CVE-2020-36381

An issue was discovered in the singleCrunch function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters...

CVE-2020-1175

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1051, CVE-2020-1174, CVE-2020-1176...

CVE-2020-23685

SQL Injection vulnerability in 188Jianzhan v2.1.0, allows attackers to execute arbitrary code and gain escalated privileges, via the username parameter to login.php...

CVE-2020-21784

phpwcms 1.9.13 is vulnerable to Code Injection via /phpwcms/setup/setup.php...

CVE-2018-16514

A cross-site scripting XSS vulnerability in the View Filters page viewfilterspage.php and Edit Filter page managefiltereditpage.php in MantisBT 2.1.0 through 2.17.0 allows remote attackers to inject arbitrary code if CSP settings permit it through a crafted PATHINFO. NOTE: this vulnerability exis...

CVE-2018-20768

An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. An attacker can execute PHP code by leveraging a writable file...

CVE-2013-0707

Unspecified vulnerability in JustSystems Ichitaro 2006 and 2007, Ichitaro Government 2006 and 2007, Ichitaro Portable with oreplug, Hanako 2006 through 2013, Hanako Police, Hanako Police 3, and Hanako Police 2010 allows remote attackers to execute arbitrary code via a crafted file...

CVE-2018-20911

cPanel before 70.0.23 allows code execution because "." is in @INC during a Perl syntax check of cpaddonsup SEC-359...

CVE-2019-8139

A stored cross-site scripting XSS vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary Javascript code into the dynamic block when invoking page builder on a product...

CVE-2019-8206

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution...

CVE-2019-7327

Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame frame.php because proper filtration is omitted...

CVE-2019-15490

openITCOCKPIT before 3.7.1 allows code injection, aka RVID 1-445b21...

CVE-2019-1122

A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1123, CVE-2019-1124,...

CVE-2019-7031

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution...

CVE-2017-18463

cPanel before 62.0.17 allows code execution in the context of the root account via a long DocumentRoot path SEC-225...

CVE-2019-17302

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the ModuleBuilder module by a Developer user...

CVE-2019-15318

The yikes-inc-easy-mailchimp-extender plugin before 6.5.3 for WordPress has code injection via the admin input field...

CVE-2019-14401

cPanel before 78.0.18 allows code execution via an addforward API1 call SEC-480...

CVE-2019-10934

A vulnerability has been identified in TIA Portal V14 All versions, TIA Portal V15 All versions V15.1 Update 7, TIA Portal V16 All versions V16 Update 6, TIA Portal V17 All versions V17 Update 4. Changing the contents of a configuration file could allow an attacker to execute arbitrary code with...

CVE-2013-0685

Invensys Wonderware Information Server WIS 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal does not restrict unspecified size and amount values, which allows remote attackers to execute arbitrary code or cause a denial of service resource consumption via unknown vectors...