CVEs from 2013
Total
5,687
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.1%
% with KEV
0.7%
% with exploit
11.6%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-1311 | critical | — | 10.0 | 13y ago | Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer… | |||
| CVE-2013-1309 | critical | — | 10.0 | 13y ago | Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Intern… | |||
| CVE-2013-1306 | critical | — | 10.0 | 13y ago | Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer… | |||
| CVE-2013-0946 | critical | — | 10.0 | 13y ago | Buffer overflow in the Library Control Program (LCP) in EMC AlphaStor 4.0 before build 910 allows remote attackers to execute arbitrary code via crafted commands. | |||
| CVE-2013-0726 | critical | — | 10.0 | 13y ago | Stack-based buffer overflow in the ERM_convert_to_correct_webpath function in ermapper_u.dll in ERDAS ER Viewer before 13.00.0001 allows remote attackers to execute arbitrary code via a crafted pathn… | |||
| CVE-2013-3075 | critical | — | 10.0 | 13y ago | Multiple buffer overflows in ActUWzd.dll 1.0.0.1 in Mitsubishi MX Component 3, as distributed in Citect CitectFacilities 7.10 and CitectScada 7.10r1, allow remote attackers to execute arbitrary code … | |||
| CVE-2013-1080 | critical | — | 10.0 | 13y ago | The web server in Novell ZENworks Configuration Management (ZCM) 10.3 and 11.2 before 11.2.4 does not properly perform authentication for zenworks/jsp/index.jsp, which allows remote attackers to cond… | |||
| CVE-2013-1488 | critical | — | 10.0 | 13y ago | The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to execute arbitrary code via unspecified vectors involving reflec… | |||
| CVE-2013-1493 | critical | — | 10.0 | 13y ago | The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbit… | |||
| CVE-2013-0804 | critical | — | 10.0 | 14y ago | The client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference) via unspecif… | |||
| CVE-2013-0658 | critical | — | 10.0 | 14y ago | Heap-based buffer overflow in RFManagerService.exe in Schneider Electric Accutech Manager 2.00.1 and earlier allows remote attackers to execute arbitrary code via a crafted HTTP request. | |||
| CVE-2013-0025 | critical | — | 10.0 | 14y ago | Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer… | |||
| CVE-2013-0019 | critical | — | 10.0 | 14y ago | Use-after-free vulnerability in Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Intern… | |||
| CVE-2013-1465 | critical | 9.8 | 10.0 | 14y ago | The Cubecart::_basket method in classes/cubecart.class.php in CubeCart 5.0.0 through 5.2.0 allows remote attackers to unserialize arbitrary PHP objects via a crafted shipping parameter, as demonstrat… | |||
| CVE-2013-1638 | critical | — | 10.0 | 14y ago | Opera before 12.13 allows remote attackers to execute arbitrary code via crafted clipPaths in an SVG document. | |||
| CVE-2013-0634 | critical | — | 10.0 | 14y ago | Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on Linux, before 11.1.111.32 on Android 2.x and 3.x, and be… | |||
| CVE-2013-0633 | critical | — | 10.0 | 14y ago | Buffer overflow in Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on Linux, before 11.1.111.32 on Android … | |||
| CVE-2013-0230 | critical | — | 10.0 | 14y ago | Stack-based buffer overflow in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to execute arbitrary code via a long quot… | |||
| CVE-2013-0928 | critical | — | 10.0 | 14y ago | The NetWorker command processor in rrobotd.exe in the Device Manager in EMC AlphaStor 4.0 before build 800 allows remote attackers to execute arbitrary commands via a DCP "run command" operation. | |||
| CVE-2013-0657 | critical | — | 10.0 | 14y ago | Stack-based buffer overflow in Schneider Electric Interactive Graphical SCADA System (IGSS) 10 and earlier allows remote attackers to execute arbitrary code by sending TCP port-12397 data that does n… | |||
| CVE-2013-0758 | critical | — | 10.0 | 14y ago | Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 a… | |||
| CVE-2013-0757 | critical | — | 10.0 | 14y ago | The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15… | |||
| CVE-2013-0753 | critical | — | 10.0 | 14y ago | Use-after-free vulnerability in the serializeToStream implementation in the XMLSerializer component in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird… | |||
