|
AjaxControlToolkit directory traversal
|
CVE-2015-4670 |
CWE-434 |
High
|
|
Apache 2.2.14 mod_isapi Dangling Pointer
|
CVE-2010-0425 |
CWE-20 |
High
|
|
Apache 2.x version older than 2.2.3
|
CVE-2006-3747 |
CWE-189 |
Medium
|
|
Apache Shiro Deserialization RCE
|
|
CWE-78 |
High
|
|
Apache Struts 2 ClassLoader manipulation and denial of service
|
CVE-2014-0112 |
CWE-701 |
High
|
|
Apache Struts 2 ClassLoader manipulation and denial of service (S2-020)
|
CVE-2014-0094 |
CWE-701 |
High
|
|
Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
|
CVE-2013-2251 |
CWE-20 |
High
|
|
Apache Struts2 remote code execution vulnerability
|
CVE-2016-0785 |
CWE-78 |
High
|
|
Apache Struts2 remote command execution (S2-045)
|
CVE-2017-5638 |
CWE-94 |
High
|
|
Apache Struts2 Remote Command Execution (S2-048)
|
CVE-2017-9791 |
CWE-94 |
High
|
|
Apache Struts2 Remote Command Execution (S2-052)
|
CVE-2017-9805 |
CWE-94 |
High
|
|
Apache Struts2 Remote Command Execution (S2-053)
|
CVE-2017-12611 |
CWE-94 |
High
|
|
Apache Struts Remote Code Execution (S2-057)
|
CVE-2018-11776 |
CWE-917 |
High
|
|
Apache Win32 batch file remote command execution vulnerability
|
CVE-2002-0061 |
CWE-20 |
High
|
|
Arbitrary EL Evaluation in RichFaces
|
|
CWE-917 |
High
|
|
ASP code injection
|
|
CWE-95 |
High
|
|
Bash code injection vulnerability
|
CVE-2014-6271 |
CWE-78 |
High
|
|
CakePHP 1.3.5 / 1.2.8 unserialize() vulnerability
|
CVE-2010-4335 |
CWE-20 |
High
|
|
Check for apache versions up to 1.3.25, 2.0.38
|
CVE-2002-0392 |
CWE-119 |
High
|
|
Code execution
|
|
CWE-94 |
High
|
|
CodeIgniter weak encryption key
|
|
CWE-200 |
High
|
|
Data Binding Expression Vulnerability in Spring Web Flow
|
CVE-2017-4971 |
CWE-78 |
High
|
|
Drupal 7 arbitrary PHP code execution and information disclosure
|
CVE-2012-4553 CVE-2012-4554 |
CWE-264 |
High
|
|
Drupal Core 4.6.x Arbitrary Code Execution (4.6.0 - 4.6.6)
|
CVE-2006-2743 |
CWE-95 |
High
|
|
Drupal Core 4.6.x Arbitrary Code Execution (4.6.0 - 4.6.7)
|
CVE-2006-2831 |
CWE-95 |
High
|
|
Drupal Core 4.7.x Arbitrary Code Execution (4.7.0 - 4.7.0)
|
CVE-2006-2743 |
CWE-95 |
High
|
|
Drupal Core 4.7.x Arbitrary Code Execution (4.7.0 - 4.7.5)
|
CVE-2007-0626 |
CWE-95 |
High
|
|
Drupal Core 5.x Arbitrary Code Execution (5.0 - 5.0)
|
CVE-2007-0626 |
CWE-95 |
High
|
|
Drupal Core 5.x Arbitrary Code Execution (5.0 - 5.2)
|
CVE-2007-5593 |
CWE-95 |
High
|
|
Drupal Core 6.x Remote Code Execution (6.0 - 6.38)
|
CVE-2018-7600 |
CWE-94 |
High
|
|
Drupal Core 7.x Remote Code Execution (7.0 - 7.57)
|
CVE-2018-7600 |
CWE-94 |
High
|
|
Drupal Core 7.x Remote Code Execution (7.0 - 7.58)
|
CVE-2018-7602 |
CWE-94 |
High
|
|
Drupal Core 8.4.x Remote Code Execution (8.4.0 - 8.4.5)
|
CVE-2018-7600 |
CWE-94 |
High
|
|
Drupal Core 8.4.x Remote Code Execution (8.4.0 - 8.4.7)
|
CVE-2018-7602 |
CWE-94 |
High
|
|
Drupal Core 8.5.0 Remote Code Execution (8.5.0 - 8.5.0)
|
CVE-2018-7600 |
CWE-94 |
High
|
|
Drupal Core 8.5.x Remote Code Execution (8.5.0 - 8.5.2)
|
CVE-2018-7602 |
CWE-94 |
High
|
|
Drupal Core 8.x.x Remote Code Execution (8.0.0 - 8.3.8)
|
CVE-2018-7600 |
CWE-94 |
High
|
|
Drupal Remote Code Execution (SA-CORE-2018-002)
|
CVE-2018-7600 |
CWE-94 |
High
|
|
Drupal Remote Code Execution (SA-CORE-2018-004)
|
CVE-2018-7602 |
CWE-94 |
High
|
|
EktronCMS Saxon XSLT parser remote code execution
|
CVE-2015-0931 |
CWE-78 |
High
|
|
Ektron CMS unauthenticated code execution and Local File Read
|
CVE-2012-5357 CVE-2012-5358 |
CWE-20 |
High
|
|
Elasticsearch remote code execution
|
CVE-2014-3120 |
CWE-78 |
High
|
|
Exim Illegal IPv6 Address and SPA Authentication Buffer Overflow
|
CVE-2005-0021 |
CWE-119 |
High
|
|
Flask debug mode
|
|
CWE-16 |
High
|
|
Gallery 3.0.4 remote code execution
|
|
CWE-20 |
High
|
|
HipChat for JIRA plugin - Velocity template injection
|
CVE-2015-5603 |
CWE-94 |
High
|
|
Horde/IMP Plesk webmail exploit
|
|
CWE-20 |
High
|
|
Horde remote code execution
|
CVE-2014-1691 |
CWE-94 |
High
|
|
HTTP.sys remote code execution vulnerability
|
CVE-2015-1635 |
CWE-119 |
High
|
|
IBM WebSphere RCE Java Deserialization Vulnerability
|
CVE-2015-7450 |
CWE-502 |
High
|
|
ImageMagick remote code execution
|
CVE-2016-3714 |
CWE-78 |
High
|
|
Invision Power Board version 3.3.4 unserialize PHP code execution
|
CVE-2012-5692 |
CWE-20 |
High
|
|
Jboss Application Server HTTPServerILServlet.java remote code execution
|
CVE-2017-7504 |
CWE-502 |
High
|
|
JBoss InvokerTransformer Remote Code Execution
|
CVE-2015-7501 |
CWE-502 |
High
|
|
JBoss Seam framework remote code execution
|
CVE-2010-1871 |
CWE-94 |
High
|
|
Joomla! Core 3.x.x Remote Code Execution (3.7.0 - 3.8.7)
|
CVE-2018-11321 |
CWE-94 |
High
|
|
Joomla! Core Remote Code Execution (1.5.0 - 3.4.5)
|
CVE-2015-8562 |
CWE-94 |
High
|
|
Joomla! JCE arbitrary file upload
|
|
CWE-20 |
High
|
|
Joomla! JomSocial remote code execution
|
|
CWE-94 |
High
|
|
Joomla! remote code execution vulnerability
|
CVE-2015-8562 |
CWE-94 |
High
|
|
Liferay TunnelServlet Deserialization Remote Code Execution
|
|
CWE-502 |
High
|
|
Liferay version older than 7.0
|
|
CWE-502 |
Medium
|
|
Liferay version older than 7.1
|
|
CWE-918 |
Medium
|
|
Liferay XMLRPC Blind SSRF
|
|
CWE-918 |
High
|
|
Magento remote code execution
|
CVE-2015-1397 CVE-2015-1398 CVE-2015-1399 |
CWE-94 |
High
|
|
MediaWiki remote code execution
|
CVE-2014-1610 |
CWE-20 |
High
|
|
MoinMoin CVE-2012-6081 multiple arbitrary code execution vulnerabilities
|
CVE-2012-6081 |
CWE-434 |
High
|
|
MongoDB injection
|
|
CWE-16 |
High
|
|
MovableType remote code execution
|
CVE-2015-1592 |
CWE-94 |
High
|
|
Moveable Type 4.x unauthenticated remote command execution
|
CVE-2013-0209 |
CWE-287 |
High
|
|
Multiple critical vulnerabilities in Apache Struts2
|
CVE-2012-0393 |
CWE-264 |
High
|
|
Multiple vulnerabilities reported in Parallels Plesk Sitebuilder
|
|
CWE-94 |
High
|
|
Nginx PHP code execution via FastCGI
|
|
CWE-16 |
High
|
|
OpenX 2.8.10 backdoor
|
CVE-2013-4211 |
CWE-95 |
High
|
|
OpenX arbitrary file upload
|
CVE-2009-4140 |
CWE-434 |
High
|
|
Oracle Reports rwservlet vulnerabilities
|
CVE-2012-3152 CVE-2012-3153 |
CWE-20 |
High
|
|
Oracle Weblogic WLS-WSAT Component Deserialization RCE
|
CVE-2017-3506 CVE-2017-10271 |
CWE-94 |
High
|
|
PHP 4.3.0 file disclosure and possible code execution
|
CVE-2003-0097 |
CWE-20 |
Medium
|
|
PHP 5.3.9 remote code execution
|
CVE-2012-0830 |
CWE-399 |
High
|
|
PHP code injection
|
|
CWE-94 |
High
|
|
PHP code injection (pmwiki)
|
|
CWE-94 |
High
|
|
PHP eval() used on user input
|
|
CWE-95 |
Informational
|
|
phpMoAdmin remote code execution
|
|
CWE-95 |
High
|
|
phpMyAdmin v3.5.2.2 backdoor
|
CVE-2012-5159 |
CWE-95 |
High
|
|
phpThumb() fltr[] parameter command injection vulnerability
|
CVE-2010-1598 |
CWE-20 |
High
|
|
PHPUnit Remote Code Execution
|
CVE-2017-9841 |
CWE-94 |
High
|
|
Plone arbitrary code execution
|
CVE-2011-3587 |
CWE-78 |
High
|
|
Rails remote code execution using render :inline
|
CVE-2016-2098 |
CWE-94 |
High
|
|
RCE with Spring Data Commons
|
CVE-2018-1273 |
CWE-94 |
High
|
|
Ruby on Rails directory traversal vulnerability
|
CVE-2014-0130 |
CWE-22 |
High
|
|
Ruby on Rails weak/known secret token
|
CVE-2013-0156 |
CWE-200 |
High
|
|
Ruby on Rails XML processor YAML deserialization code execution
|
CVE-2013-0156 |
CWE-20 |
High
|
|
Security update: Hotfix available for ColdFusion
|
CVE-2013-0625 CVE-2013-0629 CVE-2013-0631 CVE-2013-0632 |
CWE-255 |
High
|
|
Server-side JavaScript injection
|
|
CWE-20 |
High
|
|
Server-side template injection
|
|
CWE-20 |
High
|
|
Spring Boot Whitelabel Error Page SpEL
|
|
CWE-94 |
High
|
|
Spring Data REST RCE via PATCH requests
|
CVE-2017-8046 |
CWE-94 |
High
|
|
Struts 2 development mode
|
|
CWE-16 |
High
|
|
Struts2/Xwork remote command execution
|
CVE-2010-1870 |
CWE-264 |
High
|
|
Struts2/XWork remote command execution (S2-014)
|
CVE-2013-1966 CVE-2013-2115 |
CWE-94 |
High
|
|
timthumb.php remote code execution
|
CVE-2011-4106 |
CWE-20 |
High
|
|
TimThumb WebShot remote code execution
|
|
CWE-94 |
High
|
|
TinyMCE ajax_create_folder remote code execution vulnerability
|
|
CWE-94 |
High
|
|
Umbraco CMS remote code execution
|
|
CWE-94 |
High
|
|
Umbraco CMS TemplateService remote code execution
|
CVE-2013-4793 |
CWE-94 |
High
|
|
UnrealIRCd 3.2.8.1 backdoor
|
CVE-2010-2075 |
CWE-20 |
High
|
|
vBSEO 3.6.0 PHP code injection
|
CVE-2012-5223 |
CWE-94 |
High
|
|
vBulletin 5 CONNECT remote code execution
|
|
CWE-94 |
High
|
|
vBulletin PHP object injection vulnerability
|
|
CWE-915 |
High
|
|
WooFramework shortcode exploit
|
|
CWE-95 |
High
|
|
WordPress 'wp-admin/options.php' Remote Code Execution Vulnerability (0.6.2 - 2.3.2)
|
CVE-2008-5695 |
CWE-20 |
High
|
|
WordPress 2.0.2 Username Remote PHP Code Injection Vulnerability (0.6.2 - 2.0.2)
|
CVE-2006-2667 CVE-2006-2702 |
CWE-94 |
High
|
|
WordPress 2.1.1 Command Execution Backdoor Vulnerability (2.1.1 - 2.1.1)
|
CVE-2007-1277 |
CWE-94 |
High
|
|
WordPress 2.6.2 Remote Code Execution Vulnerability (0.70 - 2.6.2)
|
CVE-2008-4796 |
CWE-94 |
High
|
|
WordPress caching plugins PHP code execution
|
CVE-2013-2010 |
CWE-95 |
High
|
|
WordPress Cookie Data PHP Code Injection Vulnerability (1.5 - 1.5.1.3)
|
CVE-2005-2612 |
CWE-94 |
High
|
|
WordPress OptimizePress unrestricted file upload
|
CVE-2013-7102 |
CWE-20 |
High
|
|
WordPress PHP Object Injection
|
CVE-2013-4338 |
CWE-94 |
High
|
|
WordPress Plugin Advanced Access Manager Arbitrary Code Execution (2.8.2)
|
CVE-2014-6059 |
CWE-95 |
High
|
|
WordPress Plugin Ajax Search Lite Remote Command Execution (3.1)
|
|
CWE-95 |
High
|
|
WordPress Plugin All-in-One WP Migration Remote Code Execution (2.0.2)
|
CVE-2014-8794 |
CWE-94 |
High
|
|
WordPress Plugin Analytics Remote Code Execution (1.7)
|
|
CWE-94 |
High
|
|
WordPress Plugin BackWPup Remote and Local Code Execution (1.6.1)
|
CVE-2011-4342 CVE-2011-5208 |
CWE-22 CWE-94 |
High
|
|
WordPress Plugin Best Seo Remote Code Execution (1.5)
|
|
CWE-94 |
High
|
|
WordPress Plugin BJ Lazy Load Remote Code Execution (0.7.5)
|
|
CWE-94 |
High
|
|
WordPress Plugin CM Download Manager Code Injection (2.0.3)
|
CVE-2014-8877 |
CWE-95 |
High
|
|
WordPress Plugin Coming Soon Possible Remote Code Execution (1.1.3)
|
CVE-2016-10033 CVE-2016-10045 |
CWE-94 |
High
|
|
WordPress Plugin Cool Video Gallery Command Injection (1.9)
|
CVE-2015-7527 |
CWE-94 |
High
|
|
WordPress Plugin Custom Content Type Manager Remote Code Execution (0.9.8.5)
|
CVE-2015-3173 |
CWE-94 |
High
|
|
WordPress Plugin Duplicator-WordPress Migration Remote Code Execution (1.2.40)
|
|
CWE-94 |
High
|
|
WordPress Plugin eShop Code Injection (6.3.11)
|
CVE-2015-3421 |
CWE-94 |
High
|
|
WordPress Plugin EWWW Image Optimizer Remote Code Execution (2.8.3)
|
|
CWE-94 |
High
|
|
WordPress Plugin EZPZ One Click Backup Remote Code Execution (12.03.10)
|
CVE-2014-3114 |
CWE-78 |
High
|
|
WordPress Plugin Fast Secure Contact Form Remote Code Execution (4.0.44)
|
CVE-2016-10033 CVE-2016-10045 |
CWE-94 |
High
|
|
WordPress Plugin File Gallery Remote Code Execution (1.7.9)
|
CVE-2014-2558 |
CWE-94 |
High
|
|
WordPress Plugin Flamingo Code Injection (1.1)
|
|
CWE-95 |
High
|
|
WordPress Plugin Formidable Forms-Form Builder for WordPress Remote Code Execution (2.05.01)
|
|
CWE-94 |
High
|
|
WordPress Plugin Form Manager Remote Command Execution (1.7.2)
|
CVE-2015-7806 |
CWE-94 |
High
|
|
WordPress Plugin Gantry 4 Framework Remote Command Execution (4.1.3)
|
|
CWE-95 |
High
|
|
WordPress Plugin Global Content Blocks PHP Code Execution and Information Disclosure Vulnerabilities (1.5.1)
|
|
CWE-95 CWE-200 |
High
|
|
WordPress Plugin Google Map Remote Code Execution (1.0)
|
|
CWE-94 |
High
|
|
WordPress Plugin Insert PHP PHP Code Injection (1.3)
|
|
CWE-95 |
High
|
|
WordPress Plugin is_human() 'type' Parameter Remote Command Injection (1.4.2)
