CVEs from 2013
Total
5,694
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.1%
% with KEV
0.7%
% with exploit
11.6%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-1672 | medium | — | 6.9 | 13y ago | The Mozilla Maintenance Service in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 on Windows allows local users to bypa… | |||
| CVE-2013-1979 | medium | — | 6.9 | 13y ago | The scm_set_cred function in include/net/scm.h in the Linux kernel before 3.8.11 uses incorrect uid and gid values during credentials passing, which allows local users to gain privileges via a crafte… | |||
| CVE-2013-0727 | medium | — | 6.9 | 13y ago | Multiple untrusted search path vulnerabilities in Global Mapper 14.1.0 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) ibfs32.dll file in the current working directory, … | |||
| CVE-2013-2439 | medium | — | 6.9 | 13y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier a… | |||
| CVE-2013-1293 | medium | — | 6.9 | 13y ago | The NTFS kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (NUL… | |||
| CVE-2013-1283 | medium | — | 6.9 | 13y ago | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP… | |||
| CVE-2013-0797 | medium | — | 6.9 | 13y ago | Untrusted search path vulnerability in the Mozilla Updater in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey… | |||
| CVE-2013-1860 | medium | — | 6.9 | 13y ago | Heap-based buffer overflow in the wdm_in_callback function in drivers/usb/class/cdc-wdm.c in the Linux kernel before 3.8.4 allows physically proximate attackers to cause a denial of service (system c… | |||
| CVE-2013-1495 | medium | — | 6.9 | 13y ago | asr in Oracle Auto Service Request in Oracle Support Tools before 4.3.2 allows local users to modify arbitrary files via a symlink attack on a predictable filename in /tmp. | |||
| CVE-2013-2566 | medium | 5.9 | 6.9 | 13y ago | The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis… | |||
| CVE-2013-1423 | medium | — | 6.9 | 13y ago | (1) contrib/gforge-3.0-cronjobs.patch, (2) cronjobs/homedirs.php, (3) deb-specific/fileforge.pl, (4) deb-specific/group_dump_update.pl, (5) deb-specific/ssh_dump_update.pl, (6) deb-specific/user_dump… | |||
| CVE-2013-0871 | medium | — | 6.9 | 14y ago | Race condition in the ptrace functionality in the Linux kernel before 3.7.5 allows local users to gain privileges via a PTRACE_SETREGS ptrace system call in a crafted application, as demonstrated by … | |||
| CVE-2013-0430 | medium | — | 6.9 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38, allows local users to affect confidentiality, integrity, and a… | |||
| CVE-2013-0340 | medium | — | 6.8 | 4y ago | RHSA-2025:21776: expat security update (Important) | |||
| CVE-2013-1633 | medium | — | 6.8 | 4y ago | easy_install in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to e… | |||
| CVE-2013-1865 | medium | — | 6.8 | 4y ago | OpenStack Keystone Folsom (2012.2) does not properly perform revocation checks for Keystone PKI tokens when done through a server, which allows remote attackers to bypass intended access restrictions… | |||
| CVE-2013-4200 | medium | — | 6.8 | 4y ago | The isURLInPortal method in the URLTool class in in_portal.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 treats URLs starting with a space as a relative URL, which allows … | |||
| CVE-2013-7407 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the MRBS module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||
| CVE-2013-3089 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in apply.cgi in Belkin N300 (F7D7301v1) router allows remote attackers to hijack the authentication of administrators for requests that modify configur… | |||
| CVE-2013-3086 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in util_system.html in Belkin N900 router allows remote attackers to hijack the authentication of administrators for requests that change configuration… | |||
| CVE-2013-3068 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in apply.cgi in Linksys WRT310Nv2 2.0.0.1 allows remote attackers to hijack the authentication of administrators for requests that change passwords and… | |||
| CVE-2013-3064 | medium | — | 6.8 | 12y ago | Open redirect vulnerability in ui/dynamic/unsecured.html in Linksys EA6500 with firmware 1.1.28.147876 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks vi… | |||
| CVE-2013-4444 | medium | — | 6.8 | 12y ago | Apache Tomcat Unrestricted file upload vulnerability | |||
| CVE-2013-6691 | medium | — | 6.8 | 12y ago | The WebVPN CIFS implementation in Cisco Adaptive Security Appliance (ASA) Software 9.0(.4.1) and earlier allows remote CIFS servers to cause a denial of service (device reload) via a long share list,… | |||
