Known Vulnerabilities Vulnerabilities

Vulnerability Name CVE CWE Severity
Apache Struts2 remote command execution (S2-045) CVE-2017-5638  CWE-94  High
Apache Struts2 Remote Command Execution (S2-048) CVE-2017-9791  CWE-94  High
Apache Struts2 Remote Command Execution (S2-052) CVE-2017-9805  CWE-94  High
Apache Struts2 Remote Command Execution (S2-053) CVE-2017-12611  CWE-94  High
Apache Tomcat examples directory vulnerabilities CWE-264  Medium
CakePHP 1.3.5 / 1.2.8 unserialize() vulnerability CVE-2010-4335  CWE-20  High
CKEditor 4.0.1 cross-site scripting vulnerability CWE-79  High
DotNetNuke multiple vulnerabilities CVE-2012-1030  CWE-79  High
Drupal 7 arbitrary PHP code execution and information disclosure CVE-2012-4553  CVE-2012-4554  CWE-264  High
Drupal Views module information disclosure vulnerability CWE-200  Medium
Ektron CMS400.NET ContentRatingGraph.aspx SQL injection CVE-2008-5122  CWE-89  High
Ektron CMS multiple vulnerabilities CWE-434  High
Ektron CMS unauthenticated code execution and Local File Read CVE-2012-5357  CVE-2012-5358  CWE-20  High
Gallery 3.0.4 remote code execution CWE-20  High
Horde/IMP Plesk webmail exploit CWE-20  High
IBM Lotus Domino web server Cross-Site Scripting vulnerabilities CVE-2012-3301  CVE-2012-3302  CWE-79  High
IBM Tivoli Access Manager directory traversal CVE-2010-4622  CVE-2011-0494  CWE-22  High
Invision Power Board version 3.3.4 unserialize PHP code execution CVE-2012-5692  CWE-20  High
Joomla! 1.6.0 SQL injection vulnerability CVE-2011-1151  CWE-89  High
Joomla! 1.7/2.5 SQL injection vulnerability CVE-2012-1116  CWE-89  High
jQuery cross site scripting CVE-2011-4969  CWE-79  High
Kayako Fusion v4.51.1891 - multiple web vulnerabilities CWE-79  High
Liferay JSON service API authentication vulnerability CWE-287  High
MediaWiki multiple remote vulnerabilities CVE-2012-4377  CVE-2012-4378  CWE-79  High
MoinMoin CVE-2012-6081 multiple arbitrary code execution vulnerabilities CVE-2012-6081  CWE-434  High
MongoDB injection CWE-16  High
Moveable Type 4.x unauthenticated remote command execution CVE-2013-0209  CWE-287  High
Multiple critical vulnerabilities in Apache Struts2 CVE-2012-0393  CWE-264  High
Nginx PHP code execution via FastCGI CWE-16  High
Nginx stack-based buffer overflow CVE-2013-2028  CWE-189  High
OpenX arbitrary file upload CVE-2009-4140  CWE-434  High
OpenX xajaxargs SQL injection vulnerability CWE-89  High
Oracle Sun GlassFish/Java System Application Server Remote Authentication Bypass Vulnerability CVE-2011-0807  CWE-287  High
Parallels Plesk SQL injection vulnerability CVE-2012-1557  CWE-89  High
PHP-CGI remote code execution CVE-2012-1823  CVE-2012-2311  CWE-20  High
PHP-Fusion 6.00.109 SQL injection CVE-2005-4005  CWE-89  High
phpThumb() fltr[] parameter command injection vulnerability CVE-2010-1598  CWE-20  High
Plupload cross-site scripting vulnerability CVE-2013-0237  CWE-79  High
Rails mass assignment CWE-915  High
Roundcube security updates 0.8.6 and 0.7.3 CVE-2013-1904  CWE-22  High
Ruby on Rails SQL injection CVE-2012-2695  CWE-89  High
Ruby on Rails XML processor YAML deserialization code execution CVE-2013-0156  CWE-20  High
Security update: Hotfix available for ColdFusion CVE-2013-0625  CVE-2013-0629  CVE-2013-0631  CVE-2013-0632  CWE-255  High
SQL Injection in Symphony CVE-2013-2559  CWE-89  High
Struts2/Xwork remote command execution CVE-2010-1870  CWE-264  High
Struts2/XWork remote command execution (S2-014) CVE-2013-1966  CVE-2013-2115  CWE-94  High
SWFUpload movieName cross site scripting vulnerability CVE-2012-3414  CWE-79  High
timthumb.php remote code execution CVE-2011-4106  CWE-20  High
TinyMCE ajax_create_folder remote code execution vulnerability CWE-94  High
Umbraco CMS remote code execution CWE-94  High
UnrealIRCd backdoor CVE-2010-2075  CWE-20  High
Uploadify arbitrary file upload CWE-434  High
vBSEO 3.6.0 PHP code injection CVE-2012-5223  CWE-94  High
vBulletin 4 (up to 4.1.2) search.php SQL injection CWE-89  High
VMware directory traversal and privilege escalation vulnerabilities CVE-2009-2267  CVE-2009-3733  CWE-22  High
WooFramework shortcode exploit CWE-95  High
WordPress 3.4.2 dashboard incoming links Cross-site Request Forgery CVE-2012-4448  CWE-352  Medium
WordPress caching plugins PHP code execution CVE-2013-2010  CWE-95  High
WordPress W3 Total Cache plugin predictable cache filenames CVE-2012-6077  CVE-2012-6078  CVE-2012-6079  CWE-200  High
Zend Framework local file disclosure via XXE injection CVE-2012-3363  CWE-611  High