Vulnerabilities (CVE)

Filtered by CWE-74
Total 980 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-7487 1 Swann 8 Dvr-16cif, Dvr-16cif Firmware, Dvr04b and 5 more 2024-11-21 6.8 MEDIUM 9.8 CRITICAL
On Swann DVR04B, DVR08B, DVR-16CIF, and DVR16B devices, raysharpdvr application has a vulnerable call to “system”, which allows remote attackers to execute arbitrary code via TCP port 9000.
CVE-2013-7381 1 Libnotify Project 1 Libnotify 2024-11-21 7.5 HIGH 9.8 CRITICAL
libnotify before 1.0.4 for Node.js allows remote attackers to execute arbitrary commands via unspecified characters in a call to libnotify.notify.
CVE-2013-7380 1 Ep Imageconvert Project 1 Ep Imageconvert 2024-11-21 7.5 HIGH 9.8 CRITICAL
The Etherpad Lite ep_imageconvert Plugin has a Remote Command Injection Vulnerability
CVE-2013-7378 1 Hubot Scripts Project 1 Hubot Scripts 2024-11-21 7.5 HIGH 9.8 CRITICAL
scripts/email.coffee in the Hubot Scripts module before 2.4.4 for Node.js allows remote attackers to execute arbitrary commands.
CVE-2013-7324 1 Webkitgtk 1 Webkitgtk 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
Webkit-GTK 2.x (any version with HTML5 audio/video support based on GStreamer) allows remote attackers to trigger unexpectedly high sound volume via malicious javascript. NOTE: this WebKit-GTK behavior complies with existing W3C standards and existing practices for GNOME desktop integration.
CVE-2013-7070 1 Fibranet 1 Monitorix 2024-11-21 10.0 HIGH 9.8 CRITICAL
The handle_request function in lib/HTTPServer.pm in Monitorix before 3.3.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the URI.
CVE-2013-6501 2 Php, Suse 2 Php, Linux Enterprise Server 2024-11-21 4.6 MEDIUM N/A
The default soap.wsdl_cache_dir setting in (1) php.ini-production and (2) php.ini-development in PHP through 5.6.7 specifies the /tmp directory, which makes it easier for local users to conduct WSDL injection attacks by creating a file under /tmp with a predictable filename that is used by the get_sdl function in ext/soap/php_sdl.c.
CVE-2013-6435 2 Debian, Rpm 2 Debian Linux, Rpm 2024-11-21 7.6 HIGH N/A
Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory.
CVE-2013-4578 1 Oracle 2 Jdk, Jre 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation.
CVE-2013-4486 2 Linux, Redhat 2 Linux Kernel, Zanata 2024-11-21 6.8 MEDIUM 9.8 CRITICAL
Zanata 3.0.0 through 3.1.2 has RCE due to EL interpolation in logging
CVE-2013-4318 1 Feature Project 1 Feature 2024-11-21 3.5 LOW 5.4 MEDIUM
File injection vulnerability in Ruby gem Features 0.3.0 allows remote attackers to inject malicious html in the /tmp directory.
CVE-2013-4144 1 Swfupload Project 1 Swfupload 2024-11-21 7.5 HIGH 9.8 CRITICAL
There is an object injection vulnerability in swfupload plugin for wordpress.
CVE-2013-3628 1 Zabbix 1 Zabbix 2024-11-21 6.5 MEDIUM 8.8 HIGH
Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability
CVE-2013-3214 1 Vtiger 1 Vtiger Crm 2024-11-21 7.5 HIGH 9.8 CRITICAL
vtiger CRM 5.4.0 and earlier contain a PHP Code Injection Vulnerability in 'vtigerolservice.php'.
CVE-2013-3212 1 Vtiger 1 Vtiger Crm 2024-11-21 6.8 MEDIUM 8.1 HIGH
vtiger CRM 5.4.0 and earlier contain local file-include vulnerabilities in 'customerportal.php' which allows remote attackers to view files and execute local script code.
CVE-2013-2678 1 Cisco 2 Linksys E4200, Linksys E4200 Firmware 2024-11-21 6.8 MEDIUM 8.1 HIGH
Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Include Vulnerability which could allow remote attackers to obtain sensitive information or execute arbitrary code by sending a crafted URL request to the apply.cgi script using the submit_type parameter.
CVE-2013-2251 5 Apache, Fujitsu, Microsoft and 2 more 21 Archiva, Struts, Gp-s and 18 more 2024-11-21 9.3 HIGH 9.8 CRITICAL
Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
CVE-2013-2095 1 Openshift-origin-controller Project 1 Openshift-origin-controller 2024-11-21 7.5 HIGH 9.8 CRITICAL
rubygem-openshift-origin-controller: API can be used to create applications via cartridge_cache.rb URI.prase() to perform command injection
CVE-2013-2010 2 Automattic, Boldgrid 2 Wp Super Cache, W3 Total Cache 2024-11-21 7.5 HIGH 9.8 CRITICAL
WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability
CVE-2013-1437 2 Fedoraproject, Module-metadata Project 2 Fedora, Module-metadata 2024-11-21 7.5 HIGH 9.8 CRITICAL
Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the $Version value.