DrayTek Routers Buffer Overflow (CVE-2022-32548)

A buffer overflow vulnerability exists in DrayTek Routers. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...

WordPress WP_Query SQL Injection (CVE-2022-21661)

An SQL injection vulnerability exists in WordPress WPQuery. Successful exploitation of this vulnerability could result in the execution of arbitrary SQL statements on the affected system...

Boite de News index.php url_index Parameter PHP Code Execution - Ver2 (CVE-2006-4123)

A code execution vulnerability has been reported in Boite de News. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Red Hat JBoss Seam Framework XXE Information Disclosure (CVE-2013-6447)

An information disclosure vulnerability has been reported in Red Hat JBoss Seam Framework. The vulnerability is due to an incorrectly configured XML parser accepting XML eXternal Entities XXE from untrusted sources being used by the ExecutionHandler, PollHandler, and SubscriptionHandler classes...

Fourtwosevenbb showthread.php ForumID Parameter SQL Injection - Ver2 (CVE-2006-0154)

An SQL injection vulnerability has been reported in 427BB Fourtwosevenbb. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary SQL commands on the affected system...

Hikvision Web Server Command Injection (CVE-2021-36260)

A command injection vulnerability exists in Hikvision Web Server. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

Apache HTTP Server Server-Side Request Forgery (CVE-2021-40438)

A Server Side Request Forgery vulnerability exists in Apache HTTP Server. A remote attacker may exploit this issue by making a specially crafted HTTP request. Successful exploitation would allow attackers to create HTTP requests on behalf of the vulnerable server...

MF Piadas admin.php page Parameter PHP Code Execution - Ver2 (CVE-2006-3323)

A cross-site scripting vulnerability has been reported in MF Piadas. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Fourtwosevenbb Cookie-based Authentication Bypass - Ver2 (CVE-2006-0153)

An authentication bypass vulnerability has been reported in 427BB Fourtwosevenbb. A remote attacker could trigger this vulnerability by using a valid username and usertype and setting the authenticated cookie. Successful exploitation of this vulnerability would allow remote attackers to gain...

WoWRoster subdir Parameter PHP Code Execution - Ver2 (CVE-2006-3997)

A code execution vulnerability has been reported in WoWRoster. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

W3-Total-Cache Wordpress-plugin Username and Hash Extract (CVE-2012-6077)

An information disclosure vulnerability has been reported in W3 Total Cache Plugin for Wordpress...

Corel PaintShop Pro Insecure Library Loading (CVE-2013-0733)

A code execution vulnerability exists in Corel's PaintShop Pro...

Cisco Secure ACS LogonProxy.cgi Cross-Site Scripting - Ver2 (CVE-2006-3101)

A cross-site scripting vulnerability has been reported in Cisco Secure Access Control Server Solution Engine. Successful exploitation of this vulnerability would allow a remote attacker to inject arbitrary web script or HTML into the affected system...

Light Weight Calendar index.php date Parameter PHP Code Execution - Ver2 (CVE-2006-0206)

A code execution vulnerability has been reported in Light Weight Calendar. The vulnerability is due to the application does not validating the 'date' variable upon submission to the 'index.php' script. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrar...

Hikvision IP Cameras Authentication Bypass (CVE-2017-7921)

An information disclosure vulnerability exists in Hikvision IP cameras. Successful exploitation of this vulnerability would allow remote attackers to gain access to sensitive information and gain unauthorized access into the affected system...

Adobe Reader and Acrobat Embedded BMP Memory Corruption (APSB12-01; CVE-2012-4373)

A memory corruption vulnerability has been reported in Adobe Reader and Acrobat...

Microsoft Graphics Device Interface Integer Overflow (MS13-089; CVE-2013-3901)

A remote code execution vulnerability has been reported in the Windows Graphics Device Interface GDI...

Turnkey Web Tools PHP Simple Shop abs-path Parameter PHP Code Execution - Ver2 (CVE-2006-4052)

A file inclusion vulnerability has been reported in Turnkey Web Tools PHP Simple Shop. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

TinyPHPForum action.php txt Parameter Cross-Site Scripting - Ver2 (CVE-2006-0102)

A cross-site scripting vulnerability has been reported in TinyPHPForum. Successful exploitation of this vulnerability would allow a remote attacker to inject arbitrary script into the affected system...

