Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7207 matches found

FreeBSD
FreeBSDadded 2012/10/17 12:0 a.m.14 views

drupal7 -- multiple vulnerabilities

Drupal Security Team reports: Arbitrary PHP code execution A bug in the installer code was identified that allows an attacker to re-install Drupal using an external database server under certain transient conditions. This could allow the attacker to execute arbitrary PHP code on the original...

3.5AI score
Exploits0References1
myhack58
myhack58added 2012/10/12 12:0 a.m.23 views

akcms code execution vulnerability-vulnerability warning-the black bar safety net

Last week digging out of the akcms background stencil getshell feeling nothing new, and then carefully looked at the code, found a comparison with“the future”of the hole, the code execution vulnerability, and the problem function is that the authors provided to the station user for secondary...

1.8AI score
Exploits0
NVD
NVDadded 2012/10/06 10:55 p.m.18 views

CVE-2012-5304

Static code injection vulnerability in administration/install.php in YVS Image Gallery allows remote attackers to inject arbitrary PHP code into functions/dbconnect.php via unspecified vectors. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the...

7.5CVSS7.2AI score0.0049EPSS
Exploits0References2
Prion
Prionadded 2012/10/06 10:55 p.m.10 views

Code injection

Static code injection vulnerability in administration/install.php in YVS Image Gallery allows remote attackers to inject arbitrary PHP code into functions/dbconnect.php via unspecified vectors. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the...

7.5CVSS7.7AI score0.0049EPSS
Exploits0References2
CVE
CVEadded 2012/10/06 10:0 p.m.44 views

CVE-2012-5304

Summary: CVE-2012-5304 refers to a static code injection vulnerability in the YVS Image Gallery, specifically in administration/install.php, allowing remote attackers to inject arbitrary PHP code into functions/db_connect.php via unspecified vectors. The vulnerability is noted to occur when admin...

7.5CVSS7.4AI score0.0049EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessusadded 2012/10/03 12:0 a.m.29 views

WordPress A Page Flip Book Plugin for WordPress 'pageflipbook_language' Parameter Arbitrary Code Execution

The version of the 'A Page Flip Book' plugin for WordPress installed on the remote host is affected by an arbitrary code execution vulnerability due to a failure to properly sanitize user-supplied input to the 'pageflipbooklanguage' parameter in the pageflipbook.php script. An unauthenticated,...

9.8CVSS7.8AI score0.02053EPSS
Exploits1References2
NVD
NVDadded 2012/10/01 8:55 p.m.16 views

CVE-2012-5231

miniCMS 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code via a crafted 1 pagename or 2 area variable containing an executable extension, which is not properly handled by a update.php when writing files to content/, or b updatenews.php when writing files to content/news/...

7.5CVSS7.6AI score0.05079EPSS
Exploits1References3
NVD
NVDadded 2012/10/01 8:55 p.m.16 views

CVE-2012-5223

The procdeutf function in includes/functionsvbseocpabstract.php in vBSEO 3.5.0, 3.5.1, 3.5.2, 3.6.0, and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" in the charrepl parameter, which is inserted into a regular expression that is processed by...

7.5CVSS7.4AI score0.79642EPSS
Exploits3References6
Prion
Prionadded 2012/10/01 8:55 p.m.10 views

Code injection

The procdeutf function in includes/functionsvbseocpabstract.php in vBSEO 3.5.0, 3.5.1, 3.5.2, 3.6.0, and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" in the charrepl parameter, which is inserted into a regular expression that is processed by...

7.5CVSS8AI score0.79642EPSS
Exploits3References6Affected Software1
Prion
Prionadded 2012/10/01 8:55 p.m.11 views

Code injection

miniCMS 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code via a crafted 1 pagename or 2 area variable containing an executable extension, which is not properly handled by a update.php when writing files to content/, or b updatenews.php when writing files to content/news/...

7.5CVSS8.1AI score0.05079EPSS
Exploits1References3Affected Software1
Cvelist
Cvelistadded 2012/10/01 8:0 p.m.24 views

CVE-2012-5223

The procdeutf function in includes/functionsvbseocpabstract.php in vBSEO 3.5.0, 3.5.1, 3.5.2, 3.6.0, and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" in the charrepl parameter, which is inserted into a regular expression that is processed by...

