Platform
Solutions
Pricing
Why Invicti
Resources Library
Get a demo
Home
/
Web Application Vulnerabilities
/ Code Execution
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
Code Execution
This page lists
401 vulnerabilities
in this category.
Critical: 62
High: 328
Medium: 10
Low: 1
Vulnerability Name
CVE
CWE
Severity
Microsoft IIS 6.0 WebDAV Buffer Overflow
CVE-2017-7269
CWE-287
High
phpMyAdmin v3.5.2.2 backdoor
CVE-2012-5159
CWE-95
High
phpMoAdmin remote code execution
-
CWE-95
High
OpenX 2.8.10 backdoor
CVE-2013-4211
CWE-95
High
MoinMoin CVE-2012-6081 multiple arbitrary code execution vulnerabilities
CVE-2012-6081
CWE-434
High
Invision Power Board version 3.3.4 unserialize PHP code execution
CVE-2012-5692
CWE-20
High
Horde/IMP Plesk webmail exploit
-
CWE-20
High
Gallery 3.0.4 remote code execution
-
CWE-20
High
Elasticsearch remote code execution
CVE-2014-3120
CWE-78
High
Nginx PHP code execution via FastCGI
-
CWE-94
High
Apache Struts2 Remote Command Execution (S2-048)
CVE-2017-9791
CWE-94
High
Ektron CMS multiple vulnerabilities
-
CWE-434
High
Liferay TunnelServlet Deserialization Remote Code Execution
-
CWE-502
High
IBM WebSphere RCE Java Deserialization Vulnerability
CVE-2015-7450
CWE-502
High
Fortinet FortiNAC RCE via arbitrary file upload
CVE-2022-39952
CWE-610
High
Data Binding Expression Vulnerability in Spring Web Flow
CVE-2017-4971
CWE-78
High
Spring Data REST RCE via PATCH requests
CVE-2017-8046
CWE-94
High
Remote Code Execution (RCE) in Spring Security OAuth
CVE-2016-4977
CWE-94
High
Spring Boot Whitelabel Error Page SpEL
-
CWE-94
High
Arbitrary EL Evaluation in RichFaces
CVE-2015-0279
CWE-917
High
Liferay version older than 7.0
-
CWE-502
High
Jboss Application Server HTTPServerILServlet.java remote code execution
CVE-2017-7504
CWE-502
High
Apache Struts2 Remote Command Execution (S2-052)
CVE-2017-9805
CWE-94
High
JBoss InvokerTransformer Remote Code Execution
CVE-2015-7501
CWE-502
High
Drupal Remote Code Execution (SA-CORE-2018-004)
CVE-2018-7602
CWE-94
High
Drupal Remote Code Execution (SA-CORE-2018-002)
CVE-2018-7600
CWE-94
High
ColdFusion JNDI injection RCE
CVE-2018-15957
CWE-502
High
ColdFusion AMF Deserialization RCE
CVE-2017-3066
CWE-502
High
Flex BlazeDS AMF Deserialization RCE
CVE-2017-5641
CWE-502
High
Apache Shiro Deserialization RCE
CVE-2016-4437
CWE-78
High
Tiki Wiki CMS: Arbitrary Code Execution
-
-
High
Tiki Wiki CMS: Remote Code Execution via Calendar Module
-
-
High
Ektron CMS unauthenticated code execution and Local File Read
CVE-2012-5358
CWE-20
High
Drupal 7 arbitrary PHP code execution and information disclosure
CVE-2012-4554
CWE-264
High
Remote code execution vulnerability in WordPress Duplicator
-
CWE-98
High
Oracle Sun GlassFish/Java System Application Server Remote Authentication Bypass Vulnerability
CVE-2011-0807
CWE-287
High
Joomla! JomSocial remote code execution
-
CWE-94
High
Joomla! JCE arbitrary file upload
-
CWE-20
High
Joomla! remote code execution vulnerability
CVE-2015-8562
CWE-94
High
Java Debug Wire Protocol remote code execution
-
CWE-94
High
HipChat for JIRA plugin - Velocity template injection
CVE-2015-5603
CWE-94
High
JBoss Seam framework remote code execution
CVE-2010-1871
CWE-94
High
ImageMagick remote code execution
CVE-2016-3714
CWE-78
High
Horde remote code execution
CVE-2014-1691
CWE-94
High
Flask debug mode
-
CWE-489
High
Magento remote code execution
CVE-2015-1399
CWE-94
High
EktronCMS Saxon XSLT parser remote code execution
CVE-2015-0931
CWE-78
High
Security update: Hotfix available for ColdFusion
CVE-2013-0632
CWE-255
High
CakePHP 1.3.5 / 1.2.8 unserialize() vulnerability
CVE-2010-4335
CWE-20
High
AjaxControlToolkit directory traversal
CVE-2015-4670
CWE-434
High
PHP code injection (pmwiki)
-
CWE-94
High
Lotus Notes formula injection
-
CWE-89
High
Code Execution via WebDav
-
CWE-434
High
Plone arbitrary code execution
CVE-2011-3587
CWE-78
High
HTTP.sys remote code execution vulnerability
CVE-2015-1635
CWE-119
High
MediaWiki remote code execution
CVE-2014-1610
CWE-20
High
WordPress OptimizePress unrestricted file upload
CVE-2013-7102
CWE-20
High
Apache Struts 2 ClassLoader manipulation and denial of service
CVE-2014-0114
CWE-701
High
WooFramework shortcode exploit
-
CWE-95
High
Umbraco CMS remote code execution
-
CWE-94
High
Umbraco CMS TemplateService remote code execution
CVE-2013-4793
CWE-94
High
TimThumb WebShot remote code execution
-
CWE-94
High
timthumb.php remote code execution
CVE-2011-4106
CWE-20
High
Struts 2 development mode
-
CWE-489
High
Struts2/XWork remote command execution (S2-014)
CVE-2013-2115
CWE-94
High
Multiple critical vulnerabilities in Apache Struts2
CVE-2012-0393
CWE-264
High
Apache Struts 2 ClassLoader manipulation and denial of service (S2-020)
CVE-2014-0050
CWE-701
High
MongoDB injection
-
CWE-943
High
Ruby on Rails directory traversal vulnerability
CVE-2014-0130
CWE-22
High
Rails remote code execution using render :inline
CVE-2016-2098
CWE-94
High
PrimeFaces 5.x Expression Language injection
CVE-2017-1000486
-
High
Multiple vulnerabilities reported in Parallels Plesk Sitebuilder
-
CWE-94
High
PHP-CGI remote code execution
CVE-2012-2311
CWE-20
High
Oracle Reports rwservlet vulnerabilities
CVE-2012-3153
CWE-20
High
Server-side JavaScript injection
-
CWE-20
High
«
1
...
3
4
5
6
»
