Vulnerabilities (CVE)

CWE filter

CWE-94

Filter

2302 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-18835 1 Doccms 1 Doccms 2018-12-06 7.5
upload_template() in system/changeskin.php in DocCms 2016.5.12 allows remote attackers to execute arbitrary PHP code via a template file.
CVE-2018-11781 4 Apache, Canonical, Debian and 1 more 7 Spamassassin, Ubuntu Linux, Debian Linux and 4 more 2018-12-06 4.6
Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax.
CVE-2018-11780 4 Apache, Pdfinfo Project, Canonical and 1 more 4 Spamassassin, Pdfinfo, Ubuntu Linux and 1 more 2018-12-06 7.5
A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3.4.2.
CVE-2018-14630 1 Moodle 1 Moodle 2018-12-04 6.5
moodle before versions 3.5.2, 3.4.5, 3.3.8, 3.1.14 is vulnerable to an XML import of ddwtos could lead to intentional remote code execution. When importing legacy 'drag and drop into text' (ddwtos) type quiz questions, it was possible to inject...
CVE-2018-18892 1 1234n 1 Minicms 2018-12-03 7.5
MiniCMS 1.10 allows execution of arbitrary PHP code via the install.php sitename parameter, which affects the site_name field in mc_conf.php.
CVE-2018-18426 1 S-cms 1 S-cms 2018-12-03 9.0
s-cms 3.0 allows remote attackers to execute arbitrary PHP code by placing this code in a crafted User-agent Disallow value in the robots.php txt parameter.
CVE-2018-18461 1 Kibokolabs 1 Arigato Autoresponder And Newsletter 2018-11-30 7.5
The Arigato Autoresponder and Newsletter (aka bft-autoresponder) v2.5.1.7 plugin for WordPress allows remote attackers to execute arbitrary code via PHP code in attachments[] data to models/attachment.php.
CVE-2018-18258 1 Bagesoft 1 Bagecms 2018-11-29 7.5
An issue was discovered in BageCMS 3.1.3. The attacker can execute arbitrary PHP code on the web server and can read any file on the web server via an index.php?r=admini/template/updateTpl&filename= URI.
CVE-2018-18083 1 Comsenz 1 Duomicms 2018-11-29 7.5
An issue was discovered in DuomiCMS 3.0. Remote PHP code execution is possible via the search.php searchword parameter because "eval" is used during "if" processing.
CVE-2018-14804 1 Emerson 1 Ams Device Manager 2018-11-28 7.5
Emerson AMS Device Manager v12.0 to v13.5. A specially crafted script may be run that allows arbitrary remote code execution.
CVE-2015-9272 1 Videowhisper 1 Video Presentation 2018-11-23 7.5
The videowhisper-video-presentation plugin 3.31.17 for WordPress allows remote attackers to execute arbitrary code because vp/vw_upload.php considers a file safe when "html" are the last four characters, as demonstrated by a .phtml file...
CVE-2013-2134 1 Apache 1 Struts 2018-11-23 9.3
Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
CVE-2013-2135 1 Apache 1 Struts 2018-11-23 9.3
Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
CVE-2013-1966 1 Apache 1 Struts 2018-11-23 9.3
Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
CVE-2013-1965 1 Apache 2 Struts2-showcase, Struts 2018-11-23 9.3
Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
CVE-2018-0674 1 Hibara 1 Attachecase 2018-11-20 6.8
AttacheCase ver.2.8.4.0 and earlier allows an arbitrary script execution via unspecified vectors.
CVE-2018-0675 1 Hibara 1 Attachecase 2018-11-20 6.8
AttacheCase ver.3.3.0.0 and earlier allows an arbitrary script execution via unspecified vectors.
CVE-2018-17126 1 Chshcms 1 Cscms 2018-11-19 7.5
CScms 4.1 allows remote code execution, as demonstrated by 1');eval($_POST[cmd]);# in Web Name to upload\plugins\sys\Install.php.
CVE-2018-15886 1 Monstra 1 Monstra 2018-11-14 6.5
Monstra CMS 3.0.4 does not properly restrict modified Snippet content, as demonstrated by the admin/index.php?id=snippets&action=edit_snippet&filename=google-analytics URI, which allows attackers to execute arbitrary PHP code by placing this code...
CVE-2018-17173 1 Lg 1 Supersign Cms 2018-11-14 7.5
LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getThumbnail.