Total
4913 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2013-6829 | 1 Pineapp | 1 Mail-secure | 2025-04-11 | N/A |
admin/confnetworking.html in PineApp Mail-SeCure allows remote attackers to execute arbitrary commands via shell metacharacters in the pinghost parameter during a ping operation. | ||||
CVE-2013-6865 | 1 Sybase | 1 Adaptive Server Enterprise | 2025-04-11 | N/A |
SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka CR732989. | ||||
CVE-2010-2146 | 1 Graviton-mediatech | 1 Visitor Logger | 2025-04-11 | N/A |
PHP remote file inclusion vulnerability in banned.php in Visitor Logger allows remote attackers to execute arbitrary PHP code via a URL in the VL_include_path parameter. | ||||
CVE-2010-2137 | 1 Giaard | 1 Proman | 2025-04-11 | N/A |
PHP remote file inclusion vulnerability in _center.php in ProMan 0.1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | ||||
CVE-2013-6824 | 1 Zabbix | 1 Zabbix | 2025-04-11 | N/A |
Zabbix before 1.8.19rc1, 2.0 before 2.0.10rc1, and 2.2 before 2.2.1rc1 allows remote Zabbix servers and proxies to execute arbitrary commands via a newline in a flexible user parameter. | ||||
CVE-2013-6866 | 1 Sybase | 1 Adaptive Server Enterprise | 2025-04-11 | N/A |
SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka CR736689. | ||||
CVE-2013-7086 | 1 Webbynode | 1 Webbynode | 2025-04-11 | N/A |
The message function in lib/webbynode/notify.rb in the Webbynode gem 1.0.5.3 and earlier for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a growlnotify message. | ||||
CVE-2013-6671 | 6 Canonical, Fedoraproject, Mozilla and 3 more | 18 Ubuntu Linux, Fedora, Firefox and 15 more | 2025-04-11 | 9.8 Critical |
The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements. | ||||
CVE-2013-6421 | 1 Projectsprouts | 1 Sprout | 2025-04-11 | N/A |
The unpack_zip function in archive_unpacker.rb in the sprout gem 0.7.246 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a (1) filename or (2) path. | ||||
CVE-2010-2127 | 1 Jv2design | 1 Jv2 Folder Gallery | 2025-04-11 | N/A |
PHP remote file inclusion vulnerability in gallery.php in JV2 Folder Gallery 3.1 allows remote attackers to execute arbitrary PHP code via a URL in the lang_file parameter. | ||||
CVE-2013-6427 | 1 Hp | 1 Linux Imaging And Printing Project | 2025-04-11 | N/A |
upgrade.py in the hp-upgrade service in HP Linux Imaging and Printing (HPLIP) 3.x through 3.13.11 launches a program from an http URL, which allows man-in-the-middle attackers to execute arbitrary code by gaining control over the client-server data stream. | ||||
CVE-2013-6795 | 1 Rackspace | 1 Openstack Windows Guest Agent | 2025-04-11 | N/A |
The Updater in Rackspace Openstack Windows Guest Agent for XenServer before 1.2.6.0 allows remote attackers to execute arbitrary code via a crafted serialized .NET object to TCP port 1984, which triggers the download and extraction of a ZIP file that overwrites the Agent service binary. | ||||
CVE-2013-6366 | 1 Vmware | 1 Hyperic Hq | 2025-04-11 | N/A |
The Groovy script console in VMware Hyperic HQ 4.6.6 allows remote authenticated administrators to execute arbitrary code via a Runtime.getRuntime().exec call. | ||||
CVE-2013-6349 | 1 Mcafee | 1 Email Gateway | 2025-04-11 | N/A |
McAfee Email Gateway (MEG) 7.0 before 7.0.4 and 7.5 before 7.5.1 allows remote authenticated users to execute arbitrary commands via unspecified vectors. | ||||
CVE-2013-6385 | 1 Drupal | 1 Drupal | 2025-04-11 | N/A |
The form API in Drupal 6.x before 6.29 and 7.x before 7.24, when used with unspecified third-party modules, performs form validation even when CSRF validation has failed, which might allow remote attackers to trigger application-specific impacts such as arbitrary code execution via application-specific vectors. | ||||
CVE-2010-2132 | 1 Danny Ho | 1 Oes | 2025-04-11 | N/A |
Multiple PHP remote file inclusion vulnerabilities in Open Education System (OES) 0.1 beta allow remote attackers to execute arbitrary PHP code via a URL in the CONF_INCLUDE_PATH parameter to (1) forum/admin.php and (2) plotgraph/index.php in admin/modules/modules/, and (3) admin_user/mod_admuser.php and (4) ogroup/mod_group.php in admin/modules/user_account/, different vectors than CVE-2007-1446. | ||||
CVE-2010-2126 | 1 Snipegallery | 1 Snipe Gallery | 2025-04-11 | N/A |
Multiple PHP remote file inclusion vulnerabilities in Snipe Gallery 3.1.5 allow remote attackers to execute arbitrary PHP code via a URL in the cfg_admin_path parameter to (1) index.php, (2) view.php, (3) image.php, (4) search.php, (5) admin/index.php, (6) admin/gallery/index.php, (7) admin/gallery/view.php, (8) admin/gallery/gallery.php, (9) admin/gallery/image.php, and (10) admin/gallery/crop.php. | ||||
CVE-2010-2161 | 3 Adobe, Macromedia, Redhat | 4 Air, Flash Player, Flash Player and 1 more | 2025-04-11 | N/A |
Array index error in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified "types of Adobe Flash code." | ||||
CVE-2013-6810 | 1 Emc | 1 Connectrix Manager | 2025-04-11 | N/A |
The server in Brocade Network Advisor before 12.1.0, as used in EMC Connectrix Manager Converged Network Edition (CMCNE), HP B-series SAN Network Advisor, and possibly other products, allows remote attackers to execute arbitrary code by using a servlet to upload an executable file. | ||||
CVE-2013-5912 | 1 Thomsonreuters | 1 Velocity Analytics Vhayu Analytic Server | 2025-04-11 | N/A |
VhttpdMgr in Thomson Reuters Velocity Analytics Vhayu Analytic Server 6.94 build 2995 allows remote attackers to execute arbitrary code via a URL in the fileName parameter during an importFile action. |