Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2014-7817 | 4.6 |
The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))".
|
13-02-2023 - 00:42 | 24-11-2014 - 15:59 | |
CVE-2014-0114 | 7.5 |
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "m
|
13-02-2023 - 00:32 | 30-04-2014 - 10:49 | |
CVE-2016-9924 | 7.5 |
Zimbra Collaboration Suite (ZCS) before 8.7.4 allows remote attackers to conduct XML External Entity (XXE) attacks.
|
04-06-2020 - 12:10 | 29-03-2017 - 14:59 | |
CVE-2006-1265 | 7.5 |
SQL injection vulnerability in discussion.class.php in xhawk.net discussion 2.0 beta2 allows remote attackers to execute arbitrary SQL commands via the view parameter.
|
18-10-2018 - 16:31 | 19-03-2006 - 02:02 | |
CVE-2003-0165 | 4.6 |
Format string vulnerability in Eye Of Gnome (EOG) allows attackers to execute arbitrary code via format string specifiers in a command line argument for the file to display.
|
11-10-2017 - 01:29 | 02-04-2003 - 05:00 | |
CVE-2014-6624 | 6.8 |
The Insight module in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote authenticated users to read arbitrary files via unspecified vectors.
|
08-09-2017 - 01:29 | 19-11-2014 - 18:59 | |
CVE-2008-0131 | 4.3 |
Cross-site scripting (XSS) vulnerability in login_form.asp in Instant Softwares Dating Site allows remote attackers to inject arbitrary web script or HTML via the msg parameter, a different product than CVE-2006-6022. NOTE: the provenance of this in
|
15-09-2009 - 05:10 | 08-01-2008 - 11:46 |