CVE Tracker

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer.

Jenkins Matrix Project plugin contains a vulnerability which can allow users to escape the sandbox, opening opportunity to perform remote code execution.

The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance is accessible by anonymous users and can be abused to perform remote code execution.

Authenticated Command Injection in Citrix SD-WAN Appliance and NetScaler SD-WAN Appliance.

dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands

Kentico contains a failure to validate security headers. This deserialization can led to unauthenticated remote code execution.

A vulnerability in the web interface of the Cisco VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as root and gain full control of an affected system.

A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths.

Apache Kylin contains an OS command injection vulnerability which could permit an attacker to perform remote code execution.

Adobe Flash Player has an exploitable use-after-free vulnerability in the TextField class.

When running Apache Tomcat on Windows with HTTP PUTs enabled, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.

Multiple Zyxel network-attached storage (NAS) devices contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code.

Oracle BI Publisher, formerly XML Publisher, contains an unspecified vulnerability that allows for various unauthorized actions. Open-source reporting attributes this vulnerability to allowing for authentication bypass.

When running Apache Tomcat, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.

Microsoft Windows Print Spooler contains an unspecified vulnerability which can allow for privilege escalation.

The SMBv1 server in Microsoft Windows allows remote attackers to perform remote code execution.

A vulnerability has been identified in the management interface of Citrix NetScaler SD-WAN Enterprise and Standard Edition and Citrix CloudBridge Virtual WAN Edition that could result in an unauthenticated, remote attacker being able to execute arbitrary code as a root user. This vulnerability also affects XenMobile Server.

Multiple D-Link routers contain a command injection vulnerability which can allow attackers to achieve full system compromise.

Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file.

Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails allows remote attackers to read arbitrary files via a crafted request.