Code Execution - Vulnerabilities

Vulnerability Name	CVE	CWE	Severity
AjaxControlToolkit directory traversal	CVE-2015-4670	CWE-434	High
Apache 2.2.14 mod_isapi Dangling Pointer	CVE-2010-0425	CWE-20	High
Apache 2.x version older than 2.2.3	CVE-2006-3747	CWE-189	Medium
Apache Log4j socket receiver deserialization vulnerability	CVE-2017-5645	CWE-502	High
Apache Shiro Deserialization RCE		CWE-78	High
Apache Struts 2 ClassLoader manipulation and denial of service	CVE-2014-0112	CWE-701	High
Apache Struts 2 ClassLoader manipulation and denial of service (S2-020)	CVE-2014-0094	CWE-701	High
Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution	CVE-2013-2251	CWE-20	High
Apache Struts2 remote code execution vulnerability	CVE-2016-0785	CWE-78	High
Apache Struts2 remote command execution (S2-045)	CVE-2017-5638	CWE-94	High
Apache Struts2 Remote Command Execution (S2-048)	CVE-2017-9791	CWE-94	High
Apache Struts2 Remote Command Execution (S2-052)	CVE-2017-9805	CWE-94	High
Apache Struts2 Remote Command Execution (S2-053)	CVE-2017-12611	CWE-94	High
Apache Struts Remote Code Execution (S2-057)	CVE-2018-11776	CWE-917	High
Apache Tomcat Remote Code Execution Vulnerability	CVE-2017-12615	CWE-94	High
Apache Win32 batch file remote command execution vulnerability	CVE-2002-0061	CWE-20	High
Arbitrary EL Evaluation in RichFaces		CWE-917	High
ASP code injection		CWE-95	High
Bash code injection vulnerability	CVE-2014-6271	CWE-78	High
CakePHP 1.3.5 / 1.2.8 unserialize() vulnerability	CVE-2010-4335	CWE-20	High
Check for apache versions up to 1.3.25, 2.0.38	CVE-2002-0392	CWE-119	High
Code execution		CWE-94	High
CodeIgniter weak encryption key		CWE-200	High
ColdFusion AMF Deserialization RCE	CVE-2017-3066	CWE-502	High
ColdFusion JNDI injection RCE	CVE-2018-15957	CWE-502	High
Data Binding Expression Vulnerability in Spring Web Flow	CVE-2017-4971	CWE-78	High
Drupal 7 arbitrary PHP code execution and information disclosure	CVE-2012-4553 CVE-2012-4554	CWE-264	High
Drupal Core 4.6.x Arbitrary Code Execution (4.6.0 - 4.6.6)	CVE-2006-2743	CWE-95	High
Drupal Core 4.6.x Arbitrary Code Execution (4.6.0 - 4.6.7)	CVE-2006-2831	CWE-95	High
Drupal Core 4.7.x Arbitrary Code Execution (4.7.0 - 4.7.0)	CVE-2006-2743	CWE-95	High
Drupal Core 4.7.x Arbitrary Code Execution (4.7.0 - 4.7.5)	CVE-2007-0626	CWE-95	High
Drupal Core 5.x Arbitrary Code Execution (5.0 - 5.0)	CVE-2007-0626	CWE-95	High
Drupal Core 5.x Arbitrary Code Execution (5.0 - 5.2)	CVE-2007-5593	CWE-95	High
Drupal Core 6.x Remote Code Execution (6.0 - 6.38)	CVE-2018-7600	CWE-94	High
Drupal Core 7.x Remote Code Execution (7.0 - 7.57)	CVE-2018-7600	CWE-94	High
Drupal Core 7.x Remote Code Execution (7.0 - 7.58)	CVE-2018-7602	CWE-94	High
Drupal Core 8.4.x Remote Code Execution (8.4.0 - 8.4.5)	CVE-2018-7600	CWE-94	High
Drupal Core 8.4.x Remote Code Execution (8.4.0 - 8.4.7)	CVE-2018-7602	CWE-94	High
Drupal Core 8.5.0 Remote Code Execution (8.5.0 - 8.5.0)	CVE-2018-7600	CWE-94	High
Drupal Core 8.5.x Remote Code Execution (8.5.0 - 8.5.2)	CVE-2018-7602	CWE-94	High
Drupal Core 8.5.x Remote Code Execution (8.5.0 - 8.5.10)	CVE-2019-6340	CWE-94	High