| CVE-2013-5353 | medium | — | 6.8 | 12y ago | Unrestricted file upload vulnerability in system/controllers/ajax/attachments.php in Sharetronix 3.1.1.3, 3.1.1, and earlier allows remote attackers to execute arbitrary code by uploading a file with… | |||
| CVE-2013-5352 | medium | — | 6.8 | 12y ago | Sharetronix 3.1.1.3, 3.1.1, and earlier allows remote attackers to execute arbitrary PHP code via the (1) activities_text parameter to services/activities/set or (2) comments_text parameter to servic… | |||
| CVE-2013-2182 | medium | — | 6.8 | 12y ago | The Mandril security plugin in Monkey HTTP Daemon (monkeyd) before 1.5.0 allows remote attackers to bypass access restrictions via a crafted URI, as demonstrated by an encoded forward slash. | |||
| CVE-2013-3476 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the WordPress Related Posts plugin before 2.6.2 for WordPress allows remote attackers to hijack the authentication of users for requests that change… | |||
| CVE-2013-3258 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in he Digg Digg plugin before 5.3.5 for WordPress allows remote attackers to hijack the authentication of users for requests that modify settings via u… | |||
| CVE-2013-3257 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the Related Posts plugin before 2.7.2 for WordPress allows remote attackers to hijack the authentication of users for requests that modify settings … | |||
| CVE-2013-2710 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the Contextual Related Posts plugin before 1.8.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests t… | |||
| CVE-2013-3477 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the Related Posts by Zemanta plugin before 1.3.2 for WordPress allows remote attackers to hijack the authentication of unspecified users for request… | |||
| CVE-2013-2698 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the Calendar plugin before 1.3.3 for WordPress allows remote attackers to hijack the authentication of users for requests that add a calendar entry … | |||
| CVE-2013-7385 | medium | — | 6.8 | 12y ago | LiveZilla 5.1.2.1 and earlier includes the MD5 hash of the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which allows remote attackers to obtain sensitive… | |||
| CVE-2013-6807 | medium | — | 6.8 | 12y ago | The client in OpenText Exceed OnDemand (EoD) 8 supports anonymous ciphers by default, which allows man-in-the-middle attackers to bypass server certificate validation, redirect a connection, and obta… | |||
| CVE-2013-6806 | medium | — | 6.8 | 12y ago | OpenText Exceed OnDemand (EoD) 8 allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information via a crafted string in a response, which triggers a downg… | |||
| CVE-2013-7379 | medium | — | 6.8 | 12y ago | API Admin Auth Weakness in tomato | |||
| CVE-2013-2700 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the Add/Edit page (adminmenus.php) in the WP125 plugin before 1.5.0 for WordPress allows remote attackers to hijack the authentication of administra… | |||
| CVE-2013-2034 | medium | — | 6.8 | 12y ago | Jenkins Cross-Site Request Forgery vulnerabilities | |||
| CVE-2013-2705 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the WordPress Simple Paypal Shopping Cart plugin before 3.6 for WordPress allows remote attackers to hijack the authentication of administrators for… | |||
| CVE-2013-2692 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the Admin web interface in OpenVPN Access Server before 1.8.5 allows remote attackers to hijack the authentication of administrators for requests th… | |||
| CVE-2013-4581 | medium | — | 6.8 | 12y ago | GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote attackers to execute arbitrary code via a crafted change using SSH. | |||
| CVE-2013-4580 | medium | — | 6.8 | 12y ago | GitLab before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1, when using a MySQL backend, allows remote attackers to impersonate arbitrary users and bypass authentication … | |||
| CVE-2013-7302 | medium | — | 6.8 | 12y ago | Session fixation vulnerability in the Ubercart module 6.x-2.x before 6.x-2.13 and 7.x-3.x before 7.x-3.6 for Drupal, when the "Log in new customers after checkout" option is enabled, allows remote at… | |||
| CVE-2013-7284 | medium | — | 6.8 | 12y ago | The PlRPC module, possibly 0.2020 and earlier, for Perl uses the Storable module, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it … | |||
| CVE-2013-7259 | medium | — | 6.8 | 12y ago | Neo4J vulnerable to Cross-Site Request Forgery | |||
| CVE-2013-4726 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to hijack the authen… | |||
| CVE-2013-4565 | medium | — | 6.8 | 12y ago | Heap-based buffer overflow in the __OLEdecode function in ppthtml 0.5.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted .ppt… | |||
