Search
Search Results (4354 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-2931 | 1 Tinywebgallery | 1 Tinywebgallery | 2024-08-06 | 7.2 High |
| PHP code injection in TinyWebGallery before 1.8.8 allows remote authenticated users with admin privileges to inject arbitrary code into the .htusers.php file. | ||||
| CVE-2012-1496 | 1 Webcalendar Project | 1 Webcalendar | 2024-08-06 | 8.8 High |
| Local file inclusion in WebCalendar before 1.2.5. | ||||
| CVE-2012-0070 | 1 Spamdyke | 1 Spamdyke | 2024-08-06 | 7.5 High |
| spamdyke prior to 4.2.1: STARTTLS reveals plaintext | ||||
| CVE-2013-7487 | 1 Swann | 8 Dvr-16cif, Dvr-16cif Firmware, Dvr04b and 5 more | 2024-08-06 | 9.8 Critical |
| On Swann DVR04B, DVR08B, DVR-16CIF, and DVR16B devices, raysharpdvr application has a vulnerable call to “system”, which allows remote attackers to execute arbitrary code via TCP port 9000. | ||||
| CVE-2013-7380 | 1 Ep Imageconvert Project | 1 Ep Imageconvert | 2024-08-06 | 9.8 Critical |
| The Etherpad Lite ep_imageconvert Plugin has a Remote Command Injection Vulnerability | ||||
| CVE-2013-7381 | 1 Libnotify Project | 1 Libnotify | 2024-08-06 | 9.8 Critical |
| libnotify before 1.0.4 for Node.js allows remote attackers to execute arbitrary commands via unspecified characters in a call to libnotify.notify. | ||||
| CVE-2013-7378 | 1 Hubot Scripts Project | 1 Hubot Scripts | 2024-08-06 | 9.8 Critical |
| scripts/email.coffee in the Hubot Scripts module before 2.4.4 for Node.js allows remote attackers to execute arbitrary commands. | ||||
| CVE-2013-7324 | 1 Webkitgtk | 1 Webkitgtk | 2024-08-06 | 5.3 Medium |
| Webkit-GTK 2.x (any version with HTML5 audio/video support based on GStreamer) allows remote attackers to trigger unexpectedly high sound volume via malicious javascript. NOTE: this WebKit-GTK behavior complies with existing W3C standards and existing practices for GNOME desktop integration. | ||||
| CVE-2013-7070 | 1 Fibranet | 1 Monitorix | 2024-08-06 | 9.8 Critical |
| The handle_request function in lib/HTTPServer.pm in Monitorix before 3.3.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the URI. | ||||
| CVE-2013-6435 | 3 Debian, Redhat, Rpm | 5 Debian Linux, Enterprise Linux, Rhel Eus and 2 more | 2024-08-06 | N/A |
| Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory. | ||||
| CVE-2013-4578 | 2 Oracle, Redhat | 5 Jdk, Jre, Enterprise Linux and 2 more | 2024-08-06 | N/A |
| jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation. | ||||
| CVE-2013-4486 | 2 Linux, Redhat | 2 Linux Kernel, Zanata | 2024-08-06 | 9.8 Critical |
| Zanata 3.0.0 through 3.1.2 has RCE due to EL interpolation in logging | ||||
| CVE-2013-4318 | 1 Feature Project | 1 Feature | 2024-08-06 | 5.4 Medium |
| File injection vulnerability in Ruby gem Features 0.3.0 allows remote attackers to inject malicious html in the /tmp directory. | ||||
| CVE-2013-4144 | 1 Swfupload Project | 1 Swfupload | 2024-08-06 | 9.8 Critical |
| There is an object injection vulnerability in swfupload plugin for wordpress. | ||||