Drupal Core 8.6.x Remote Code Execution (8.6.0 - 8.6.9)	CVE-2019-6340	CWE-94	High
Drupal Core 8.x.x Remote Code Execution (8.0.0 - 8.3.8)	CVE-2018-7600	CWE-94	High
Drupal Core 8.x.x Remote Code Execution (8.0.0 - 8.4.8)	CVE-2019-6340	CWE-94	High
Drupal Remote Code Execution (SA-CORE-2018-002)	CVE-2018-7600	CWE-94	High
Drupal Remote Code Execution (SA-CORE-2018-004)	CVE-2018-7602	CWE-94	High
Drupal REST Remote Code Execution	CVE-2019-6340	CWE-78	High
EktronCMS Saxon XSLT parser remote code execution	CVE-2015-0931	CWE-78	High
Ektron CMS unauthenticated code execution and Local File Read	CVE-2012-5357 CVE-2012-5358	CWE-20	High
Elasticsearch remote code execution	CVE-2014-3120	CWE-78	High
Exim Illegal IPv6 Address and SPA Authentication Buffer Overflow	CVE-2005-0021	CWE-119	High
FastCGI Unauthorized Access Vulnerability		CWE-78	High
Flask debug mode		CWE-16	High
Flex BlazeDS AMF Deserialization RCE	CVE-2017-5641	CWE-502	High
Gallery 3.0.4 remote code execution		CWE-20	High
GhostScript RCE (Remote Code Execution)	CVE-2016-3714	CWE-78	High
GoAhead web server remote code execution	CVE-2017-17562	CWE-94	High
HipChat for JIRA plugin - Velocity template injection	CVE-2015-5603	CWE-94	High
Horde/IMP Plesk webmail exploit		CWE-20	High
Horde remote code execution	CVE-2014-1691	CWE-94	High
HTTP.sys remote code execution vulnerability	CVE-2015-1635	CWE-119	High
IBM WebSphere RCE Java Deserialization Vulnerability	CVE-2015-7450	CWE-502	High
ImageMagick remote code execution	CVE-2016-3714	CWE-78	High
Invision Power Board version 3.3.4 unserialize PHP code execution	CVE-2012-5692	CWE-20	High
Jboss Application Server HTTPServerILServlet.java remote code execution	CVE-2017-7504	CWE-502	High
JBoss InvokerTransformer Remote Code Execution	CVE-2015-7501	CWE-502	High
JBoss Seam framework remote code execution	CVE-2010-1871	CWE-94	High
Joomla! Core 3.x.x Remote Code Execution (3.7.0 - 3.8.7)	CVE-2018-11321	CWE-94	High
Joomla! Core Remote Code Execution (1.5.0 - 3.4.5)	CVE-2015-8562	CWE-94	High
Joomla! JCE arbitrary file upload		CWE-20	High
Joomla! JomSocial remote code execution		CWE-94	High
Joomla! remote code execution vulnerability	CVE-2015-8562	CWE-94	High
Liferay TunnelServlet Deserialization Remote Code Execution		CWE-502	High
Liferay version older than 7.0		CWE-502	Medium
Liferay version older than 7.1		CWE-918	Medium
Liferay XMLRPC Blind SSRF		CWE-918	High
Magento remote code execution	CVE-2015-1397 CVE-2015-1398 CVE-2015-1399	CWE-94	High
MediaWiki remote code execution	CVE-2014-1610	CWE-20	High
MoinMoin CVE-2012-6081 multiple arbitrary code execution vulnerabilities	CVE-2012-6081	CWE-434	High
MongoDB injection		CWE-16	High
MovableType remote code execution	CVE-2015-1592	CWE-94	High
Moveable Type 4.x unauthenticated remote command execution	CVE-2013-0209	CWE-287	High
Multiple critical vulnerabilities in Apache Struts2	CVE-2012-0393	CWE-264	High
Multiple vulnerabilities reported in Parallels Plesk Sitebuilder		CWE-94	High
Nginx PHP code execution via FastCGI		CWE-16	High
OpenX 2.8.10 backdoor	CVE-2013-4211	CWE-95	High
