Code Execution Vulnerabilities

Vulnerability Name CVE CWE Severity
AjaxControlToolkit directory traversal CVE-2015-4670  CWE-434  High
Apache 2.2.14 mod_isapi Dangling Pointer CVE-2010-0425  CWE-20  High
Apache 2.x version older than 2.2.3 CVE-2006-3747  CWE-189  Medium
Apache Shiro Deserialization RCE CWE-78  High
Apache Struts 2 ClassLoader manipulation and denial of service CVE-2014-0112  CWE-701  High
Apache Struts 2 ClassLoader manipulation and denial of service (S2-020) CVE-2014-0094  CWE-701  High
Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution CVE-2013-2251  CWE-20  High
Apache Struts2 remote code execution vulnerability CVE-2016-0785  CWE-78  High
Apache Struts2 remote command execution (S2-045) CVE-2017-5638  CWE-94  High
Apache Struts2 Remote Command Execution (S2-048) CVE-2017-9791  CWE-94  High
Apache Struts2 Remote Command Execution (S2-052) CVE-2017-9805  CWE-94  High
Apache Struts2 Remote Command Execution (S2-053) CVE-2017-12611  CWE-94  High
Apache Struts Remote Code Execution (S2-057) CVE-2018-11776  CWE-917  High
Apache Win32 batch file remote command execution vulnerability CVE-2002-0061  CWE-20  High
Arbitrary EL Evaluation in RichFaces CWE-917  High
ASP code injection CWE-95  High
Bash code injection vulnerability CVE-2014-6271  CWE-78  High
CakePHP 1.3.5 / 1.2.8 unserialize() vulnerability CVE-2010-4335  CWE-20  High
Check for apache versions up to 1.3.25, 2.0.38 CVE-2002-0392  CWE-119  High
Code execution CWE-94  High
CodeIgniter weak encryption key CWE-200  High
Data Binding Expression Vulnerability in Spring Web Flow CVE-2017-4971  CWE-78  High
Drupal 7 arbitrary PHP code execution and information disclosure CVE-2012-4553  CVE-2012-4554  CWE-264  High
Drupal Core 4.6.x Arbitrary Code Execution (4.6.0 - 4.6.6) CVE-2006-2743  CWE-95  High
Drupal Core 4.6.x Arbitrary Code Execution (4.6.0 - 4.6.7) CVE-2006-2831  CWE-95  High
Drupal Core 4.7.x Arbitrary Code Execution (4.7.0 - 4.7.0) CVE-2006-2743  CWE-95  High
Drupal Core 4.7.x Arbitrary Code Execution (4.7.0 - 4.7.5) CVE-2007-0626  CWE-95  High
Drupal Core 5.x Arbitrary Code Execution (5.0 - 5.0) CVE-2007-0626  CWE-95  High
Drupal Core 5.x Arbitrary Code Execution (5.0 - 5.2) CVE-2007-5593  CWE-95  High
Drupal Core 6.x Remote Code Execution (6.0 - 6.38) CVE-2018-7600  CWE-94  High
Drupal Core 7.x Remote Code Execution (7.0 - 7.57) CVE-2018-7600  CWE-94  High
Drupal Core 7.x Remote Code Execution (7.0 - 7.58) CVE-2018-7602  CWE-94  High
Drupal Core 8.4.x Remote Code Execution (8.4.0 - 8.4.5) CVE-2018-7600  CWE-94  High
Drupal Core 8.4.x Remote Code Execution (8.4.0 - 8.4.7) CVE-2018-7602  CWE-94  High
Drupal Core 8.5.0 Remote Code Execution (8.5.0 - 8.5.0) CVE-2018-7600  CWE-94  High
Drupal Core 8.5.x Remote Code Execution (8.5.0 - 8.5.2) CVE-2018-7602  CWE-94  High
Drupal Core 8.x.x Remote Code Execution (8.0.0 - 8.3.8) CVE-2018-7600  CWE-94  High
Drupal Remote Code Execution (SA-CORE-2018-002) CVE-2018-7600  CWE-94  High
Drupal Remote Code Execution (SA-CORE-2018-004) CVE-2018-7602  CWE-94  High
EktronCMS Saxon XSLT parser remote code execution CVE-2015-0931  CWE-78  High
Ektron CMS unauthenticated code execution and Local File Read CVE-2012-5357  CVE-2012-5358  CWE-20  High
Elasticsearch remote code execution CVE-2014-3120  CWE-78  High
Exim Illegal IPv6 Address and SPA Authentication Buffer Overflow CVE-2005-0021  CWE-119  High
Flask debug mode CWE-16  High
Gallery 3.0.4 remote code execution CWE-20  High
HipChat for JIRA plugin - Velocity template injection CVE-2015-5603  CWE-94  High
Horde/IMP Plesk webmail exploit CWE-20  High
Horde remote code execution CVE-2014-1691  CWE-94  High
HTTP.sys remote code execution vulnerability CVE-2015-1635  CWE-119  High
IBM WebSphere RCE Java Deserialization Vulnerability CVE-2015-7450  CWE-502  High
ImageMagick remote code execution CVE-2016-3714  CWE-78  High
Invision Power Board version 3.3.4 unserialize PHP code execution CVE-2012-5692  CWE-20  High
Jboss Application Server HTTPServerILServlet.java remote code execution CVE-2017-7504  CWE-502  High
JBoss InvokerTransformer Remote Code Execution CVE-2015-7501  CWE-502  High
JBoss Seam framework remote code execution CVE-2010-1871  CWE-94  High
Joomla! Core 3.x.x Remote Code Execution (3.7.0 - 3.8.7) CVE-2018-11321  CWE-94  High
Joomla! Core Remote Code Execution (1.5.0 - 3.4.5) CVE-2015-8562  CWE-94  High
Joomla! JCE arbitrary file upload CWE-20  High
Joomla! JomSocial remote code execution CWE-94  High
Joomla! remote code execution vulnerability CVE-2015-8562  CWE-94  High
Liferay TunnelServlet Deserialization Remote Code Execution CWE-502  High
Liferay version older than 7.0 CWE-502  Medium
Liferay version older than 7.1 CWE-918  Medium
Liferay XMLRPC Blind SSRF CWE-918  High
Magento remote code execution CVE-2015-1397  CVE-2015-1398  CVE-2015-1399  CWE-94  High
MediaWiki remote code execution CVE-2014-1610  CWE-20  High
MoinMoin CVE-2012-6081 multiple arbitrary code execution vulnerabilities CVE-2012-6081  CWE-434  High
MongoDB injection CWE-16  High
MovableType remote code execution CVE-2015-1592  CWE-94  High
Moveable Type 4.x unauthenticated remote command execution CVE-2013-0209  CWE-287  High
Multiple critical vulnerabilities in Apache Struts2 CVE-2012-0393  CWE-264  High
Multiple vulnerabilities reported in Parallels Plesk Sitebuilder CWE-94  High
Nginx PHP code execution via FastCGI CWE-16  High
OpenX 2.8.10 backdoor CVE-2013-4211  CWE-95  High
OpenX arbitrary file upload CVE-2009-4140  CWE-434  High
Oracle Reports rwservlet vulnerabilities CVE-2012-3152  CVE-2012-3153  CWE-20  High
Oracle Weblogic WLS-WSAT Component Deserialization RCE CVE-2017-3506  CVE-2017-10271  CWE-94  High
PHP 4.3.0 file disclosure and possible code execution CVE-2003-0097  CWE-20  Medium
PHP 5.3.9 remote code execution CVE-2012-0830  CWE-399  High
PHP code injection CWE-94  High
PHP code injection (pmwiki) CWE-94  High
PHP eval() used on user input CWE-95  Informational
phpMoAdmin remote code execution CWE-95  High
phpMyAdmin v3.5.2.2 backdoor CVE-2012-5159  CWE-95  High
phpThumb() fltr[] parameter command injection vulnerability CVE-2010-1598  CWE-20  High
PHPUnit Remote Code Execution CVE-2017-9841  CWE-94  High
Plone arbitrary code execution CVE-2011-3587  CWE-78  High
Rails remote code execution using render :inline CVE-2016-2098  CWE-94  High
RCE with Spring Data Commons CVE-2018-1273  CWE-94  High
Ruby on Rails directory traversal vulnerability CVE-2014-0130  CWE-22  High
Ruby on Rails weak/known secret token CVE-2013-0156  CWE-200  High
Ruby on Rails XML processor YAML deserialization code execution CVE-2013-0156  CWE-20  High
Security update: Hotfix available for ColdFusion CVE-2013-0625  CVE-2013-0629  CVE-2013-0631  CVE-2013-0632  CWE-255  High
