Vulnerabilities (CVE)

Filtered by CWE-94
Total 4615 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-7260 1 Ultrapop 1 I-httpd 2025-04-12 7.5 HIGH N/A
The Server Side Includes (SSI) implementation in the File Upload BBS component in ULTRAPOP.JP i-HTTPD allows remote attackers to execute arbitrary commands by uploading files containing commands in SSI directives.
CVE-2014-8636 1 Mozilla 2 Firefox, Seamonkey 2025-04-12 7.5 HIGH N/A
The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via unspecified vectors.
CVE-2014-1813 1 Microsoft 1 Web Applications 2025-04-12 8.5 HIGH N/A
Microsoft Web Applications 2010 SP1 and SP2 allows remote authenticated users to execute arbitrary code via crafted page content, aka "Web Applications Page Content Vulnerability."
CVE-2014-3947 1 Alex Kellner 1 Powermail 2025-04-12 7.5 HIGH N/A
Unrestricted file upload vulnerability in the powermail extension before 1.6.11 and 2.x before 2.0.14 for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with a crafted extension, then accessing it via unspecified vectors.
CVE-2015-1696 1 Microsoft 8 Windows 7, Windows 8, Windows 8.1 and 5 more 2025-04-12 9.3 HIGH N/A
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1675, CVE-2015-1695, CVE-2015-1697, CVE-2015-1698, and CVE-2015-1699.
CVE-2014-9185 1 Morfy Cms Project 1 Morfy Cms 2025-04-12 6.5 MEDIUM N/A
Static code injection vulnerability in install.php in Morfy CMS 1.05 allows remote authenticated users to inject arbitrary PHP code into config.php via the site_url parameter.
CVE-2014-8791 1 Enalean 1 Tuleap 2025-04-12 6.0 MEDIUM N/A
project/register.php in Tuleap before 7.7, when sys_create_project_in_one_step is disabled, allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via the data parameter.
CVE-2015-6555 1 Symantec 1 Endpoint Protection Manager 2025-04-12 8.5 HIGH N/A
Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 allows remote attackers to execute arbitrary Java code by connecting to the console Java port.
CVE-2014-1716 3 Debian, Google, Opensuse 3 Debian Linux, Chrome, Opensuse 2025-04-12 7.5 HIGH N/A
Cross-site scripting (XSS) vulnerability in the Runtime_SetPrototype function in runtime.cc in Google V8, as used in Google Chrome before 34.0.1847.116, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)."
CVE-2014-3188 2 Google, Redhat 6 Chrome, Chrome Os, Enterprise Linux Desktop Supplementary and 3 more 2025-04-12 10.0 HIGH N/A
Google Chrome before 38.0.2125.101 and Chrome OS before 38.0.2125.101 do not properly handle the interaction of IPC and Google V8, which allows remote attackers to execute arbitrary code via vectors involving JSON data, related to improper parsing of an escaped index by ParseJsonObject in json-parser.h.
CVE-2015-1311 1 Sap 1 Hana Extended Application Services 2025-04-12 10.0 HIGH N/A
The Extended Application Services (XS) in SAP HANA allows remote attackers to inject arbitrary ABAP code via unspecified vectors, aka SAP Note 2098906. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2014-6446 1 Infusionsoft Gravity Forms Project 1 Infusionsoft Gravity Forms 2025-04-12 7.5 HIGH N/A
The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for WordPress does not properly restrict access, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code via a request to utilities/code_generator.php.
CVE-2014-8445 3 Adobe, Apple, Microsoft 4 Acrobat, Acrobat Reader, Mac Os X and 1 more 2025-04-12 10.0 HIGH N/A
Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8446, CVE-2014-8447, CVE-2014-8456, CVE-2014-8458, CVE-2014-8459, CVE-2014-8461, and CVE-2014-9158.
CVE-2014-0233 1 Redhat 1 Openshift 2025-04-12 6.5 MEDIUM N/A
Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a cartridge using the file: URI scheme.
CVE-2012-5493 1 Plone 1 Plone 2025-04-12 8.5 HIGH N/A
gtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors.
CVE-2014-8447 3 Adobe, Apple, Microsoft 4 Acrobat, Acrobat Reader, Mac Os X and 1 more 2025-04-12 10.0 HIGH N/A
Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8446, CVE-2014-8456, CVE-2014-8458, CVE-2014-8459, CVE-2014-8461, and CVE-2014-9158.
CVE-2014-0251 1 Microsoft 8 Office Web Apps Server, Project Server, Sharepoint Designer and 5 more 2025-04-12 9.0 HIGH N/A
Microsoft Windows SharePoint Services 3.0 SP3; SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 Gold and SP1; SharePoint Foundation 2010 SP1 and SP2 and 2013 Gold and SP1; Project Server 2010 SP1 and SP2 and 2013 Gold and SP1; Web Applications 2010 SP1 and SP2; Office Web Apps Server 2013 Gold and SP1; SharePoint Server 2013 Client Components SDK; and SharePoint Designer 2007 SP3, 2010 SP1 and SP2, and 2013 Gold and SP1 allow remote authenticated users to execute arbitrary code via crafted page content, aka "SharePoint Page Content Vulnerability."
CVE-2013-7284 1 Malcolm Nooning 1 Pirpc 2025-04-12 6.8 MEDIUM N/A
The PlRPC module, possibly 0.2020 and earlier, for Perl uses the Storable module, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized.
CVE-2015-1501 1 Solarwinds 1 Server And Application Monitor 2025-04-12 6.8 MEDIUM N/A
The factory.loadExtensionFactory function in TSUnicodeGraphEditorControl in SolarWinds Server and Application Monitor (SAM) allow remote attackers to execute arbitrary code via a UNC path to a crafted binary.
CVE-2014-6335 1 Microsoft 3 Office Compatibility Pack, Office Word Viewer, Word 2025-04-12 9.3 HIGH N/A
Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Invalid Pointer Remote Code Execution Vulnerability."