Vulnerabilities (CVE)

Filtered by CWE-94
Total 6495 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-0248 1 Redhat 3 Jboss Enterprise Application Platform, Jboss Enterprise Web Platform, Jboss Web Framework Kit 2026-06-17 6.8 MEDIUM N/A
org.jboss.seam.web.AuthenticationFilter in Red Hat JBoss Web Framework Kit 2.5.0, JBoss Enterprise Application Platform (JBEAP) 5.2.0, and JBoss Enterprise Web Platform (JBEWP) 5.2.0 allows remote attackers to execute arbitrary code via a crafted authentication header, related to Seam logging.
CVE-2014-0233 1 Redhat 1 Openshift 2026-06-17 6.5 MEDIUM N/A
Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a cartridge using the file: URI scheme.
CVE-2014-0111 1 Apache 1 Syncope 2026-06-17 6.5 MEDIUM N/A
Apache Syncope 1.0.0 before 1.0.9 and 1.1.0 before 1.1.7 allows remote administrators to execute arbitrary Java code via vectors related to Apache Commons JEXL expressions, "derived schema definition," "user / role templates," and "account links of resource mappings."
CVE-2014-0057 1 Redhat 2 Cloudforms, Cloudforms 3.0 Management Engine 2026-06-17 7.5 HIGH N/A
The x_button method in the ServiceController (vmdb/app/controllers/service_controller.rb) in Red Hat CloudForms 3.0 Management Engine 5.2 allows remote attackers to execute arbitrary methods via unspecified vectors.
CVE-2013-7468 1 Simplemachines 1 Simple Machines Forum 2026-06-17 6.8 MEDIUM 8.1 HIGH
Simple Machines Forum (SMF) 2.0.4 allows PHP Code Injection via the index.php?action=admin;area=languages;sa=editlang dictionary parameter.
CVE-2013-7394 1 Splunk 1 Splunk 2026-06-17 9.0 HIGH N/A
The "runshellscript echo.sh" script in Splunk before 5.0.5 allows remote authenticated users to execute arbitrary commands via a crafted string. NOTE: this issue was SPLIT from CVE-2013-6771 per ADT2 due to different vulnerability types.
CVE-2013-7362 1 Sap 1 Ccms Agent 2026-06-17 7.5 HIGH N/A
An unspecified RFC function in SAP CCMS Agent allows remote attackers to execute arbitrary commands via unknown vectors.
CVE-2013-7284 1 Malcolm Nooning 1 Pirpc 2026-06-17 6.8 MEDIUM N/A
The PlRPC module, possibly 0.2020 and earlier, for Perl uses the Storable module, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized.
CVE-2013-7086 1 Webbynode 1 Webbynode 2026-06-17 7.5 HIGH N/A
The message function in lib/webbynode/notify.rb in the Webbynode gem 1.0.5.3 and earlier for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a growlnotify message.
CVE-2013-7069 1 Beyondgrep 1 Ack 2026-06-17 6.8 MEDIUM N/A
ack 2.00 through 2.11_02 allows remote attackers to execute arbitrary code via a (1) --pager, (2) --regex, or (3) --output option in a .ackrc file in a directory to be searched.
CVE-2013-7050 1 Devscripts Devel Team 1 Devscripts 2026-06-17 6.8 MEDIUM N/A
The get_main_source_dir function in scripts/uscan.pl in devscripts before 2.13.8, when using USCAN_EXCLUSION, allows remote attackers to execute arbitrary commands via shell metacharacters in a directory name.
CVE-2013-7034 1 Livezilla 1 Livezilla 2026-06-17 7.5 HIGH N/A
The setCookieValue function in _lib/functions.global.inc.php in LiveZilla before 5.1.2.1 allows remote attackers to execute arbitrary PHP code via a serialized PHP object in a cookie.
CVE-2013-6948 1 Belkin 1 Wemo Home Automation Firmware 2026-06-17 7.8 HIGH N/A
The peerAddresses API in the Belkin WeMo Home Automation firmware before 3949 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2013-6943 1 Citrix 1 Netscaler Application Delivery Controller Firmware 2026-06-17 5.0 MEDIUM N/A
Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows remote attackers to conduct an LDAP injection attack via vectors related to SSH and Web management usernames.
CVE-2013-6866 1 Sybase 1 Adaptive Server Enterprise 2026-06-17 9.0 HIGH N/A
SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka CR736689.
CVE-2013-6865 1 Sybase 1 Adaptive Server Enterprise 2026-06-17 9.0 HIGH N/A
SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka CR732989.
CVE-2013-6830 1 Pineapp 1 Mail-secure 5099sk 2026-06-17 7.5 HIGH N/A
admin/confnetworking.html in PineApp Mail-SeCure 3.70 and earlier on 5099SK and earlier platforms allows remote attackers to execute arbitrary commands via shell metacharacters in the nsserver parameter during an nslookup operation.
CVE-2013-6829 1 Pineapp 1 Mail-secure 2026-06-17 7.5 HIGH N/A
admin/confnetworking.html in PineApp Mail-SeCure allows remote attackers to execute arbitrary commands via shell metacharacters in the pinghost parameter during a ping operation.
CVE-2013-6824 1 Zabbix 1 Zabbix 2026-06-17 7.5 HIGH N/A
Zabbix before 1.8.19rc1, 2.0 before 2.0.10rc1, and 2.2 before 2.2.1rc1 allows remote Zabbix servers and proxies to execute arbitrary commands via a newline in a flexible user parameter.
CVE-2013-6810 1 Emc 1 Connectrix Manager 2026-06-17 10.0 HIGH N/A
The server in Brocade Network Advisor before 12.1.0, as used in EMC Connectrix Manager Converged Network Edition (CMCNE), HP B-series SAN Network Advisor, and possibly other products, allows remote attackers to execute arbitrary code by using a servlet to upload an executable file.