Vulnerabilities (CVE)

Filtered by CWE-94
Total 3072 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-46818 1 Ispconfig 1 Ispconfig 2023-12-08 N/A 7.2 HIGH
An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if admin_allow_langedit is enabled.
CVE-2023-5762 1 Filr Project 1 Filr 2023-12-08 N/A 8.8 HIGH
The Filr WordPress plugin before 1.2.3.6 is vulnerable from an RCE (Remote Code Execution) vulnerability, which allows the operating system to execute commands and fully compromise the server on behalf of a user with Author-level privileges.
CVE-2023-45849 1 Perforce 1 Helix Core 2023-12-08 N/A 9.8 CRITICAL
An arbitrary code execution which results in privilege escalation was discovered in Helix Core versions prior to 2023.2. Reported by Jason Geffner.
CVE-2010-0807 1 Microsoft 6 Internet Explorer, Windows 2003 Server, Windows Server 2003 and 3 more 2023-12-07 9.3 HIGH N/A
Microsoft Internet Explorer 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, leading to memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."
CVE-2009-1547 1 Microsoft 7 Internet Explorer, Windows 2000, Windows 7 and 4 more 2023-12-07 9.3 HIGH N/A
Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream header that triggers memory corruption, aka "Data Stream Header Corruption Vulnerability."
CVE-2010-0239 1 Microsoft 2 Windows Server 2008, Windows Vista 2023-12-07 10.0 HIGH N/A
The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Router Advertisement packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Router Advertisement Vulnerability."
CVE-2008-4835 1 Microsoft 5 Windows 2000, Windows Server 2003, Windows Server 2008 and 2 more 2023-12-07 10.0 HIGH N/A
SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans2 request, related to "insufficiently validating the buffer size," aka "SMB Validation Remote Code Execution Vulnerability."
CVE-2010-1260 1 Microsoft 6 Internet Explorer, Windows 2003 Server, Windows 7 and 3 more 2023-12-07 9.3 HIGH N/A
The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, and SP3 allows user-assisted remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability."
CVE-2013-1347 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2023-12-07 9.3 HIGH N/A
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013.
CVE-2010-3228 1 Microsoft 6 .net Framework, Windows 7, Windows Server 2003 and 3 more 2023-12-07 9.3 HIGH N/A
The JIT compiler in Microsoft .NET Framework 4.0 on 64-bit platforms does not properly perform optimizations, which allows remote attackers to execute arbitrary code via a crafted .NET application that triggers memory corruption, aka ".NET Framework x64 JIT Compiler Vulnerability."
CVE-2008-1084 1 Microsoft 5 Windows 2000, Windows 2003 Server, Windows Server 2008 and 2 more 2023-12-07 7.2 HIGH N/A
Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows local users to execute arbitrary code via unknown vectors related to improper input validation. NOTE: it was later reported that one affected function is NtUserFnOUTSTRING in win32k.sys.
CVE-2009-1925 1 Microsoft 4 Windows 2000, Windows Server 2003, Windows Server 2008 and 1 more 2023-12-07 10.0 HIGH N/A
The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly manage state information, which allows remote attackers to execute arbitrary code by sending packets to a listening service, and thereby triggering misinterpretation of an unspecified field as a function pointer, aka "TCP/IP Timestamps Code Execution Vulnerability."
CVE-2013-0077 1 Microsoft 4 Windows Server 2003, Windows Server 2008, Windows Vista and 1 more 2023-12-07 9.3 HIGH N/A
Quartz.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via crafted media content in (1) a media file, (2) a media stream, or (3) a Microsoft Office document, aka "Media Decompression Vulnerability."
CVE-2009-2529 1 Microsoft 7 Internet Explorer, Windows 2000, Windows 7 and 4 more 2023-12-07 9.3 HIGH N/A
Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not properly handle argument validation for unspecified variables, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "HTML Component Handling Vulnerability."
CVE-2012-1880 1 Microsoft 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more 2023-12-07 9.3 HIGH N/A
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "insertRow Remote Code Execution Vulnerability."
CVE-2012-1874 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2023-12-07 9.3 HIGH N/A
Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows user-assisted remote attackers to execute arbitrary code by accessing a deleted object, aka "Developer Toolbar Remote Code Execution Vulnerability."
CVE-2009-2498 1 Microsoft 8 Media Foundation Sdk, Windows 2000, Windows Media Format Runtime and 5 more 2023-12-07 9.3 HIGH N/A
Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and Windows Media Services 9.1 and 2008 do not properly parse malformed headers in Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted (1) .asf, (2) .wmv, or (3) .wma file, aka "Windows Media Header Parsing Invalid Free Vulnerability."
CVE-2011-0036 1 Microsoft 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more 2023-12-07 9.3 HIGH N/A
Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, related to a "dangling pointer," aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2010-2556 and CVE-2011-0035.
CVE-2013-3129 1 Microsoft 14 .net Framework, Lync, Lync Basic and 11 more 2023-12-07 9.3 HIGH N/A
Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5; Silverlight 5 before 5.1.20513.0; win32k.sys in the kernel-mode drivers, and GDI+, DirectWrite, and Journal, in Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT; GDI+ in Office 2003 SP3, 2007 SP3, and 2010 SP1; GDI+ in Visual Studio .NET 2003 SP1; and GDI+ in Lync 2010, 2010 Attendee, 2013, and Basic 2013 allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability."
CVE-2012-1523 1 Microsoft 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more 2023-12-07 9.3 HIGH N/A
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Center Element Remote Code Execution Vulnerability."