| CVE-2013-10050 | high | 8.8 | 9.8 | 10mo ago | An OS command injection vulnerability exists in multiple D-Link routers (confirmed on DIR-300 rev A v1.05 and DIR-615 rev D v4.13) via the authenticated tools_vct.xgi CGI endpoint. The web interface … | |||
| CVE-2013-3632 | high | 8.8 | 9.8 | 12y ago | The Cron service in rpc.php in OpenMediaVault allows remote authenticated users to execute cron jobs as arbitrary users and execute arbitrary commands via the username parameter. | |||
| CVE-2013-6271 | high | — | 9.8 | 13y ago | Android 4.0 through 4.3 allows attackers to bypass intended access restrictions and remove device locks via a crafted application that invokes the updateUnlockMethodAndFinish method in the com.androi… | |||
| CVE-2013-3543 | high | — | 9.8 | 13y ago | The AXIS Media Control (AMC) ActiveX control (AxisMediaControlEmb.dll) 6.2.10.11 for AXIS network cameras allows remote attackers to create or overwrite arbitrary files via a file path to the (1) Sta… | |||
| CVE-2013-0090 | high | 8.8 | 9.8 | 13y ago | Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Intern… | |||
| CVE-2013-1668 | high | — | 9.5 | 12y ago | The uploadFile function in upload/index.php in CosCMS before 1.822 allows remote administrators to execute arbitrary commands via shell metacharacters in the name of an uploaded file. | |||
| CVE-2013-5948 | high | — | 9.5 | 12y ago | The Network Analysis tab (Main_Analysis_Content.asp) in the ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote authenticated users to execute arbitrary comm… | |||
| CVE-2013-3365 | high | — | 9.5 | 13y ago | TRENDnet TEW-812DRU router allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) wan network prefix to internet/ipv6.asp; (2) remote port to adm/manageme… | |||
| CVE-2013-4987 | high | — | 9.5 | 13y ago | PineApp Mail-SeCure before 3.70 allows remote authenticated users to gain privileges by leveraging console access and providing shell metacharacters in a "system ping" command. | |||
| CVE-2013-6027 | high | — | 9.5 | 13y ago | Stack-based buffer overflow in the RuntimeDiagnosticPing function in /bin/webs on D-Link DIR-100 routers might allow remote authenticated administrators to execute arbitrary commands via a long set/r… | |||
| CVE-2013-5692 | high | — | 9.5 | 13y ago | Directory traversal vulnerability in X2Engine X2CRM before 3.5 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the file parameter to inde… | |||
| CVE-2013-0526 | high | — | 9.5 | 13y ago | ping.php in Global Console Manager 16 (GCM16) and Global Console Manager 32 (GCM32) before 1.20.0.22575 on the IBM Avocent 1754 KVM switch allows remote authenticated users to execute arbitrary comma… | |||
| CVE-2013-0136 | high | — | 9.5 | 13y ago | Multiple directory traversal vulnerabilities in the EditDocument servlet in the Frontend in Mutiny before 5.0-1.11 allow remote authenticated users to upload and execute arbitrary programs, read arbi… | |||
| CVE-2013-7179 | high | — | 9.3 | 13y ago | The ping functionality in cgi-bin/diagnostic.cgi on Seowon Intech SWC-9100 routers allows remote attackers to execute arbitrary commands via shell metacharacters in the ping_ipaddr parameter. | |||
| CVE-2013-7043 | high | — | 9.3 | 13y ago | Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Scientific Atlanta DPR2320R2 routers with software 2.0.2r1262-090417 allow remote attackers to hijack the authentication of adminis… | |||
| CVE-2013-1616 | high | — | 9.3 | 13y ago | The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote attackers to execute arbitrary commands by injecting a command into an application script. | |||
| CVE-2013-6040 | high | 8.1 | 9.1 | 13y ago | MW6 Aztec, DataMatrix, and MaxiCode ActiveX controls before version 4.0 vulnerable to arbitrary code via a crafted HTML document. Latest versions (4.0) of MW6 Aztec, DataMatrix, and MaxiCode ActiveX … | |||
| CVE-2013-0810 | high | 8.1 | 9.1 | 13y ago | Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, and Windows Server 2008 SP2 allow remote attackers to execute arbitrary code via a crafted screensaver in a theme file, a… | |||
| CVE-2013-2115 | high | 8.1 | 9.1 | 13y ago | Code injection in Apache Struts | |||
| CVE-2013-1612 | high | — | 8.9 | 13y ago | Buffer overflow in secars.dll in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1.x before 12.1.3, and Symantec Endpoint Protection Center (SPC) Small Business Edition 12.0.… | |||
