Export limit exceeded: 363407 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (6917 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-1328 1 Cisco 2 Unified Ip Phone, Unified Ip Phone Firmware 2025-04-11 N/A
Cisco Unified IP Phones 9900 series devices with firmware 9.1 and 9.2 do not properly handle downloads of configuration information to an RT phone, which allows local users to gain privileges via unspecified injected data, aka Bug ID CSCts32237.
CVE-2013-2115 1 Apache 1 Struts 2025-04-11 8.1 High
Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
CVE-2012-0170 1 Microsoft 1 Internet Explorer 2025-04-11 N/A
Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnReadyStateChange Remote Code Execution Vulnerability."
CVE-2012-0182 1 Microsoft 1 Word 2025-04-11 N/A
Microsoft Word 2007 SP2 and SP3 does not properly handle memory during the parsing of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Word PAPX Section Corruption Vulnerability."
CVE-2012-0693 1 Whmcs 1 Whmcompletesolution 2025-04-11 N/A
submitticket.php in WHMCompleteSolution (WHMCS) 5.03 allows remote attackers to inject arbitrary code into a subject field via crafted ticket data, a different vulnerability than CVE-2011-5061. NOTE: the vendor disputes this issue, noting that some of the details overlap CVE-2011-5061, but that it "says it affects V5.0.3, and the submitticket.php file, both of which are wrong.
CVE-2013-6810 1 Emc 1 Connectrix Manager 2025-04-11 N/A
The server in Brocade Network Advisor before 12.1.0, as used in EMC Connectrix Manager Converged Network Edition (CMCNE), HP B-series SAN Network Advisor, and possibly other products, allows remote attackers to execute arbitrary code by using a servlet to upload an executable file.
CVE-2013-2582 1 Open-xchange 2 Open-xchange Appsuite, Open-xchange Server 2025-04-11 N/A
CRLF injection vulnerability in the redirect servlet in Open-Xchange AppSuite and Server before 6.22.0 rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allows remote attackers to inject arbitrary HTTP headers and conduct open redirect attacks by leveraging improper sanitization of whitespace characters.
CVE-2012-4840 1 Ibm 1 Cognos Business Intelligence 2025-04-11 N/A
IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows remote attackers to conduct XPath injection attacks, and call XPath extension functions, via unspecified vectors.
CVE-2012-0319 1 Movabletype 4 Movable Type Advanced, Movable Type Enterprise, Movable Type Open Source and 1 more 2025-04-11 N/A
The file-management system in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allows remote authenticated users to execute arbitrary commands by leveraging the file-upload feature, related to an "OS Command Injection" issue.
CVE-2012-0172 1 Microsoft 1 Internet Explorer 2025-04-11 N/A
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "VML Style Remote Code Execution Vulnerability."
CVE-2012-0169 1 Microsoft 4 Internet Explorer, Windows 7, Windows Server 2008 and 1 more 2025-04-11 N/A
Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "JScript9 Remote Code Execution Vulnerability."
CVE-2012-5837 1 Mozilla 1 Firefox 2025-04-11 N/A
The Web Developer Toolbar in Mozilla Firefox before 17.0 executes script with chrome privileges, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string.
CVE-2013-7069 1 Beyondgrep 1 Ack 2025-04-11 N/A
ack 2.00 through 2.11_02 allows remote attackers to execute arbitrary code via a (1) --pager, (2) --regex, or (3) --output option in a .ackrc file in a directory to be searched.
CVE-2013-3161 1 Microsoft 1 Internet Explorer 2025-04-11 N/A
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3143.
CVE-2013-7086 1 Webbynode 1 Webbynode 2025-04-11 N/A
The message function in lib/webbynode/notify.rb in the Webbynode gem 1.0.5.3 and earlier for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a growlnotify message.
CVE-2014-0792 1 Sonatype 1 Nexus 2025-04-11 N/A
Sonatype Nexus 1.x and 2.x before 2.7.1 allows remote attackers to create arbitrary objects and execute arbitrary code via unspecified vectors related to unmarshalling of unintended Object types.
CVE-2014-1202 2 Eviware, Smartbear 2 Soapui, Soapui 2025-04-11 N/A
The WSDL/WADL import functionality in SoapUI before 4.6.4 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file.
CVE-2013-6366 1 Vmware 1 Hyperic Hq 2025-04-11 N/A
The Groovy script console in VMware Hyperic HQ 4.6.6 allows remote authenticated administrators to execute arbitrary code via a Runtime.getRuntime().exec call.
CVE-2012-0020 1 Microsoft 1 Visio Viewer 2025-04-11 N/A
Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138.
CVE-2011-5061 1 Whmcs 1 Whmcompletesolution 2025-04-11 N/A
functions.php in WHMCompleteSolution (WHMCS) 4.0.x through 5.0.x allows remote attackers to trigger arbitrary code execution in the Smarty templating system by submitting a crafted ticket, related to improper handling of characters in the subject field.