CVEs from 2013
Total
5,694
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.1%
% with KEV
0.7%
% with exploit
11.6%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-4341 | medium | — | 5.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 allow remote attackers to inject arbitrary web script or H… | |||
| CVE-2013-3179 | medium | — | 5.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka … | |||
| CVE-2013-5716 | medium | — | 5.3 | 13y ago | Gretech GOM Media Player 2.2.53.5169 and possibly earlier allows remote attackers to cause a denial of service (application crash) via a crafted WAV file. | |||
| CVE-2013-1649 | medium | — | 5.3 | 13y ago | Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 uses the crypt and SHA-1 algorithms for password hashing, which makes it easier for context-dependent attackers t… | |||
| CVE-2013-1646 | medium | — | 5.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allow remote attackers to inject arbitrary web script or H… | |||
| CVE-2013-5314 | medium | — | 5.3 | 13y ago | Cross-site scripting (XSS) vulnerability in serendipity_admin_image_selector.php in Serendipity 1.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the serendipity[ht… | |||
| CVE-2013-5312 | medium | — | 5.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in Vastal I-Tech phpVID 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) n parameter to browse_videos.php or the (2)… | |||
| CVE-2013-1942 | medium | — | 5.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.2.20, as used in ownCloud Server before 5.0.4 and other pro… | |||
| CVE-2013-4880 | medium | — | 5.3 | 13y ago | Cross-site scripting (XSS) vulnerability in core/admin/modules/developer/modules/views/add.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to inject arbitrary web script or HTML via th… | |||
| CVE-2013-4759 | medium | — | 5.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Magnolia Form module 1.x before 1.4.7 and 2.x before 2.0.2 for Magnolia CMS allow remote attackers to inject arbitrary web script or HTML vi… | |||
| CVE-2013-4625 | medium | — | 5.3 | 13y ago | Cross-site scripting (XSS) vulnerability in files/installer.cleanup.php in the Duplicator plugin before 0.4.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pack… | |||
| CVE-2013-4620 | medium | — | 5.3 | 13y ago | Cross-site scripting (XSS) vulnerability in interface/main/onotes/office_comments_full.php in OpenEMR 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the note parameter. | |||
| CVE-2013-5020 | medium | — | 5.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in bb_admin.php in MiniBB before 3.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) forum_name, (2) forum_group, (3) f… | |||
| CVE-2013-5006 | medium | — | 5.3 | 13y ago | main_internet.php on the Western Digital My Net N600 and N750 with firmware 1.03.12 and 1.04.16, and the N900 and N900C with firmware 1.05.12, 1.06.18, and 1.06.28, allows remote attackers to discove… | |||
| CVE-2013-4951 | medium | — | 5.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in Mintboard 0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) pass parameter in views/login.php or (3) nam… | |||
| CVE-2013-4950 | medium | — | 5.3 | 13y ago | Cross-site scripting (XSS) vulnerability in view.php in Machform 2 allows remote attackers to inject arbitrary web script or HTML via the element_2 parameter. | |||
| CVE-2013-4946 | medium | — | 5.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in BMC Service Desk Express (SDE) 10.2.1.95 allow remote attackers to inject arbitrary web script or HTML via the (1) SelTab parameter to QV_admin.… | |||
| CVE-2013-3515 | medium | — | 5.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in OpenX Source 2.8.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) package parameter to www/admin/plugin-… | |||
| CVE-2013-4883 | medium | — | 5.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePO Extension for the McAfee Agent (MA) 4.5 through 4.6, allow remote attackers to inject… | |||
| CVE-2013-4117 | medium | — | 5.3 | 13y ago | Cross-site scripting (XSS) vulnerability in includes/CatGridPost.php in the Category Grid View Gallery plugin 2.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via th… | |||
| CVE-2013-3166 | medium | — | 5.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to inject arbitrary web script or HTML via vectors involving incorrect auto-selection of t… | |||
| CVE-2013-1950 | medium | — | 5.3 | 13y ago | The svc_dg_getargs function in libtirpc 0.2.3 and earlier allows remote attackers to cause a denial of service (rpcbind crash) via a Sun RPC request with crafted arguments that trigger a free of an i… | |||
