| CVE-2011-10013 | Cri | 0.73 | — | 0.64 | | Aug 13, 2025 | Traq versions 2.0 through 2.3 contain a remote code execution vulnerability in the admincp/common.php script. The flawed authorization logic fails to halt execution after a failed access check, allowing unauthenticated users to reach admin-only functionality. This can be exploited via plugins.php to inject and execute arbitrary PHP code. |
| CVE-2011-10011 | Cri | 0.73 | — | 0.58 | | Aug 13, 2025 | WeBid 1.0.2 contains a remote code injection vulnerability in the converter.php script, where unsanitized input in the to parameter of a POST request is written directly into includes/currencies.php. This allows unauthenticated attackers to inject arbitrary PHP code, resulting in persistent remote code execution when the modified script is accessed or included by the application. |
| CVE-2012-10044 | Cri | 0.73 | — | 0.65 | | Aug 8, 2025 | MobileCartly version 1.0 contains an arbitrary file creation vulnerability in the savepage.php script. The application fails to perform authentication or authorization checks before invoking file_put_contents() on attacker-controlled input. An unauthenticated attacker can exploit this flaw by sending crafted HTTP GET requests to savepage.php, specifying both the filename and content. This allows arbitrary file creation within the pages/ directory or any writable path on the server, allowing remote code execution. |
| CVE-2013-10070 | Cri | 0.73 | — | 0.63 | | Aug 5, 2025 | PHP-Charts v1.0 contains a PHP code execution vulnerability in wizard/url.php, where user-supplied GET parameter names are passed directly to eval() without sanitization. A remote attacker can exploit this flaw by crafting a request that injects arbitrary PHP code, resulting in command execution under the web server's context. The vulnerability allows unauthenticated attackers to execute system-level commands via base64-encoded payloads embedded in parameter names, leading to full compromise of the host system. |
| CVE-2014-125115 | Cri | 0.73 | — | 0.65 | | Jul 25, 2025 | An unauthenticated SQL injection vulnerability exists in Pandora FMS version 5.0 SP2 and earlier. The mobile/index.php endpoint fails to properly sanitize user input in the loginhash_data parameter, allowing attackers to extract administrator credentials or active session tokens via crafted requests. This occurs because input is directly concatenated into an SQL query without adequate validation, enabling SQL injection. After authentication is bypassed, a second vulnerability in the File Manager component permits arbitrary PHP file uploads. The file upload functionality does not enforce MIME-type or file extension restrictions, allowing authenticated users to upload web shells into a publicly accessible directory and achieve remote code execution. |
| CVE-2025-34112 | Cri | 0.73 | — | 0.69 | | Jul 15, 2025 | An authenticated multi-stage remote code execution vulnerability exists in Riverbed SteelCentral NetProfiler and NetExpress 10.8.7 virtual appliances. A SQL injection vulnerability in the '/api/common/1.0/login' endpoint can be exploited to create a new user account in the appliance database. This user can then trigger a command injection vulnerability in the '/index.php?page=licenses' endpoint to execute arbitrary commands. The attacker may escalate privileges to root by exploiting an insecure sudoers configuration that allows the 'mazu' user to execute arbitrary commands as root via SSH key extraction and command chaining. Successful exploitation allows full remote root access to the virtual appliance. |
| CVE-2025-34105 | Cri | 0.73 | — | 0.67 | | Jul 15, 2025 | A stack-based buffer overflow vulnerability exists in the built-in web interface of DiskBoss Enterprise versions 7.4.28, 7.5.12, and 8.2.14. The vulnerability arises from improper bounds checking on the path component of HTTP GET requests. By sending a specially crafted long URI, a remote unauthenticated attacker can trigger a buffer overflow, potentially leading to arbitrary code execution with SYSTEM privileges on vulnerable Windows hosts. |
