arbitrary code vulnerabilities and exploits

4.3
CVSSv2
CVE-2013-6162

Cross-site scripting (XSS) vulnerability in Code-Crafters Ability Mail Server 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the body of an email....

Code-craftersAbility Mail Server
4.3
CVSSv2
CVE-2009-1623

Cross-site scripting (XSS) vulnerability in index.php in Dew-NewPHPLinks 2.0 allows remote attackers to inject arbitrary web script or HTML via the PID parameter....

Dew-codeDew-newphplinks
5
CVSSv2
CVE-2009-1624

Directory traversal vulnerability in index.php in Dew-NewPHPLinks 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the show parameter....

Dew-codeDew-newphplinks
5
CVSSv2
CVE-2004-1626

Buffer overflow in Ability Server 2.34, and possibly other versions, allows remote attackers to execute arbitrary code via a long STOR command....

Code-craftersAbility Server
7.5
CVSSv2
CVE-2004-1627

Buffer overflow in Ability Server 2.25, 2.32, 2.34, and possibly other versions, allows remote attackers to execute arbitrary code via a long APPE command....

Code-craftersAbility Server
5
CVSSv2
CVE-2010-1658

Directory traversal vulnerability in the Code-Garage NoticeBoard (com_noticeboard) component 1.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php....

Code-garageCom Noticeboard
6.8
CVSSv2
CVE-2016-1681

Heap-based buffer overflow in the opj_j2k_read_SPCod_SPCoc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 51.0.2704.63, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document....

6.9
CVSSv2
CVE-2017-3775

Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode is enabled by a system administrator, do not properly authenticate signed code before booting it. As a result, an attacker with physical access to the system could boot unsigned code....

4.6
CVSSv2
CVE-2018-9063

MapDrv (C:\Program Files\Lenovo\System Update\mapdrv.exe) In Lenovo System Update versions earlier than 5.07.0072 contains a local vulnerability where an attacker entering very large user ID or password can overrun the program's buffer, causing undefined behaviors, such as...

LenovoSystem Update
10
CVSSv2
CVE-2013-4495

The send_the_mail function in server/svr_mail.c in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) before 4.2.6 allows remote attackers to execute arbitrary commands via shell metacharacters in the email (-M switch) to qsub....