| CVE-2013-0140 | high | — | 8.9 | 13y ago | SQL injection vulnerability in the Agent-Handler component in McAfee ePolicy Orchestrator (ePO) before 4.5.7 and 4.6.x before 4.6.6 allows remote attackers to execute arbitrary SQL commands via a cra… | |||
| CVE-2013-7183 | high | — | 8.8 | 13y ago | cgi-bin/reboot.cgi on Seowon Intech SWC-9100 routers allows remote attackers to (1) cause a denial of service (reboot) via a default_reboot action or (2) reset all configuration values via a factory_… | |||
| CVE-2013-4776 | high | — | 8.8 | 13y ago | NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier, GS748Tv4 5.4.1.14, and GS510TP 5.0.4.4 allows remote attackers to cause a denial of service (reboot or crash) via a crafted H… | |||
| CVE-2013-4775 | high | — | 8.8 | 13y ago | NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier; GS748Tv4 with firmware 5.4.1.14; GS510TP with firmware 5.4.0.6; GS752TPS, GS728TPS, GS728TS, and GS725TS with firmware 5.3.0.… | |||
| CVE-2013-6023 | high | — | 8.8 | 13y ago | Directory traversal vulnerability in the TVT TD-2308SS-B DVR with firmware 3.2.0.P-3520A-00 and earlier allows remote attackers to read arbitrary files via .. (dot dot) in the URI. | |||
| CVE-2013-3687 | high | — | 8.8 | 13y ago | AirLive POE2600HD, POE250HD, POE200HD, OD-325HD, OD-2025HD, OD-2060HD, POE100HD, and possibly other camera models use cleartext to store sensitive information, which allows attackers to obtain passwo… | |||
| CVE-2013-2581 | high | — | 8.8 | 13y ago | cgi-bin/firmwareupgrade in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 allows remote attackers to modify the fir… | |||
| CVE-2013-3541 | high | — | 8.8 | 13y ago | Directory traversal vulnerability in cgi-bin/admin/fileread in AirLive WL2600CAM and possibly other camera models allows remote attackers to read arbitrary files via a .. (dot dot) in the READ.filePa… | |||
| CVE-2013-3615 | high | — | 8.8 | 13y ago | Dahua DVR appliances use a password-hash algorithm with a short hash length, which makes it easier for context-dependent attackers to discover cleartext passwords via a brute-force attack. | |||
| CVE-2013-3613 | high | — | 8.8 | 13y ago | Dahua DVR appliances do not properly restrict UPnP requests, which makes it easier for remote attackers to obtain access via vectors involving a replay attack against the TELNET port. | |||
| CVE-2013-3431 | high | — | 8.8 | 13y ago | Cisco Video Surveillance Manager (VSM) before 7.0.0 does not require authentication for access to VSMC monitoring pages, which allows remote attackers to obtain sensitive configuration, archive, and … | |||
| CVE-2013-3429 | high | — | 8.8 | 13y ago | Multiple directory traversal vulnerabilities in Cisco Video Surveillance Manager (VSM) before 7.0.0 allow remote attackers to read system files via a crafted URL, related to the Cisco_VSBWT (aka Broa… | |||
| CVE-2013-4890 | high | — | 8.8 | 13y ago | The DMCRUIS/0.1 web server on the Samsung PS50C7700 TV allows remote attackers to cause a denial of service (daemon crash) via a long URI to TCP port 5600. | |||
| CVE-2013-2784 | high | — | 8.8 | 13y ago | Triangle Research International (aka Tri) Nano-10 PLC devices with firmware before r81 use an incorrect algorithm for bounds checking of data in Modbus/TCP packets, which allows remote attackers to c… | |||
| CVE-2013-4631 | high | — | 8.8 | 13y ago | Huawei AR 150, 200, 1200, 2200, and 3200 routers, when SNMPv3 is enabled, allow remote attackers to cause a denial of service (device crash) via malformed SNMPv3 requests that leverage unspecified ov… | |||
| CVE-2013-3574 | high | — | 8.8 | 13y ago | Absolute path traversal vulnerability in hpdiags/frontend2/commands/saveCompareConfig.php in HP Insight Diagnostics 9.4.0.4710 allows remote attackers to write data to arbitrary files via a full path… | |||
| CVE-2013-2560 | high | — | 8.8 | 13y ago | Directory traversal vulnerability in the web interface on Foscam devices with firmware before 11.37.2.49 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI, as demonstrated… | |||
| CVE-2013-1627 | high | — | 8.8 | 13y ago | Absolute path traversal vulnerability in NTWebServer.exe in Indusoft Studio 7.0 and earlier and Advantech Studio 7.0 and earlier allows remote attackers to read arbitrary files via a full pathname in… | |||
