Filtered by CWE-94
Filtered by vendor Subscriptions
Total 5001 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-45673 2 Joplin Project, Laurent 22 2 Joplin, Joplin 2025-04-11 8.9 High
Joplin is a free, open source note taking and to-do application. A remote code execution (RCE) vulnerability in affected versions allows clicking on a link in a PDF in an untrusted note to execute arbitrary shell commands. Clicking links in PDFs allows for arbitrary code execution because Joplin desktop: 1. has not disabled top redirection for note viewer iframes, and 2. and has node integration enabled. This is a remote code execution vulnerability that impacts anyone who attaches untrusted PDFs to notes and has the icon enabled. This issue has been addressed in version 2.13.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2024-36568 2 Mayurik, Sourcecodester 2 Gas Agency Management System, Gas Agency Management System 2025-04-11 9.8 Critical
Sourcecodester Gas Agency Management System v1.0 is vulnerable to SQL Injection via /gasmark/editbrand.php?id=.
CVE-2024-41304 1 Wondercms 1 Wondercms 2025-04-11 5.4 Medium
An arbitrary file upload vulnerability in the uploadFileAction() function of WonderCMS v3.4.3 allows attackers to execute arbitrary code via a crafted SVG file.
CVE-2024-42634 1 Tenda 2 Ac9, Ac9 Firmware 2025-04-11 9.8 Critical
A Command Injection vulnerability exists in formWriteFacMac of the httpd binary in Tenda AC9 v15.03.06.42. As a result, attacker can execute OS commands with root privileges.
CVE-2024-30878 1 Rageframe 1 Rageframe 2025-04-11 6.1 Medium
A cross-site scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the upload_drive parameter.
CVE-2012-1205 2 Alanft, Wordpress 2 Relocate-upload, Wordpress 2025-04-11 N/A
PHP remote file inclusion vulnerability in relocate-upload.php in Relocate Upload plugin before 0.20 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter.
CVE-2012-0928 1 Realnetworks 2 Realplayer, Realplayer Sp 2025-04-11 N/A
The ATRAC codec in RealNetworks RealPlayer 11.x and 14.x through 14.0.7, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer 12.x before 12.0.0.1703 does not properly decode samples, which allows remote attackers to execute arbitrary code via a crafted ATRAC audio file.
CVE-2012-4864 1 Oreans 1 Winlicense 2025-04-11 N/A
Oreans WinLicense 2.1.8.0 allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via a crafted xml file.
CVE-2012-0922 1 Realnetworks 2 Realplayer, Realplayer Sp 2025-04-11 N/A
rvrender.dll in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via crafted flags in an RMFF file.
CVE-2012-0671 1 Apple 1 Quicktime 2025-04-11 N/A
Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .pict file.
CVE-2011-1392 2 .bbsoftware, Ibm 2 Bb Flashback, Rational Rhapsody 2025-04-11 N/A
The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll in Blueberry BB FlashBack, as used in IBM Rational Rhapsody before 7.6.1 and other products, does not properly implement the (1) Start, (2) PauseAndSave, (3) InsertMarker, and (4) InsertSoundToFBRAtMarker methods, which allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2012-0319 1 Movabletype 4 Movable Type Advanced, Movable Type Enterprise, Movable Type Open Source and 1 more 2025-04-11 N/A
The file-management system in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allows remote authenticated users to execute arbitrary commands by leveraging the file-upload feature, related to an "OS Command Injection" issue.
CVE-2013-3144 1 Microsoft 1 Internet Explorer 2025-04-11 N/A
Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3151 and CVE-2013-3163.
CVE-2011-1388 2 .bbsoftware, Ibm 2 Bb Flashback, Rational Rhapsody 2025-04-11 N/A
The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll in Blueberry BB FlashBack, as used in IBM Rational Rhapsody before 7.6.1 and other products, does not properly implement the TestCompatibilityRecordMode method, which allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2013-5369 1 Ibm 1 Spss Analytical Decision Management 2025-04-11 N/A
IBM SPSS Analytical Decision Management 6.1 before IF1, 6.2 before IF1, and 7.0 before FP1 IF6 might allow remote attackers to execute arbitrary code by deploying and accessing a service.
CVE-2011-1391 2 .bbsoftware, Ibm 2 Bb Flashback, Rational Rhapsody 2025-04-11 N/A
The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll in Blueberry BB FlashBack, as used in IBM Rational Rhapsody before 7.6.1 and other products, does not properly implement the InsertMarker method, which allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2011-5021 1 Phpids 1 Phpids 2025-04-11 N/A
PHPIDS before 0.7 does not properly implement Regular Expression Denial of Service (ReDoS) filters, which allows remote attackers to bypass rulesets and add PHP sequences to a file via unspecified vectors.
CVE-2011-4791 1 Hp 1 Data Protector Media Operations 2025-04-11 N/A
DBServer.exe in HP Data Protector Media Operations 6.11 and earlier allows remote attackers to execute arbitrary code via a crafted request containing a large value in a length field.
CVE-2011-4668 1 Ibm 1 Tivoli Netcool\/reporter 2025-04-11 N/A
IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
CVE-2011-0487 1 Icq 1 Icq 2025-04-11 N/A
ICQ 7 does not verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a crafted file that is fetched through an automatic-update mechanism.