| CVE-2013-6369 | medium | — | 6.8 | 12y ago | Stack-based buffer overflow in the jbg_dec_in function in libjbig/jbig.c in JBIG-KIT before 2.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary… | |||
| CVE-2013-2708 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the Content Slide plugin 1.4.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin … | |||
| CVE-2013-2706 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the Stream Video Player plugin 1.4.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change p… | |||
| CVE-2013-3252 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the options admin page in the WP-PostViews plugin before 1.63 for WordPress allows remote attackers to hijack the authentication of administrators f… | |||
| CVE-2013-3251 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the qTranslate plugin 2.5.34 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that chan… | |||
| CVE-2013-2699 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the underConstruction plugin before 1.09 for WordPress allows remote attackers to hijack the authentication of administrators for requests that deac… | |||
| CVE-2013-2693 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the Options in the WP-Print plugin before 2.52 for WordPress allows remote attackers to hijack the authentication of administrators for requests tha… | |||
| CVE-2013-7352 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL inj… | |||
| CVE-2013-5443 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, 10.1 before IFIX 2, and 10.2.1 before FP1 allows remote attackers to hijack the authenticat… | |||
| CVE-2013-4057 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the XML Pack in IBM InfoSphere Information Server 8.5.x through 8.5 FP3, 8.7.x through 8.7 FP2, and 9.1.x through 9.1.2.0 allows remote attackers to… | |||
| CVE-2013-0301 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in apps/calendar/ajax/settings/settimezone in ownCloud before 4.0.12 allows remote attackers to hijack the authentication of users for requests that ch… | |||
| CVE-2013-0300 | medium | — | 6.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud 4.5.x before 4.5.7 allow remote attackers to hijack the authentication of users for requests that (1) change the default view vi… | |||
| CVE-2013-0299 | medium | — | 6.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote attackers to hijack the authentication of users for requests that (1) change t… | |||
| CVE-2013-4963 | medium | — | 6.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Puppet Enterprise (PE) before 3.0.1 allow remote attackers to hijack the authentication of users for requests that deleting a (1) report,… | |||
| CVE-2013-1399 | medium | — | 6.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) node request management, (2) live management, and (3) user administration components in the console in Puppet Enterprise (PE) bef… | |||
| CVE-2013-6475 | medium | — | 6.8 | 12y ago | Multiple integer overflows in (1) OPVPOutputDev.cxx and (2) oprs/OPVPSplash.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allow remote attackers to execute arbitrary code via a c… | |||
| CVE-2013-6474 | medium | — | 6.8 | 12y ago | Heap-based buffer overflow in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows remote attackers to execute arbitrary code via a crafted PDF file. | |||
| CVE-2013-6473 | medium | — | 6.8 | 12y ago | Multiple heap-based buffer overflows in the urftopdf filter in cups-filters 1.0.25 before 1.0.47 allow remote attackers to execute arbitrary code via a large (1) page or (2) line in a URF file. | |||
| CVE-2013-6188 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) 7.1 through 7.2.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vector… | |||
| CVE-2013-7334 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in ImageCMS before 4.2 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the q… | |||
| CVE-2013-6942 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows remote attack… | |||
| CVE-2013-3260 | medium | — | 6.8 | 12y ago | Heap-based buffer overflow in INMATRIX Zoom Player before 8.7 beta 11 allows remote attackers to execute arbitrary code via a large biClrUsed value in a BMP file. | |||
| CVE-2013-3259 | medium | — | 6.8 | 12y ago | Stack-based buffer overflow in INMATRIX Zoom Player before 8.7 beta 11 allows remote attackers to execute arbitrary code via a large biClrUsed value in a BMP file. | |||
| CVE-2013-6202 | medium | — | 6.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in HP Service Manager 9.30, 9.31, 9.32, and 9.33 allow remote attackers to hijack the authentication of unspecified victims for requests tha… | |||
| CVE-2013-7327 | medium | — | 6.8 | 12y ago | The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check return values, which allows remote attackers to cause a denial of service (application crash) or possibly have unspeci… | |||
