CVE-2014-1683

Public exploit
The bashMail function in cms/data/skins/techjunkie/fragments/contacts/functions.php in SkyBlueCanvas CMS before 1.1 r248-04, when the pid parameter is 4, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) name, (2) email, (3) subject, or (4) message parameter to index.php.
Max CVSS
6.8
EPSS Score
95.76%
Published
2014-01-29
Updated
2017-08-29

CVE-2014-1610

Public exploit
MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the page parameter to includes/media/DjVu.php; (2) the w parameter (aka width field) to thumb.php, which is not properly handled by includes/media/PdfHandler_body.php; and possibly unspecified vectors in (3) includes/media/Bitmap.php and (4) includes/media/ImageHandler.php.
Max CVSS
6.0
EPSS Score
8.32%
Published
2014-01-30
Updated
2016-05-25

CVE-2014-0750

Public exploit
Directory traversal vulnerability in gefebt.exe in the WebView CimWeb components in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY through 8.2 SIM 24, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary code via a crafted HTTP request, aka ZDI-CAN-1622.
Max CVSS
7.5
EPSS Score
38.43%
Published
2014-01-25
Updated
2014-02-21

CVE-2014-0659

Public exploit
The Cisco WAP4410N access point with firmware through 2.0.6.1, WRVS4400N router with firmware 1.x through 1.1.13 and 2.x through 2.0.2.1, and RVS4000 router with firmware through 2.0.3.2 allow remote attackers to read credential and configuration data, and execute arbitrary commands, via requests to the test interface on TCP port 32764, aka Bug IDs CSCum37566, CSCum43693, CSCum43700, and CSCum43685.
Max CVSS
10.0
EPSS Score
21.65%
Published
2014-01-12
Updated
2017-08-29

CVE-2013-7260

Public exploit
Multiple stack-based buffer overflows in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before 12.0.1.1738, allow remote attackers to execute arbitrary code via a long (1) version number or (2) encoding declaration in the XML declaration of an RMP file, a different issue than CVE-2013-6877.
Max CVSS
7.5
EPSS Score
96.74%
Published
2014-01-03
Updated
2020-05-11

CVE-2013-6955

Public exploit
webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header.
Max CVSS
10.0
EPSS Score
97.29%
Published
2014-01-09
Updated
2014-01-10

CVE-2013-6194

Public exploit
Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1905.
Max CVSS
10.0
EPSS Score
75.51%
Published
2014-01-04
Updated
2019-10-09

CVE-2013-5880

Public exploit
Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 12.2.0, 12.2.1, and 12.2.2 allows remote attackers to affect confidentiality via unknown vectors related to DM Others.
Max CVSS
5.0
EPSS Score
89.15%
Published
2014-01-15
Updated
2014-02-07

CVE-2013-5877

Public exploit
Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.0, and 12.2.1 allows remote attackers to affect confidentiality via unknown vectors related to DM Others.
Max CVSS
5.0
EPSS Score
89.15%
Published
2014-01-15
Updated
2014-02-07

CVE-2013-5795

Public exploit
Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.1, 12.2.2, and 12.2.3 allows remote attackers to affect confidentiality via unknown vectors related to DM Others.
Max CVSS
5.0
EPSS Score
89.15%
Published
2014-01-15
Updated
2014-01-28

CVE-2013-5211

Public exploit
The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.
Max CVSS
5.0
EPSS Score
96.63%
Published
2014-01-02
Updated
2023-11-01

CVE-2013-3482

Public exploit
Stack-based buffer overflow in the rf_report_error function in ermapper_u.dll in Intergraph ERDAS ER Viewer before 13.0.1.1301 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long string in an ERS file.
Max CVSS
9.3
EPSS Score
89.24%
Published
2014-01-19
Updated
2014-01-21

CVE-2013-2827

Public exploit
An unspecified ActiveX control in WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before 3.1.2 allows remote attackers to download arbitrary DLL code onto a client machine and execute this code via the ProjectURL property value.
Max CVSS
7.5
EPSS Score
54.18%
Published
2014-01-15
Updated
2014-01-16

CVE-2013-2347

Public exploit
The Backup Client Service (OmniInet.exe) in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary commands or cause a denial of service via a crafted EXEC_BAR packet to TCP port 5555, aka ZDI-CAN-1885.
Max CVSS
10.0
EPSS Score
43.05%
Published
2014-01-04
Updated
2019-10-09

CVE-2013-2050

Public exploit
SQL injection vulnerability in the miq_policy controller in Red Hat CloudForms 2.0 Management Engine (CFME) 5.1 and ManageIQ Enterprise Virtualization Manager 5.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the profile[] parameter in an explorer action.
Max CVSS
7.5
EPSS Score
1.08%
Published
2014-01-11
Updated
2023-02-13

CVE-2012-5192

Public exploit
Directory traversal vulnerability in gmap/view_overlay.php in Bitweaver 2.8.1 and earlier allows remote attackers to read arbitrary files via "''%2F" (dot dot encoded slash) sequences in the overlay_type parameter.
Max CVSS
5.0
EPSS Score
4.17%
Published
2014-01-28
Updated
2014-02-21
16 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!