Total
3761 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-0927 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2012-02-25 | 9.3 HIGH | N/A |
| Unspecified vulnerability in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via vectors involving the coded_frame_size value in a RealAudio audio stream. | |||||
| CVE-2012-1205 | 2 Alanft, Wordpress | 2 Relocate-upload, Wordpress | 2012-02-24 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in relocate-upload.php in Relocate Upload plugin before 0.20 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter. | |||||
| CVE-2010-4998 | 1 Maulana Al Matien | 1 Ardeacore Php Framework | 2012-02-14 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in ardeaCore/lib/core/ardeaInit.php in ardeaCore PHP Framework 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the pathForArdeaCore parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-4884 | 1 Hinnendahl | 1 Gaestebuch | 2012-02-14 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in guestbook/gbook.php in Gaestebuch 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the script_pfad parameter. | |||||
| CVE-2012-0928 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2012-02-09 | 9.3 HIGH | N/A |
| The ATRAC codec in RealNetworks RealPlayer 11.x and 14.x through 14.0.7, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer 12.x before 12.0.0.1703 does not properly decode samples, which allows remote attackers to execute arbitrary code via a crafted ATRAC audio file. | |||||
| CVE-2011-5061 | 1 Whmcs | 1 Whmcompletesolution | 2012-02-08 | 7.5 HIGH | N/A |
| functions.php in WHMCompleteSolution (WHMCS) 4.0.x through 5.0.x allows remote attackers to trigger arbitrary code execution in the Smarty templating system by submitting a crafted ticket, related to improper handling of characters in the subject field. | |||||
| CVE-2011-4512 | 1 Siemens | 5 Simatic Hmi Panels, Wincc, Wincc Flexible and 2 more | 2012-02-06 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | |||||
| CVE-2011-4337 | 1 Sitracker | 1 Support Incident Tracker | 2012-02-02 | 7.5 HIGH | N/A |
| Static code injection vulnerability in translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to inject arbitrary PHP code into an executable language file in the i18n directory via the lang variable. | |||||
| CVE-2012-0329 | 1 Cisco | 1 Digital Media Manager | 2012-01-31 | 9.0 HIGH | N/A |
| Cisco Digital Media Manager 5.2.2 and earlier, and 5.2.3, allows remote authenticated users to execute arbitrary code via vectors involving a URL and an administrative resource, aka Bug ID CSCts63878. | |||||
| CVE-2011-3221 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-01-14 | 6.8 MEDIUM | N/A |
| QuickTime in Apple Mac OS X before 10.7.2 does not properly handle the atom hierarchy in movie files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file. | |||||
| CVE-2011-3228 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-01-14 | 6.8 MEDIUM | N/A |
| QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file. | |||||
| CVE-2011-2404 | 1 Hp | 1 Easy Printer Care Software | 2012-01-14 | 7.5 HIGH | N/A |
| A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-4786 and CVE-2011-4787. | |||||
| CVE-2011-0224 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-01-14 | 6.8 MEDIUM | N/A |
| CoreMedia in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted QuickTime movie file. | |||||
| CVE-2011-4453 | 1 Pmwiki | 1 Pmwiki | 2012-01-12 | 7.5 HIGH | N/A |
| The PageListSort function in scripts/pagelist.php in PmWiki 2.x before 2.2.35 allows remote attackers to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive, leading to unintended use of the PHP create_function function. | |||||
| CVE-2011-2585 | 1 Cisco | 1 Show And Share | 2012-01-12 | 6.5 MEDIUM | N/A |
| Cisco Show and Share 5(2), 5.2(1), and 5.2(2) before 5.2(2.1) allows remote authenticated users to upload and execute arbitrary code by leveraging video upload privileges, aka Bug ID CSCto69857. | |||||
| CVE-2011-4825 | 3 Phpletter, Phpmyfaq, Tinymce | 3 Ajax File And Image Manager, Phpmyfaq, Tinymce | 2011-12-15 | 7.5 HIGH | N/A |
| Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters. | |||||
| CVE-2011-4828 | 1 Autosectools | 1 V-cms | 2011-12-15 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in includes/inline_image_upload.php in AutoSec Tools V-CMS 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in temp/. | |||||
| CVE-2011-4201 | 1 Restorepoint | 1 Restorepoint | 2011-12-13 | 9.3 HIGH | N/A |
| remote_support.cgi in the Tadasoft Restorepoint 3.2 evaluation image allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) pid1 or (2) pid2 parameter in a stop_remote_support action. | |||||
| CVE-2011-4545 | 1 Prestashop | 1 Prestashop | 2011-12-13 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in admin/displayImage.php in Prestashop 1.4.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the name parameter. | |||||
| CVE-2011-4646 | 2 Lesterchan, Wordpress | 2 Wp-postratings, Wordpress | 2011-12-01 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in wp-postratings.php in the WP-PostRatings plugin 1.50, 1.61, and probably other versions before 1.62 for WordPress allows remote authenticated users with the Author role to execute arbitrary SQL commands via the id attribute of the ratings shortcode when creating a post. NOTE: some of these details are obtained from third party information. | |||||