CVE-2019-5238

Huawei PCManager with the versions before 9.0.1.66 Oversea and versions before 9.0.1.70 China have a code execution vulnerability. Successful exploitation may cause the attacker to execute code and read/write information...

CVE-2019-5237

Huawei PCManager with the versions before 9.0.1.66 Oversea and versions before 9.0.1.70 China have a code execution vulnerability. Successful exploitation may cause the attacker to execute code and read/write information...

CVE-2018-20817

SVSteamAuthClient in various Activision Infinity Ward Call of Duty games before 2015-08-11 is missing a size check when reading authBlob data into a buffer, which allows one to execute code on the remote target machine when sending a steam authentication request. This affects Call of Duty: Modern...

CVE-2019-17107

minPlayCommand.php in Centreon Web before 2.8.27 allows authenticated attackers to execute arbitrary code via the commandhostaddress parameter. NOTE: some sources have listed CVE-2019-17017 for this, but that is incorrect...

CVE-2019-20343

The MojoHaus Exec Maven plugin 1.1.1 for Maven allows code execution via a crafted XML document because a configuration element within a plugin element can specify an arbitrary program in an executable element and can also specify arbitrary command-line arguments in an arguments element...

CVE-2019-11944

A remote code execution vulnerability was identified in HPE Intelligent Management Center IMC PLAT earlier than version 7.3 E0506P09...

CVE-2019-18249

Reliable Controls MACH-ProWebCom/Sys, all versions prior to 2.15 Firmware versions prior to 8.26.4, may allow attacker to execute commands on behalf of the user when an authenticated user clicks on a malicious link...

CVE-2013-1875

commandwrap.rb in the commandwrap Gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL or filename...

CVE-2012-4981

Toshiba ConfigFree 8.0.38 has a CF7 File Remote Command Execution Vulnerability...

CVE-2019-17051

Evernote before 7.13 GA on macOS allows code execution because the com.apple.quarantine attribute is not used for attachment files, as demonstrated by a one-click attack involving a drag-and-drop operation on a crafted Terminal file...

CVE-2019-5348

A remote code execution vulnerability was identified in HPE Intelligent Management Center IMC PLAT earlier than version 7.3 E0506P09...

CVE-2019-8253

Adobe Photoshop CC versions before 20.0.8 and 21.0.x before 21.0.2 have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution...

CVE-2019-8159

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with system data manipulation privileges can execute aribitrary code through arbitrary file deletion and OS command injection...

CVE-2019-3562

A remote web page could inject arbitrary HTML code into the Oculus Browser UI, allowing an attacker to spoof UI and potentially execute code. This affects the Oculus Browser starting from version 5.2.7 until 5.7.11...

CVE-2019-6014

DBA-1510P firmware 1.70b009 and earlier allows an attacker to execute arbitrary OS commands via Web User Interface...

CVE-2013-4878

The default configuration of Parallels Plesk Panel 9.0.x and 9.2.x on UNIX, and Small Business Panel 10.x on UNIX, has an improper ScriptAlias directive for phppath, which makes it easier for remote attackers to execute arbitrary code via a crafted request, a different vulnerability than...

CVE-2019-10769

safer-eval is a npm package to sandbox the he evaluation of code used within the eval function. Affected versions of this package are vulnerable to Arbitrary Code Execution via generating a RangeError...

CVE-2019-19117

/usr/lib/lua/luci/controller/admin/autoupgrade.lua on PHICOMM K2PSG1218 V22.5.9.163 devices allows remote authenticated users to execute any command via shell metacharacters in the cgi-bin/luci autoUpTime parameter...

CVE-2011-4453

The PageListSort function in scripts/pagelist.php in PmWiki 2.x before 2.2.35 allows remote attackers to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive, leading to unintended use of the PHP createfunction function...

Remote Code Execution (RCE)

vllm is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper socket binding in the TCPStore and PyNcclPipe services listening on all network interfaces, potentially allowing unauthorized access to control message channels...