CVEs from 2013
Total
5,687
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.1%
% with KEV
0.7%
% with exploit
11.6%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-10050 | high | 8.8 | 9.8 | 10mo ago | An OS command injection vulnerability exists in multiple D-Link routers (confirmed on DIR-300 rev A v1.05 and DIR-615 rev D v4.13) via the authenticated tools_vct.xgi CGI endpoint. The web interface … | |||
| CVE-2013-3632 | high | 8.8 | 9.8 | 12y ago | The Cron service in rpc.php in OpenMediaVault allows remote authenticated users to execute cron jobs as arbitrary users and execute arbitrary commands via the username parameter. | |||
| CVE-2013-6271 | high | — | 9.8 | 13y ago | Android 4.0 through 4.3 allows attackers to bypass intended access restrictions and remove device locks via a crafted application that invokes the updateUnlockMethodAndFinish method in the com.androi… | |||
| CVE-2013-3543 | high | — | 9.8 | 13y ago | The AXIS Media Control (AMC) ActiveX control (AxisMediaControlEmb.dll) 6.2.10.11 for AXIS network cameras allows remote attackers to create or overwrite arbitrary files via a file path to the (1) Sta… | |||
| CVE-2013-0090 | high | 8.8 | 9.8 | 13y ago | Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Intern… | |||
| CVE-2013-1668 | high | — | 9.5 | 12y ago | The uploadFile function in upload/index.php in CosCMS before 1.822 allows remote administrators to execute arbitrary commands via shell metacharacters in the name of an uploaded file. | |||
| CVE-2013-5948 | high | — | 9.5 | 12y ago | The Network Analysis tab (Main_Analysis_Content.asp) in the ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote authenticated users to execute arbitrary comm… | |||
| CVE-2013-3365 | high | — | 9.5 | 13y ago | TRENDnet TEW-812DRU router allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) wan network prefix to internet/ipv6.asp; (2) remote port to adm/manageme… | |||
| CVE-2013-4987 | high | — | 9.5 | 13y ago | PineApp Mail-SeCure before 3.70 allows remote authenticated users to gain privileges by leveraging console access and providing shell metacharacters in a "system ping" command. | |||
| CVE-2013-6027 | high | — | 9.5 | 13y ago | Stack-based buffer overflow in the RuntimeDiagnosticPing function in /bin/webs on D-Link DIR-100 routers might allow remote authenticated administrators to execute arbitrary commands via a long set/r… | |||
| CVE-2013-5692 | high | — | 9.5 | 13y ago | Directory traversal vulnerability in X2Engine X2CRM before 3.5 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the file parameter to inde… | |||
| CVE-2013-0526 | high | — | 9.5 | 13y ago | ping.php in Global Console Manager 16 (GCM16) and Global Console Manager 32 (GCM32) before 1.20.0.22575 on the IBM Avocent 1754 KVM switch allows remote authenticated users to execute arbitrary comma… | |||
| CVE-2013-0136 | high | — | 9.5 | 13y ago | Multiple directory traversal vulnerabilities in the EditDocument servlet in the Frontend in Mutiny before 5.0-1.11 allow remote authenticated users to upload and execute arbitrary programs, read arbi… | |||
| CVE-2013-7179 | high | — | 9.3 | 13y ago | The ping functionality in cgi-bin/diagnostic.cgi on Seowon Intech SWC-9100 routers allows remote attackers to execute arbitrary commands via shell metacharacters in the ping_ipaddr parameter. | |||
| CVE-2013-7043 | high | — | 9.3 | 13y ago | Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Scientific Atlanta DPR2320R2 routers with software 2.0.2r1262-090417 allow remote attackers to hijack the authentication of adminis… | |||
| CVE-2013-1616 | high | — | 9.3 | 13y ago | The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote attackers to execute arbitrary commands by injecting a command into an application script. | |||