| CVE-2013-7226 | medium | — | 6.8 | 12y ago | Integer overflow in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impac… | |||
| CVE-2013-6492 | medium | — | 6.8 | 13y ago | The Piranha Configuration Tool in Piranha 0.8.6 does not properly restrict access to webpages, which allows remote attackers to bypass authentication and read or modify the LVS configuration via an H… | |||
| CVE-2013-3988 | medium | — | 6.8 | 13y ago | The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | |||
| CVE-2013-1980 | medium | — | 6.8 | 13y ago | Buffer overflow in the get_dsmp function in loaders/masi_load.c in libxmp before 4.1.0 allows remote attackers to execute arbitrary code via a crafted MASI file. | |||
| CVE-2013-6393 | medium | — | 6.8 | 13y ago | Heap Based Buffer Overflow in libyaml | |||
| CVE-2013-7320 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in D-Link DAP-2253 Access Point (Rev. A1) with firmware before 1.30 allows remote attackers to hijack the authentication of administrators for requests… | |||
| CVE-2013-5427 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1 FP8 through 11.0 and InfoSphere Master Data Management Server for Pro… | |||
| CVE-2013-6429 | medium | — | 6.8 | 13y ago | Cross-Site Request Forgery in Spring Framework | |||
| CVE-2013-6458 | medium | — | 6.8 | 13y ago | Multiple race conditions in the (1) virDomainBlockStats, (2) virDomainGetBlockInf, (3) qemuDomainBlockJobImpl, and (4) virDomainGetBlockIoTune functions in libvirt before 1.2.1 do not properly verify… | |||
| CVE-2013-7315 | medium | — | 6.8 | 13y ago | Missing XML Validation in Spring Framework | |||
| CVE-2013-4152 | medium | — | 6.8 | 13y ago | Cross-Site Request Forgery in Spring Framework | |||
| CVE-2013-7314 | medium | — | 6.8 | 13y ago | The OSPF implementation on NEC IP38X, IX1000, IX2000, and IX3000 routers does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performin… | |||
| CVE-2013-6443 | medium | — | 6.8 | 13y ago | CloudForms 3.0 Management Engine before 5.2.1.6 allows remote attackers to bypass the Ruby on Rails protect_from_forgery mechanism and conduct cross-site request forgery (CSRF) attacks via a destruct… | |||
| CVE-2013-0339 | medium | — | 6.8 | 13y ago | libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote at… | |||
| CVE-2013-3595 | medium | — | 6.8 | 13y ago | The OpenManage web application 2.5 build 1.19 on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote authenticated users to cause a denial of service (device reset… | |||
| CVE-2013-6645 | medium | — | 6.8 | 13y ago | Use-after-free vulnerability in the OnWindowRemovingFromRootWindow function in content/browser/web_contents/web_contents_view_aura.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1… | |||
| CVE-2013-5882 | medium | — | 6.8 | 13y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedures. | |||
| CVE-2013-5879 | medium | — | 6.8 | 13y ago | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.4.1 allows context-dependent attackers to affect availability via unknown vectors relat… | |||
| CVE-2013-5870 | medium | — | 6.8 | 13y ago | Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX. | |||
| CVE-2013-5860 | medium | — | 6.8 | 13y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS. | |||
| CVE-2013-5904 | medium | — | 6.8 | 13y ago | Unspecified vulnerability in Oracle Java SE 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | |||
| CVE-2013-7107 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in cmd.cgi in Icinga 1.8.5, 1.9.4, 1.10.2, and earlier allows remote attackers to hijack the authentication of users for unspecified commands via unspe… | |||
| CVE-2013-6028 | medium | — | 6.8 | 13y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Atmail Webmail Server before 7.2 allow remote attackers to hijack the authentication of administrators for requests that (1) add user acc… | |||
| CVE-2013-7262 | medium | — | 6.8 | 13y ago | SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis.c in MapServer before 6.4.1, when a WMS-Time service is used, allows remote attackers to execute arbitrary SQL co… | |||
| CVE-2013-7256 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in Opsview before 4.4.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||
| CVE-2013-6992 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in askapache-firefox-adsense.php in the AskApache Firefox Adsense plugin 3.0 and earlier for WordPress allows remote attackers to hijack the authentica… | |||
| CVE-2013-7251 | medium | — | 6.8 | 13y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in ProjectForge before 5.3 allow remote attackers to hijack the authentication of arbitrary users via vectors related to (1) web/admin/, (2)… |