|
|
CWE-95 |
High
|
|
WordPress Plugin iThemes Exchange:Simple WP Ecommerce Remote Code Execution (1.14.0)
|
|
CWE-94 |
High
|
|
WordPress Plugin Lightbox Jquery Possible Remote Code Execution (0.24)
|
|
CWE-94 |
High
|
|
WordPress Plugin Maintenance Mode Under Construction Page Landing Page Possible Remote Code Execution (1.0.9)
|
CVE-2016-10033 CVE-2016-10045 |
CWE-94 |
High
|
|
WordPress Plugin Newsletter Subscription Form Possible Remote Code Execution (1.1.2)
|
CVE-2016-10033 CVE-2016-10045 |
CWE-94 |
High
|
|
WordPress Plugin NextGEN Gallery-WordPress Gallery Remote Code Execution (2.1.59)
|
|
CWE-94 |
High
|
|
WordPress Plugin open-flash-chart-core Remote Code Execution (0.4)
|
CVE-2009-4140 |
CWE-434 |
High
|
|
WordPress Plugin PHP Speedy 'admin_container.php' Remote PHP Code Execution (0.5.2)
|
|
CWE-94 |
High
|
|
WordPress Plugin Plainview Activity Monitor Remote Command Execution (20161228)
|
CVE-2018-15877 |
CWE-94 |
High
|
|
WordPress Plugin Robo Gallery-Photo Gallery and Images Gallery Remote Code Execution (2.0.14)
|
|
CWE-94 |
High
|
|
WordPress Plugin Share Possible Remote Code Execution (1.0)
|
|
CWE-94 |
High
|
|
WordPress Plugin Shortcodes Ultimate Remote Code Execution (5.0.0)
|
|
CWE-94 |
High
|
|
WordPress Plugin Social Media Tab Remote Code Execution (1.0.9)
|
|
CWE-94 |
High
|
|
WordPress Plugin Statistics Remote Code Execution (1.8)
|
|
CWE-94 |
High
|
|
WordPress Plugin Subscribe Form Remote Command Execution (1.1)
|
|
CWE-94 |
High
|
|
WordPress Plugin UnGallery 'search' Parameter Remote Arbitrary Command Execution (2.1.5)
|
|
CWE-95 |
High
|
|
WordPress Plugin VaultPress Man-in-The-Middle (MiTM) Remote Code Execution (1.8.6)
|
|
CWE-94 |
High
|
|
WordPress Plugin VaultPress Remote Code Execution (1.9.0)
|
|
CWE-94 |
High
|
|
WordPress Plugin Video Embed & Thumbnail Generator 'kg_callffmpeg.php' Multiple Remote Code Execution Vulnerabilities (1.1)
|
CVE-2012-1785 |
CWE-20 |
High
|
|
WordPress Plugin W3 Total Cache PHP Code Injection (0.9.2.8)
|
CVE-2013-2010 |
CWE-95 |
High
|
|
WordPress Plugin WordPress Download Manager Remote Code Execution (2.7.4)
|
|
CWE-94 |
High
|
|
WordPress Plugin WordPress Landing Pages Remote Code Execution (1.9.0)
|
CVE-2015-5227 |
CWE-94 |
High
|
|
WordPress Plugin WP-Filebase Download Manager Remote Code Execution (0.3.0.03)
|
|
CWE-94 |
High
|
|
WordPress Plugin WP-Syntax Remote PHP Code Execution (0.9.9)
|
CVE-2009-2852 |
CWE-20 |
High
|
|
WordPress Plugin WP Live Chat Support Remote Code Execution (7.0.01)
|
CVE-2016-10033 CVE-2016-10045 |
CWE-94 |
High
|
|
WordPress Plugin WP Maintenance Mode Remote Code Execution (2.0.6)
|
|
CWE-94 |
High
|
|
WordPress Plugin WP Super Cache PHP Code Injection (1.2)
|
CVE-2013-2009 CVE-2013-2011 |
CWE-95 |
High
|
|
WordPress Plugin wSecure Lite Remote Code Execution (2.3)
|
|
CWE-94 |
High
|
|
WordPress Plugin Zingiri Web Shop 'ajax_save_name.php' Remote Code Execution (2.2.3)
|
|
CWE-95 |
High
|