| CVE-2013-6040 | high | 8.1 | 9.1 | 13y ago | MW6 Aztec, DataMatrix, and MaxiCode ActiveX controls before version 4.0 vulnerable to arbitrary code via a crafted HTML document. Latest versions (4.0) of MW6 Aztec, DataMatrix, and MaxiCode ActiveX … | |||
| CVE-2013-0810 | high | 8.1 | 9.1 | 13y ago | Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, and Windows Server 2008 SP2 allow remote attackers to execute arbitrary code via a crafted screensaver in a theme file, a… | |||
| CVE-2013-2115 | high | 8.1 | 9.1 | 13y ago | Code injection in Apache Struts | |||
| CVE-2013-1612 | high | — | 8.9 | 13y ago | Buffer overflow in secars.dll in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1.x before 12.1.3, and Symantec Endpoint Protection Center (SPC) Small Business Edition 12.0.… | |||
| CVE-2013-0140 | high | — | 8.9 | 13y ago | SQL injection vulnerability in the Agent-Handler component in McAfee ePolicy Orchestrator (ePO) before 4.5.7 and 4.6.x before 4.6.6 allows remote attackers to execute arbitrary SQL commands via a cra… | |||
| CVE-2013-7183 | high | — | 8.8 | 13y ago | cgi-bin/reboot.cgi on Seowon Intech SWC-9100 routers allows remote attackers to (1) cause a denial of service (reboot) via a default_reboot action or (2) reset all configuration values via a factory_… | |||
| CVE-2013-4776 | high | — | 8.8 | 13y ago | NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier, GS748Tv4 5.4.1.14, and GS510TP 5.0.4.4 allows remote attackers to cause a denial of service (reboot or crash) via a crafted H… | |||
| CVE-2013-4775 | high | — | 8.8 | 13y ago | NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier; GS748Tv4 with firmware 5.4.1.14; GS510TP with firmware 5.4.0.6; GS752TPS, GS728TPS, GS728TS, and GS725TS with firmware 5.3.0.… | |||
| CVE-2013-6023 | high | — | 8.8 | 13y ago | Directory traversal vulnerability in the TVT TD-2308SS-B DVR with firmware 3.2.0.P-3520A-00 and earlier allows remote attackers to read arbitrary files via .. (dot dot) in the URI. | |||
| CVE-2013-3687 | high | — | 8.8 | 13y ago | AirLive POE2600HD, POE250HD, POE200HD, OD-325HD, OD-2025HD, OD-2060HD, POE100HD, and possibly other camera models use cleartext to store sensitive information, which allows attackers to obtain passwo… | |||
| CVE-2013-2581 | high | — | 8.8 | 13y ago | cgi-bin/firmwareupgrade in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 allows remote attackers to modify the fir… | |||
| CVE-2013-3541 | high | — | 8.8 | 13y ago | Directory traversal vulnerability in cgi-bin/admin/fileread in AirLive WL2600CAM and possibly other camera models allows remote attackers to read arbitrary files via a .. (dot dot) in the READ.filePa… | |||
| CVE-2013-3615 | high | — | 8.8 | 13y ago | Dahua DVR appliances use a password-hash algorithm with a short hash length, which makes it easier for context-dependent attackers to discover cleartext passwords via a brute-force attack. | |||
| CVE-2013-3613 | high | — | 8.8 | 13y ago | Dahua DVR appliances do not properly restrict UPnP requests, which makes it easier for remote attackers to obtain access via vectors involving a replay attack against the TELNET port. | |||
| CVE-2013-3431 | high | — | 8.8 | 13y ago | Cisco Video Surveillance Manager (VSM) before 7.0.0 does not require authentication for access to VSMC monitoring pages, which allows remote attackers to obtain sensitive configuration, archive, and … | |||
| CVE-2013-3429 | high | — | 8.8 | 13y ago | Multiple directory traversal vulnerabilities in Cisco Video Surveillance Manager (VSM) before 7.0.0 allow remote attackers to read system files via a crafted URL, related to the Cisco_VSBWT (aka Broa… | |||
