Search Results (6974 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-13676 1 Norton 1 Remove \& Reinstall 2025-04-20 N/A
Norton Remove & Reinstall can be susceptible to a DLL preloading vulnerability. These types of issues occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application. A Norton Remove & Reinstall update, version 4.4.0.58, has been released which addresses the aforementioned vulnerability.
CVE-2017-1336 1 Ibm 1 Infosphere Biginsights 2025-04-20 N/A
IBM Infosphere BigInsights 4.2.0 could allow an attacker to inject code that could allow access to restricted data and files. IBM X-Force ID: 126244.
CVE-2017-11167 1 Finecms Project 1 Finecms 2025-04-20 N/A
FineCMS 2.1.0 allows remote attackers to execute arbitrary PHP code by using a URL Manager "Add Site" action to enter this code after a ', sequence in a domain name, as demonstrated by the ',phpinfo() input value.
CVE-2017-1000196 1 Octobercms 1 October 2025-04-20 N/A
October CMS build 412 is vulnerable to PHP code execution in the asset manager functionality resulting in site compromise and possibly other applications on the server.
CVE-2016-8020 1 Mcafee 1 Virusscan Enterprise 2025-04-20 N/A
Improper control of generation of code vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to execute arbitrary code via a crafted HTTP request parameter.
CVE-2017-7402 1 Lucidcrew 1 Pixie 2025-04-20 N/A
Pixie 1.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via the POST data in an admin/index.php?s=publish&x=filemanager request for a filename with a double extension, such as a .jpg.php file with Content-Type of image/jpeg.
CVE-2016-5727 1 Simplemachines 1 Simple Machines Forum 2025-04-20 N/A
LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input in a foreach loop.
CVE-2016-5726 1 Simplemachines 1 Simple Machines Forum 2025-04-20 N/A
Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the themechanges array parameter.
CVE-2016-5713 1 Puppet 1 Puppet Agent 2025-04-20 N/A
Versions of Puppet Agent prior to 1.6.0 included a version of the Puppet Execution Protocol (PXP) agent that passed environment variables through to Puppet runs. This could allow unauthorized code to be loaded. This bug was first introduced in Puppet Agent 1.3.0.
CVE-2016-4895 1 Setucocms Project 1 Setucocms 2025-04-20 N/A
SetsucoCMS all versions allows remote authenticated attackers to conduct code injection attacks via unspecified vectors.
CVE-2016-7102 1 Owncloud 1 Owncloud Desktop Client 2025-04-20 N/A
ownCloud Desktop before 2.2.3 allows local users to execute arbitrary code and possibly gain privileges via a Trojan library in a "special path" in the C: drive.
CVE-2017-7324 1 Modx 1 Modx Revolution 2025-04-20 9.8 Critical
setup/templates/findcore.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the core_path parameter.
CVE-2017-7411 1 Enalean 1 Tuleap 2025-04-20 N/A
An issue was discovered in Enalean Tuleap 9.6 and prior versions. The vulnerability exists because the User::getRecentElements() method is using the unserialize() function with a preference value that can be arbitrarily manipulated by malicious users through the REST API interface, and this can be exploited to inject arbitrary PHP objects into the application scope, allowing an attacker to perform a variety of attacks (including but not limited to Remote Code Execution).
CVE-2017-7321 1 Modx 1 Modx Revolution 2025-04-20 9.8 Critical
setup/controllers/welcome.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the config_key parameter to the setup/index.php?action=welcome URI.
CVE-2017-4964 1 Cloudfoundry 1 Bosh Azure Cpi 2025-04-20 8.8 High
Cloud Foundry Foundation BOSH Azure CPI v22 could potentially allow a maliciously crafted stemcell to execute arbitrary code on VMs created by the director, aka a "CPI code injection vulnerability."
CVE-2017-8912 1 Cmsmadesimple 1 Cms Made Simple 2025-04-20 7.2 High
CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to admin/editusertag.php, related to the CreateTagFunction and CallUserTag functions. NOTE: the vendor reportedly has stated this is "a feature, not a bug.
CVE-2016-2242 1 Exponentcms 1 Exponent Cms 2025-04-20 N/A
Exponent CMS 2.x before 2.3.7 Patch 3 allows remote attackers to execute arbitrary code via the sc parameter to install/index.php.
CVE-2016-1602 1 Suse 3 Linux Enterprise Desktop, Linux Enterprise Server, Suse Linux Enterprise Server 2025-04-20 N/A
A code injection in the supportconfig data collection tool in supportutils in SUSE Linux Enterprise Server 12 and 12-SP1 and SUSE Linux Enterprise Desktop 12 and 12-SP1 could be used by local attackers to execute code as the user running supportconfig (usually root).
CVE-2016-10157 1 Akamai 1 Netsession 2025-04-20 N/A
Akamai NetSession 1.9.3.1 is vulnerable to DLL Hijacking: it tries to load CSUNSAPI.dll without supplying the complete path. The issue is aggravated because the mentioned DLL is missing from the installation, thus making it possible to hijack the DLL and subsequently inject code within the Akamai NetSession process space.
CVE-2015-8771 1 Gosa Project 1 Gosa Plugin 2025-04-20 N/A
The generate_smb_nt_hash function in include/functions.inc in GOsa allows remote attackers to execute arbitrary commands via a crafted password.