Total
1788 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-2208 | 1 Avinu | 1 Phpmoadmin | 2015-03-12 | 7.5 HIGH | N/A |
| The saveObject function in moadmin.php in phpMoAdmin 1.1.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the object parameter. | |||||
| CVE-2015-0934 | 1 Sharelatex | 1 Sharelatex | 2015-03-04 | 6.5 MEDIUM | N/A |
| Common LaTeX Service Interface (CLSI) before 0.1.3, as used in ShareLaTeX before 0.1.3, allows remote authenticated users to execute arbitrary code via ` (backtick) characters in a filename. | |||||
| CVE-2014-9682 | 1 Dns-sync Project | 1 Dns-sync | 2015-03-02 | 10.0 HIGH | N/A |
| The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function. | |||||
| CVE-2014-9277 | 1 Mediawiki | 1 Mediawiki | 2015-01-06 | 7.5 HIGH | N/A |
| The wfMangleFlashPolicy function in OutputHandler.php in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7 allows remote attackers to conduct PHP object injection attacks via a crafted string containing <cross-domain-policy> in a PHP format request, which causes the string length to change when converting the request to <NOT-cross-domain-policy>. | |||||
| CVE-2013-7418 | 1 Ipcop | 1 Ipcop | 2015-01-05 | 6.5 MEDIUM | N/A |
| cgi-bin/iptablesgui.cgi in IPCop (aka IPCop Firewall) before 2.1.5 allows remote authenticated users to execute arbitrary code via shell metacharacters in the TABLE parameter. NOTE: this can be exploited remotely by leveraging a separate cross-site scripting (XSS) vulnerability. | |||||
| CVE-2014-1905 | 1 Videowhisper | 1 Videowhisper Live Streaming Integration | 2014-12-30 | 10.0 HIGH | N/A |
| Unrestricted file upload vulnerability in ls/vw_snapshots.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension, and then accessing the file via a direct request to a wp-content/plugins/videowhisper-live-streaming-integration/ls/snapshots/ pathname, as demonstrated by a .php.jpg filename. | |||||
| CVE-2013-4663 | 1 Redmine | 1 Redmine Git Hosting Plugin | 2014-12-29 | 7.5 HIGH | N/A |
| git_http_controller.rb in the redmine_git_hosting plugin for Redmine allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the service parameter to info/refs, related to the get_info_refs function or (2) the reqfile argument to the file_exists function. | |||||
| CVE-2014-8515 | 1 Bittorrent | 1 Bittorrent | 2014-12-16 | 6.8 MEDIUM | N/A |
| The web interface in BitTorrent allows remote attackers to execute arbitrary commands by leveraging knowledge of the pairing values and a crafted request to port 10000. | |||||