Total
2019 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-3212 | 1 Vtiger | 1 Vtiger Crm | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| vtiger CRM 5.4.0 and earlier contain local file-include vulnerabilities in 'customerportal.php' which allows remote attackers to view files and execute local script code. | |||||
| CVE-2013-2678 | 1 Cisco | 2 Linksys E4200, Linksys E4200 Firmware | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Include Vulnerability which could allow remote attackers to obtain sensitive information or execute arbitrary code by sending a crafted URL request to the apply.cgi script using the submit_type parameter. | |||||
| CVE-2013-2095 | 1 Openshift-origin-controller Project | 1 Openshift-origin-controller | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| rubygem-openshift-origin-controller: API can be used to create applications via cartridge_cache.rb URI.prase() to perform command injection | |||||
| CVE-2013-2010 | 2 Automattic, Boldgrid | 2 Wp Super Cache, W3 Total Cache | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability | |||||
| CVE-2013-1437 | 2 Fedoraproject, Module-metadata Project | 2 Fedora, Module-metadata | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the $Version value. | |||||
| CVE-2012-2931 | 1 Tinywebgallery | 1 Tinywebgallery | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| PHP code injection in TinyWebGallery before 1.8.8 allows remote authenticated users with admin privileges to inject arbitrary code into the .htusers.php file. | |||||
| CVE-2012-1496 | 1 Webcalendar Project | 1 Webcalendar | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Local file inclusion in WebCalendar before 1.2.5. | |||||
| CVE-2012-1495 | 1 Webcalendar Project | 1 Webcalendar | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter. | |||||
| CVE-2012-0070 | 1 Spamdyke | 1 Spamdyke | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| spamdyke prior to 4.2.1: STARTTLS reveals plaintext | |||||
| CVE-2011-4558 | 1 Tiki | 1 Tiki | 2024-11-21 | 6.0 MEDIUM | 7.2 HIGH |
| Tiki 8.2 and earlier allows remote administrators to execute arbitrary PHP code via crafted input to the regexres and regex parameters. | |||||
| CVE-2011-3624 | 1 Ruby-lang | 1 Ruby | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Various methods in WEBrick::HTTPRequest in Ruby 1.9.2 and 1.8.7 and earlier do not validate the X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server headers in requests, which might allow remote attackers to inject arbitrary text into log files or bypass intended address parsing via a crafted header. | |||||
| CVE-2011-2717 | 2 Linux, Redhat | 2 Dhcp6c, Enterprise Linux | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The DHCPv6 client (dhcp6c) as used in the dhcpv6 project through 2011-07-25 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message. | |||||
| CVE-2011-2538 | 1 Cisco | 1 Telepresence Video Communication Server | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| Cisco Video Communications Server (VCS) before X7.0.3 contains a command injection vulnerability which allows remote, authenticated attackers to execute arbitrary commands. | |||||
| CVE-2010-4658 | 1 Status | 1 Statusnet | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| statusnet through 2010 allows attackers to spoof syslog messages via newline injection attacks. | |||||
| CVE-2010-4654 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack. | |||||
| CVE-2010-3668 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Header Injection in the secure download feature jumpurl. | |||||
| CVE-2005-3056 | 1 Twiki | 1 Twiki | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| TWiki allows arbitrary shell command execution via the Include function | |||||
| CVE-2024-11241 | 1 Anisha | 1 Job Recruitment | 2024-11-20 | 7.5 HIGH | 7.5 HIGH |
| A vulnerability was found in code-projects Job Recruitment 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file reset.php. The manipulation of the argument e leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-11244 | 1 Anisha | 1 Farmacia | 2024-11-20 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability classified as critical was found in code-projects Farmacia 1.0. This vulnerability affects unknown code of the file /editar-cliente.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-11245 | 1 Anisha | 1 Farmacia | 2024-11-20 | 6.5 MEDIUM | 7.5 HIGH |
| A vulnerability, which was classified as critical, has been found in code-projects Farmacia 1.0. This issue affects some unknown processing of the file /editar-produto.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||