OpenX arbitrary file upload	CVE-2009-4140	CWE-434	High
Oracle Reports rwservlet vulnerabilities	CVE-2012-3152 CVE-2012-3153	CWE-20	High
Oracle WebLogic Remote Code Execution via T3	CVE-2018-3245	CWE-502	High
Oracle Weblogic WLS-WSAT Component Deserialization RCE	CVE-2017-3506 CVE-2017-10271	CWE-94	High
PHP 4.3.0 file disclosure and possible code execution	CVE-2003-0097	CWE-20	Medium
PHP 5.3.9 remote code execution	CVE-2012-0830	CWE-399	High
PHP code injection		CWE-94	High
PHP code injection (pmwiki)		CWE-94	High
PHP eval() used on user input		CWE-95	Informational
phpMoAdmin remote code execution		CWE-95	High
phpMyAdmin v3.5.2.2 backdoor	CVE-2012-5159	CWE-95	High
phpThumb() fltr[] parameter command injection vulnerability	CVE-2010-1598	CWE-20	High
PHPUnit Remote Code Execution	CVE-2017-9841	CWE-94	High
Plone arbitrary code execution	CVE-2011-3587	CWE-78	High
Rails remote code execution using render :inline	CVE-2016-2098	CWE-94	High
RCE with Spring Data Commons	CVE-2018-1273	CWE-94	High
Remote Code Execution (RCE) in Spring Security OAuth	CVE-2016-4977	CWE-94	High
Remote code execution vulnerability in WordPress Duplicator		CWE-98	High
Ruby on Rails directory traversal vulnerability	CVE-2014-0130	CWE-22	High
Ruby on Rails weak/known secret token	CVE-2013-0156	CWE-200	High
Ruby on Rails XML processor YAML deserialization code execution	CVE-2013-0156	CWE-20	High
Security update: Hotfix available for ColdFusion	CVE-2013-0625 CVE-2013-0629 CVE-2013-0631 CVE-2013-0632	CWE-255	High
Server-side JavaScript injection		CWE-20	High
Server-side template injection		CWE-20	High
Spring Boot Whitelabel Error Page SpEL		CWE-94	High
Spring Data REST RCE via PATCH requests	CVE-2017-8046	CWE-94	High
Struts 2 development mode		CWE-16	High
Struts2/Xwork remote command execution	CVE-2010-1870	CWE-264	High
Struts2/XWork remote command execution (S2-014)	CVE-2013-1966 CVE-2013-2115	CWE-94	High
ThinkPHP v5.0.22/5.1.29 Remote Code Execution Vulnerability		CWE-94	High
timthumb.php remote code execution	CVE-2011-4106	CWE-20	High
TimThumb WebShot remote code execution		CWE-94	High
TinyMCE ajax_create_folder remote code execution vulnerability		CWE-94	High
Umbraco CMS remote code execution		CWE-94	High
Umbraco CMS TemplateService remote code execution	CVE-2013-4793	CWE-94	High
UnrealIRCd 3.2.8.1 backdoor	CVE-2010-2075	CWE-20	High
uWSGI Unauthorized Access Vulnerability		CWE-78	High
vBSEO 3.6.0 PHP code injection	CVE-2012-5223	CWE-94	High
vBulletin 5 CONNECT remote code execution		CWE-94	High
vBulletin PHP object injection vulnerability		CWE-915	High
WooFramework shortcode exploit		CWE-95	High
WordPress 'wp-admin/options.php' Remote Code Execution Vulnerability (0.6.2 - 2.3.2)	CVE-2008-5695	CWE-20	High
WordPress 2.0.2 Username Remote PHP Code Injection Vulnerability (0.6.2 - 2.0.2)	CVE-2006-2667 CVE-2006-2702	CWE-94	High
WordPress 2.1.1 Command Execution Backdoor Vulnerability (2.1.1 - 2.1.1)	CVE-2007-1277	CWE-94	High
WordPress 2.6.2 Remote Code Execution Vulnerability (0.70 - 2.6.2)	CVE-2008-4796	CWE-94	High
WordPress caching plugins PHP code execution	CVE-2013-2010	CWE-95	High
