SQL injection vulnerability in the "aWeb Cart Watching System for Virtuemart" extension before 2.6.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via vectors involving categor...

Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/google_analytics.php URL via a modified arg parameter in the POST data.

Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 index.php page via a modified Cookie header.

admin/plugin.php in Piwigo through 2.8.3 doesn't validate the sections variable while using it to include files. This can cause information disclosure and code execution if it contains a .. sequence.

An issue was discovered on SendQuick Entera and Avera devices before 2HF16. Multiple Command Injection vulnerabilities allow attackers to execute arbitrary system commands.

Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allow attackers...

include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution attack during a first-time installation because it fails to sanitize the ...

The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer before 5.4.5 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code vi...

Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allow attackers...

The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction bet...

Unrestricted file upload vulnerability in ui/artifact/upload in JFrog Artifactory before 4.16 allows remote attackers to (1) deploy an arbitrary servlet application and execute arbitrary code by uploa...

The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra...

The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (bac...

Haraka version 2.8.8 and earlier comes with a plugin for processing attachments for zip files. Versions 2.8.8 and earlier can be vulnerable to command injection.

Joomla extension DT Register version before 3.1.12 (Joomla 3.x) / 2.8.18 (Joomla 2.5) contains an SQL injection in "/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events". This attack appe...

Zotpress plugin for WordPress SQLi in zp_get_account()

Mailcwp remote file upload vulnerability incomplete fix v1.100

Unauthenticated SQL Injection in Huge-IT Catalog v1.0.7 for Joomla

Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6

Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla

XSS and SQLi in huge IT gallery v1.1.5 for Joomla

Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution

Pidgin version <2.11.0 contains a vulnerability in X.509 Certificates imports specifically due to improper check of return values from gnutls_x509_crt_init() and gnutls_x509_crt_import() that can resu...

Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented withi...