| CVE-2013-4890 | high | — | 8.8 | 13y ago | The DMCRUIS/0.1 web server on the Samsung PS50C7700 TV allows remote attackers to cause a denial of service (daemon crash) via a long URI to TCP port 5600. | |||
| CVE-2013-2784 | high | — | 8.8 | 13y ago | Triangle Research International (aka Tri) Nano-10 PLC devices with firmware before r81 use an incorrect algorithm for bounds checking of data in Modbus/TCP packets, which allows remote attackers to c… | |||
| CVE-2013-4631 | high | — | 8.8 | 13y ago | Huawei AR 150, 200, 1200, 2200, and 3200 routers, when SNMPv3 is enabled, allow remote attackers to cause a denial of service (device crash) via malformed SNMPv3 requests that leverage unspecified ov… | |||
| CVE-2013-3574 | high | — | 8.8 | 13y ago | Absolute path traversal vulnerability in hpdiags/frontend2/commands/saveCompareConfig.php in HP Insight Diagnostics 9.4.0.4710 allows remote attackers to write data to arbitrary files via a full path… | |||
| CVE-2013-2560 | high | — | 8.8 | 13y ago | Directory traversal vulnerability in the web interface on Foscam devices with firmware before 11.37.2.49 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI, as demonstrated… | |||
| CVE-2013-1627 | high | — | 8.8 | 13y ago | Absolute path traversal vulnerability in NTWebServer.exe in Indusoft Studio 7.0 and earlier and Advantech Studio 7.0 and earlier allows remote attackers to read arbitrary files via a full pathname in… | |||
| CVE-2013-0229 | high | — | 8.8 | 14y ago | The ProcessSSDPRequest function in minissdp.c in the SSDP handler in MiniUPnP MiniUPnPd before 1.4 allows remote attackers to cause a denial of service (service crash) via a crafted request that trig… | |||
| CVE-2013-2271 | high | — | 8.6 | 13y ago | The D-Link DSL-2740B Gateway with firmware EU_1.0, when an active administrator session exists, allows remote attackers to bypass authentication and gain administrator access via a request to login.c… | |||
| CVE-2013-3586 | high | — | 8.6 | 13y ago | Samsung Web Viewer for Samsung DVR devices allows remote attackers to bypass authentication via an arbitrary SessionID value in a cookie. | |||
| CVE-2013-4630 | high | — | 8.6 | 13y ago | Stack-based buffer overflow on Huawei AR 150, 200, 1200, 2200, and 3200 routers, when SNMPv3 debugging is enabled, allows remote attackers to execute arbitrary code via malformed SNMPv3 requests. | |||
| CVE-2013-1468 | high | — | 8.6 | 13y ago | Cross-site request forgery (CSRF) vulnerability in the LocalFiles Editor plugin in Piwigo before 2.4.7 allows remote attackers to hijack the authentication of administrators for requests that create … | |||
| CVE-2013-7420 | high | — | 8.5 | 12y ago | Buffer overflow in Hancom Office 2010 SE allows remote attackers to execute arbitrary via a long string in the Text attribute in a TEXTART XML element in an HML file. | |||
| CVE-2013-6227 | high | — | 8.5 | 12y ago | Unrestricted file upload vulnerability in plugins/editor.zoho/agent/save_zoho.php in the Zoho plugin in Pydio (formerly AjaXplorer) before 5.0.4 allows remote attackers to execute arbitrary code by u… | |||
| CVE-2013-6041 | high | — | 8.5 | 12y ago | index.php in Softaculous Webuzo before 2.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in a SOFTCookies sid cookie within a login action. | |||
| CVE-2013-7409 | high | — | 8.5 | 12y ago | Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a .m3u (playlist) file. | |||
| CVE-2013-1436 | high | — | 8.5 | 12y ago | The XMonad.Hooks.DynamicLog module in xmonad-contrib before 0.11.2 allows remote attackers to execute arbitrary commands via a web page title, which activates the commands when the user clicks on the… | |||
