Total
1501 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-6501 | 2 Php, Suse | 2 Php, Linux Enterprise Server | 2024-11-21 | N/A |
| The default soap.wsdl_cache_dir setting in (1) php.ini-production and (2) php.ini-development in PHP through 5.6.7 specifies the /tmp directory, which makes it easier for local users to conduct WSDL injection attacks by creating a file under /tmp with a predictable filename that is used by the get_sdl function in ext/soap/php_sdl.c. | ||||
| CVE-2013-6435 | 3 Debian, Redhat, Rpm | 5 Debian Linux, Enterprise Linux, Rhel Eus and 2 more | 2024-11-21 | N/A |
| Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory. | ||||
| CVE-2013-4578 | 2 Oracle, Redhat | 5 Jdk, Jre, Enterprise Linux and 2 more | 2024-11-21 | N/A |
| jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation. | ||||
| CVE-2013-4486 | 2 Linux, Redhat | 2 Linux Kernel, Zanata | 2024-11-21 | 9.8 Critical |
| Zanata 3.0.0 through 3.1.2 has RCE due to EL interpolation in logging | ||||
| CVE-2013-4318 | 1 Feature Project | 1 Feature | 2024-11-21 | 5.4 Medium |
| File injection vulnerability in Ruby gem Features 0.3.0 allows remote attackers to inject malicious html in the /tmp directory. | ||||
| CVE-2013-4144 | 1 Swfupload Project | 1 Swfupload | 2024-11-21 | 9.8 Critical |
| There is an object injection vulnerability in swfupload plugin for wordpress. | ||||
| CVE-2013-3628 | 1 Zabbix | 1 Zabbix | 2024-11-21 | 8.8 High |
| Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability | ||||
| CVE-2013-3214 | 1 Vtiger | 1 Vtiger Crm | 2024-11-21 | 9.8 Critical |
| vtiger CRM 5.4.0 and earlier contain a PHP Code Injection Vulnerability in 'vtigerolservice.php'. | ||||
| CVE-2013-3212 | 1 Vtiger | 1 Vtiger Crm | 2024-11-21 | 8.1 High |
| vtiger CRM 5.4.0 and earlier contain local file-include vulnerabilities in 'customerportal.php' which allows remote attackers to view files and execute local script code. | ||||
| CVE-2013-2678 | 1 Cisco | 2 Linksys E4200, Linksys E4200 Firmware | 2024-11-21 | 8.1 High |
| Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Include Vulnerability which could allow remote attackers to obtain sensitive information or execute arbitrary code by sending a crafted URL request to the apply.cgi script using the submit_type parameter. | ||||
| CVE-2013-2095 | 1 Openshift-origin-controller Project | 1 Openshift-origin-controller | 2024-11-21 | 9.8 Critical |
| rubygem-openshift-origin-controller: API can be used to create applications via cartridge_cache.rb URI.prase() to perform command injection | ||||
| CVE-2013-2010 | 2 Automattic, Boldgrid | 2 Wp Super Cache, W3 Total Cache | 2024-11-21 | 9.8 Critical |
| WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability | ||||
| CVE-2013-1437 | 2 Fedoraproject, Module-metadata Project | 2 Fedora, Module-metadata | 2024-11-21 | 9.8 Critical |
| Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the $Version value. | ||||
| CVE-2012-4196 | 5 Canonical, Mozilla, Opensuse and 2 more | 14 Ubuntu Linux, Firefox, Seamonkey and 11 more | 2024-11-21 | N/A |
| Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 allow remote attackers to bypass the Same Origin Policy and read the Location object via a prototype property-injection attack that defeats certain protection mechanisms for this object. | ||||
| CVE-2012-2931 | 1 Tinywebgallery | 1 Tinywebgallery | 2024-11-21 | 7.2 High |
| PHP code injection in TinyWebGallery before 1.8.8 allows remote authenticated users with admin privileges to inject arbitrary code into the .htusers.php file. | ||||
| CVE-2012-1496 | 1 Webcalendar Project | 1 Webcalendar | 2024-11-21 | 8.8 High |
| Local file inclusion in WebCalendar before 1.2.5. | ||||
| CVE-2012-1495 | 1 Webcalendar Project | 1 Webcalendar | 2024-11-21 | 9.8 Critical |
| install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter. | ||||
| CVE-2012-0070 | 1 Spamdyke | 1 Spamdyke | 2024-11-21 | 7.5 High |
| spamdyke prior to 4.2.1: STARTTLS reveals plaintext | ||||
| CVE-2011-4558 | 1 Tiki | 1 Tiki | 2024-11-21 | 7.2 High |
| Tiki 8.2 and earlier allows remote administrators to execute arbitrary PHP code via crafted input to the regexres and regex parameters. | ||||
| CVE-2011-3624 | 1 Ruby-lang | 1 Ruby | 2024-11-21 | 5.3 Medium |
| Various methods in WEBrick::HTTPRequest in Ruby 1.9.2 and 1.8.7 and earlier do not validate the X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server headers in requests, which might allow remote attackers to inject arbitrary text into log files or bypass intended address parsing via a crafted header. | ||||