Total
1760 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-1000217 | 1 Opencast | 1 Opencast | 2025-04-20 | N/A |
| Opencast 2.3.2 and older versions are vulnerable to script injections through media and metadata in the player and media module resulting in arbitrary code execution, fixed in 2.3.3 and 3.0. | ||||
| CVE-2016-4010 | 1 Magento | 1 Magento | 2025-04-20 | N/A |
| Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP objection injection attacks and execute arbitrary PHP code via crafted serialized shopping cart data. | ||||
| CVE-2016-5013 | 1 Moodle | 1 Moodle | 2025-04-20 | N/A |
| In Moodle 2.x and 3.x, text injection can occur in email headers, potentially leading to outbound spam. | ||||
| CVE-2016-2980 | 1 Ibm | 1 Sametime | 2025-04-20 | N/A |
| The Sametime WebPlayer 8.5.2 and 9.0 is vulnerable to a script injection where a malicious site can inject their own script by exploiting a vulnerability in the way that the WebPlayer works. IBM X-Force ID: 113993. | ||||
| CVE-2016-3695 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-20 | N/A |
| The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI error injection through EINJ when securelevel is set. | ||||
| CVE-2016-1155 | 1 Google | 1 Android | 2025-04-20 | N/A |
| HTTP header injection vulnerability in the URLConnection class in Android OS 2.2 through 6.0 allows remote attackers to execute arbitrary scripts or set arbitrary values in cookies. | ||||
| CVE-2016-10131 | 1 Codeigniter | 1 Codeigniter | 2025-04-20 | N/A |
| system/libraries/Email.php in CodeIgniter before 3.1.3 allows remote attackers to execute arbitrary code by leveraging control over the email->from field to insert sendmail command-line arguments. | ||||
| CVE-2015-7544 | 1 Redhat | 2 Enterprise Virtualization Manager, Rhev Manager | 2025-04-20 | N/A |
| redhat-support-plugin-rhev in Red Hat Enterprise Virtualization Manager (aka RHEV Manager) before 3.6 allows remote authenticated users with the SuperUser role on any Entity to execute arbitrary commands on any host in the RHEV environment. | ||||
| CVE-2015-8258 | 1 Axis | 1 Axis Communications Firmware | 2025-04-20 | N/A |
| AXIS Communications products with firmware through 5.80.x allow remote attackers to modify arbitrary files as root via vectors involving Open Script Editor, aka a "resource injection vulnerability." | ||||
| CVE-2015-4075 | 1 Helpdeskpro | 1 Helpdesk Pro | 2025-04-20 | 8.1 High |
| The Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to write to arbitrary .ini files via a crafted language.save task. | ||||
| CVE-2015-5227 | 1 Inboundnow | 1 Wordpress Landing Pages | 2025-04-20 | N/A |
| The Landing Pages plugin before 1.9.2 for WordPress allows remote attackers to execute arbitrary code via the url parameter. | ||||
| CVE-2015-7264 | 1 Proxygen Project | 1 Proxygen | 2025-04-20 | N/A |
| The SPDY/2 codec in Facebook Proxygen before 2015-11-09 truncates a certain field to two bytes, which allows hijacking and injection attacks. | ||||
| CVE-2015-2180 | 1 Roundcube | 1 Webmail | 2025-04-20 | N/A |
| The DBMail driver in the Password plugin in Roundcube before 1.1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the password. | ||||
| CVE-2017-6971 | 2 Alienvault, Nfsen | 3 Ossim, Unified Security Management, Nfsen | 2025-04-20 | N/A |
| AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow remote authenticated users to execute arbitrary commands in a privileged context, or launch a reverse shell, via vectors involving the PHP session ID and the NfSen PHP code, aka AlienVault ID ENG-104862. | ||||
| CVE-2013-4578 | 2 Oracle, Redhat | 5 Jdk, Jre, Enterprise Linux and 2 more | 2025-04-20 | N/A |
| jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation. | ||||
| CVE-2017-5246 | 1 Biscom | 1 Secure File Transfer | 2025-04-20 | N/A |
| Biscom Secure File Transfer is vulnerable to AngularJS expression injection in the Display Name field. An authenticated user can populate this field with a valid AngularJS expression, wrapped in double curly-braces ({{ }}). This expression will be evaluated by any other authenticated user who views the attacker's display name. Affected versions are 5.0.0000 through 5.1.1026. The Issue is fixed in 5.1.1028. | ||||
| CVE-2017-0154 | 1 Microsoft | 3 Internet Explorer, Windows 10, Windows Server 2016 | 2025-04-20 | N/A |
| Microsoft Internet Explorer 11 on Windows 10, 1511, and 1606 and Windows Server 2016 does not enforce cross-domain policies, allowing attackers to access information from one domain and inject it into another via a crafted application, aka, "Internet Explorer Elevation of Privilege Vulnerability." | ||||
| CVE-2016-8720 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2025-04-20 | 4.3 Medium |
| An exploitable HTTP Header Injection vulnerability exists in the Web Application functionality of the Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted HTTP request can inject a payload in the bkpath parameter which will be copied in to Location header of the HTTP response. | ||||
| CVE-2017-3547 | 1 Oracle | 1 Peoplesoft Enterprise Peopletools | 2025-04-20 | N/A |
| Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: MultiChannel Framework). Supported versions that are affected are 8.54 and 8.55. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 7.4 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N). | ||||
| CVE-2017-17790 | 2 Redhat, Ruby-lang | 3 Enterprise Linux, Rhel Software Collections, Ruby | 2025-04-20 | N/A |
| The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input may be highly unlikely. | ||||