GNUTurk mods.php t_id Parameter SQL Injection - Ver2 (CVE-2006-4867)

An SQL injection vulnerability has been reported in GNUTurk. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary SQL commands on the affected system...

Cross-Site Scripting (CVE-2005-0543; CVE-2014-4075; CVE-2014-4116; CVE-2014-6325; CVE-2014-6365; CVE-2015-1636; CVE-2015-1640; CVE-2015-1757)

...

rpc.py Project Remote Code Execution (CVE-2022-35411)

A remote code execution vulnerability exists in rpc.py Project. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Microsoft RPC Remote Code Execution (CVE-2022-26809)

A remote code execution vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Laravel Ignition Remote Code Execution (CVE-2021-3129)

A remote code execution vulnerability exists in Laravel Ignition. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Grafana Directory Traversal (CVE-2021-43798)

A directory traversal vulnerability exists in Grafana. Successful exploitation of this vulnerability could allow an attacker to access arbitrary files on the affected system...

TR-069 Auto Configuration Servers Multiple Vulnerabilities (CVE-2014-2840; CVE-2014-4916; CVE-2014-4917; CVE-2014-4918; CVE-2014-4956; CVE-2014-4957)

The TR-069 protocol allows remote management of end-user broadband devices. Several vulnerabilities have been detected in certain TR-069 server implementations, that could allow a remote attacker to obtain administrative access to the servers or execute arbitrary code on them...

Microsoft IIS FTP Server Telnet IAC Buffer Overflow (CVE-2010-3972)

A heap buffer overflow vulnerability exists within the Microsoft Internet Information Services IIS FTP Service. The vulnerability is due to a memory corruption encountered when encoding Telnet IAC characters in a FTP response. A remote unauthenticated attacker may exploit this vulnerability by...

ProFTPD mod_copy Unauthenticated Remote File Copying (CVE-2015-3306)

A remote file copying vulnerability exists in ProFTPD. The vulnerability is due to a design weakness within module modcopy. Successful exploitation would result in arbitrary code execution on target system...

WordPress Remote Code Execution (CVE-2021-44223)

A remote code execution vulnerability exists in WordPress. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

InduSoft Thin Client ISSymbol ActiveX Heap Buffer Overflow (CVE-2011-0340)

A heap buffer overflow vulnerability has been reported in the InduSoft Thin Client. The vulnerability is due to lack of input validation of a certain parameter. A remote attacker can exploit this vulnerability by enticing a target user to visit a crafted web page using Internet Explorer. Successf...

Microsoft Windows Media Player MIDI Code Execution (MS12-004; CVE-2012-0003)

A remote code execution vulnerability has been reported in Windows Media Player. The vulnerability is due to an error in Windows Media Player while handling specially crafted MIDI files. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted MIDI fi...

OpenPLC WebServer Remote Code Execution (CVE-2021-31630)

A remote code execution vulnerability exists in OpenPLC WebServer. Successful exploitation of this vulnerability could allow an authenticated attacker to execute arbitrary code on the affected system...

Microsoft SQL Server Remote Code Execution (CVE-2020-0618)

A remote code execution vulnerability exists in Microsoft SQL server. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

PHP Authentication Bypass (CVE-2022-31629)

An authentication bypass vulnerability exists in PHP. Successful exploitation will bypass authentication and allow the attacker to gain unauthorized access to the system...

Microsoft ASP.NET Authentication Bypass Elevation of Privilege (MS11-100; CVE-2011-3416)

An elevation of privilege vulnerability has been reported in Microsoft ASP.NET...