| CVE-2013-7392 | high | — | 8.5 | 12y ago | Gitlist allows remote attackers to execute arbitrary commands via shell metacharacters in a file name to Source/. | |||
| CVE-2013-6117 | high | — | 8.5 | 12y ago | Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perfo… | |||
| CVE-2013-3081 | high | — | 8.5 | 12y ago | SQL injection vulnerability in the checkEmailFormat function in plugins/jojo_core/classes/Jojo.php in Jojo before 1.2.2 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-F… | |||
| CVE-2013-1412 | high | — | 8.5 | 12y ago | DataLife Engine (DLE) 9.7 allows remote attackers to execute arbitrary PHP code via the catlist[] parameter to engine/preview.php, which is used in a preg_replace function call with an e modifier. | |||
| CVE-2013-5036 | high | — | 8.5 | 12y ago | The Square Squash allows remote attackers to execute arbitrary code via a YAML document in the (1) namespace parameter to the deobfuscation function or (2) sourcemap parameter to the sourcemap functi… | |||
| CVE-2013-6765 | high | — | 8.5 | 12y ago | OpenVAS Manager 3.0 before 3.0.7 and 4.0 before 4.0.4 allows remote attackers to bypass the OMP authentication restrictions and execute OMP commands via a crafted OMP request for version information,… | |||
| CVE-2013-2226 | high | — | 8.5 | 12y ago | Multiple SQL injection vulnerabilities in GLPI before 0.83.9 allow remote attackers to execute arbitrary SQL commands via the (1) users_id_assign parameter to ajax/ticketassigninformation.php, (2) fi… | |||
| CVE-2013-7375 | high | — | 8.5 | 12y ago | SQL injection vulnerability in includes/classes/Authenticate.class.php in PHP-Fusion 7.02.01 through 7.02.05 allows remote attackers to execute arbitrary SQL commands via the user ID in a user cookie… | |||
| CVE-2013-1803 | high | — | 8.5 | 12y ago | Multiple SQL injection vulnerabilities in PHP-Fusion before 7.02.06 allow remote attackers to execute arbitrary SQL commands via the (1) orderby parameter to downloads.php; or remote authenticated us… | |||
| CVE-2013-4694 | high | — | 8.5 | 12y ago | Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Build 3418 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a package with a lo… | |||
| CVE-2013-3213 | high | — | 8.5 | 12y ago | Multiple SQL injection vulnerabilities in vTiger CRM 5.0.0 through 5.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) picklist_name parameter in the get_picklists method to so… | |||
| CVE-2013-7349 | high | — | 8.5 | 12y ago | Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the (1) news_id parameter to news/send.php, (2) thread_id parameter to posts/edit.ph… | |||
| CVE-2013-5640 | high | — | 8.5 | 12y ago | Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the (1) answer_id or (2) question_id parameter to polls/vote.php, (3) story_id param… | |||
| CVE-2013-1605 | high | — | 8.5 | 12y ago | Buffer overflow in MayGion IP Cameras with firmware before 2013.04.22 (05.53) allows remote attackers to execute arbitrary code via a long filename in a GET request. | |||
| CVE-2013-3727 | high | — | 8.5 | 12y ago | SQL injection vulnerability in Kasseler CMS before 2 r1232 allows remote authenticated users to execute arbitrary SQL commands via the groups[] parameter to admin.php. NOTE: this can be leveraged us… | |||
| CVE-2013-5117 | high | — | 8.5 | 12y ago | SQL injection vulnerability in the RSS page (DNNArticleRSS.aspx) in the ZLDNN DNNArticle module before 10.1 for DotNetNuke allows remote attackers to execute arbitrary SQL commands via the categoryid… | |||
| CVE-2013-5639 | high | — | 8.5 | 12y ago | Directory traversal vulnerability in users/login.php in Gnew 2013.1 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the gnew_language cookie. | |||
