CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Related To CWE-94

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-5734 94 Exec Code 2016-07-02 2016-08-16
7.5
None Remote Low Not required Partial Partial Partial
phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace e (aka eval) modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table search-and-replace implementation.
2 CVE-2016-3154 94 Exec Code 2016-04-08 2016-04-14
7.5
None Remote Low Not required Partial Partial Partial
The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object.
3 CVE-2016-3153 94 Exec Code 2016-04-08 2016-04-14
7.5
None Remote Low Not required Partial Partial Partial
SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrer_entites function.
4 CVE-2016-1986 94 Exec Code 2016-02-11 2016-08-22
7.5
None Remote Low Not required Partial Partial Partial
HP Continuous Delivery Automation (CDA) 1.30 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
5 CVE-2016-1985 94 Exec Code 2016-01-30 2016-08-22
10.0
None Remote Low Not required Complete Complete Complete
HPE Operations Manager 8.x and 9.0 on Windows allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
6 CVE-2016-1413 94 2016-05-27 2016-05-31
4.0
None Remote Low Single system None Partial None
The web interface in Cisco Firepower Management Center 5.4.0 through 6.0.0.1 allows remote authenticated users to modify pages by placing crafted code in a parameter value, aka Bug ID CSCuy76517.
7 CVE-2016-0033 94 DoS Overflow 2016-02-10 2016-02-16
5.0
None Remote Low Not required None None Partial
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 does not prevent recursive compilation of XSLT transforms, which allows remote attackers to cause a denial of service (performance degradation) via crafted XSLT data, aka ".NET Framework Stack Overflow Denial of Service Vulnerability."
8 CVE-2015-8761 94 Exec Code 2016-01-08 2016-01-11
6.0
None Remote Medium Single system Partial Partial Partial
The Values module 7.x-1.x before 7.x-1.2 for Drupal does not properly check permissions, which allows remote administrators with the "Import value sets" permission to execute arbitrary PHP code via the exported values list in a ctools import.
9 CVE-2015-7905 94 Exec Code 2015-11-12 2015-11-13
7.5
None Remote Low Not required Partial Partial Partial
Unitronics VisiLogic OPLC IDE before 9.8.02 allows remote attackers to execute unspecified code via unknown vectors.
10 CVE-2015-7450 94 Exec Code 2016-01-02 2016-04-01
10.0
None Remote Low Not required Complete Complete Complete
Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransformer class in the Apache Commons Collections library.
11 CVE-2015-7381 94 Exec Code File Inclusion 2015-09-27 2015-09-28
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in install.php in Web Reference Database (aka refbase) through 0.9.6 allow remote attackers to execute arbitrary PHP code via the (1) pathToMYSQL or (2) databaseStructureFile parameter, a different issue than CVE-2015-6008.
12 CVE-2015-6555 94 Exec Code 2015-11-11 2015-11-12
8.5
None Remote Medium Single system Complete Complete Complete
Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 allows remote attackers to execute arbitrary Java code by connecting to the console Java port.
13 CVE-2015-5970 94 2016-02-18 2016-03-10
5.0
None Remote Low Not required Partial None None
The ChangePassword RPC method in Novell ZENworks Configuration Management (ZCM) 11.3 and 11.4 allows remote attackers to conduct XPath injection attacks, and read arbitrary text files, via a malformed query involving a system entity reference.
14 CVE-2015-5693 94 Exec Code 2015-09-20 2015-09-21
7.9
None Remote Medium Multiple systems Complete Complete Complete
The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary commands via vectors related to "traffic capture."
15 CVE-2015-5687 94 Exec Code 2015-10-05 2015-10-06
7.5
None Remote Low Not required Partial Partial Partial
system/session/drivers/cookie.php in Anchor CMS 0.9.x allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in a cookie.
16 CVE-2015-5647 94 Exec Code 2015-10-12 2015-10-13
8.5
None Remote Medium Single system Complete Complete Complete
The RSS Reader component in Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-866.
17 CVE-2015-5646 94 Exec Code 2015-10-12 2015-10-13
8.5
None Remote Medium Single system Complete Complete Complete
Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-863 and CyVDB-867.
18 CVE-2015-5644 94 Exec Code 2015-10-05 2015-10-07
6.8
None Remote Medium Not required Partial Partial Partial
The installer in ICZ MATCHA SNS before 1.3.7 does not properly configure the database, which allows remote attackers to execute arbitrary PHP code via unspecified vectors.
