8.7
CVE-2013-10039 - GestioIP 3.0 ip_checkhost.cgi RCE
A command injection vulnerability exists in GestioIP 3.0 commit ac67be and earlier in ip_checkhost.cgi. Crafted input to the 'ip' parameter allows attackers to execute arbitrary shell commands on the server via embedded base64-encoded payloads. Authentication may be required depending on deploymentโฆ
9.3
CVE-2013-10042 - freeFTPd <= 1.0.10 PASS Command Stack-Based Buffer Overflow
A stack-based buffer overflow vulnerability exists in freeFTPd version 1.0.10 and earlier in the handling of the FTP PASS command. When an attacker sends a specially crafted password string, the application fails to validate input length, resulting in memory corruption. This can lead to denial of sโฆ
9.3
CVE-2013-10038 - FlashChat Arbitrary File Upload RCE
An unauthenticated arbitrary file upload vulnerability exists in FlashChat versions 6.0.2 and 6.0.4 through 6.0.8. The upload.php endpoint fails to properly validate file types and authentication, allowing attackers to upload malicious PHP scripts. Once uploaded, these scripts can be executed remotโฆ
9.3
CVE-2012-10021 - D-Link DIR-605L Captcha Handling Buffer Overflow
A stack-based buffer overflow vulnerability exists in D-Link DIR-605L Wireless N300 Cloud Router firmware versions 1.12 and 1.13 via the getAuthCode() function. The flaw arises from unsafe usage of sprintf() when processing user-supplied CAPTCHA data via the FILECODE parameter in /goform/formLogin.โฆ
10
CVE-2013-10040 - ClipBucket <= 2.6 ofc_upload_image.php Arbitrary File Upload RCE
ClipBucket version 2.6 and earlier contains a critical vulnerability in the ofc_upload_image.php script located at /admin_area/charts/ofc-library/. This endpoint allows unauthenticated users to upload arbitrary files, including executable PHP scripts. Once uploaded, the attacker can access the fileโฆ
8.4
CVE-2013-10036 - Beetel Connection Manager NetConfig.ini Stack-Based Buffer Overflow
A stack-based buffer overflow vulnerability exists in Beetel Connection Manager version PCW_BTLINDV1.0.0B04ย when parsing the UserName parameter in the NetConfig.ini configuration file. A crafted .ini file containing an overly long UserName value can overwrite the Structured Exception Handler (SEH),โฆ
9.5
CVE-2013-10043 - Astium VOIP PBX <= 2.1 SQL Injection File Upload RCE
A vulnerability exists in OAstium VoIP PBX astium-confweb-2.1-25399 and earlier, where improper input validation in the logon.php script allows an attacker to bypass authentication via SQL injection. Once authenticated as an administrator, the attacker can upload arbitrary PHP code through the impoโฆ
10
CVE-2014-125121 - Array Networks vAPV and vxAG Default Credential Privilege Escalation
Array Networks vAPV (version 8.3.2.17) and vxAG (version 9.2.0.34) appliances are affected by a privilege escalation vulnerability caused by a combination of hardcoded SSH credentials (or SSH private key) and insecure permissions on a startup script. The devices ship with a default SSH loginย or a hโฆ
8.8
CVE-2014-125125 - A10 Networks AX Loadbalancer Path Traversal
A path traversal vulnerability exists in A10 Networks AX Loadbalancer versions 2.6.1-GR1-P5, 2.7.0, and earlier. The vulnerability resides in the handling of the filename parameter in the /xml/downloads endpoint, which fails to properly sanitize user input. An unauthenticated attacker can exploit tโฆ
6.9
CVE-2025-8407 - code-projects Vehicle Management filter2.php sql injection
A vulnerability, which was classified as critical, has been found in code-projects Vehicle Management 1.0. This issue affects some unknown processing of the file /filter2.php. The manipulation of the argument from leads to sql injection. The attack may be initiated remotely. The exploit has been diโฆ