remote code execution vulnerabilities and exploits

7.5
CVSSv2
CVE-2013-3567

Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call....

7.5
CVSSv2
CVE-2015-1427

The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script....

Elasticsearch
7.6
CVSSv2
CVE-2018-8495

A remote code execution vulnerability exists when Windows Shell improperly handles URIs, aka "Windows Shell Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers....

MicrosoftWindows 10Windows Server 2016
10
CVSSv2
CVE-2015-3113

Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in June 2015....

AdobeFlash Player
NA
CVE-2015-03113

Attackers have added a recent dangerous Adobe vulnerability to the Magnitude exploit kit, according to respected independent malware researcher "Kafeine". The remote code execution vulnerability (CVE-2015-3113) revealed last week allows attackers to hijack un-patched...

NA
CVE-2015-03105

Attackers have added a recent dangerous Adobe vulnerability to the Magnitude exploit kit, according to respected independent malware researcher "Kafeine". The remote code execution vulnerability (CVE-2015-3113) revealed last week allows attackers to hijack un-patched...

4.3
CVSSv2
CVE-2016-2163

Cross-site scripting (XSS) vulnerability in Apache OpenMeetings before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the event description when creating an event....

ApacheOpenmeetings
4
CVSSv2
CVE-2016-0784

Directory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings before 3.1.1 allows remote authenticated administrators to write to arbitrary files via a .. (dot dot) in a ZIP archive entry....

ApacheOpenmeetings
5
CVSSv2
CVE-2016-0783

The sendHashByUser function in Apache OpenMeetings before 3.1.1 generates predictable password reset tokens, which makes it easier for remote attackers to reset arbitrary user passwords by leveraging knowledge of a user name and the current system time....

ApacheOpenmeetings
5
CVSSv2
CVE-2016-2164

The (1) FileService.importFileByInternalUserId and (2) FileService.importFile SOAP API methods in Apache OpenMeetings before 3.1.1 improperly use the Java URL class without checking the specified protocol handler, which allows remote attackers to read arbitrary files by...

ApacheOpenmeetings