WordPress Cookie Data PHP Code Injection Vulnerability (1.5 - 1.5.1.3)	CVE-2005-2612	CWE-94	High
WordPress OptimizePress unrestricted file upload	CVE-2013-7102	CWE-20	High
WordPress PHP Object Injection	CVE-2013-4338	CWE-94	High
WordPress Plugin Advanced Access Manager Arbitrary Code Execution (2.8.2)	CVE-2014-6059	CWE-95	High
WordPress Plugin Ajax Search Lite Remote Command Execution (3.1)		CWE-95	High
WordPress Plugin All-in-One WP Migration Remote Code Execution (2.0.2)	CVE-2014-8794	CWE-94	High
WordPress Plugin Analytics Remote Code Execution (1.7)		CWE-94	High
WordPress Plugin Arigato Autoresponder and Newsletter Remote Code Execution (2.5.1.9)	CVE-2018-18461	CWE-94	High
WordPress Plugin BackWPup Remote and Local Code Execution (1.6.1)	CVE-2011-4342 CVE-2011-5208	CWE-22 CWE-94	High
WordPress Plugin Best Seo Remote Code Execution (1.5)		CWE-94	High
WordPress Plugin BJ Lazy Load Remote Code Execution (0.7.5)		CWE-94	High
WordPress Plugin CM Download Manager Code Injection (2.0.3)	CVE-2014-8877	CWE-95	High
WordPress Plugin Coming Soon Possible Remote Code Execution (1.1.3)	CVE-2016-10033 CVE-2016-10045	CWE-94	High
WordPress Plugin Cool Video Gallery Command Injection (1.9)	CVE-2015-7527	CWE-94	High
WordPress Plugin Custom Content Type Manager Remote Code Execution (0.9.8.5)	CVE-2015-3173	CWE-94	High
WordPress Plugin Duplicator-WordPress Migration Remote Code Execution (1.2.40)		CWE-94	High
WordPress Plugin eShop Code Injection (6.3.11)	CVE-2015-3421	CWE-94	High
WordPress Plugin EWWW Image Optimizer Remote Code Execution (2.8.3)		CWE-94	High
WordPress Plugin EZPZ One Click Backup Remote Code Execution (12.03.10)	CVE-2014-3114	CWE-78	High
WordPress Plugin Fast Secure Contact Form Remote Code Execution (4.0.44)	CVE-2016-10033 CVE-2016-10045	CWE-94	High
WordPress Plugin Feedify Remote Code Execution (2.0.0)		CWE-94	High
WordPress Plugin File Gallery Remote Code Execution (1.7.9)	CVE-2014-2558	CWE-94	High
WordPress Plugin File Manager Remote Code Execution (4.1)		CWE-94	High
WordPress Plugin Flamingo Code Injection (1.1)		CWE-95	High
WordPress Plugin Formidable Forms-Form Builder for WordPress Remote Code Execution (2.05.01)		CWE-94	High
WordPress Plugin Form Manager Remote Command Execution (1.7.2)	CVE-2015-7806	CWE-94	High
WordPress Plugin Gantry 4 Framework Remote Command Execution (4.1.3)		CWE-95	High
WordPress Plugin Global Content Blocks PHP Code Execution and Information Disclosure Vulnerabilities (1.5.1)		CWE-95 CWE-200	High
WordPress Plugin Google Map Remote Code Execution (1.0)		CWE-94	High
WordPress Plugin Insert PHP PHP Code Injection (1.3)		CWE-95	High
WordPress Plugin is_human() 'type' Parameter Remote Command Injection (1.4.2)		CWE-95	High
WordPress Plugin iThemes Exchange:Simple WP Ecommerce Remote Code Execution (1.14.0)		CWE-94	High
WordPress Plugin Lightbox Jquery Possible Remote Code Execution (0.24)		CWE-94	High
WordPress Plugin MailPress Remote Code Execution (7.0.2)		CWE-94	High
WordPress Plugin Maintenance Mode Under Construction Page Landing Page Possible Remote Code Execution (1.0.9)	CVE-2016-10033 CVE-2016-10045	CWE-94	High
