Platform
Solutions
Pricing
Why Invicti
Resources Library
Get a demo
Home
/
Web Application Vulnerabilities
/ Code Execution
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
Code Execution
This page lists
401 vulnerabilities
in this category.
Critical: 62
High: 328
Medium: 10
Low: 1
Vulnerability Name
CVE
CWE
Severity
BigIP iRule Tcl code injection
-
CWE-78
High
Telerik Web UI Insecure Direct Object Reference
CVE-2017-11357
CWE-78
High
Unauthenticated Remote Code Execution via JSONWS in Liferay 6.1 (LPS-88051)
-
CWE-78
High
Grafana avatar SSRF
CVE-2020-13379
CWE-78
High
F5 BIG-IP Traffic Management User Interface (TMUI) RCE
CVE-2020-5902
CWE-78
High
Citrix ADC/Gateway Unauthenticated Remote Code Execution
CVE-2019-19781
CWE-22
High
Oracle WebLogic Remote Code Execution via IIOP
CVE-2020-2551
CWE-502
High
Oracle Business Intelligence AMF Deserialization RCE CVE-2020-2950
CVE-2020-2950
CWE-502
High
Telerik Web UI RadAsyncUpload Deserialization
CVE-2019-18935
CWE-78
High
Apache Unomi MVEL RCE (CVE-2020-13942)
CVE-2020-13942
CWE-20
High
Telerik Web UI Unrestricted File Upload (CVE-2017-11317)
CVE-2017-11317
CWE-78
High
Telerik Web UI Unrestricted File Upload (CVE-2014-2217)
CVE-2014-2217
CWE-78
High
Ruby on Rails DoubleTap RCE (CVE-2019-5420)
CVE-2019-5420
CWE-502
High
Apache OFBiz XMLRPC Deserialization RCE (CVE-2020-9496/CVE-2023-49070)
CVE-2023-49070
CWE-502
High
WordPress Plugin Product Table by WBW Remote Code Execution (2.0.1)
CVE-2024-6365
CWE-94
High
Apache Solr SSRF CVE-2017-3164
CVE-2017-3164
CWE-918
Medium
PHP curl_exec() url is controlled by user
CVE-2009-0037
CWE-352
Medium
Liferay XMLRPC Blind SSRF
-
CWE-918
Medium
PHP eval() used on user input
-
CWE-95
Medium
Liferay version older than 7.1
-
CWE-918
Medium
PHP preg_replace used on user input
-
CWE-20
Medium
Hashicorp Consul API is accessible without authentication
-
CWE-200
Medium
Python object deserialization of user-supplied data
-
CWE-20
Medium
PHP unserialize() used on user input
-
CWE-20
Medium
PHP object deserialization of user-supplied data
-
CWE-20
Medium
Symfony ESI (Edge-Side Includes) enabled
-
CWE-16
Low
«
1
...
3
4
5
6