19 CVE-2015-5643 94 Exec Code 2015-10-05 2015-10-07
6.8
None Remote Medium Not required Partial Partial Partial
The installer in ICZ MATCHA INVOICE before 2.5.7 does not properly configure the database, which allows remote attackers to execute arbitrary PHP code via unspecified vectors.
20 CVE-2015-5603 94 Exec Code 2015-09-21 2015-09-23
6.5
None Remote Low Single system Partial Partial Partial
The HipChat for JIRA plugin before 6.30.0 for Atlassian JIRA allows remote authenticated users to execute arbitrary Java code via unspecified vectors, related to "Velocity Template Injection Vulnerability."
21 CVE-2015-5242 94 Exec Code 2015-11-25 2015-11-27
6.0
None Remote Medium Single system Partial Partial Partial
OpenStack Swift-on-File (aka Swiftonfile) does not properly restrict use of the pickle Python module when loading metadata, which allows remote authenticated users to execute arbitrary code via a crafted extended attribute (xattrs).
22 CVE-2015-4726 94 Exec Code File Inclusion 2015-06-23 2015-06-23
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in ajax/myajaxphp.php in AudioShare 2.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the config['basedir'] parameter.
23 CVE-2015-4338 94 2015-06-17 2015-06-18
6.5
None Remote Low Single system Partial Partial Partial
Static code injection vulnerability in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to inject arbitrary PHP code into the language files via a Translation LM_FRONT_* field for a language, as demonstrated by language/italian.php.
24 CVE-2015-3446 94 Exec Code 2015-05-01 2015-05-04
9.3
None Remote Medium Not required Complete Complete Complete
The Framework Daemon in AlienVault Unified Security Management before 4.15 allows remote attackers to execute arbitrary Python code via a crafted plugin configuration file (.cfg).
25 CVE-2015-2945 94 Exec Code 2015-05-25 2015-05-27
7.5
None Remote Low Not required Partial Partial Partial
mt-phpincgi.php in Hajime Fujimoto mt-phpincgi before 2015-05-15 does not properly restrict URLs, which allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted request, as exploited in the wild in May 2015.
26 CVE-2015-2308 94 Exec Code 2015-06-24 2015-06-24
6.8
None Remote Medium Not required Partial Partial Partial
Eval injection vulnerability in the HttpCache class in HttpKernel in Symfony 2.x before 2.3.27, 2.4.x and 2.5.x before 2.5.11, and 2.6.x before 2.6.6 allows remote attackers to execute arbitrary PHP code via a language="php" attribute of a SCRIPT element.
27 CVE-2015-2171 94 Exec Code 2015-03-30 2015-03-31
7.5
None Remote Low Not required Partial Partial Partial
Middleware/SessionCookie.php in Slim before 2.6.0 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted session data.
28 CVE-2015-1699 94 Exec Code 2015-05-13 2015-07-30
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1675, CVE-2015-1695, CVE-2015-1696, CVE-2015-1697, and CVE-2015-1698.
29 CVE-2015-1698 94 Exec Code 2015-05-13 2015-07-30
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1675, CVE-2015-1695, CVE-2015-1696, CVE-2015-1697, and CVE-2015-1699.
30 CVE-2015-1697 94 Exec Code 2015-05-13 2015-07-30
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1675, CVE-2015-1695, CVE-2015-1696, CVE-2015-1698, and CVE-2015-1699.
31 CVE-2015-1696 94 Exec Code 2015-05-13 2015-07-30
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1675, CVE-2015-1695, CVE-2015-1697, CVE-2015-1698, and CVE-2015-1699.
32 CVE-2015-1695 94 Exec Code 2015-05-13 2015-07-30
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1675, CVE-2015-1696, CVE-2015-1697, CVE-2015-1698, and CVE-2015-1699.
33 CVE-2015-1675 94 Exec Code 2015-05-13 2015-07-30
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1695, CVE-2015-1696, CVE-2015-1697, CVE-2015-1698, and CVE-2015-1699.
34 CVE-2015-1645 94 Exec Code 2015-04-14 2015-09-16
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow remote attackers to execute arbitrary code via a crafted Enhanced Metafile (EMF) image, aka "EMF Processing Remote Code Execution Vulnerability."
35 CVE-2015-1635 94 Exec Code 2015-04-14 2015-09-30
10.0
None Remote Low Not required Complete Complete Complete
HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability."
