CVE-2018-1000860

phpipam version 1.3.2 and earlier contains a Cross Site Scripting XSS vulnerability in The value of the phpipamredirect cookie is copied into an HTML tag on the login page encapsulated in single quotes. Editing the value of the cookie to r5zkh'quqtl exploits an XSS vulnerability. that can result ...

CVE-2018-9341

In impeg2dmcfullxfully of impeg2dmc.c there is a possible out of bound write due to missing bounds check. This could lead to remote arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation...

CVE-2018-19512

In Webgalamb through 7.0, a system/ajax.php "wgmfile restore" directory traversal vulnerability could lead to arbitrary code execution by authenticated administrator users, because PHP files are restored under the document root directory...

CVE-2009-4103

Buffer overflow in Robo-FTP 3.6.17, and possibly other versions, allows remote FTP servers to cause a denial of service and possibly execute arbitrary code via unspecified FTP server responses. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

CVE-2010-0834

The base-files package before 5.0.0ubuntu7.1 on Ubuntu 9.10 and before 5.0.0ubuntu20.10.04.2 on Ubuntu 10.04 LTS, as shipped on Dell Latitude 2110 netbooks, does not require authentication for package installation, which allows remote archive servers and man-in-the-middle attackers to execute...

CVE-2003-1170

Format string vulnerability in main.cpp in kpopup 0.9.1 and 0.9.5pre2 allows local users to cause a denial of service segmentation fault and possibly execute arbitrary code via format string specifiers in command line arguments...

CVE-2003-1259

Buffer overflow in CuteFTP 4.2 and 5.0 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a long FTP server banner...

CVE-2021-41658

Cross Site Scripting XSS in Sourcecodester Student Quarterly Grading System by oretnom23, allows attackers to execute arbitrary code via the fullname and username parameters to the users page...

CVE-2021-41928

SQL injection in Sourcecodester Try My Recipe Recipe Sharing Website - CMS 1.0 by oretnom23, allows attackers to execute arbitrary code via the rid parameter to the viewrecipe page...

CVE-2021-41780

Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled...

CVE-2021-41078

Nameko through 2.13.0 can be tricked into performing arbitrary code execution when deserializing the config file...

CVE-2021-27790

The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0CBN4, and v7.4.2h uses unsafe string function to process user input. Authenticated attackers can abuse this vulnerability to exploit stack-based buffer overflows, allowing execution of arbitrary code as...

CVE-2021-27408

The affected product is vulnerable to an out-of-bounds read, which can cause information leakage leading to arbitrary code execution if chained to the out-of-bounds write vulnerability on the Welch Allyn medical device management tools Welch Allyn Service Tool: versions prior to v1.10, Welch Ally...

CVE-2021-27040

A maliciously crafted DWG file can be forced to read beyond allocated boundaries when parsing the DWG file. This vulnerability can be exploited to execute arbitrary code...

CVE-2021-27039

A maliciously crafted TIFF and PCX file can be forced to read and write beyond allocated boundaries when parsing the TIFF and PCX file for based overflow. This vulnerability can be exploited to execute arbitrary code...

CVE-2021-27031

A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in FBX's Review causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system...

CVE-2021-33000

Parsing a maliciously crafted project file may cause a heap-based buffer overflow, which may allow an attacker to perform arbitrary code execution. User interaction is required on the WebAccess HMI Designer versions 2.1.9.95 and prior...

CVE-2021-33035

Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database files with data organized in fields. When reading DBF data the size of certain fields is not checked: the data is just copied into local variables. A carefully crafted document could overflow the...

CVE-2021-33224

File upload vulnerability in Umbraco Forms v.8.7.0 allows unauthenticated attackers to execute arbitrary code via a crafted web.config and asp file...

CVE-2021-33002

Opening a maliciously crafted project file may cause an out-of-bounds write, which may allow an attacker to execute arbitrary code. User interaction is require on the WebAccess HMI Designer versions 2.1.9.95 and prior...