| CVE-2013-2498 | high | — | 8.5 | 12y ago | SQL injection vulnerability in the login page in flexycms/modules/user/user_manager.php in SimpleHRM 2.3, 2.2, and earlier allows remote attackers to execute arbitrary SQL commands via the username p… | |||
| CVE-2013-5014 | high | — | 8.5 | 13y ago | The management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1… | |||
| CVE-2013-3294 | high | — | 8.5 | 13y ago | Multiple SQL injection vulnerabilities in Exponent CMS before 2.2.0 release candidate 1 allow remote attackers to execute arbitrary SQL commands via the (1) src or (2) username parameter to index.php. | |||
| CVE-2013-1852 | high | — | 8.5 | 13y ago | SQL injection vulnerability in leaguemanager.php in the LeagueManager plugin before 3.8.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the league_id parameter in the le… | |||
| CVE-2013-7219 | high | — | 8.5 | 13y ago | SQL injection vulnerability in vote.php in the 2Glux Sexy Polling (com_sexypolling) component before 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the answer_id[] pa… | |||
| CVE-2013-2594 | high | — | 8.5 | 13y ago | SQL injection vulnerability in reports/calldiary.php in Hornbill Supportworks ITSM 1.0.0 through 3.4.14 allows remote attackers to execute arbitrary SQL commands via the callref parameter. | |||
| CVE-2013-2827 | high | — | 8.5 | 13y ago | An unspecified ActiveX control in WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before 3.1.2 allows remote attackers to download arbitrary DLL code onto a client mach… | |||
| CVE-2013-2050 | high | — | 8.5 | 13y ago | SQL injection vulnerability in the miq_policy controller in Red Hat CloudForms 2.0 Management Engine (CFME) 5.1 and ManageIQ Enterprise Virtualization Manager 5.0 and earlier allows remote authentica… | |||
| CVE-2013-7139 | high | — | 8.5 | 13y ago | SQL injection vulnerability in download.php in Horizon Quick Content Management System (QCMS) 4.0 and earlier allows remote to execute arbitrary SQL commands via the category parameter. | |||
| CVE-2013-7278 | high | — | 8.5 | 13y ago | SQL injection vulnerability in Naxtech CMS Afroditi 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to default.asp. | |||
| CVE-2013-7260 | high | — | 8.5 | 13y ago | Multiple stack-based buffer overflows in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before 12.0.1.1738, allow remote attackers to execute arbitrary code via a long (1) ve… | |||
| CVE-2013-6987 | high | — | 8.5 | 13y ago | Multiple directory traversal vulnerabilities in the FileBrowser components in Synology DiskStation Manager (DSM) before 4.3-3810 Update 3 allow remote attackers to read, write, and delete arbitrary f… | |||
| CVE-2013-7193 | high | — | 8.5 | 13y ago | Multiple SQL injection vulnerabilities in C2C Forward Auction Creator 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) pa parameter to auction/asp/list.asp, or the (2) UserID … | |||
| CVE-2013-7192 | high | — | 8.5 | 13y ago | Multiple SQL injection vulnerabilities in Dynamic Biz Website Builder (QuickWeb) allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to apps/news-events/newdetail.asp, o… | |||
| CVE-2013-2627 | high | — | 8.5 | 13y ago | SQL injection vulnerability in action.php in Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers to execute arbitrary SQL commands via the id parameter in a removeFolder action. | |||
| CVE-2013-7189 | high | — | 8.5 | 13y ago | Multiple SQL injection vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to execute arbitrary SQL commands via the cmbdomain parameter to (1) checktransferstatus.php, (2) c… | |||
| CVE-2013-7187 | high | — | 8.5 | 13y ago | SQL injection vulnerability in form.php in the FormCraft plugin 1.3.7 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2013-6420 | high | — | 8.5 | 13y ago | The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 … | |||