36 CVE-2015-1597 94 Exec Code 2015-03-06 2015-03-09
6.8
None Remote Medium Not required Partial Partial Partial
The Siemens SPCanywhere application for Android does not use encryption during the loading of code, which allows man-in-the-middle attackers to execute arbitrary code by modifying the client-server data stream.
37 CVE-2015-1501 94 Exec Code 2015-02-16 2015-02-17
6.8
None Remote Medium Not required Partial Partial Partial
The factory.loadExtensionFactory function in TSUnicodeGraphEditorControl in SolarWinds Server and Application Monitor (SAM) allow remote attackers to execute arbitrary code via a UNC path to a crafted binary.
38 CVE-2015-1497 94 2 Exec Code 2015-02-16 2015-11-19
10.0
None Remote Low Not required Complete Complete Complete
radexecd.exe in Persistent Systems Radia Client Automation (RCA) 7.9, 8.1, 9.0, and 9.1 allows remote attackers to execute arbitrary commands via a crafted request to TCP port 3465.
39 CVE-2015-1399 94 Exec Code File Inclusion 2015-04-29 2016-04-01
6.5
None Remote Low Single system Partial Partial Partial
PHP remote file inclusion vulnerability in the fetchView function in the Mage_Core_Block_Template_Zend class in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allows remote administrators to execute arbitrary PHP code via a URL in unspecified vectors involving the setScriptPath function. NOTE: it is not clear whether this issue crosses privilege boundaries, since administrators might already have privileges to include arbitrary files.
40 CVE-2015-1311 94 2015-01-22 2015-01-25
10.0
None Remote Low Not required Complete Complete Complete
The Extended Application Services (XS) in SAP HANA allows remote attackers to inject arbitrary ABAP code via unspecified vectors, aka SAP Note 2098906. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
41 CVE-2015-1061 94 Exec Code 2015-03-12 2015-09-28
9.3
None Remote Medium Not required Complete Complete Complete
IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages "type confusion" during serialized-object handling.
42 CVE-2015-1059 94 1 Exec Code 2015-01-16 2015-01-20
6.5
None Remote Low Single system Partial Partial Partial
Unrestricted file upload vulnerability in admin/files/add in AdaptCMS 3.0.3 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in /app/webroot/uploads.
43 CVE-2015-0935 94 Exec Code 2015-05-25 2015-05-27
7.5
None Remote Low Not required Partial Partial Partial
Bomgar Remote Support before 15.1.1 allows remote attackers to execute arbitrary PHP code via crafted serialized data to unspecified PHP scripts.
44 CVE-2015-0925 94 Exec Code 2015-01-22 2015-01-23
9.0
None Remote Low Single system Complete Complete Complete
The client in iPass Open Mobile before 2.4.5 on Windows allows remote authenticated users to execute arbitrary code via a DLL pathname in a crafted Unicode string that is improperly handled by a subprocess reached through a named pipe, as demonstrated by a UNC share pathname.
45 CVE-2015-0898 94 Exec Code 2015-03-20 2015-03-27
7.5
None Remote Low Not required Partial Partial Partial
futomi CGI Cafe MP Form Mail CGI eCommerce before 2.0.12 on Windows allows remote attackers to execute arbitrary Perl code via unspecified vectors.
46 CVE-2015-0845 94 Exec Code 2015-04-17 2015-10-09
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in Movable Type Pro, Open Source, and Advanced before 5.2.13 and Pro and Advanced 6.0.x before 6.0.8 allows remote attackers to execute arbitrary code via vectors related to localization of templates.
47 CVE-2015-0279 94 Exec Code 2015-03-26 2016-08-23
6.8
None Remote Medium Not required Partial Partial Partial
JBoss RichFaces before 4.5.4 allows remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via the do parameter.
48 CVE-2015-0093 94 Exec Code 2015-03-11 2015-09-11
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) file, aka "Adobe Font Driver Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-0088, CVE-2015-0090, CVE-2015-0091, and CVE-2015-0092.
49 CVE-2015-0092 94 Exec Code 2015-03-11 2015-10-27
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) file, aka "Adobe Font Driver Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-0088, CVE-2015-0090, CVE-2015-0091, and CVE-2015-0093.
50 CVE-2015-0091 94 Exec Code 2015-03-11 2015-10-27
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) file, aka "Adobe Font Driver Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-0088, CVE-2015-0090, CVE-2015-0092, and CVE-2015-0093.
Total number of vulnerabilities : 2053   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.