Total
27301 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-7471 | 1 Dlink | 10 Dir-300, Dir-300 Firmware, Dir-600 and 7 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request. | |||||
| CVE-2013-7465 | 1 Icecoldapps | 1 Servers Ultimate | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Ice Cold Apps Servers Ultimate 6.0.2(12) does not require authentication for TELNET, SSH, or FTP, which allows remote attackers to execute arbitrary code by uploading PHP scripts. | |||||
| CVE-2013-7390 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Unrestricted file upload vulnerability in AgentLogUploadServlet in ManageEngine DesktopCentral 7.x and 8.0.0 before build 80293 allows remote attackers to execute arbitrary code by uploading a file with a jsp extension, then accessing it via a direct request to the file in the webroot. | |||||
| CVE-2013-7381 | 1 Libnotify Project | 1 Libnotify | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| libnotify before 1.0.4 for Node.js allows remote attackers to execute arbitrary commands via unspecified characters in a call to libnotify.notify. | |||||
| CVE-2013-7380 | 1 Ep Imageconvert Project | 1 Ep Imageconvert | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Etherpad Lite ep_imageconvert Plugin has a Remote Command Injection Vulnerability | |||||
| CVE-2013-7378 | 1 Hubot Scripts Project | 1 Hubot Scripts | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| scripts/email.coffee in the Hubot Scripts module before 2.4.4 for Node.js allows remote attackers to execute arbitrary commands. | |||||
| CVE-2013-7287 | 1 Mobileiron | 2 Sentry, Virtual Smartphone Platform | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| MobileIron VSP < 5.9.1 and Sentry < 5.0 has an insecure encryption scheme. | |||||
| CVE-2013-7173 | 1 Belkin | 2 N750, N750 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Belkin n750 routers have a buffer overflow. | |||||
| CVE-2013-7171 | 1 Slackware | 1 Slackware Linux | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Slackware 14.0 and 14.1, and Slackware LLVM 3.0-i486-2 and 3.3-i486-2, contain world-writable permissions on the /tmp directory which could allow remote attackers to execute arbitrary code with root privileges. | |||||
| CVE-2013-7098 | 1 Infradead | 1 Openconnect | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| OpenConnect VPN client with GnuTLS before 5.02 contains a heap overflow if MTU is increased on reconnection. | |||||
| CVE-2013-7088 | 3 Clamav, Debian, Fedoraproject | 3 Clamav, Debian Linux, Fedora | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| ClamAV before 0.97.7 has buffer overflow in the libclamav component | |||||
| CVE-2013-7087 | 3 Clamav, Debian, Fedoraproject | 3 Clamav, Debian Linux, Fedora | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| ClamAV before 0.97.7 has WWPack corrupt heap memory | |||||
| CVE-2013-7070 | 1 Fibranet | 1 Monitorix | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The handle_request function in lib/HTTPServer.pm in Monitorix before 3.3.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the URI. | |||||
| CVE-2013-7055 | 1 Dlink | 2 Dir-100, Dir-100 Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| D-Link DIR-100 4.03B07 has PPTP and poe information disclosure | |||||
| CVE-2013-7052 | 1 Dlink | 2 Dir-100, Dir-100 Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| D-Link DIR-100 4.03B07: security bypass via an error in the cliget.cgi script | |||||
| CVE-2013-6792 | 1 Google | 1 Android | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Google Android prior to 4.4 has an APK Signature Security Bypass Vulnerability | |||||
| CVE-2013-6362 | 1 Xerox | 24 Colorqube 9201, Colorqube 9201 Firmware, Colorqube 9202 and 21 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| Xerox ColorCube and WorkCenter devices in 2013 had hardcoded FTP and shell user accounts. | |||||
| CVE-2013-6295 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| PrestaShop 1.5.5 vulnerable to privilege escalation via a Salesman account via upload module | |||||
| CVE-2013-6276 | 1 Qnap | 10 Viocard-100, Viocard-100 Firmware, Viocard-30 and 7 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| ** UNSUPPORTED WHEN ASSIGNED ** QNAP F_VioCard 2312 and F_VioGate 2308 have hardcoded entries in authorized_keys files. NOTE: 1. All active models are not affected. The last affected model was EOL since 2010. 2. The legacy authorization mechanism is no longer adopted in all active models. | |||||
| CVE-2013-6236 | 1 Izoncam | 2 Izon Ip, Izon Ip Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| IZON IP 2.0.2: hard-coded password vulnerability | |||||