7.4AI score0.79642EPSS
Exploits3References6
myhack58
myhack58added 2012/09/30 12:0 a.m.11 views

php execution vulnerability parsing-vulnerability warning-the black bar safety net

A code to perform the function In PHP you can execute the Code of the function. Such as eval , assert , the“and system and exec and shellexec and passthru and escapeshellcmd and pcntlexec , etc. demo code 1.1: ? php echo dir; ?& gt; The second file contains the code injection The file containing...

0.1AI score
Exploits0
Tenable Nessus
Tenable Nessusadded 2012/09/26 12:0 a.m.37 views

phpMyAdmin server_sync.php Backdoor (PMASA-2012-5)

The phpMyAdmin install hosted on the remote web server contains a backdoor script, probably obtained from the cdnetworks-kr-1 SourceForge.net mirror site as part of the file phpMyAdmin-3.5.2.2-all-languages.zip. An unauthenticated, remote attacker can use this backdoor to execute arbitrary PHP co...

7.5CVSS6.3AI score0.8794EPSS
Exploits3References2
UbuntuCve
UbuntuCveadded 2012/09/25 10:55 p.m.25 views

CVE-2012-0209

Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edition 1.2.10, as distributed by FTP between November 2011 and February 2012, contains an externally introduced modification Trojan Horse in templates/javascript/opencalendar.js, which allows remote attackers to execute arbitrary...

7.5CVSS6AI score0.64772EPSS
Exploits8References2
NVD
NVDadded 2012/09/25 10:55 p.m.25 views

CVE-2012-0209

Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edition 1.2.10, as distributed by FTP between November 2011 and February 2012, contains an externally introduced modification Trojan Horse in templates/javascript/opencalendar.js, which allows remote attackers to execute arbitrary...

7.5CVSS7.3AI score0.64772EPSS
Exploits8References5
Debian CVE
Debian CVEadded 2012/09/25 10:0 p.m.26 views

CVE-2012-5159

phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror during an unspecified time frame in 2012, contains an externally introduced modification Trojan Horse in serversync.php, which allows remote attackers to execute arbitrary PHP code via an eval injection attack...

7.5CVSS7.7AI score0.8794EPSS
Exploits3
Cvelist
Cvelistadded 2012/09/25 10:0 p.m.28 views

CVE-2012-0209

Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edition 1.2.10, as distributed by FTP between November 2011 and February 2012, contains an externally introduced modification Trojan Horse in templates/javascript/opencalendar.js, which allows remote attackers to execute arbitrary...

7.2AI score0.64772EPSS
Exploits8References5
NVD
NVDadded 2012/09/20 3:46 a.m.21 views

CVE-2012-1625

Eval injection vulnerability in the fillpdfformexportdecode function in fillpdf.admin.inc in the Fill PDF module 6.x-1.x before 6.x-1.16 and 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with administer PDFs privileges to execute arbitrary PHP code via unspecified vectors...

6CVSS7.4AI score0.00568EPSS
Exploits0References5
Prion
Prionadded 2012/09/20 3:46 a.m.11 views

Sql injection

Eval injection vulnerability in the fillpdfformexportdecode function in fillpdf.admin.inc in the Fill PDF module 6.x-1.x before 6.x-1.16 and 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with administer PDFs privileges to execute arbitrary PHP code via unspecified vectors...

6CVSS7.7AI score0.00568EPSS
Exploits0References5Affected Software1
CVE
CVEadded 2012/09/20 1:0 a.m.53 views

CVE-2012-1625

The CVE-2012-1625 issue affects the Drupal Fill PDF module (6.x-1.x before 6.x-1.16; 7.x-1.x before 7.x-1.2). The root cause is an eval injection in fillpdf_form_export_decode within fillpdf.admin.inc, allowing remote authenticated users with administer PDFs privileges to execute arbitrary PHP co...

6CVSS7.6AI score0.00568EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder