Vulnerabilities (CVE)

Filtered by CWE-94
Total 3185 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-49109 2024-02-20 N/A N/A
Exposure of Remote Code Execution in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.1. We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue.
CVE-2024-1297 2024-02-20 N/A 10.0 CRITICAL
Loomio version 2.22.0 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to OS Command Injection.
CVE-2023-51770 2024-02-20 N/A N/A
Arbitrary File Read Vulnerability in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.1. We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue.
CVE-2023-52381 2024-02-20 N/A N/A
Script injection vulnerability in the email module.Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.
CVE-2023-49314 2 Apple, Asana 2 Macos, Desktop 2024-02-16 N/A 7.8 HIGH
Asana Desktop 2.1.0 on macOS allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode and EnableNodeCliInspectArguments, and thus r3ggi/electroniz3r can be used to perform an attack.
CVE-2023-47257 1 Connectwise 2 Automate, Screenconnect 2024-02-15 N/A 8.1 HIGH
ConnectWise ScreenConnect through 23.8.4 allows man-in-the-middle attackers to achieve remote code execution via crafted messages.
CVE-2005-1527 3 Awstats, Canonical, Debian 3 Awstats, Ubuntu Linux, Debian Linux 2024-02-14 5.0 MEDIUM N/A
Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl code via the HTTP Referrer, which is used in a $url parameter that is inserted into an eval function call.
CVE-2002-1750 1 Cgiscript 1 Csguestbook 2024-02-14 7.5 HIGH N/A
csGuestbook.cgi in CGISCRIPT.NET csGuestbook 1.0 allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function.
CVE-2002-1752 1 Cgiscript 1 Cschat-r-box 2024-02-14 7.5 HIGH N/A
csChatRBox.cgi in CGIScript.net csChat-R-Box allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function.
CVE-2002-1753 1 Cgiscript 1 Csnews Professional 2024-02-14 7.5 HIGH N/A
csNewsPro.cgi in CGIScript.net csNews Professional (csNewsPro) allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function.
CVE-2005-2837 1 Plainblack 1 Webgui 2024-02-14 7.5 HIGH N/A
Multiple eval injection vulnerabilities in PlainBlack Software WebGUI before 6.7.3 allow remote attackers to execute arbitrary Perl code via (1) Help.pm, (2) International.pm, or (3) WebGUI.pm.
CVE-2005-3302 2 Blender, Debian 2 Blender, Debian Linux 2024-02-14 7.5 HIGH N/A
Eval injection vulnerability in bvh_import.py in Blender 2.36 allows attackers to execute arbitrary Python code via a hierarchy element in a .bvh file, which is supplied to an eval function call.
CVE-2005-2498 2 Debian, Gggeek 2 Debian Linux, Phpxmlrpc 2024-02-14 7.5 HIGH N/A
Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote attackers to execute arbitrary PHP code via certain nested XML tags in a PHP document that should not be nested, which are injected into an eval function call, a different vulnerability than CVE-2005-1921.
CVE-2005-1921 5 Debian, Drupal, Gggeek and 2 more 5 Debian Linux, Drupal, Phpxmlrpc and 2 more 2024-02-14 7.5 HIGH N/A
Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.
CVE-2011-5021 1 Phpids 1 Phpids 2024-02-14 7.5 HIGH N/A
PHPIDS before 0.7 does not properly implement Regular Expression Denial of Service (ReDoS) filters, which allows remote attackers to bypass rulesets and add PHP sequences to a file via unspecified vectors.
CVE-2006-1688 1 Squery 1 Squery 2024-02-14 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in SQuery 4.5 and earlier, as used in products such as Autonomous LAN party (ALP), allow remote attackers to execute arbitrary PHP code via a URL in the libpath parameter to scripts in the lib directory including (1) ase.php, (2) devi.php, (3) doom3.php, (4) et.php, (5) flashpoint.php, (6) gameSpy.php, (7) gameSpy2.php, (8) gore.php, (9) gsvari.php, (10) halo.php, (11) hlife.php, (12) hlife2.php, (13) igi2.php, (14) main.lib.php, (15) netpanzer.php, (16) old_hlife.php, (17) pkill.php, (18) q2a.php, (19) q3a.php, (20) qworld.php, (21) rene.php, (22) rvbshld.php, (23) savage.php, (24) simracer.php, (25) sof1.php, (26) sof2.php, (27) unreal.php, (28) ut2004.php, and (29) vietcong.php. NOTE: the lib/armygame.php vector is already covered by CVE-2006-1610. The provenance of most of these additional vectors is unknown, although likely from post-disclosure analysis. NOTE: this only occurs when register_globals is disabled.
CVE-2011-4342 2 Backwpup, Wordpress 2 Backwpup, Wordpress 2024-02-14 7.5 HIGH N/A
PHP remote file inclusion vulnerability in wp_xml_export.php in the BackWPup plugin before 1.7.2 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the wpabs parameter.
CVE-2007-4009 1 Parallels 1 Confixx 2024-02-14 9.3 HIGH N/A
PHP remote file inclusion vulnerability in admin/business_inc/saveserver.php in SWSoft Confixx Pro 2.0.12 through 3.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the thisdir parameter.
CVE-2021-25877 1 Youphptube 1 Youphptube 2024-02-14 9.0 HIGH 7.2 HIGH
AVideo/YouPHPTube 10.0 and prior is affected by Insecure file write. An administrator privileged user is able to write files on filesystem using flag and code variables in file save.php.
CVE-2006-5043 2 Joomla, Joomlaboard 2 Joomla\!, Joomlaboard 2024-02-14 6.8 MEDIUM N/A
Multiple PHP remote file inclusion vulnerabilities in the Joomlaboard Forum Component (com_joomlaboard) before 1.1.2 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the sbp parameter to (1) file_upload.php or (2) image_upload.php, a variant of CVE-2006-3528.