Code Execution Vulnerabilities

Vulnerability Name CVE CWE Severity
ASP code injection CWE-95  High
AjaxControlToolkit directory traversal CVE-2015-4670  CWE-434  High
Apache 2.2.14 mod_isapi Dangling Pointer CVE-2010-0425  CWE-20  High
Apache 2.x version older than 2.2.3 CVE-2006-3747  CWE-189  Medium
Apache Struts 2 ClassLoader manipulation and denial of service CVE-2014-0094  CWE-701  High
Apache Struts 2 ClassLoader manipulation and denial of service CVE-2014-0112  CWE-701  High
Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution CVE-2013-2251  CWE-20  High
Apache Struts2 remote code execution vulnerability CVE-2016-0785  CWE-78  High
Apache Win32 batch file remote command execution vulnerability CVE-2002-0061  CWE-20  High
Bash code injection vulnerability CVE-2014-6271  CWE-78  High
CakePHP 1.3.5 / 1.2.8 unserialize() vulnerability CVE-2010-4335  CWE-20  High
Check for apache versions up to 1.3.25, 2.0.38 CVE-2002-0392  CWE-119  High
Code execution CWE-94  High
CodeIgniter weak encryption key CWE-200  High
Drupal 7 arbitrary PHP code execution and information disclosure CVE-2012-4553  CVE-2012-4554  CWE-264  High
Ektron CMS unauthenticated code execution and Local File Read CVE-2012-5357  CVE-2012-5358  CWE-20  High
EktronCMS Saxon XSLT parser remote code execution CVE-2015-0931  CWE-78  High
Elasticsearch remote code execution CVE-2014-3120  CWE-78  High
Exim Illegal IPv6 Address and SPA Authentication Buffer Overflow CVE-2005-0021  CWE-119  High
Flask debug mode CWE-16  High
Gallery 3.0.4 remote code execution CWE-20  High
HTTP.sys remote code execution vulnerability CVE-2015-1635  CWE-119  High
HipChat for JIRA plugin - Velocity template injection CVE-2015-5603  CWE-94  High
Horde remote code execution CVE-2014-1691  CWE-94  High
Horde/IMP Plesk webmail exploit CWE-20  High
Invision Power Board version 3.3.4 unserialize PHP code execution CVE-2012-5692  CWE-20  High
JBoss Seam framework remote code execution CVE-2010-1871  CWE-94  High
Joomla! JCE arbitrary file upload CWE-20  High
Joomla! JomSocial remote code execution CWE-94  High
Joomla! remote code execution vulnerability CVE-2015-8562  CWE-94  High
Magento remote code execution CVE-2015-1397  CVE-2015-1398  CVE-2015-1399  CWE-94  High
MediaWiki remote code execution CVE-2014-1610  CWE-20  High
MoinMoin CVE-2012-6081 multiple arbitrary code execution vulnerabilities CVE-2012-6081  CWE-434  High
MongoDB injection CWE-16  High
MovableType remote code execution CVE-2015-1592  CWE-94  High
Moveable Type 4.x unauthenticated remote command execution CVE-2013-0209  CWE-287  High
Multiple critical vulnerabilities in Apache Struts2 CVE-2012-0393  CWE-264  High
Multiple vulnerabilities reported in Parallels Plesk Sitebuilder CWE-94  High
Nginx PHP code execution via FastCGI CWE-16  High
OpenX 2.8.10 backdoor CVE-2013-4211  CWE-95  High
OpenX arbitrary file upload CVE-2009-4140  CWE-434  High
Oracle Reports rwservlet vulnerabilities CVE-2012-3152  CVE-2012-3153  CWE-20  High
PHP 4.3.0 file disclosure and possible code execution CVE-2003-0097  CWE-20  Medium
PHP 5.3.9 remote code execution CVE-2012-0830  CWE-399  High
PHP code injection CWE-94  High
PHP eval() used on user input CWE-95  Informational
PHP-CGI remote code execution CVE-2012-1823  CWE-20  High
Plone arbitrary code execution CVE-2011-3587  CWE-78  High
Rails remote code execution using render :inline CVE-2016-2098  CWE-94  High
Ruby on Rails XML processor YAML deserialization code execution CVE-2013-0156  CWE-20  High
Ruby on Rails directory traversal vulnerability CVE-2014-0130  CWE-22  High
Ruby on Rails weak/known secret token CVE-2013-0156  CWE-200  High
Security update: Hotfix available for ColdFusion CVE-2013-0625  CVE-2013-0629  CVE-2013-0631  CVE-2013-0632  CWE-255  High
Server-side JavaScript injection CWE-20  High
Server-side template injection CWE-20  High
Struts 2 development mode CWE-16  High
Struts2/XWork remote command execution CVE-2013-1966  CVE-2013-2115  CWE-94  High
Struts2/Xwork remote command execution CVE-2010-1870  CWE-264  High
TimThumb WebShot remote code execution CWE-94  High
TinyMCE ajax_create_folder remote code execution vulnerability CWE-94  High
Umbraco CMS TemplateService remote code execution CVE-2013-4793  CWE-94  High
Umbraco CMS remote code execution CWE-94  High
UnrealIRCd 3.2.8.1 backdoor CVE-2010-2075  CWE-20  High
WooFramework shortcode exploit CWE-95  High
WordPress OptimizePress unrestricted file upload CVE-2013-7102  CWE-20  High
WordPress PHP Object Injection CVE-2013-4338  CWE-94  High
WordPress caching plugins PHP code execution CVE-2013-2010  CWE-95  High
phpMoAdmin remote code execution CWE-95  High
phpMyAdmin v3.5.2.2 backdoor CVE-2012-5159  CWE-95  High
phpThumb() fltr[] parameter command injection vulnerability CVE-2010-1598  CWE-20  High
timthumb.php remote code execution CVE-2011-4106  CWE-20  High
vBSEO 3.6.0 PHP code injection CVE-2012-5223  CWE-94  High
vBulletin 5 CONNECT remote code execution CWE-94  High
vBulletin PHP object injection vulnerability CWE-915  High