| CVE-2025-34073 | Cri | 0.73 | — | 0.65 | | Jul 2, 2025 | An unauthenticated command injection vulnerability exists in stamparm/maltrail (Maltrail) versions <=0.54. A remote attacker can execute arbitrary operating system commands via the username parameter in a POST request to the /login endpoint. This occurs due to unsafe handling of user-supplied input passed to subprocess.check_output() in core/http.py, allowing injection of shell metacharacters. Exploitation does not require authentication and commands are executed with the privileges of the Maltrail process. |
| CVE-2025-27007 | Cri | 0.73 | 9.8 | 0.81 | | May 1, 2025 | Incorrect Privilege Assignment vulnerability in Brainstorm Force OttoKit suretriggers allows Privilege Escalation.This issue affects OttoKit: from n/a through <= 1.0.82. |
| CVE-2024-55556 | Cri | 0.73 | 9.8 | 0.85 | | Jan 7, 2025 | A vulnerability in Crater Invoice allows an unauthenticated attacker with knowledge of the APP_KEY to achieve remote command execution on the server by manipulating the laravel_session cookie, exploiting arbitrary deserialization through the encrypted session data. The exploitation vector of this vulnerability relies on an attacker obtaining Laravel's secret APP_KEY, which would allow them to decrypt and manipulate session cookies (laravel_session) containing serialized data. By altering this data and re-encrypting it with the APP_KEY, the attacker could trigger arbitrary deserialization on the server, potentially leading to remote command execution (RCE). The vulnerability is primarily exploited by accessing an exposed cookie and manipulating it using the secret key to gain malicious access to the server. |
| CVE-2024-39205 | Cri | 0.73 | 9.8 | 0.84 | | Oct 28, 2024 | An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via a crafted HTTP request. |
| CVE-2024-50477 | Cri | 0.73 | 9.8 | 0.82 | | Oct 28, 2024 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Stacks Stacks Mobile App Builder stacks-mobile-app-builder allows Authentication Bypass.This issue affects Stacks Mobile App Builder: from n/a through <= 5.2.3. |
| CVE-2014-5470 | Cri | 0.73 | 9.8 | 0.78 | | Jun 21, 2024 | Actual Analyzer through 2014-08-29 allows code execution via shell metacharacters because untrusted input is used for part of the input data passed to an eval operation. |
| CVE-2024-27199 | Hig | 0.73 | 7.3 | 0.91 | KEV | Mar 4, 2024 | In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible |
| CVE-2017-17932 | Cri | 0.73 | 9.8 | 0.77 | | Dec 28, 2017 | A buffer overflow vulnerability exists in MediaServer.exe in ALLPlayer ALLMediaServer 0.95 and earlier that could allow remote attackers to execute arbitrary code and/or cause denial of service on the victim machine/computer via a long string to TCP port 888. |
| CVE-2017-17105 | Cri | 0.73 | 9.8 | 0.85 | | Dec 19, 2017 | Zivif PR115-204-P-RS V2.3.4.2103 and V4.7.4.2121 (and possibly in-between versions) web cameras are vulnerable to unauthenticated, blind remote command injection via CGI scripts used as part of the web interface, as demonstrated by a cgi-bin/iptest.cgi?cmd=iptest.cgi&-time="1504225666237"&-url=$(reboot) request. |
| CVE-2017-17560 | Cri | 0.73 | 9.8 | 0.83 | | Dec 12, 2017 | An issue was discovered on Western Digital MyCloud PR4100 2.30.172 devices. The web administration component, /web/jquery/uploader/multi_uploadify.php, provides multipart upload functionality that is accessible without authentication and can be used to place a file anywhere on the device's file system. This allows an attacker the ability to upload a PHP shell onto the device and obtain arbitrary code execution as root. |
| CVE-2012-5357 | Cri | 0.73 | 9.8 | 0.83 | | Oct 30, 2017 | Ektron Content Management System (CMS) before 8.02 SP5 uses the XslCompiledTransform class with enablescript set to true, which allows remote attackers to execute arbitrary code with NETWORK SERVICE privileges via crafted XSL data. |
| CVE-2017-15222 | Cri | 0.73 | 9.8 | 0.82 | | Oct 24, 2017 | Buffer Overflow vulnerability in Ayukov NFTPD 2.0 and earlier allows remote attackers to execute arbitrary code. |
| CVE-2017-14980 | Cri | 0.73 | 9.8 | 0.75 | | Oct 10, 2017 | Buffer overflow in Sync Breeze Enterprise 10.0.28 allows remote attackers to have unspecified impact via a long username parameter to /login. |
| CVE-2015-8249 | Cri | 0.73 | 9.8 | 0.80 | | Sep 28, 2017 | The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and execute arbitrary files via the ConnectionId parameter. |
| CVE-2017-14143 | Cri | 0.73 | 9.8 | 0.77 | | Sep 19, 2017 | The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcoded cookie secret to validate cookie signatures, which allows remote attackers to bypass an intended protection mechanism and consequently conduct PHP object injection attacks and execute arbitrary PHP code via a crafted userzone cookie. |
| CVE-2017-8759 | Hig | 0.73 | 7.8 | 0.94 | KEV | Sep 13, 2017 | Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability." |
| CVE-2017-14147 | Cri | 0.73 | 9.8 | 0.73 | | Sep 7, 2017 | An issue was discovered on FiberHome User End Routers Bearing Model Number AN1020-25 which could allow an attacker to easily restore a router to its factory settings by simply browsing to the link http://[Default-Router-IP]/restoreinfo.cgi & execute it. Due to improper authentication on this page, the software accepts the request hence allowing attacker to reset the router to its default configurations which later could allow attacker to login to router by using default username/password. |
| CVE-2017-12943 | Cri | 0.73 | 9.8 | 0.82 | | Aug 18, 2017 | D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/__show_info.php?REQUIRE_FILE= absolute path traversal attack, as demonstrated by discovering the admin password. |
| CVE-2015-7871 | Cri | 0.73 | 9.8 | 0.80 | | Aug 7, 2017 | Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication. |
| CVE-2017-12478 | Cri | 0.73 | 9.8 | 0.82 | | Aug 7, 2017 | It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an issue in which one of its input parameters was not validated. A remote attacker could use this flaw to bypass authentication and execute arbitrary commands with root privilege on the target system. |
| CVE-2017-12477 | Cri | 0.73 | 9.8 | 0.76 | | Aug 7, 2017 | It was discovered that the bpserverd proprietary protocol in Unitrends Backup (UB) before 10.0.0, as invoked through xinetd, has an issue in which its authentication can be bypassed. A remote attacker could use this issue to execute arbitrary commands with root privilege on the target system. |
| CVE-2017-11394 | Cri | 0.73 | 9.8 | 0.81 | | Aug 3, 2017 | Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the T parameter within Proxy.php. Formerly ZDI-CAN-4544. |
| CVE-2017-9769 | Cri | 0.73 | 9.8 | 0.78 | | Aug 2, 2017 | A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse 2.20.15.1104 that is forwarded to ZwOpenProcess allowing a handle to be opened to an arbitrary process. |
| CVE-2017-11467 | Cri | 0.73 | 9.8 | 0.76 | | Jul 20, 2017 | OrientDB through 2.2.22 does not enforce privilege requirements during "where" or "fetchplan" or "order by" use, which allows remote attackers to execute arbitrary OS commands via a crafted request. |
| CVE-2017-8570 | Hig | 0.73 | 7.8 | 0.94 | KEV | Jul 11, 2017 | Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0243. |
| CVE-2017-9544 | Cri | 0.73 | 9.8 | 0.80 | | Jun 12, 2017 | There is a remote stack-based buffer overflow (SEH) in register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1. By sending an overly long username string to registresult.htm for registering the user, an attacker may be able to execute arbitrary code. |
| CVE-2015-4455 | Cri | 0.73 | 9.8 | 0.80 | | May 23, 2017 | Unrestricted file upload vulnerability in includes/upload.php in the Aviary Image Editor Add-on For Gravity Forms plugin 3.0 beta for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/gform_aviary. |
| CVE-2017-1092 | Cri | 0.73 | 9.8 | 0.82 | | May 22, 2017 | IBM Informix Open Admin Tool 11.5, 11.7, and 12.1 could allow an unauthorized user to execute arbitrary code as system admin on Windows servers. IBM X-Force ID: 120390. |
| CVE-2017-9101 | Cri | 0.73 | 9.8 | 0.80 | | May 21, 2017 | import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows remote code execution via vectors involving the User-Agent HTTP header and PHP code in the name of a file. |
| CVE-2017-5173 | Cri | 0.73 | 9.8 | 0.85 | | May 19, 2017 | An Improper Neutralization of Special Elements (in an OS command) issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An improper neutralization of special elements vulnerability has been identified. If special elements are not properly neutralized, an attacker can call multiple parameters that can allow access to the root level operating system which could allow remote code execution. |
| CVE-2017-6553 | Cri | 0.73 | 9.8 | 0.74 | | Apr 29, 2017 | Buffer Overflow in Quest One Identity Privilege Manager for Unix before 6.0.0.061 allows remote attackers to obtain full access to the policy server via an ACT_ALERT_EVENT request that causes memory corruption in the pmmasterd daemon. |
| CVE-2017-8291 | Hig | 0.73 | 7.8 | 0.93 | KEV | Apr 27, 2017 | Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017. |
| CVE-2017-5030 | Hig | 0.73 | 8.8 | 0.50 | KEV | Apr 24, 2017 | Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.2987.108 for Android allowed a remote attacker to execute arbitrary code via a crafted HTML page. |
| CVE-2016-1560 | Cri | 0.73 | 9.8 | 0.82 | | Apr 21, 2017 | ExaGrid appliances with firmware before 4.8 P26 have a default password of (1) inflection for the root shell account and (2) support for the support account in the web interface, which allows remote attackers to obtain administrative access via an SSH or HTTP session. |
| CVE-2016-2555 | Cri | 0.73 | 9.8 | 0.82 | | Apr 13, 2017 | SQL injection vulnerability in include/lib/mysql_connect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbitrary SQL commands via the searchFriends function to friends.inc.php. |
| CVE-2017-0210 | Hig | 0.73 | 8.8 | 0.43 | KEV | Apr 12, 2017 | An elevation of privilege vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain, aka "Internet Explorer Elevation of Privilege Vulnerability." |
| CVE-2017-6360 | Cri | 0.73 | 9.8 | 0.80 | | Mar 23, 2017 | QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and obtain sensitive information via unspecified vectors. |
| CVE-2017-6465 | Cri | 0.73 | 9.8 | 0.80 | | Mar 10, 2017 | Remote Code Execution was discovered in FTPShell Client 6.53. By default, the client sends a PWD command to the FTP server it is connecting to; however, it doesn't check the response's length, leading to a buffer overflow situation. |
| CVE-2017-6526 | Cri | 0.73 | 9.8 | 0.84 | | Mar 9, 2017 | An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to unauthenticated command execution through an improperly protected administrative web shell (cgi-bin/dna/sysAdmin.cgi POST requests). |
| CVE-2017-5941 | Cri | 0.73 | 9.8 | 0.78 | | Feb 9, 2017 | An issue was discovered in the node-serialize package 0.0.4 for Node.js. Untrusted data passed into the unserialize() function can be exploited to achieve arbitrary code execution by passing a JavaScript Object with an Immediately Invoked Function Expression (IIFE). |
| CVE-2016-10175 | Cri | 0.73 | 9.8 | 0.82 | | Jan 30, 2017 | The NETGEAR WNR2000v5 router leaks its serial number when performing a request to the /BRS_netgear_success.html URI. This serial number allows a user to obtain the administrator username and password, when used in combination with the CVE-2016-10176 vulnerability that allows resetting the answers to the password-recovery questions. |
| CVE-2016-10074 | Cri | 0.73 | 9.8 | 0.76 | | Dec 30, 2016 | The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer before 5.4.5 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address in the (1) From, (2) ReturnPath, or (3) Sender header. |
| CVE-2016-10034 | Cri | 0.73 | 9.8 | 0.82 | | Dec 30, 2016 | The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address. |
