SQL injection vulnerability in ESRI ArcGIS for Server through 10.2 allows remote attackers to execute arbitrary SQL commands via unspecified input to the map or feature service.
Max CVSS
7.5
EPSS Score
0.10%
Published
2013-12-30
Updated
2013-12-31
Unspecified vulnerability in Zimbra Collaboration Server 7.2.5 and earlier, and 8.0.x through 8.0.5, has "critical" impact and unspecified vectors, a different vulnerability than CVE-2013-7091.
Max CVSS
10.0
EPSS Score
0.76%
Published
2013-12-26
Updated
2017-08-29
Multiple SQL injection vulnerabilities in Classifieds Creator 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter to demo/classifieds/product.asp, or (2) UserID or (3) Password field to demo/classifieds/admin.asp.
Max CVSS
7.5
EPSS Score
2.06%
Published
2013-12-24
Updated
2017-08-29
Multiple SQL injection vulnerabilities in C2C Forward Auction Creator 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) pa parameter to auction/asp/list.asp, or the (2) UserID or (3) Password to auction/casp/admin.asp.
Max CVSS
7.5
EPSS Score
0.24%
Published
2013-12-21
Updated
2017-08-29
Multiple SQL injection vulnerabilities in Dynamic Biz Website Builder (QuickWeb) allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to apps/news-events/newdetail.asp, or the (2) UserID or (3) Password to login.asp.
Max CVSS
7.5
EPSS Score
0.08%
Published
2013-12-21
Updated
2017-08-29
Multiple SQL injection vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to execute arbitrary SQL commands via the cmbdomain parameter to (1) checktransferstatus.php, (2) checktransferstatusbck.php, or (3) additionalsettings.php; or (4) invno parameter to payinvoiceothers.php.
Max CVSS
7.5
EPSS Score
0.17%
Published
2013-12-20
Updated
2017-08-29
SQL injection vulnerability in form.php in the FormCraft plugin 1.3.7 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
Max CVSS
7.5
EPSS Score
0.15%
Published
2013-12-20
Updated
2017-08-29
Buffer overflow in Steinberg MyMp3PRO 5.0 (Build 5.1.0.21) allows remote attackers to execute arbitrary code via a long string in a .m3u file.
Max CVSS
9.3
EPSS Score
28.32%
Published
2013-12-20
Updated
2017-08-29
SQL injection vulnerability in www/delivery/axmlrpc.php (aka the XML-RPC delivery invocation script) in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to execute arbitrary SQL commands via the what parameter to an XML-RPC method.
Max CVSS
7.5
EPSS Score
0.28%
Published
2013-12-28
Updated
2018-10-30
The UPC Ireland Cisco EPC 2425 router (aka Horizon Box) does not have a sufficiently large number of possible WPA-PSK passphrases, which makes it easier for remote attackers to obtain access via a brute-force attack.
Max CVSS
9.3
EPSS Score
6.19%
Published
2013-12-19
Updated
2017-08-29
Buffer overflow in the Interstage HTTP Server log functionality, as used in Fujitsu Interstage Application Server 9.0.0, 9.1.0, 9.2.0, 9.3.1, and 10.0.0; and Interstage Studio 9.0.0, 9.1.0, 9.2.0, and 10.0.0, has unspecified impact and attack vectors related to "ihsrlog/rotatelogs."
Max CVSS
10.0
EPSS Score
0.38%
Published
2013-12-14
Updated
2013-12-20
McAfee Email Gateway 7.6 allows remote authenticated administrators to execute arbitrary commands by specifying them in the value attribute in a (1) Command or (2) Script XML element. NOTE: this issue can be combined with CVE-2013-7092 to allow remote attackers to execute commands.
Max CVSS
9.0
EPSS Score
0.69%
Published
2013-12-14
Updated
2017-08-29
McAfee Email Gateway 7.6 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the value attribute in a (1) TestFile XML element or the (2) hostname. NOTE: this issue can be combined with CVE-2013-7092 to allow remote attackers to execute commands.
Max CVSS
9.0
EPSS Score
0.69%
Published
2013-12-14
Updated
2017-08-29
Multiple SQL injection vulnerabilities in SAP EMR Unwired allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.48%
Published
2013-12-13
Updated
2018-12-10
The XML parser (crm_flex_data) in SAP Customer Relationship Management (CRM) 7.02 EHP 2 has unknown impact and attack vectors related to an XML External Entity (XXE) issue.
Max CVSS
10.0
EPSS Score
0.37%
Published
2013-12-13
Updated
2018-12-10
SQL injection vulnerability in the RSDDCVER_COUNT_TAB_COLS function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.56%
Published
2013-12-13
Updated
2018-12-10
The message function in lib/webbynode/notify.rb in the Webbynode gem 1.0.5.3 and earlier for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a growlnotify message.
Max CVSS
7.5
EPSS Score
1.05%
Published
2013-12-19
Updated
2017-08-29
Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Scientific Atlanta DPR2320R2 routers with software 2.0.2r1262-090417 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password via the Password parameter to goform/RgSecurity; (2) reboot the device via the Restart parameter to goform/restart; (3) modify Wi-Fi settings, as demonstrated by the WpaPreSharedKey parameter to goform/wlanSecurity; or (4) modify parental controls via the ParentalPassword parameter to goform/RgParentalBasic.
Max CVSS
8.3
EPSS Score
0.21%
Published
2013-12-10
Updated
2017-08-29
D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 have a hardcoded account of username gkJ9232xXyruTRmY, which makes it easier for remote attackers to obtain access by leveraging knowledge of the username.
Max CVSS
7.8
EPSS Score
1.27%
Published
2013-12-19
Updated
2023-04-26
Multiple directory traversal vulnerabilities in the FileBrowser components in Synology DiskStation Manager (DSM) before 4.3-3810 Update 3 allow remote attackers to read, write, and delete arbitrary files via a .. (dot dot) in the (1) path parameter to file_delete.cgi or (2) folder_path parameter to file_share.cgi in webapi/FileStation/; (3) dlink parameter to fbdownload/; or unspecified parameters to (4) html5_upload.cgi, (5) file_download.cgi, (6) file_sharing.cgi, (7) file_MVCP.cgi, or (8) file_rename.cgi in webapi/FileStation/.
Max CVSS
7.5
EPSS Score
0.85%
Published
2013-12-31
Updated
2017-08-29
SQL injection vulnerability in m_worklog/log_searchday.jsp in Enorth Webpublisher CMS, possibly 5.0 and earlier, allows remote attackers to execute arbitrary SQL commands via the thisday parameter.
Max CVSS
7.5
EPSS Score
0.09%
Published
2013-12-09
Updated
2013-12-11
Juniper NetScreen Firewall running ScreenOS 5.4, 6.2, or 6.3, when the Ping of Death screen is disabled, allows remote attackers to cause a denial of service via a crafted packet.
Max CVSS
7.1
EPSS Score
1.03%
Published
2013-12-13
Updated
2014-01-04
The M2M Broker in OSEHRA VistA, as distributed before September 30, 2013, allows attackers to bypass authentication and authorization to perform doctor-only actions and read or modify patient records via unspecified vectors related to a "logic flaw."
Max CVSS
7.5
EPSS Score
0.11%
Published
2013-12-04
Updated
2014-02-25
Multiple SQL injection vulnerabilities in ajaxfs.php in the Ajax forum stat (Ajaxfs) Plugin 2.0 for MyBB (aka MyBulletinBoard) allow remote attackers to execute arbitrary SQL commands via the (1) tooltip or (2) usertooltip parameter.
Max CVSS
7.5
EPSS Score
0.19%
Published
2013-12-04
Updated
2017-08-29

CVE-2013-6935

Public exploit
Buffer overflow in VideoCharge Software Watermark Master 2.2.23 allows remote attackers to execute arbitrary code via a long string in the SourcePath value in a .wcf file.
Max CVSS
9.3
EPSS Score
88.31%
Published
2013-12-04
Updated
2016-12-08
1742 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!