| CVE-2013-0229 | high | — | 8.8 | 14y ago | The ProcessSSDPRequest function in minissdp.c in the SSDP handler in MiniUPnP MiniUPnPd before 1.4 allows remote attackers to cause a denial of service (service crash) via a crafted request that trig… | |||
| CVE-2013-2271 | high | — | 8.6 | 13y ago | The D-Link DSL-2740B Gateway with firmware EU_1.0, when an active administrator session exists, allows remote attackers to bypass authentication and gain administrator access via a request to login.c… | |||
| CVE-2013-3586 | high | — | 8.6 | 13y ago | Samsung Web Viewer for Samsung DVR devices allows remote attackers to bypass authentication via an arbitrary SessionID value in a cookie. | |||
| CVE-2013-4630 | high | — | 8.6 | 13y ago | Stack-based buffer overflow on Huawei AR 150, 200, 1200, 2200, and 3200 routers, when SNMPv3 debugging is enabled, allows remote attackers to execute arbitrary code via malformed SNMPv3 requests. | |||
| CVE-2013-1468 | high | — | 8.6 | 13y ago | Cross-site request forgery (CSRF) vulnerability in the LocalFiles Editor plugin in Piwigo before 2.4.7 allows remote attackers to hijack the authentication of administrators for requests that create … | |||
| CVE-2013-7420 | high | — | 8.5 | 12y ago | Buffer overflow in Hancom Office 2010 SE allows remote attackers to execute arbitrary via a long string in the Text attribute in a TEXTART XML element in an HML file. | |||
| CVE-2013-6227 | high | — | 8.5 | 12y ago | Unrestricted file upload vulnerability in plugins/editor.zoho/agent/save_zoho.php in the Zoho plugin in Pydio (formerly AjaXplorer) before 5.0.4 allows remote attackers to execute arbitrary code by u… | |||
| CVE-2013-6041 | high | — | 8.5 | 12y ago | index.php in Softaculous Webuzo before 2.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in a SOFTCookies sid cookie within a login action. | |||
| CVE-2013-7409 | high | — | 8.5 | 12y ago | Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a .m3u (playlist) file. | |||
| CVE-2013-1436 | high | — | 8.5 | 12y ago | The XMonad.Hooks.DynamicLog module in xmonad-contrib before 0.11.2 allows remote attackers to execute arbitrary commands via a web page title, which activates the commands when the user clicks on the… | |||
| CVE-2013-7392 | high | — | 8.5 | 12y ago | Gitlist allows remote attackers to execute arbitrary commands via shell metacharacters in a file name to Source/. | |||
| CVE-2013-6117 | high | — | 8.5 | 12y ago | Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perfo… | |||
| CVE-2013-3081 | high | — | 8.5 | 12y ago | SQL injection vulnerability in the checkEmailFormat function in plugins/jojo_core/classes/Jojo.php in Jojo before 1.2.2 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-F… | |||
| CVE-2013-1412 | high | — | 8.5 | 12y ago | DataLife Engine (DLE) 9.7 allows remote attackers to execute arbitrary PHP code via the catlist[] parameter to engine/preview.php, which is used in a preg_replace function call with an e modifier. | |||
| CVE-2013-5036 | high | — | 8.5 | 12y ago | The Square Squash allows remote attackers to execute arbitrary code via a YAML document in the (1) namespace parameter to the deobfuscation function or (2) sourcemap parameter to the sourcemap functi… | |||
| CVE-2013-6765 | high | — | 8.5 | 12y ago | OpenVAS Manager 3.0 before 3.0.7 and 4.0 before 4.0.4 allows remote attackers to bypass the OMP authentication restrictions and execute OMP commands via a crafted OMP request for version information,… | |||
| CVE-2013-2226 | high | — | 8.5 | 12y ago | Multiple SQL injection vulnerabilities in GLPI before 0.83.9 allow remote attackers to execute arbitrary SQL commands via the (1) users_id_assign parameter to ajax/ticketassigninformation.php, (2) fi… | |||
| CVE-2013-7375 | high | — | 8.5 | 12y ago | SQL injection vulnerability in includes/classes/Authenticate.class.php in PHP-Fusion 7.02.01 through 7.02.05 allows remote attackers to execute arbitrary SQL commands via the user ID in a user cookie… | |||
| CVE-2013-1803 | high | — | 8.5 | 12y ago | Multiple SQL injection vulnerabilities in PHP-Fusion before 7.02.06 allow remote attackers to execute arbitrary SQL commands via the (1) orderby parameter to downloads.php; or remote authenticated us… | |||
