CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 3CVE-2011-10011 – WeBid 1.0.2 converter.php Remote PHP Code Injection
https://notcve.org/view.php?id=CVE-2011-10011
13 Aug 2025 — WeBid 1.0.2 contains a remote code injection vulnerability in the converter.php script, where unsanitized input in the to parameter of a POST request is written directly into includes/currencies.php. This allows unauthenticated attackers to inject arbitrary PHP code, resulting in persistent remote code execution when the modified script is accessed or included by the application. • https://www.vulncheck.com/advisories/webid-remote-php-code-injection • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2012-10054 – Umbraco CMS < 4.7.1 codeEditorSave.asmx RCE
https://notcve.org/view.php?id=CVE-2012-10054
13 Aug 2025 — Umbraco CMS versions prior to 4.7.1 are vulnerable to unauthenticated remote code execution via the codeEditorSave.asmx SOAP endpoint, which exposes a SaveDLRScript operation that permits arbitrary file uploads without authentication. By exploiting a path traversal flaw in the fileName parameter, attackers can write malicious ASPX scripts directly into the web-accessible /umbraco/ directory and execute them remotely. • https://www.vulncheck.com/advisories/umbraco-cms-rce • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 3CVE-2011-10013 – Traq 2.0–2.3 admincp/common.php RCE
https://notcve.org/view.php?id=CVE-2011-10013
13 Aug 2025 — Traq versions 2.0 through 2.3 contain a remote code execution vulnerability in the admincp/common.php script. ... This can be exploited via plugins.php to inject and execute arbitrary PHP code. • https://www.vulncheck.com/advisories/traq-issue-tracking-system-rce • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-306: Missing Authentication for Critical Function •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 4CVE-2012-10060 – Sysax Multi Server < 5.55 SSH Username Buffer Overflow
https://notcve.org/view.php?id=CVE-2012-10060
13 Aug 2025 — This allows remote code execution under the context of the service. • https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ssh/sysax_ssh_username.rb • CWE-121: Stack-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2011-10019 – Spreecommerce < 0.60.2 Search Parameter RCE
https://notcve.org/view.php?id=CVE-2011-10019
13 Aug 2025 — This allows attackers to execute arbitrary shell commands on the server without authentication. • https://www.vulncheck.com/advisories/spreecommerce-search-parameter-rce • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2011-10017 – Snort Report nmap.php/nbtscan.php RCE
https://notcve.org/view.php?id=CVE-2011-10017
13 Aug 2025 — These scripts fail to properly sanitize user input passed via the target GET parameter, allowing attackers to inject arbitrary shell commands. • https://www.vulncheck.com/advisories/snort-report-rce • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 4CVE-2011-10010 – QuickShare File Server 1.2.1 Path Traversal RCE
https://notcve.org/view.php?id=CVE-2011-10010
13 Aug 2025 — When the "Writable" option is enabled (default during account creation), this allows attackers to upload arbitrary files to privileged locations such as system32, enabling remote code execution via MOF injection or executable placement. • https://www.vulncheck.com/advisories/quickshare-file-server-path-traversal-rce • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 3CVE-2011-10012 – NetOp Remote Control Client 9.5 .dws File Buffer Overflow
https://notcve.org/view.php?id=CVE-2011-10012
13 Aug 2025 — If a .dws file contains a string longer than 520 bytes, the application fails to perform proper bounds checking, allowing an attacker to execute arbitrary code when the file is opened. • https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/netop.rb • CWE-121: Stack-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2011-10018 – myBB 1.6.4 Backdoor Arbitrary Command Execution
https://notcve.org/view.php?id=CVE-2011-10018
13 Aug 2025 — myBB version 1.6.4 was distributed with an unauthorized backdoor embedded in the source code. The backdoor allowed remote attackers to execute arbitrary PHP code by injecting payloads into a specially crafted collapsed cookie. • https://www.vulncheck.com/advisories/mybb-backdoor-arbitrary-command-execution • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-912: Hidden Functionality •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2011-10014 – GTA SA-MP server.cfg Buffer Overflow
https://notcve.org/view.php?id=CVE-2011-10014
13 Aug 2025 — The vulnerability allows local attackers to execute arbitrary code when the server binary (samp-server.exe) processes a crafted echo directive containing excessive input. • https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/gta_samp.rb • CWE-121: Stack-based Buffer Overflow •