Total
18198 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-1465 | 1 Cubecart | 1 Cubecart | 2024-11-21 | 9.8 Critical |
| The Cubecart::_basket method in classes/cubecart.class.php in CubeCart 5.0.0 through 5.2.0 allows remote attackers to unserialize arbitrary PHP objects via a crafted shipping parameter, as demonstrated by modifying the application configuration using the Config object. | ||||
| CVE-2013-1437 | 2 Fedoraproject, Module-metadata Project | 2 Fedora, Module-metadata | 2024-11-21 | 9.8 Critical |
| Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the $Version value. | ||||
| CVE-2013-1401 | 1 Cardozatechnologies | 1 Wordpress Poll | 2024-11-21 | 9.8 Critical |
| Multiple security bypass vulnerabilities in the editAnswer, deleteAnswer, addAnswer, and deletePoll functions in WordPress Poll Plugin 34.5 for WordPress allow a remote attacker to add, edit, and delete an answer and delete a poll. | ||||
| CVE-2013-1400 | 1 Cardozatechnologies | 1 Wordpress Poll | 2024-11-21 | 9.8 Critical |
| Multiple SQL injection vulnerabilities in CWPPoll.js in WordPress Poll Plugin 34.5 for WordPress allow attackers to execute arbitrary SQL commands via the pollid or poll_id parameter in a viewPollResults or userlogs action. | ||||
| CVE-2013-1360 | 1 Sonicwall | 4 Analyzer, Global Management System, Universal Management Appliance and 1 more | 2024-11-21 | 9.8 Critical |
| An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0 via a crafted request to the SGMS interface, which could let a remote malicious user obtain administrative access. | ||||
| CVE-2013-1359 | 1 Sonicwall | 4 Analyzer, Global Management System, Universal Management Appliance and 1 more | 2024-11-21 | 9.8 Critical |
| An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface (/appliance/), which could let a remote malicious user obtain access to the root account. | ||||
| CVE-2013-1350 | 1 Veraxsystems | 1 Network Management System | 2024-11-21 | 9.1 Critical |
| Verax NMS prior to 2.1.0 has multiple security bypass vulnerabilities | ||||
| CVE-2013-0803 | 1 Polarbear Cms Project | 1 Polarbear Cms | 2024-11-21 | 9.8 Critical |
| A PHP File Upload Vulnerability exists in PolarBear CMS 2.5 via upload.php, which could let a malicious user execute arbitrary code. | ||||
| CVE-2013-0022 | 1 Microsoft | 4 Internet Explorer, Windows 7, Windows Server 2008 and 1 more | 2024-11-21 | 9 Critical |
| Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer LsGetTrailInfo Use After Free Vulnerability." | ||||
| CVE-2012-6712 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 9.8 Critical |
| In the Linux kernel before 3.4, a buffer overflow occurs in drivers/net/wireless/iwlwifi/iwl-agn-sta.c, which will cause at least memory corruption. | ||||
| CVE-2012-6664 | 2024-11-21 | 9.1 Critical | ||
| Multiple directory traversal vulnerabilities in the TFTP Server in Distinct Intranet Servers 3.10 and earlier allow remote attackers to read or write arbitrary files via a .. (dot dot) in the (1) get or (2) put commands. | ||||
| CVE-2012-6649 | 1 Devfarm | 1 Wp Gpx Maps | 2024-11-21 | 9.8 Critical |
| WordPress WP GPX Maps Plugin 1.1.21 allows remote attackers to execute arbitrary PHP code via improper file upload. | ||||
| CVE-2012-6611 | 1 Polycom | 12 Hdx 4002, Hdx 4500, Hdx 6000 and 9 more | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Polycom Web Management Interface G3/HDX 8000 HD with Durango 2.6.0 4740 software and embedded Polycom Linux Development Platform 2.14.g3. It has a blank administrative password by default, and can be successfully used without setting this password. | ||||
| CVE-2012-6451 | 1 Lorextechnology | 4 Lnc104, Lnc104 Firmware, Lnc116 and 1 more | 2024-11-21 | 9.8 Critical |
| Lorex LNC116 and LNC104 IP Cameras have a Remote Authentication Bypass Vulnerability | ||||
| CVE-2012-6306 | 1 Hcview Project | 1 Hcview | 2024-11-21 | 9.8 Critical |
| A vulnerability exists in HCView (aka Hardcoreview) 1.4 due to a write access violation with a GIF file. | ||||
| CVE-2012-6125 | 1 Call-cc | 1 Chicken | 2024-11-21 | 9.8 Critical |
| Chicken before 4.8.0 is susceptible to algorithmic complexity attacks related to hash table collisions. | ||||
| CVE-2012-6094 | 2 Apple, Debian | 2 Cups, Debian Linux | 2024-11-21 | 9.8 Critical |
| cups (Common Unix Printing System) 'Listen localhost:631' option not honored correctly which could provide unauthorized access to the system | ||||
| CVE-2012-5878 | 1 Bulbsecurity | 1 Smartphone Pentest Framework | 2024-11-21 | 9.8 Critical |
| Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostingPath parameter to (1) SEAttack.pl or (2) CSAttack.pl in frameworkgui/ or the (3) appURLPath parameter to frameworkgui/attachMobileModem.pl. | ||||
| CVE-2012-5872 | 1 Arc2 Project | 1 Arc2 | 2024-11-21 | 9.8 Critical |
| ARC (aka ARC2) through 2011-12-01 allows blind SQL Injection in getTriplePatternSQL in ARC2_StoreSelectQueryHandler.php via comments in a SPARQL WHERE clause. | ||||
| CVE-2012-5867 | 1 Ht Editor Project | 1 Ht Editor | 2024-11-21 | 9.8 Critical |
| HT Editor 2.0.20 has a Remote Stack Buffer Overflow Vulnerability | ||||