Search Results (6957 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-5038 1 Groonesworld 1 Simple Contact Form 2025-04-11 N/A
PHP remote file inclusion vulnerability in contact/contact.php in Groone's Simple Contact Form allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter.
CVE-2010-5040 2 John Bradshaw, Nucleuscms 2 Np Gallery Plugin, Nucleus 2025-04-11 N/A
PHP remote file inclusion vulnerability in nucleus/plugins/NP_gallery.php in the NP_Gallery plugin 0.94 for Nucleus allows remote attackers to execute arbitrary PHP code via a URL in the DIR_NUCLEUS parameter. NOTE: some of these details are obtained from third party information.
CVE-2010-5091 1 Silverstripe 1 Silverstripe 2025-04-11 N/A
The setName function in filesystem/File.php in SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1 allows remote authenticated users with CMS author privileges to execute arbitrary PHP code by changing the extension of an uploaded file.
CVE-2010-5153 2 Avira, Microsoft 3 Antivir Security Suite, Premium Security Suite, Windows Xp 2025-04-11 5.3 Medium
Race condition in Avira Premium Security Suite 10.0.0.536 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute
CVE-2010-5164 2 Kingsoft, Microsoft 2 Personal Firewall 9, Windows Xp 2025-04-11 5.3 Medium
Race condition in KingSoft Personal Firewall 9 Plus 2009.05.07.70 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute
CVE-2011-0487 1 Icq 1 Icq 2025-04-11 N/A
ICQ 7 does not verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a crafted file that is fetched through an automatic-update mechanism.
CVE-2011-0554 1 Symantec 1 Im Manager 2025-04-11 N/A
The management console in Symantec IM Manager before 8.4.18 allows remote attackers to execute arbitrary code via unspecified vectors, related to a "code injection issue."
CVE-2011-0635 1 Simploo 1 Simploo Cms 2025-04-11 N/A
Static code injection vulnerability in Simploo CMS 1.7.1 and earlier allows remote authenticated users to inject arbitrary PHP code into config/custom/base.ini.php via the ftpserver parameter (FTP-Server field) to the sicore/updates/optionssav operation for index.php.
CVE-2011-1265 2 Bluetooth, Microsoft 3 Bluetooth Stack, Windows 7, Windows Vista 2025-04-11 8.8 High
The Bluetooth Stack 2.1 in Microsoft Windows Vista SP1 and SP2 and Windows 7 Gold and SP1 does not prevent access to objects in memory that (1) were not properly initialized or (2) have been deleted, which allows remote attackers to execute arbitrary code via crafted Bluetooth packets, aka "Bluetooth Stack Vulnerability."
CVE-2011-1388 2 .bbsoftware, Ibm 2 Bb Flashback, Rational Rhapsody 2025-04-11 N/A
The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll in Blueberry BB FlashBack, as used in IBM Rational Rhapsody before 7.6.1 and other products, does not properly implement the TestCompatibilityRecordMode method, which allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2011-1391 2 .bbsoftware, Ibm 2 Bb Flashback, Rational Rhapsody 2025-04-11 N/A
The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll in Blueberry BB FlashBack, as used in IBM Rational Rhapsody before 7.6.1 and other products, does not properly implement the InsertMarker method, which allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2011-1392 2 .bbsoftware, Ibm 2 Bb Flashback, Rational Rhapsody 2025-04-11 N/A
The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll in Blueberry BB FlashBack, as used in IBM Rational Rhapsody before 7.6.1 and other products, does not properly implement the (1) Start, (2) PauseAndSave, (3) InsertMarker, and (4) InsertSoundToFBRAtMarker methods, which allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2011-2101 4 Adobe, Apple, Microsoft and 1 more 5 Acrobat, Acrobat Reader, Mac Os X and 2 more 2025-04-11 N/A
Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X do not properly restrict script, which allows attackers to execute arbitrary code via a crafted document, related to a "cross document script execution vulnerability."
CVE-2011-2964 2 Linuxfoundation, Redhat 2 Foomatic, Enterprise Linux 2025-04-11 N/A
foomaticrip.c in foomatic-rip in foomatic-filters in Foomatic 4.0.6 allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPCommandLine field in a .ppd file, a different vulnerability than CVE-2011-2697.
CVE-2011-2984 2 Mozilla, Redhat 4 Firefox, Seamonkey, Thunderbird and 1 more 2025-04-11 N/A
Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly handle the dropping of a tab element, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by establishing a content area and registering for drop events.
CVE-2011-3000 2 Mozilla, Redhat 4 Firefox, Seamonkey, Thunderbird and 1 more 2025-04-11 N/A
Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting attacks via crafted header values.
CVE-2011-3007 1 Mcafee 1 Saas Endpoint Protection 2025-04-11 N/A
The myCIOScn ActiveX control (myCIOScn.dll) in McAfee SaaS Endpoint Protection 5.2.1 and earlier allows remote attackers to write to arbitrary files by specifying an arbitrary filename in the MyCioScan.Scan.ReportFile parameter, as demonstrated by injecting script into a log file and executing arbitrary code using the MyCioScan.Scan.Start method.
CVE-2011-3655 1 Mozilla 2 Firefox, Thunderbird 2025-04-11 N/A
Mozilla Firefox 4.x through 7.0 and Thunderbird 5.0 through 7.0 perform access control without checking for use of the NoWaiverWrapper wrapper, which allows remote attackers to gain privileges via a crafted web site.
CVE-2011-3832 1 Sitracker 1 Support Incident Tracker 2025-04-11 N/A
Eval injection vulnerability in config.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated administrators to execute arbitrary PHP code via the application_name parameter in a save action.
CVE-2011-4614 1 Typo3 1 Typo3 2025-04-11 N/A
PHP remote file inclusion vulnerability in Classes/Controller/AbstractController.php in the workspaces system extension in TYPO3 4.5.x before 4.5.9, 4.6.x before 4.6.2, and development versions of 4.7 allows remote attackers to execute arbitrary PHP code via a URL in the BACK_PATH parameter.