepresence System Software 1.5.12\\(3701\\)
Cisco Telepresence System Software
Cisco Telepresence System Software 1.7.2.1\\(2\\)
Cisco Telepresence System Software 1.7.1\\(4864\\)
Cisco Telepresence System Software 1.7.0.2\\(4719\\)
Cisco Telepresence System Software 1.5.10\\(3648\\)
Cisco Telepresence System Software 1.5.1\\(2082\\)
Cisco Telepresence System Software 1.4.7\\(2229\\)
Cisco Telepresence System Software 1.3.2\\(1393\\)
Cisco Telepresence System Software 1.6.8\\(4222\\)
Cisco Telepresence System Software 1.6.6\\(4109\\)
Cisco Telepresence System Software 1.6.0\\(3954\\)
Cisco Telepresence System Software 1.5.13\\(3717\\)
Cisco Telepresence System Software 1.5.11\\(3659\\)
Cisco Telepresence System Software 1.2.3\\(1101\\)
Cisco Telepresence System Software 1.6.5\\(4097\\)
Cisco Telepresence System Software 1.6.4\\(4072\\)
Cisco Telepresence System Software 1.6.3\\(4042\\)
Cisco Telepresence System Software 1.6.2\\(4023\\)
7.8
CVSSv3
CVE-2019-11354
The client in Electronic Arts (EA) Origin 10.5.36 on Windows allows template injection in the title parameter of the Origin2 URI handler. This can be used to escape the underlying AngularJS sandbox and achieve remote code execution via an origin2://game/launch URL for QtApplicati...
Ea Origin 10.5.36
1 EDB exploit
7.2
CVSSv3
CVE-2023-46818
An issue exists in ISPConfig prior to 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if admin_allow_langedit is enabled.
Ispconfig Ispconfig 3.2.11
Ispconfig Ispconfig
NA
CVE-2004-2631
Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to 2.5.7, when LeftFrameLight is FALSE, allows remote malicious users to execute arbitrary PHP code via a crafted table name.
Phpmyadmin Phpmyadmin 2.5.3
Phpmyadmin Phpmyadmin 2.5.4
Phpmyadmin Phpmyadmin 2.5.5
Phpmyadmin Phpmyadmin 2.5.5 Pl1
Phpmyadmin Phpmyadmin 2.5.5 Rc1
Phpmyadmin Phpmyadmin 2.5.1
Phpmyadmin Phpmyadmin 2.5.5 Rc2
Phpmyadmin Phpmyadmin 2.5.6 Rc1
Phpmyadmin Phpmyadmin 2.5.2
Phpmyadmin Phpmyadmin 2.5.2 Pl1
Phpmyadmin Phpmyadmin 2.5.6 Rc2
Phpmyadmin Phpmyadmin 2.5.7
1 EDB exploit
NA
CVE-2015-7712
Multiple eval injection vulnerabilities in mods/_standard/gradebook/edit_marks.php in ATutor 2.2 and previous versions allow remote authenticated users with the AT_PRIV_GRADEBOOK privilege to execute arbitrary PHP code via the (1) asc or (2) desc parameter.
Atutor Atutor
9.8
CVSSv3
CVE-2020-13756
Sabberworm PHP CSS Parser prior to 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors() or getSelectorsBySpecificity() is called with input from an attacker.
Sabberworm Php Css Parser
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »