Vulnerabilities (CVE)

Filtered by CWE-94
Total 4615 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-0603 1 Attachmate 1 Reflection Ftp Client 2025-04-12 10.0 HIGH N/A
The rftpcom.dll ActiveX control in Attachmate Reflection FTP Client before 14.1.429 allows remote attackers to cause a denial of service (memory corruption) and execute arbitrary code via vectors related to the (1) GetGlobalSettings or (2) GetSiteProperties3 methods, which triggers a dereference of an arbitrary memory address. NOTE: this issue was MERGED with CVE-2014-0606 because it is the same type of vulnerability, affecting the same set of versions, and discovered by the same researcher.
CVE-2014-9164 4 Adobe, Apple, Linux and 1 more 4 Flash Player, Mac Os X, Linux Kernel and 1 more 2025-04-12 10.0 HIGH N/A
Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0587.
CVE-2014-1939 2 Google, Lenovo 2 Android, Shareit 2025-04-12 7.5 HIGH N/A
java/android/webkit/BrowserFrame.java in Android before 4.4 uses the addJavascriptInterface API in conjunction with creating an object of the SearchBoxImpl class, which allows attackers to execute arbitrary Java code by leveraging access to the searchBoxJavaBridge_ interface at certain Android API levels.
CVE-2015-0279 1 Redhat 1 Richfaces 2025-04-12 6.8 MEDIUM N/A
JBoss RichFaces before 4.5.4 allows remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via the do parameter.
CVE-2014-5194 1 Sphider 1 Sphider 2025-04-12 6.5 MEDIUM N/A
Static code injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote authenticated users to inject arbitrary PHP code into settings/conf.php via the _word_upper_bound parameter.
CVE-2015-5644 1 Icz 1 Matchasns 2025-04-12 6.8 MEDIUM N/A
The installer in ICZ MATCHA SNS before 1.3.7 does not properly configure the database, which allows remote attackers to execute arbitrary PHP code via unspecified vectors.
CVE-2014-9567 1 Projectsend 1 Projectsend 2025-04-12 7.5 HIGH N/A
Unrestricted file upload vulnerability in process-upload.php in ProjectSend (formerly cFTP) r100 through r561 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in the upload/files/ or upload/temp/ directory.
CVE-2012-6142 1 Jochen Wiedmann 1 Html\ 2025-04-12 7.5 HIGH N/A
Session::Cookie in the HTML::EP module 0.2011 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized.
CVE-2016-9949 2 Apport Project, Canonical 2 Apport, Ubuntu Linux 2025-04-12 9.3 HIGH 7.8 HIGH
An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "{". This allows remote attackers to execute arbitrary Python code.
CVE-2014-6361 1 Microsoft 2 Excel, Office Compatibility Pack 2025-04-12 9.3 HIGH N/A
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 Gold and SP1, Excel 2013 RT Gold and SP1, and Office Compatibility Pack allow remote attackers to execute arbitrary code via a crafted Office document, aka "Excel Invalid Pointer Remote Code Execution Vulnerability."
CVE-2016-7968 1 Kde 1 Kmail 2025-04-12 7.5 HIGH 6.5 MEDIUM
KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. HTML Mail contents were not sanitized for JavaScript and included code was executed.
CVE-2014-5090 1 Status2k 1 Status2k 2025-04-12 6.5 MEDIUM N/A
admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the Location field in Add Logs in the Admin Panel.
CVE-2014-3915 1 Rocketsoftware 1 Rocket Servergraph 2025-04-12 10.0 HIGH N/A
The userRequest servlet in the Admin Center for Tivoli Storage Manager in Rocket Servergraph allows remote attackers to execute arbitrary commands via a (1) auth, (2) auth_session, (3) auth_simple, (4) add, (5) add_flat, (6) remove, (7) set_pwd, (8) add_permissions, (9) revoke_permissions, (10) runAsync, or (11) tsmRequest command.
CVE-2014-0479 2 Canonical, Debian 2 Reportbug, Reportbug 2025-04-12 6.8 MEDIUM N/A
reportbug before 6.4.4+deb7u1 and 6.5.x before 6.5.0+nmu1 allows remote attackers to execute arbitrary commands via vectors related to compare_versions and reportbug/checkversions.py.
CVE-2013-1412 1 Dleviet 1 Datalife Engine 2025-04-12 7.5 HIGH N/A
DataLife Engine (DLE) 9.7 allows remote attackers to execute arbitrary PHP code via the catlist[] parameter to engine/preview.php, which is used in a preg_replace function call with an e modifier.
CVE-2014-2558 1 Skyphe 1 File-gallery 2025-04-12 6.5 MEDIUM N/A
The File Gallery plugin before 1.7.9.2 for WordPress does not properly escape strings, which allows remote administrators to execute arbitrary PHP code via a \' (backslash quote) in the setting fields to /wp-admin/options-media.php, related to the create_function function.
CVE-2014-3789 1 Cogentdatahub 1 Cogent Datahub 2025-04-12 7.5 HIGH N/A
GetPermissions.asp in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary commands via unspecified vectors.
CVE-2014-8660 1 Sap 1 Document Management Services 2025-04-12 7.2 HIGH N/A
SAP Document Management Services allows local users to execute arbitrary commands via unspecified vectors.
CVE-2014-8458 3 Adobe, Apple, Microsoft 4 Acrobat, Acrobat Reader, Mac Os X and 1 more 2025-04-12 10.0 HIGH N/A
Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8446, CVE-2014-8447, CVE-2014-8456, CVE-2014-8459, CVE-2014-8461, and CVE-2014-9158.
CVE-2016-1986 1 Hp 1 Continuous Delivery Automation 2025-04-12 7.5 HIGH 9.8 CRITICAL
HP Continuous Delivery Automation (CDA) 1.30 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.