Adobe Director Files (CVE-2010-0127; CVE-2010-0128; CVE-2010-0129; CVE-2010-0130; CVE-2010-0986; CVE-2010-0987; CVE-2010-1280; CVE-2010-1281; CVE-2010-1282; CVE-2010-1283; CVE-2010-1284; CVE-2010-1286; CVE-2010-1287; CVE-2010-1288; CVE-2010-1289; CVE-2010-1290; CVE-2010-1291; CVE-2010-1292)

Adobe Shockwave is a multimedia player that allows Adobe Director applications to be published on the Internet and viewed in a web browser by anyone who has the Shockwave plug-in installed. Multiple vulnerabilities have been identified in Adobe Shockwave Player. The vulnerabilities are due to...

GLPI Project Code Injection (CVE-2022-35914)

A code injection vulnerability exists in GLPI Project. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Web Servers PHPMyAdmin Remote Code Execution (CVE-2016-5734)

A remote code execution vulnerability exists in PHPMyAdmin. The vulnerability is caused due to incorrect choosing of delimiters to prevent use of the pregreplace function. Successful exploitation of this vulnerability will allow execution of arbitrary PHP code...

Oracle Java Applet2ClassLoader Remote Code Execution (CVE-2010-4452)

Java Technology is a programming platform which aims to provide a system for developing and deploying cross-platform applications. It is distributed in the form of various tools such as Java Runtime Environment JRE and Java Development Kit JDK. A remote code execution vulnerability has been...

jQuery Cross Site Scripting (CVE-2020-11022; CVE-2020-11023)

A cross-site scripting vulnerability exists in jQuery. Successful exploitation of this vulnerability could result in execution of arbitrary scripts on the affected system...

Microsoft Windows WinVerifyTrust PE Validation Security Bypass (MS13-098; CVE-2013-3900)

A remote code execution vulnerability has been reported in Microsoft Windows. The vulnerability is due to an error in the way the WinVerifyTrust function handles Windows Authenticode signature verification for portable executable PE files. A remote attacker could trigger this flaw by sending a...

Microsoft Windows WinVerifyTrust Signature Validation Code Execution (MS13-098; CVE-2013-3900)

A remote code execution vulnerability has been reported in Microsoft Windows...

Apache Log4j Remote Code Execution (CVE-2021-44228; CVE-2021-45046)

A remote code execution vulnerability exists in Apache Log4j. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Eclipse Mosquitto Denial Of Service (CVE-2019-11779)

A stack overflow exists in Eclipse Mosquitto. The vulnerability is due to insufficient handling of the Topic in MQTT SUBSCRIBE messages. A remote attacker can exploit this vulnerability by sending a crafted MQTT SUBSCRIBE message with a large number of topic hierarchy separators in the topic...

CA ARCserve D2D Axis2 Default Credentials Remote Code Execution (CVE-2010-0219)

CA ARCserve D2D is a disk-based backup solution that allows protecting and recovering business data on both physical and virtual servers. It includes a web 2.0 interface that proactively delivers updates. A remote code execution vulnerability has been reported in CA ARCserve D2D. The vulnerabilit...

Office Files (CVE-2006-1308; CVE-2006-1540; CVE-2006-3431; CVE-2007-0934; CVE-2007-0936)

...

Microsoft Windows Server Remote Code Execution (CVE-2009-3103)

Microsoft Server Message Block SMB Protocol is a Microsoft network file sharing protocol used in Microsoft Windows. A vulnerability exists in Microsoft Server Message Block SMB Protocol that could allow remote attackers to execute arbitrary code on the vulnerable system due to memory corruption...

MikroTik RouterOS Winbox Authentication Bypass (CVE-2018-14847)

An authentication bypass vulnerability exists in the Winbox component of Mikrotik RouterOS. A remote attacker could exploit this flaw by sending specially crafted packets to the affected server. Successful exploitation of this vulnerability would allow a remote attacker to hijack a user's session...

Dasan GPON Router Authentication Bypass (CVE-2018-10561)

An authentication bypass vulnerability exists in Dasan GPON routers. Successful exploitation of this vulnerability would allow remote attackers to obtain sensitive information and gain unauthorized access into the affected system...

HP OpenView Network Node Manager ov.dll Buffer Overflow (CVE-2011-3167)

A stack-based buffer overflow vulnerability has been reported in HP OpenView Network Node Manager NNM...