Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
code execution vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2019-19509
An issue exists in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a GET request to ajaxArchiveFiles.php because the path parameter is passed to the exec function without filtering, which can lead to command execution.
Rconfig Rconfig 3.9.3
1 EDB exploit
1 Github repository
9.8
CVSSv3
CVE-2017-14143
The getUserzoneCookie function in Kaltura prior to 13.2.0 uses a hardcoded cookie secret to validate cookie signatures, which allows remote malicious users to bypass an intended protection mechanism and consequently conduct PHP object injection attacks and execute arbitrary PHP c...
Kaltura Kaltura Server
2 EDB exploits
NA
CVE-2011-3230
Apple Safari prior to 5.1.1 on Mac OS X does not enforce an intended policy for file: URLs, which allows remote malicious users to execute arbitrary code via a crafted web site.
Apple Safari
Apple Safari 5.0.6
Apple Safari 4.1.2
Apple Safari 4.1.1
Apple Safari 4.1
Apple Safari 4.0.0b
Apple Safari 4.0
Apple Safari 3.1.2b
Apple Safari 3.1.2
Apple Safari 3.0.4b
Apple Safari 3.0.4
Apple Safari 3.0.2b
Apple Safari 3.0.2
Apple Safari 3.0.0b
Apple Safari 2.0.3
Apple Safari 2
Apple Safari 1.3.2
Apple Safari 1.2.4
Apple Safari 1.2.3
Apple Safari 1.0b1
Apple Safari 1.0
Apple Safari 1.0.0b2
1 EDB exploit
8.8
CVSSv3
CVE-2019-14422
An issue exists in in TortoiseSVN 1.12.1. The Tsvncmd: URI handler allows a customised diff operation on Excel workbooks, which could be used to open remote workbooks without protection from macro security settings to execute arbitrary code. A tsvncmd:command:diff?path:[file1]?pa...
Tortoisesvn Tortoisesvn 1.12.1
1 EDB exploit
9.8
CVSSv3
CVE-2019-19576
class.upload.php in verot.net class.upload prior to 1.0.3 and 2.x prior to 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions.
Verot Project Verot
Getk2 K2
1 EDB exploit
1 Github repository
8.8
CVSSv3
CVE-2018-1133
An issue exists in Moodle 3.x. A Teacher creating a Calculated question can intentionally cause remote code execution on the server, aka eval injection.
Moodle Moodle
1 EDB exploit
4 Github repositories
8.8
CVSSv3
CVE-2019-13024
Centreon 18.x prior to 18.10.6, 19.x prior to 19.04.3, and Centreon web prior to 2.8.29 allows the malicious user to execute arbitrary system commands by using the value "init_script"-"Monitoring Engine Binary" in main.get.php to insert a arbitrary command int...
Centreon Centreon 19.04.0
1 EDB exploit
4 Github repositories
8.8
CVSSv3
CVE-2012-1496
Local file inclusion in WebCalendar prior to 1.2.5.
Webcalendar Project Webcalendar
1 EDB exploit
NA
CVE-2014-7235
htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX prior to 2.9.0.9, 2.10.x, and 2.11 prior to 2.11.1.5 allows remote malicious users to execute arbitrary code via the ari_auth cookie, related to the PHP unserialize function, a...
Freepbx Freepbx 2.10.0.5
Freepbx Freepbx 2.10.0.6
Sangoma Freepbx 2.11.0.2
Sangoma Freepbx 2.11.0.3
Freepbx Freepbx 2.10.0.1
Freepbx Freepbx 2.10.0.2
Freepbx Freepbx 2.10.0.9
Freepbx Freepbx 2.10.0.10
Freepbx Freepbx 2.11.1.1
Freepbx Freepbx 2.11.1.2
Sangoma Freepbx
Freepbx Freepbx 2.10.0.0
Freepbx Freepbx 2.10.0.7
Freepbx Freepbx 2.10.0.8
Sangoma Freepbx 2.11.0.4
Freepbx Freepbx 2.11.1.0
Freepbx Freepbx 2.10.0.3
Freepbx Freepbx 2.10.0.4
Sangoma Freepbx 2.11.0.0
Sangoma Freepbx 2.11.0.1
Freepbx Freepbx 2.11.1.3
Freepbx Freepbx 2.11.1.4
1 EDB exploit
7.7
CVSSv3
CVE-2018-19571
GitLab CE/EE, versions 8.18 up to 11.x prior to 11.3.11, 11.4 prior to 11.4.8, and 11.5 prior to 11.5.1, are vulnerable to an SSRF vulnerability in webhooks.
Gitlab Gitlab
6 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »