CVE Catalog

A remote code execution vulnerability exists in ThinkPHP versions prior to 3.2.4, including version 5.0.23. This vulnerability is also present in Open Source BMS version 1.1.1. The issue arises from a PHP injection vulnerability that allows attackers to execute arbitrary commands on the server via a crafted HTTP request. Exploitation involves invoking a PHP function that executes system commands, which can lead to unauthorized command execution on the server.

A remote code execution vulnerability exists in Drupal Core versions 8.5.x prior to 8.5.11 and 8.6.x prior to 8.6.10. Certain field types fail to adequately sanitize data from non-form sources, which can lead to arbitrary PHP code execution. This vulnerability is triggered when the Drupal 8 core RESTful Web Services module is enabled and allows PATCH or POST requests, or when another web services module, such as JSON:API in Drupal 8 or Services or RESTful Web Services in Drupal 7, is active.

A remote code execution vulnerability exists in ThinkPHP versions through 5.0.23, specifically within the NoneCms application version 1.3. The issue arises from improper handling of the filter parameter, which can be exploited by sending a crafted query string. This vulnerability allows attackers to execute arbitrary PHP code on the server.

A vulnerability exists in the RichFaces Framework versions 3.0 through 3.3.4, allowing for Expression Language (EL) injection via the UserResource resource. This issue enables remote, unauthenticated attackers to execute arbitrary code by exploiting a chain of Java serialized objects through org.ajax4jsf.resource.UserResource$UriData.

A remote code execution vulnerability exists in Apache Struts versions 2.3 prior to 2.3.35 and 2.5 prior to 2.5.17. The issue arises when the 'alwaysSelectFullNamespace' option is enabled, either by the user or a plugin such as the Convention Plugin. Under these conditions, if results are processed without a specified namespace and the upper package lacks a namespace or uses a wildcard, the vulnerability can be exploited. This also applies when the 'url' tag is used without a value or action, while its upper package has no or a wildcard namespace.

A remote code execution vulnerability exists in Laravel Framework versions through 5.5.40 and 5.6.x prior to 5.6.30. The issue arises from an insecure unserialize operation on the X-XSRF-TOKEN cookie, which can be manipulated if the attacker knows the application encryption key. Exploitation involves crafting a token that, when unserialized, executes arbitrary code on the server.

A remote code execution vulnerability has been identified in Drupal Core versions 7.0 prior to 7.59, 8.0.0 prior to 8.4.8, and 8.5.0 prior to 8.5.3. This vulnerability exists within multiple subsystems of Drupal and allows attackers to exploit various attack vectors, potentially compromising the affected site. The vulnerability is actively being exploited in the wild.

A vulnerability exists in the web interface of Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software. This vulnerability allows an unauthenticated, remote attacker to cause the device to reload unexpectedly, leading to a denial-of-service (DoS) condition. On certain software releases, the device may not reload, but the attacker could exploit directory traversal techniques to access sensitive system information without authentication. The vulnerability arises from improper input validation of HTTP URLs, allowing exploitation via crafted HTTP requests. This issue affects both IPv4 and IPv6 HTTP traffic.

A remote code execution vulnerability has been identified in Drupal core versions prior to 7.58, 8.0.x prior to 8.3.9, 8.4.x prior to 8.4.6, and 8.5.x prior to 8.5.1. This vulnerability allows remote attackers to execute arbitrary code, potentially leading to a complete compromise of the affected Drupal site. The issue arises from insufficient input sanitation in the Form API, which enables attackers to inject malicious payloads that are executed without authentication.

A vulnerability exists in Cisco Secure Access Control System (ACS) versions prior to 5.8 patch 9, allowing an unauthenticated, remote attacker to execute arbitrary commands with root privileges on the affected device. This vulnerability arises from insecure deserialization of user-supplied content, which can be exploited by sending a crafted serialized Java object.

A remote code execution vulnerability exists in JBoss Application Server versions included with Red Hat Enterprise Application Platform 5.2. The issue arises because the 'doFilter' method in the 'ReadOnlyAccessFilter' of the HTTP Invoker does not properly restrict which classes can be deserialized. This flaw allows attackers to execute arbitrary code by sending crafted serialized data. The vulnerability is known to be exploited in ransomware campaigns.

A remote code execution vulnerability has been identified in Apache Tomcat versions 9.0.0.M1 prior to 9.0.0, 8.5.0 prior to 8.5.23, 8.0.0.RC1 prior to 8.0.47, and 7.0.0 prior to 7.0.82. When HTTP PUT requests were enabled, it was possible to upload a JSP file to the server through a specially crafted request. The uploaded JSP file could then be accessed, and any code it contained would be executed by the server.

A remote code execution vulnerability has been identified in Apache Tomcat versions 7.0.0 to 7.0.79, running on Windows. When HTTP PUT requests are enabled, it is possible to upload a JSP file to the server through a specially crafted request. The uploaded JSP file can then be accessed, and any code it contains will be executed by the server. This vulnerability arises from insufficient validation of file uploads, allowing malicious JSP files to be uploaded and executed.

A remote code execution vulnerability exists in the Apache Struts 2 REST Plugin, affecting versions 2.1.1 through 2.3.x prior to 2.3.34 and 2.5.x prior to 2.5.13. The vulnerability arises because the REST Plugin uses an XStreamHandler to deserialize XML payloads without any type filtering. This lack of validation can be exploited by an attacker to execute arbitrary code on the server.

A remote code execution vulnerability has been identified in Apache Struts versions 2.1.x and 2.3.x, specifically within the Struts 1 plugin. This vulnerability arises when a malicious field value is sent in a raw message to the ActionMessage, allowing for unauthorized execution of code.

A remote code execution vulnerability exists in PHPUnit versions prior to 4.8.28 and 5.x prior to 5.6.3. The issue arises in the 'eval-stdin.php' file, where the 'eval' function is used to execute PHP code from the HTTP POST request. This vulnerability can be exploited on servers with an exposed '/vendor' directory, allowing access to the vulnerable 'eval-stdin.php' script.

A remote code execution vulnerability exists in Apache Tomcat versions prior to 6.0.48, 7.x prior to 7.0.73, 8.x prior to 8.0.39, 8.5.x prior to 8.5.7, and 9.x prior to 9.0.0.M12. The vulnerability is triggered when the JmxRemoteLifecycleListener is used and an attacker can access the JMX ports. This issue arises because the listener was not updated to align with an Oracle patch that affected credential types, leaving certain Tomcat installations vulnerable to remote code execution.

A remote code execution vulnerability has been identified in Apache Struts 2 versions 2.3.x prior to 2.3.32 and 2.5.x prior to 2.5.10.1. The issue arises in the Jakarta Multipart parser, which improperly handles exceptions and error messages during file upload attempts. This flaw allows remote attackers to execute arbitrary commands by crafting the Content-Type, Content-Disposition, or Content-Length HTTP headers. The vulnerability was actively exploited in March 2017, using a Content-Type header that included a '#cmd=' string.

A remote code execution vulnerability exists in PHPMailer versions prior to 5.2.18. The issue arises in the 'isMail' transport when the 'Sender' property is crafted to include additional parameters that are passed to the mail command. This exploitation allows for arbitrary code execution on the server where the vulnerable PHPMailer version is used.

A remote code execution vulnerability exists in Apache Shiro versions prior to 1.2.5. When the 'remember me' feature is enabled but no cipher key is configured, remote attackers can exploit this vulnerability by sending a crafted request parameter. This exploitation can lead to arbitrary code execution or bypassing access restrictions.

A remote code execution vulnerability has been identified in the Fileserver web application of Apache ActiveMQ versions 5.0.0 prior to 5.14.0. This vulnerability allows remote attackers to upload and execute arbitrary files. The issue arises from improper input validation, enabling attackers to exploit the Fileserver's upload functionality by sending an HTTP PUT request followed by an HTTP MOVE request. The uploaded file, which can contain malicious code, is executed when the ActiveMQ service is restarted.

A vulnerability allowing unrestricted deserialization of authentication credentials has been identified in Oracle Java SE versions 6u113, 7u99, and 8u77, as well as in Java SE Embedded 8u77 and JRockit R28.3.9. This vulnerability could be exploited by remote, unauthenticated attackers who are able to connect to a JMX port, potentially leading to the execution of deserialization attacks.

A directory traversal vulnerability has been identified in the Action View component of Ruby on Rails. This issue is present in versions prior to 3.2.22.1, 4.0.x, 4.1.x prior to 4.1.14.1, 4.2.x prior to 4.2.5.1, and 5.x prior to 5.0.0.beta1.1. The vulnerability allows remote attackers to read arbitrary files by exploiting an application's unrestricted use of the render method, and by providing a .. (dot dot) in the pathname. The flaw arises from the Action View component's handling of template rendering, where untrusted input can be used to access files outside the application's view directory, potentially leading to remote code execution.

A vulnerability exists in several IBM products, including WebSphere Application Server, Cognos Controller, Watson Explorer, Watson Content Analytics, and Sterling B2B Integrator. This vulnerability arises from the deserialization of Java objects by the Apache Commons Collections library, specifically the InvokerTransformer class, which can lead to arbitrary code execution on the affected system.

A vulnerability in the Oracle Java SE Deployment component has been identified, allowing remote attackers to modify data. This issue affects multiple versions of Oracle Java SE, including 6u101, 7u85, and 8u60. The vulnerability arises from unspecified vectors related to the deployment component, which is responsible for managing the execution of Java applications in a web environment.

A deserialization vulnerability has been identified in the Libraries component of Oracle Java SE and Java SE Embedded. This vulnerability allows remote attackers to impact the confidentiality, integrity, and availability of the affected system. The issue arises in specific versions of Oracle Java SE (6u95, 7u80, and 8u45) and Java SE Embedded (7u75 and 8u33). The vulnerability can be exploited by an untrusted Java application or applet that bypasses Java sandbox restrictions.

A vulnerability in the XPC implementation of the Admin Framework in Apple OS X versions prior to 10.10.3 allows local users to bypass authentication and gain administrative privileges. This issue arises from inadequate entitlement checking in the XPC implementation, which can be exploited through unspecified vectors.

A heap-based buffer overflow vulnerability has been identified in the IOHIDFamily component of Apple iOS (prior to 8) and Apple TV (prior to 7). This vulnerability allows attackers to execute arbitrary code with system privileges by exploiting crafted key-mapping properties through an application.

A directory traversal vulnerability has been identified in Ruby on Rails versions prior to 3.2.18, 4.0.x prior to 4.0.5, and 4.1.x prior to 4.1.1. The vulnerability exists in the implicit-render implementation of Action Pack, specifically within the abstract controller base. When certain route globbing configurations are enabled, remote attackers can read arbitrary files by sending a crafted request that exploits this directory traversal flaw.

A cross-site scripting (XSS) vulnerability has been identified in the WebVPN login page of Cisco Adaptive Security Appliance (ASA) Software. This vulnerability allows remote attackers to inject arbitrary web scripts or HTML through an unspecified parameter.

A remote code execution vulnerability has been identified in Apache Struts versions 2.0.0 through 2.3.15. This vulnerability allows attackers to execute arbitrary OGNL expressions by sending crafted requests with specific prefixes, such as action:, redirect:, or redirectAction:. The issue arises from inadequate sanitization of user input, enabling the execution of malicious code on the server.

A vulnerability has been identified in the Java Runtime Environment (JRE) component of Oracle Java SE versions 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, as well as in OpenJDK 7. This vulnerability allows remote attackers to manipulate confidentiality, integrity, and availability by exploiting unknown vectors related to 2D image processing. Specifically, it involves incorrect verification of image channels, which can be leveraged to bypass the Java sandbox in certain scenarios.

A vulnerability allowing untrusted Java applications or applets to bypass sandbox restrictions has been identified in the Java Runtime Environment (JRE) component of Oracle Java SE. This issue is present in versions 7 Update 7 and earlier. The vulnerability arises because the default Java security properties configuration did not restrict access to certain packages, specifically com.sun.org.glassfish.external and com.sun.org.glassfish.gmbal. Exploitation of this vulnerability could lead to unauthorized actions or access within the Java application environment, potentially allowing for the execution of malicious code or the manipulation of application data.

A vulnerability in the Java Runtime Environment (JRE) component of Oracle Java SE 7 Update 6 and earlier versions allows remote attackers to execute arbitrary code. This is achieved by exploiting a crafted applet that bypasses SecurityManager restrictions. The vulnerability arises from the use of 'com.sun.beans.finder.ClassFinder' to access restricted classes from arbitrary packages, such as 'sun.awt.SunToolkit'. The exploit then uses reflection to access and modify private fields, effectively disabling the security manager and allowing unrestricted execution of Java code. This vulnerability was actively exploited in the wild in August 2012.

A vulnerability has been identified in the Java Runtime Environment (JRE) component of Oracle Java SE. This vulnerability affects versions 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier. The issue allows remote attackers to execute arbitrary code, potentially leading to unauthorized access and manipulation of data, as well as disruption of service. The vulnerability is related to the Hotspot component of the JRE.

A vulnerability in the Java Runtime Environment (JRE) component of Oracle Java SE has been identified, specifically in versions 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier. This vulnerability relates to the AtomicReferenceArray class, which does not properly verify that the array is of the expected Object[] type. As a result, remote attackers could exploit this flaw to cause a denial-of-service by crashing the Java Virtual Machine or to bypass Java's sandbox restrictions, which are designed to limit the capabilities of untrusted code.

A vulnerability exists in PHP versions prior to 5.3.12 and 5.4.x prior to 5.4.2, when PHP is run as a CGI script. The issue arises because the CGI executable improperly processes query strings that lack an equals sign, allowing remote attackers to inject command-line options that can be exploited to execute arbitrary code. This vulnerability is related to the 'd' command-line option and the way PHP's 'php_getopt' function handles query strings.

A remote code execution vulnerability has been identified in Apache Struts 2 versions prior to 2.2.3.1. The issue arises in the ExceptionDelegator component, where parameter values are incorrectly processed as OGNL expressions during exception handling related to data type mismatches. This flaw allows remote attackers to execute arbitrary Java code by crafting specific parameter values.

A vulnerability has been identified in the Java Runtime Environment (JRE) component of Oracle Java SE JDK and JRE 6 Update 27 and earlier, as well as JDK and JRE 7. This vulnerability allows remote, untrusted Java Web Start applications and applets to execute arbitrary code, potentially leading to unauthorized actions on behalf of the user.

A static code injection vulnerability has been identified in phpMyAdmin versions 2.11.x prior to 2.11.9.5 and 3.x prior to 3.1.3.1. This vulnerability allows remote attackers to inject arbitrary PHP code into a configuration file through the setup script, which can then be executed on the server.

A denial-of-service vulnerability has been identified in Apache Struts versions prior to 1.2.9, when used with BeanUtils 1.7. The issue arises in the ActionForm component, where remote attackers can exploit multipart/form-data encoded forms. By including a parameter that references the public getMultipartRequestHandler method, attackers may disrupt the application's normal operation, potentially causing it to crash or leading to unauthorized access to sensitive information.