CVE-2018-19204

PRTG Network Monitor before 18.3.44.2054 allows a remote authenticated attacker with read-write privileges to execute arbitrary code and OS commands with system privileges. When creating an HTTP Advanced Sensor, the user's input in the POST parameter 'proxyport' is mishandled. The attacker can...

CVE-2010-3287

Unspecified vulnerability on HP ProCurve Access Points, Access Controllers, and Mobility Controllers with software 5.1.x through 5.1.9, 5.2.x through 5.2.7, 5.3.x through 5.3.5, and 5.4.x through 5.4.0 allows remote attackers to execute arbitrary code via unknown vectors...

CVE-2010-3750

rjrmrpln.dll in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 does not properly validate file contents that are used during interaction with a heap buffer, which allows remote attackers to execute arbitrary code via crafted Name Value...

CVE-2019-16192

uploadmodel in /admini/controllers/system/managemodel.php in DocCms 2016.5.17 allow remote attackers to execute arbitrary PHP code through module management files, as demonstrated by a .php file in a ZIP archive...

CVE-2011-4106

TimThumb timthumb.php before 2.0 does not validate the entire source with the domain white list, which allows remote attackers to upload and execute arbitrary code via a URL containing a white-listed domain in the src parameter, then accessing it via a direct request to the file in the cache...

CVE-2019-11445

OpenKM 6.3.2 through 6.3.7 allows an attacker to upload a malicious JSP file into the /okm:root directories and move that file to the home directory of the site, via frontend/FileUpload and admin/repositoryexport.jsp. This is achieved by interfering with the Filesystem path control in the admin's...

CVE-2019-9617

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/ueditor/uploadFile URI...

CVE-2019-7489

A vulnerability in SonicWall Email Security appliance allow an unauthenticated user to perform remote code execution. This vulnerability affected Email Security Appliance version 10.0.2 and earlier...

CVE-2019-2076

In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115907334...

CVE-2019-17046

Ilch 2.1.22 allows remote code execution because php is listed under "Allowed files" on the index.php/admin/media/settings/index page...

CVE-2018-11736

An issue was discovered in Pluck before 4.7.7-dev2. /data/inc/images.php allows remote attackers to upload and execute arbitrary PHP code by using the image/jpeg content type for a .htaccess file...

CVE-2019-11832

TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 allows remote code execution because it does not properly configure the applications used for image processing, as demonstrated by ImageMagick or GraphicsMagick...

CVE-2019-18288

A vulnerability has been identified in SPPA-T3000 Application Server All versions Service Pack R8.2 SP2. An attacker with valid authentication at the RMI interface could be able to gain remote code execution through an unsecured file upload. Please note that an attacker needs to have access to th...

CVE-2018-7125

A remote code execution vulnerability was identified in HPE Intelligent Management Center IMC PLAT earlier than version 7.3 E0506P09...

CVE-2018-17021

Cross-site scripting XSS vulnerability on ASUS GT-AC5300 devices with firmware through 3.0.0.4.38432738 allows remote attackers to inject arbitrary web script or HTML via the appGet.cgi hook parameter...

CVE-2018-13024

Metinfo v6.0.0 allows remote attackers to write code into a .php file, and execute that code, via the module parameter to admin/column/save.php in an editor upload action...

CVE-2018-1000804

contiki-ng version 4 contains a Buffer Overflow vulnerability in AQL Antelope Query Language database engine that can result in Attacker can perform Remote Code Execution on device using Contiki-NG operating system. This attack appear to be exploitable via Attacker must be able to run malicious A...

CVE-2019-1331

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1327...

CVE-2012-4553

Drupal 7.x before 7.16 allows remote attackers to obtain sensitive information and possibly re-install Drupal and execute arbitrary PHP code via an external database server, related to "transient conditions."...

CVE-2019-5339

A remote code execution vulnerability was identified in HPE Intelligent Management Center IMC PLAT earlier than version 7.3 E0506P09...