Server-side JavaScript injection CWE-20  High
Server-side template injection CWE-20  High
Spring Boot Whitelabel Error Page SpEL CWE-94  High
Spring Data REST RCE via PATCH requests CVE-2017-8046  CWE-94  High
Struts 2 development mode CWE-16  High
Struts2/Xwork remote command execution CVE-2010-1870  CWE-264  High
Struts2/XWork remote command execution (S2-014) CVE-2013-1966  CVE-2013-2115  CWE-94  High
timthumb.php remote code execution CVE-2011-4106  CWE-20  High
TimThumb WebShot remote code execution CWE-94  High
TinyMCE ajax_create_folder remote code execution vulnerability CWE-94  High
Umbraco CMS remote code execution CWE-94  High
Umbraco CMS TemplateService remote code execution CVE-2013-4793  CWE-94  High
UnrealIRCd 3.2.8.1 backdoor CVE-2010-2075  CWE-20  High
vBSEO 3.6.0 PHP code injection CVE-2012-5223  CWE-94  High
vBulletin 5 CONNECT remote code execution CWE-94  High
vBulletin PHP object injection vulnerability CWE-915  High
WooFramework shortcode exploit CWE-95  High
WordPress 'wp-admin/options.php' Remote Code Execution Vulnerability (0.6.2 - 2.3.2) CVE-2008-5695  CWE-20  High
WordPress 2.0.2 Username Remote PHP Code Injection Vulnerability (0.6.2 - 2.0.2) CVE-2006-2667  CVE-2006-2702  CWE-94  High
WordPress 2.1.1 Command Execution Backdoor Vulnerability (2.1.1 - 2.1.1) CVE-2007-1277  CWE-94  High
WordPress 2.6.2 Remote Code Execution Vulnerability (0.70 - 2.6.2) CVE-2008-4796  CWE-94  High
WordPress caching plugins PHP code execution CVE-2013-2010  CWE-95  High
WordPress Cookie Data PHP Code Injection Vulnerability (1.5 - 1.5.1.3) CVE-2005-2612  CWE-94  High
WordPress OptimizePress unrestricted file upload CVE-2013-7102  CWE-20  High
WordPress PHP Object Injection CVE-2013-4338  CWE-94  High
WordPress Plugin Advanced Access Manager Arbitrary Code Execution (2.8.2) CVE-2014-6059   CWE-95  High
WordPress Plugin Ajax Search Lite Remote Command Execution (3.1) CWE-95  High
WordPress Plugin All-in-One WP Migration Remote Code Execution (2.0.2) CVE-2014-8794  CWE-94  High
WordPress Plugin Analytics Remote Code Execution (1.7) CWE-94  High
WordPress Plugin BackWPup Remote and Local Code Execution (1.6.1) CVE-2011-4342  CVE-2011-5208  CWE-22  CWE-94  High
WordPress Plugin Best Seo Remote Code Execution (1.5) CWE-94  High
WordPress Plugin BJ Lazy Load Remote Code Execution (0.7.5) CWE-94  High
WordPress Plugin CM Download Manager Code Injection (2.0.3) CVE-2014-8877   CWE-95  High
WordPress Plugin Coming Soon Possible Remote Code Execution (1.1.3) CVE-2016-10033  CVE-2016-10045  CWE-94  High
WordPress Plugin Cool Video Gallery Command Injection (1.9) CVE-2015-7527  CWE-94  High
WordPress Plugin Custom Content Type Manager Remote Code Execution (0.9.8.5) CVE-2015-3173   CWE-94  High
WordPress Plugin Duplicator-WordPress Migration Remote Code Execution (1.2.40) CWE-94  High
WordPress Plugin eShop Code Injection (6.3.11) CVE-2015-3421  CWE-94  High
WordPress Plugin EWWW Image Optimizer Remote Code Execution (2.8.3) CWE-94  High
WordPress Plugin EZPZ One Click Backup Remote Code Execution (12.03.10) CVE-2014-3114   CWE-78  High
WordPress Plugin Fast Secure Contact Form Remote Code Execution (4.0.44) CVE-2016-10033  CVE-2016-10045  CWE-94  High
WordPress Plugin File Gallery Remote Code Execution (1.7.9) CVE-2014-2558  CWE-94  High