| CVE-2013-4694 | high | — | 8.5 | 12y ago | Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Build 3418 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a package with a lo… | |||
| CVE-2013-3213 | high | — | 8.5 | 12y ago | Multiple SQL injection vulnerabilities in vTiger CRM 5.0.0 through 5.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) picklist_name parameter in the get_picklists method to so… | |||
| CVE-2013-7349 | high | — | 8.5 | 12y ago | Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the (1) news_id parameter to news/send.php, (2) thread_id parameter to posts/edit.ph… | |||
| CVE-2013-5640 | high | — | 8.5 | 12y ago | Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the (1) answer_id or (2) question_id parameter to polls/vote.php, (3) story_id param… | |||
| CVE-2013-1605 | high | — | 8.5 | 12y ago | Buffer overflow in MayGion IP Cameras with firmware before 2013.04.22 (05.53) allows remote attackers to execute arbitrary code via a long filename in a GET request. | |||
| CVE-2013-3727 | high | — | 8.5 | 12y ago | SQL injection vulnerability in Kasseler CMS before 2 r1232 allows remote authenticated users to execute arbitrary SQL commands via the groups[] parameter to admin.php. NOTE: this can be leveraged us… | |||
| CVE-2013-5117 | high | — | 8.5 | 12y ago | SQL injection vulnerability in the RSS page (DNNArticleRSS.aspx) in the ZLDNN DNNArticle module before 10.1 for DotNetNuke allows remote attackers to execute arbitrary SQL commands via the categoryid… | |||
| CVE-2013-5639 | high | — | 8.5 | 12y ago | Directory traversal vulnerability in users/login.php in Gnew 2013.1 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the gnew_language cookie. | |||
| CVE-2013-2498 | high | — | 8.5 | 12y ago | SQL injection vulnerability in the login page in flexycms/modules/user/user_manager.php in SimpleHRM 2.3, 2.2, and earlier allows remote attackers to execute arbitrary SQL commands via the username p… | |||
| CVE-2013-5014 | high | — | 8.5 | 13y ago | The management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1… | |||
| CVE-2013-3294 | high | — | 8.5 | 13y ago | Multiple SQL injection vulnerabilities in Exponent CMS before 2.2.0 release candidate 1 allow remote attackers to execute arbitrary SQL commands via the (1) src or (2) username parameter to index.php. | |||
| CVE-2013-1852 | high | — | 8.5 | 13y ago | SQL injection vulnerability in leaguemanager.php in the LeagueManager plugin before 3.8.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the league_id parameter in the le… | |||
| CVE-2013-7219 | high | — | 8.5 | 13y ago | SQL injection vulnerability in vote.php in the 2Glux Sexy Polling (com_sexypolling) component before 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the answer_id[] pa… | |||
| CVE-2013-2594 | high | — | 8.5 | 13y ago | SQL injection vulnerability in reports/calldiary.php in Hornbill Supportworks ITSM 1.0.0 through 3.4.14 allows remote attackers to execute arbitrary SQL commands via the callref parameter. | |||
| CVE-2013-2827 | high | — | 8.5 | 13y ago | An unspecified ActiveX control in WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before 3.1.2 allows remote attackers to download arbitrary DLL code onto a client mach… | |||
| CVE-2013-2050 | high | — | 8.5 | 13y ago | SQL injection vulnerability in the miq_policy controller in Red Hat CloudForms 2.0 Management Engine (CFME) 5.1 and ManageIQ Enterprise Virtualization Manager 5.0 and earlier allows remote authentica… | |||
| CVE-2013-7139 | high | — | 8.5 | 13y ago | SQL injection vulnerability in download.php in Horizon Quick Content Management System (QCMS) 4.0 and earlier allows remote to execute arbitrary SQL commands via the category parameter. | |||
| CVE-2013-7278 | high | — | 8.5 | 13y ago | SQL injection vulnerability in Naxtech CMS Afroditi 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to default.asp. | |||
| CVE-2013-7260 | high | — | 8.5 | 13y ago | Multiple stack-based buffer overflows in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before 12.0.1.1738, allow remote attackers to execute arbitrary code via a long (1) ve… | |||
| CVE-2013-6987 | high | — | 8.5 | 13y ago | Multiple directory traversal vulnerabilities in the FileBrowser components in Synology DiskStation Manager (DSM) before 4.3-3810 Update 3 allow remote attackers to read, write, and delete arbitrary f… |