CVE-2010-5299

Public exploit
Stack-based buffer overflow in MicroP 0.1.1.1600 allows remote attackers to execute arbitrary code via a crafted .mppl file. NOTE: it has been reported that the overflow is in the lpFileName parameter of the CreateFileA function, but the overflow is probably caused by a separate, unnamed function.
Max CVSS
6.8
EPSS Score
72.66%
Published
2014-05-23
Updated
2014-06-30

CVE-2011-4722

Public exploit
Directory traversal vulnerability in the TFTP Server 1.0.0.24 in Ipswitch WhatsUp Gold allows remote attackers to read arbitrary files via a .. (dot dot) in the Filename field of an RRQ operation.
Max CVSS
7.8
EPSS Score
9.38%
Published
2014-12-28
Updated
2017-08-29

CVE-2012-0270

Public exploit
Multiple stack-based buffer overflows in Csound before 5.16.6 allow remote attackers to execute arbitrary code via a crafted (1) hetro file to the getnum function in util/heti_main.c or (2) PVOC file to the getnum function in util/pv_import.c.
Max CVSS
7.5
EPSS Score
95.05%
Published
2014-02-17
Updated
2014-02-18

CVE-2012-0938

Public exploit
Multiple SQL injection vulnerabilities in TestLink 1.9.3, 1.8.5b, and earlier allow remote authenticated users with certain permissions to execute arbitrary SQL commands via the root_node parameter in the display_children function to (1) getrequirementnodes.php or (2) gettprojectnodes.php in lib/ajax/; the (3) cfield_id parameter in an edit action to lib/cfields/cfieldsEdit.php; the (4) id parameter in an edit action or (5) plan_id parameter in a create action to lib/plan/planMilestonesEdit.php; or the req_spec_id parameter to (6) reqImport.php or (7) in a create action to reqEdit.php in lib/requirements/. NOTE: some of these details are obtained from third party information.
Max CVSS
6.5
EPSS Score
0.81%
Published
2014-08-14
Updated
2017-08-29

CVE-2012-4915

Public exploit
Directory traversal vulnerability in the Google Doc Embedder plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to libs/pdf.php.
Max CVSS
5.0
EPSS Score
93.16%
Published
2014-05-29
Updated
2017-08-29

CVE-2012-5192

Public exploit
Directory traversal vulnerability in gmap/view_overlay.php in Bitweaver 2.8.1 and earlier allows remote attackers to read arbitrary files via "''%2F" (dot dot encoded slash) sequences in the overlay_type parameter.
Max CVSS
5.0
EPSS Score
4.17%
Published
2014-01-28
Updated
2014-02-21

CVE-2012-6636

Public exploit
The Android API before 17 does not properly restrict the WebView.addJavascriptInterface method, which allows remote attackers to execute arbitrary methods of Java objects by using the Java Reflection API within crafted JavaScript code that is loaded into the WebView component in an application targeted to API level 16 or earlier, a related issue to CVE-2013-4710.
Max CVSS
6.8
EPSS Score
4.06%
Published
2014-03-03
Updated
2020-07-28

CVE-2013-1412

Public exploit
DataLife Engine (DLE) 9.7 allows remote attackers to execute arbitrary PHP code via the catlist[] parameter to engine/preview.php, which is used in a preg_replace function call with an e modifier.
Max CVSS
7.5
EPSS Score
97.02%
Published
2014-06-02
Updated
2014-06-03

CVE-2013-2050

Public exploit
SQL injection vulnerability in the miq_policy controller in Red Hat CloudForms 2.0 Management Engine (CFME) 5.1 and ManageIQ Enterprise Virtualization Manager 5.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the profile[] parameter in an explorer action.
Max CVSS
7.5
EPSS Score
1.08%
Published
2014-01-11
Updated
2023-02-13

CVE-2013-2143

Public exploit
The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by setting a user account to an administrator account.
Max CVSS
6.5
EPSS Score
72.72%
Published
2014-04-17
Updated
2021-07-16

CVE-2013-2347

Public exploit
The Backup Client Service (OmniInet.exe) in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary commands or cause a denial of service via a crafted EXEC_BAR packet to TCP port 5555, aka ZDI-CAN-1885.
Max CVSS
10.0
EPSS Score
43.05%
Published
2014-01-04
Updated
2019-10-09

CVE-2013-2641

Public exploit
Directory traversal vulnerability in patience.cgi in Sophos Web Appliance before 3.7.8.2 allows remote attackers to read arbitrary files via the id parameter.
Max CVSS
5.0
EPSS Score
92.07%
Published
2014-03-18
Updated
2014-03-19

CVE-2013-2827

Public exploit
An unspecified ActiveX control in WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before 3.1.2 allows remote attackers to download arbitrary DLL code onto a client machine and execute this code via the ProjectURL property value.
Max CVSS
7.5
EPSS Score
54.18%
Published
2014-01-15
Updated
2014-01-16

CVE-2013-3482

Public exploit
Stack-based buffer overflow in the rf_report_error function in ermapper_u.dll in Intergraph ERDAS ER Viewer before 13.0.1.1301 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long string in an ERS file.
Max CVSS
9.3
EPSS Score
89.24%
Published
2014-01-19
Updated
2014-01-21

CVE-2013-3632

Public exploit
The Cron service in rpc.php in OpenMediaVault allows remote authenticated users to execute cron jobs as arbitrary users and execute arbitrary commands via the username parameter.
Max CVSS
9.0
EPSS Score
82.79%
Published
2014-09-29
Updated
2014-09-30

CVE-2013-3843

Public exploit
Stack-based buffer overflow in the mk_request_header_process function in mk_request.c in Monkey HTTP Daemon (monkeyd) before 1.2.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP header.
Max CVSS
6.8
EPSS Score
35.87%
Published
2014-06-13
Updated
2020-03-26

CVE-2013-3928

Public exploit
Stack-based buffer overflow in the ReadFile function in flt_BMP.dll in Chasys Draw IES before 4.11.02 allows remote attackers to execute arbitrary code via crafted biPlanes and biBitCount fields in a BMP file.
Max CVSS
9.3
EPSS Score
95.22%
Published
2014-03-11
Updated
2017-08-29

CVE-2013-3975

Public exploit
Unspecified vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to discover user names, full names, and e-mail addresses via a search.
Max CVSS
5.0
EPSS Score
0.41%
Published
2014-05-26
Updated
2017-08-29

CVE-2013-3977

Public exploit
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to determine which meeting rooms are owned by a user by leveraging knowledge of valid user names.
Max CVSS
4.3
EPSS Score
0.57%
Published
2014-05-26
Updated
2017-08-29

CVE-2013-3982

Public exploit
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to obtain unspecified installation information and technical data via a request to a public page.
Max CVSS
5.0
EPSS Score
0.41%
Published
2014-05-26
Updated
2017-08-29

CVE-2013-4467

Public exploit
Multiple SQL injection vulnerabilities in the agent interface (agc/) in VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier allow (1) remote attackers to execute arbitrary SQL commands via the campaign variable in SCRIPT_multirecording_AJAX.php, (2) remote authenticated users to execute arbitrary SQL commands via the server_ip parameter to manager_send.php, or (3) other unspecified vectors. NOTE: some of these details are obtained from third party information.
Max CVSS
6.5
EPSS Score
63.48%
Published
2014-03-11
Updated
2014-05-20

CVE-2013-4468

Public exploit
VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in the extension parameter in an OriginateVDRelogin action to manager_send.php.
Max CVSS
6.5
EPSS Score
33.77%
Published
2014-05-14
Updated
2014-05-15

CVE-2013-4490

Public exploit
The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before 1.7.3, as used in GitLab 5.0 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the public key.
Max CVSS
6.5
EPSS Score
19.97%
Published
2014-05-13
Updated
2014-05-14

CVE-2013-4710

Public exploit
Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows remote attackers to execute arbitrary methods of Java objects or cause a denial of service (reboot) via a crafted web page, as demonstrated by use of the WebView.addJavascriptInterface method, a related issue to CVE-2012-6636.
Max CVSS
9.3
EPSS Score
3.58%
Published
2014-03-03
Updated
2014-03-10

CVE-2013-4730

Public exploit
Buffer overflow in PCMan's FTP Server 2.0.7 allows remote attackers to execute arbitrary code via a long string in a USER command.
Max CVSS
10.0
EPSS Score
76.59%
Published
2014-05-15
Updated
2016-12-31
161 vulnerabilities found
1 2 3 4 5 6 7
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!