WordPress Plugin Flamingo Code Injection (1.1) CWE-95  High
WordPress Plugin Formidable Forms-Form Builder for WordPress Remote Code Execution (2.05.01) CWE-94  High
WordPress Plugin Form Manager Remote Command Execution (1.7.2) CVE-2015-7806  CWE-94  High
WordPress Plugin Gantry 4 Framework Remote Command Execution (4.1.3) CWE-95  High
WordPress Plugin Global Content Blocks PHP Code Execution and Information Disclosure Vulnerabilities (1.5.1) CWE-95  CWE-200  High
WordPress Plugin Google Map Remote Code Execution (1.0) CWE-94  High
WordPress Plugin Insert PHP PHP Code Injection (1.3) CWE-95  High
WordPress Plugin is_human() 'type' Parameter Remote Command Injection (1.4.2) CWE-95  High
WordPress Plugin iThemes Exchange:Simple WP Ecommerce Remote Code Execution (1.14.0) CWE-94  High
WordPress Plugin Lightbox Jquery Possible Remote Code Execution (0.24) CWE-94  High
WordPress Plugin Maintenance Mode Under Construction Page Landing Page Possible Remote Code Execution (1.0.9) CVE-2016-10033  CVE-2016-10045  CWE-94  High
WordPress Plugin Newsletter Subscription Form Possible Remote Code Execution (1.1.2) CVE-2016-10033  CVE-2016-10045  CWE-94  High
WordPress Plugin NextGEN Gallery-WordPress Gallery Remote Code Execution (2.1.59) CWE-94  High
WordPress Plugin open-flash-chart-core Remote Code Execution (0.4) CVE-2009-4140   CWE-434  High
WordPress Plugin PHP Speedy 'admin_container.php' Remote PHP Code Execution (0.5.2) CWE-94  High
WordPress Plugin Plainview Activity Monitor Remote Command Execution (20161228) CVE-2018-15877  CWE-94  High
WordPress Plugin Robo Gallery-Photo Gallery and Images Gallery Remote Code Execution (2.0.14) CWE-94  High
WordPress Plugin Share Possible Remote Code Execution (1.0) CWE-94  High
WordPress Plugin Shortcodes Ultimate Remote Code Execution (5.0.0) CWE-94  High
WordPress Plugin Social Media Tab Remote Code Execution (1.0.9) CWE-94  High
WordPress Plugin Statistics Remote Code Execution (1.8) CWE-94  High
WordPress Plugin Subscribe Form Remote Command Execution (1.1) CWE-94  High
WordPress Plugin UnGallery 'search' Parameter Remote Arbitrary Command Execution (2.1.5) CWE-95  High
WordPress Plugin VaultPress Man-in-The-Middle (MiTM) Remote Code Execution (1.8.6) CWE-94  High
WordPress Plugin VaultPress Remote Code Execution (1.9.0) CWE-94  High
WordPress Plugin Video Embed & Thumbnail Generator 'kg_callffmpeg.php' Multiple Remote Code Execution Vulnerabilities (1.1) CVE-2012-1785  CWE-20  High
WordPress Plugin W3 Total Cache PHP Code Injection (0.9.2.8) CVE-2013-2010  CWE-95  High
WordPress Plugin WordPress Download Manager Remote Code Execution (2.7.4) CWE-94  High
WordPress Plugin WordPress Landing Pages Remote Code Execution (1.9.0) CVE-2015-5227   CWE-94  High
WordPress Plugin WP-Filebase Download Manager Remote Code Execution (0.3.0.03) CWE-94  High
WordPress Plugin WP-Syntax Remote PHP Code Execution (0.9.9) CVE-2009-2852  CWE-20  High
WordPress Plugin WP Live Chat Support Remote Code Execution (7.0.01) CVE-2016-10033  CVE-2016-10045  CWE-94  High
WordPress Plugin WP Maintenance Mode Remote Code Execution (2.0.6) CWE-94  High
WordPress Plugin WP Super Cache PHP Code Injection (1.2) CVE-2013-2009  CVE-2013-2011  CWE-95  High
WordPress Plugin wSecure Lite Remote Code Execution (2.3) CWE-94  High
WordPress Plugin Zingiri Web Shop 'ajax_save_name.php' Remote Code Execution (2.2.3) CWE-95  High