Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Code Execution

This page lists 409 vulnerabilities in this category.

Critical: 69 High: 329 Medium: 10 Low: 1
Vulnerability Name
CVE
CWE
Severity
TinyMCE ajax_create_folder remote code execution vulnerability
-
CWE-94
High
ColdFusion 8 FCKEditor file upload vulnerability
CVE-2009-2265
CWE-22
High
WordPress caching plugins PHP code execution
CVE-2013-2010
CWE-95
High
Ruby on Rails weak/known secret token
CVE-2013-0156
CWE-200
High
CodeIgniter weak encryption key
-
CWE-200
High
vBSEO 3.6.0 PHP code injection
CVE-2012-5223
CWE-94
High
vBulletin 5 CONNECT remote code execution
-
CWE-94
High
Microsoft IIS 6.0 WebDAV Buffer Overflow
CVE-2017-7269
CWE-287
High
phpMyAdmin v3.5.2.2 backdoor
CVE-2012-5159
CWE-95
High
phpMoAdmin remote code execution
-
CWE-95
High
OpenX 2.8.10 backdoor
CVE-2013-4211
CWE-95
High
MoinMoin CVE-2012-6081 multiple arbitrary code execution vulnerabilities
CVE-2012-6081
CWE-434
High
Invision Power Board version 3.3.4 unserialize PHP code execution
CVE-2012-5692
CWE-20
High
Horde/IMP Plesk webmail exploit
-
CWE-20
High
Gallery 3.0.4 remote code execution
-
CWE-20
High
Elasticsearch remote code execution
CVE-2014-3120
CWE-78
High
Nginx PHP code execution via FastCGI
-
CWE-94
High
Apache Struts2 Remote Command Execution (S2-048)
CVE-2017-9791
CWE-94
High
Ektron CMS multiple vulnerabilities
-
CWE-434
High
Liferay TunnelServlet Deserialization Remote Code Execution
-
CWE-502
High
IBM WebSphere RCE Java Deserialization Vulnerability
CVE-2015-7450
CWE-502
High
Fortinet FortiNAC RCE via arbitrary file upload
CVE-2022-39952
CWE-73
High
Data Binding Expression Vulnerability in Spring Web Flow
CVE-2017-4971
CWE-78
High
Spring Data REST RCE via PATCH requests
CVE-2017-8046
CWE-94
High
Remote Code Execution (RCE) in Spring Security OAuth
CVE-2016-4977
CWE-94
High
Spring Boot Whitelabel Error Page SpEL
-
CWE-94
High
Arbitrary EL Evaluation in RichFaces
CVE-2015-0279
CWE-917
High
Liferay version older than 7.0
-
CWE-502
High
Jboss Application Server HTTPServerILServlet.java remote code execution
CVE-2017-7504
CWE-502
High
Apache Struts2 Remote Command Execution (S2-052)
CVE-2017-9805
CWE-94
High
JBoss InvokerTransformer Remote Code Execution
CVE-2015-7501
CWE-502
High
Drupal Remote Code Execution (SA-CORE-2018-004)
CVE-2018-7602
CWE-94
High
Drupal Remote Code Execution (SA-CORE-2018-002)
CVE-2018-7600
CWE-94
High
ColdFusion JNDI injection RCE
CVE-2018-15957
CWE-502
High
ColdFusion AMF Deserialization RCE
CVE-2017-3066
CWE-502
High
Flex BlazeDS AMF Deserialization RCE
CVE-2017-5641
CWE-502
High
Apache Shiro Deserialization RCE
CVE-2016-4437
CWE-78
High
Tiki Wiki CMS: Arbitrary Code Execution
-
-
High
Tiki Wiki CMS: Remote Code Execution via Calendar Module
-
-
High
Ektron CMS unauthenticated code execution and Local File Read
CVE-2012-5358
CWE-20
High
Drupal 7 arbitrary PHP code execution and information disclosure
CVE-2012-4554
CWE-434
High
Remote code execution vulnerability in WordPress Duplicator
-
CWE-98
High
Oracle Sun GlassFish/Java System Application Server Remote Authentication Bypass Vulnerability
CVE-2011-0807
CWE-287
High
Joomla! JomSocial remote code execution
-
CWE-94
High
Joomla! JCE arbitrary file upload
-
CWE-20
High
Joomla! remote code execution vulnerability
CVE-2015-8562
CWE-94
High
Java Debug Wire Protocol remote code execution
-
CWE-94
High
HipChat for JIRA plugin - Velocity template injection
CVE-2015-5603
CWE-94
High
JBoss Seam framework remote code execution
CVE-2010-1871
CWE-94
High
ImageMagick remote code execution
CVE-2016-3714
CWE-78
High
Horde remote code execution
CVE-2014-1691
CWE-94
High
Flask debug mode
-
CWE-489
High
Magento remote code execution
CVE-2015-1399
CWE-94
High
EktronCMS Saxon XSLT parser remote code execution
CVE-2015-0931
CWE-78
High
Security update: Hotfix available for ColdFusion
CVE-2013-0632
CWE-287
High
CakePHP 1.3.5 / 1.2.8 unserialize() vulnerability
CVE-2010-4335
CWE-20
High
AjaxControlToolkit directory traversal
CVE-2015-4670
CWE-434
High
PHP code injection (pmwiki)
-
CWE-94
High
Lotus Notes formula injection
-
CWE-89
High
Code Execution via WebDav
-
CWE-434
High
Plone arbitrary code execution
CVE-2011-3587
CWE-78
High
HTTP.sys remote code execution vulnerability
CVE-2015-1635
CWE-119
High
MediaWiki remote code execution
CVE-2014-1610
CWE-20
High
WordPress OptimizePress unrestricted file upload
CVE-2013-7102
CWE-20
High
Apache Struts 2 ClassLoader manipulation and denial of service
CVE-2014-0114
CWE-701
High
WooFramework shortcode exploit
-
CWE-95
High
Umbraco CMS remote code execution
-
CWE-94
High
Umbraco CMS TemplateService remote code execution
CVE-2013-4793
CWE-94
High
TimThumb WebShot remote code execution
-
CWE-94
High
timthumb.php remote code execution
CVE-2011-4106
CWE-20
High
Struts 2 development mode
-
CWE-489
High
Struts2/XWork remote command execution (S2-014)
CVE-2013-2115
CWE-94
High
Multiple critical vulnerabilities in Apache Struts2
CVE-2012-0393
CWE-917
High
Apache Struts 2 ClassLoader manipulation and denial of service (S2-020)
CVE-2014-0050
CWE-701
High
MongoDB injection
-
CWE-943
High