WordPress Plugin Newsletter Subscription Form Possible Remote Code Execution (1.1.2)	CVE-2016-10033 CVE-2016-10045	CWE-94	High
WordPress Plugin NextGEN Gallery-WordPress Gallery Remote Code Execution (2.1.59)		CWE-94	High
WordPress Plugin open-flash-chart-core Remote Code Execution (0.4)	CVE-2009-4140	CWE-434	High
WordPress Plugin PHP Speedy 'admin_container.php' Remote PHP Code Execution (0.5.2)		CWE-94	High
WordPress Plugin Plainview Activity Monitor Remote Command Execution (20161228)	CVE-2018-15877	CWE-94	High
WordPress Plugin PropertyHive Remote Code Execution (1.4.25)		CWE-94	High
WordPress Plugin Robo Gallery-Photo Gallery and Images Gallery Remote Code Execution (2.0.14)		CWE-94	High
WordPress Plugin Share Possible Remote Code Execution (1.0)		CWE-94	High
WordPress Plugin Shortcodes Ultimate Remote Code Execution (5.0.0)		CWE-94	High
WordPress Plugin Social Media Tab Remote Code Execution (1.0.9)		CWE-94	High
WordPress Plugin Statistics Remote Code Execution (1.8)		CWE-94	High
WordPress Plugin Subscribe Form Remote Command Execution (1.1)		CWE-94	High
WordPress Plugin Ultimate Member-User Profile & Membership Remote Code Execution (2.0.32)		CWE-94	High
WordPress Plugin UnGallery 'search' Parameter Remote Arbitrary Command Execution (2.1.5)		CWE-95	High
WordPress Plugin VaultPress Man-in-The-Middle (MiTM) Remote Code Execution (1.8.6)		CWE-94	High
WordPress Plugin VaultPress Remote Code Execution (1.9.0)		CWE-94	High
WordPress Plugin Video Embed & Thumbnail Generator 'kg_callffmpeg.php' Multiple Remote Code Execution Vulnerabilities (1.1)	CVE-2012-1785	CWE-20	High
WordPress Plugin W3 Total Cache PHP Code Injection (0.9.2.8)	CVE-2013-2010	CWE-95	High
WordPress Plugin WooCommerce Possible Remote Code Execution (3.4.5)		CWE-94	High
WordPress Plugin WooCommerce Possible Remote Code Execution (3.5.0)		CWE-94	High
WordPress Plugin WordPress Download Manager Remote Code Execution (2.7.4)		CWE-94	High
WordPress Plugin WordPress Landing Pages Remote Code Execution (1.9.0)	CVE-2015-5227	CWE-94	High
WordPress Plugin WP-Filebase Download Manager Remote Code Execution (0.3.0.03)		CWE-94	High
WordPress Plugin WP-Stateless-Google Cloud Storage Remote Code Execution (2.2.0)		CWE-94	High
WordPress Plugin WP-Syntax Remote PHP Code Execution (0.9.9)	CVE-2009-2852	CWE-20	High
WordPress Plugin WP Live Chat Support Remote Code Execution (7.0.01)	CVE-2016-10033 CVE-2016-10045	CWE-94	High
WordPress Plugin WP Maintenance Mode Remote Code Execution (2.0.6)	CVE-2018-20156	CWE-94	High
WordPress Plugin WP Super Cache PHP Code Injection (1.2)	CVE-2013-2009 CVE-2013-2011	CWE-95	High
WordPress Plugin wSecure Lite Remote Code Execution (2.3)		CWE-94	High
WordPress Plugin Yoast SEO Possible Remote Code Execution (9.1.0)	CVE-2018-19370	CWE-94	High
WordPress Plugin Zingiri Web Shop 'ajax_save_name.php' Remote Code Execution (2.2.3)		CWE-95	High

AjaxControlToolkit directory traversal

CVE-2015-4670

CWE-434

High

Apache 2.2.14 mod_isapi Dangling Pointer

CVE-2010-0425

CWE-20

High

Apache 2.x version older than 2.2.3

CVE-2006-3747

CWE-189

Medium