| CVE-2013-6839 | high | — | 8.5 | 13y ago | SQL injection vulnerability in InstantSoft InstantCMS 1.10.3 and earlier allows remote attackers to execute arbitrary SQL commands via the orderby parameter to catalog/[id]. | |||
| CVE-2013-6985 | high | — | 8.5 | 13y ago | SQL injection vulnerability in m_worklog/log_searchday.jsp in Enorth Webpublisher CMS, possibly 5.0 and earlier, allows remote attackers to execute arbitrary SQL commands via the thisday parameter. | |||
| CVE-2013-1349 | high | — | 8.5 | 13y ago | Eval injection vulnerability in ajax.php in openSIS 4.5 through 5.2 allows remote attackers to execute arbitrary PHP code via the modname parameter. | |||
| CVE-2013-6341 | high | — | 8.5 | 13y ago | SQL injection vulnerability in Dokeos 2.2 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the language parameter to index.php. | |||
| CVE-2013-6936 | high | — | 8.5 | 13y ago | Multiple SQL injection vulnerabilities in ajaxfs.php in the Ajax forum stat (Ajaxfs) Plugin 2.0 for MyBB (aka MyBulletinBoard) allow remote attackers to execute arbitrary SQL commands via the (1) too… | |||
| CVE-2013-6875 | high | — | 8.5 | 13y ago | SQL injection vulnerability in functions/prepend_adm.php in Nagios Core Config Manager in Nagios XI before 2012R2.4 allows remote attackers to execute arbitrary SQL commands via the tfPassword parame… | |||
| CVE-2013-6873 | high | — | 8.5 | 13y ago | SQL injection vulnerability in Testa Online Test Management System (OTMS) 2.0.0.2 allows remote attackers to execute arbitrary SQL commands via the test_id parameter. | |||
| CVE-2013-4547 | high | — | 8.5 | 13y ago | nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI. | |||
| CVE-2013-6830 | high | — | 8.5 | 13y ago | admin/confnetworking.html in PineApp Mail-SeCure 3.70 and earlier on 5099SK and earlier platforms allows remote attackers to execute arbitrary commands via shell metacharacters in the nsserver parame… | |||
| CVE-2013-6829 | high | — | 8.5 | 13y ago | admin/confnetworking.html in PineApp Mail-SeCure allows remote attackers to execute arbitrary commands via shell metacharacters in the pinghost parameter during a ping operation. | |||
| CVE-2013-4557 | high | — | 8.5 | 13y ago | The Security Screen (_core_/securite/ecran_securite.php) before 1.1.8 for SPIP, as used in SPIP 3.0.x before 3.0.12, allows remote attackers to execute arbitrary PHP via the connect parameter. | |||
| CVE-2013-6164 | high | — | 8.5 | 13y ago | SQL injection vulnerability in view/objectDetail.php in Project'Or RIA 3.4.0 allows remote attackers to execute arbitrary SQL commands via the objectId parameter. | |||
| CVE-2013-6058 | high | — | 8.5 | 13y ago | SQL injection vulnerability in appRain CMF 3.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to blog-by-cat/. | |||
| CVE-2013-5694 | high | — | 8.5 | 13y ago | SQL injection vulnerability in status/service/acknowledge in Opsview before 4.4.1 allows remote attackers to execute arbitrary SQL commands via the service_selection parameter. | |||
| CVE-2013-4835 | high | — | 8.5 | 13y ago | The APISiteScopeImpl SOAP service in HP SiteScope 10.1x and 11.x before 11.22 allows remote attackers to bypass authentication and execute arbitrary code via a direct request to the issueSiebelCmd me… | |||
| CVE-2013-6283 | high | — | 8.5 | 13y ago | VideoLAN VLC Media Player 2.0.8 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a URL in a m3u file. | |||
| CVE-2013-6129 | high | — | 8.5 | 13y ago | The install/upgrade.php scripts in vBulletin 4.1 and 5 allow remote attackers to create administrative accounts via the customerid, htmldata[password], htmldata[confirmpassword], and htmldata[email] … |