| CVE-2013-3299 | medium | — | 5.3 | 13y ago | RealNetworks RealPlayer 16.0.2.32 and earlier allows remote attackers to cause a denial of service (resource consumption or application crash) via an HTML document containing JavaScript code that con… | |||
| CVE-2013-1670 | medium | — | 5.3 | 13y ago | The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acqui… | |||
| CVE-2013-3538 | medium | — | 5.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in todooforum.php in Todoo Forum 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id_post or (2) pg parameter. | |||
| CVE-2013-3535 | medium | — | 5.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in CMSLogik 1.2.0 and 1.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_email, (2) header_title, (3) site_title… | |||
| CVE-2013-3529 | medium | — | 5.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in user/obits.php in the WP FuneralPress plugin before 1.1.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1… | |||
| CVE-2013-3526 | medium | — | 5.3 | 13y ago | Cross-site scripting (XSS) vulnerability in js/ta_loaded.js.php in the Traffic Analyzer plugin, possibly 3.3.2 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTM… | |||
| CVE-2013-2416 | medium | — | 5.3 | 13y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployme… | |||
| CVE-2013-0125 | medium | — | 5.3 | 13y ago | Cross-site scripting (XSS) vulnerability in fileview.asp in C2 WebResource allows remote attackers to inject arbitrary web script or HTML via the File parameter. | |||
| CVE-2013-2501 | medium | — | 5.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the Terillion Reviews plugin before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ProfileId field. | |||
| CVE-2013-1114 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unity Express before 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud87527. | |||
| CVE-2013-1464 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in assets/player.swf in the Audio Player plugin before 2.0.4.6 for Wordpress allows remote attackers to inject arbitrary web script or HTML via the playerID p… | |||
| CVE-2013-1463 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in js/tabletools/zeroclipboard.swf in the WP-Table Reloaded module before 1.9.4 for Wordpress allows remote attackers to inject arbitrary web script or HTML v… | |||
| CVE-2013-1471 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in admin/FEAdmin.html in Fortinet FortiMail before 4.3.4 on FortiMail Identity-Based Encryption (IBE) appliances allow user-assisted remote attacke… | |||
| CVE-2013-0653 | medium | — | 5.3 | 14y ago | Directory traversal vulnerability in substitute.bcl in the WebView CimWeb subsystem in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPL… | |||
| CVE-2013-6457 | medium | — | 5.2 | 13y ago | The libxlDomainGetNumaParameters function in the libxl driver (libxl/libxl_driver.c) in libvirt before 1.2.1 does not properly initialize the nodemap, which allows local users to cause a denial of se… | |||
| CVE-2013-6197 | medium | — | 5.2 | 13y ago | Unspecified vulnerability in HP Service Manager WebTier and Windows Client 9.20 and 9.21 before 9.21.661 p8 allows remote authenticated users to execute arbitrary code via unknown vectors. | |||
| CVE-2013-4554 | medium | — | 5.2 | 13y ago | Xen 3.0.3 through 4.1.x (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x (possibly 4.3.1) does not properly prevent access to hypercalls, which allows local guest users to gain privileges via a … | |||
| CVE-2013-4553 | medium | — | 5.2 | 13y ago | The XEN_DOMCTL_getmemlist hypercall in Xen 3.4.x through 4.3.x (possibly 4.3.1) does not always obtain the page_alloc_lock and mm_rwlock in the same order, which allows local guest administrators to … | |||
| CVE-2013-6376 | medium | — | 5.2 | 13y ago | The recalculate_apic_map function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (host OS crash) via a crafted ICR … | |||
| CVE-2013-4416 | medium | — | 5.2 | 13y ago | The Ocaml xenstored implementation (oxenstored) in Xen 4.1.x, 4.2.x, and 4.3.x allows local guest domains to cause a denial of service (domain shutdown) via a large message reply. | |||
| CVE-2013-4494 | medium | — | 5.2 | 13y ago | Xen before 4.1.x, 4.2.x, and 4.3.x does not take the page_alloc_lock and grant_table.lock in the same order, which allows local guest administrators with access to multiple vcpus to cause a denial of… | |||
| CVE-2013-5866 | medium | — | 5.2 | 13y ago | Unspecified vulnerability in Oracle Solaris 11.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel. | |||
| CVE-2013-0577 | medium | — | 5.2 | 13y ago | The Optim E-Business Console in IBM Data Growth Solution for Oracle E-business Suite 6.0 through 9.1 allows remote authenticated users to bypass intended access restrictions and create, modify, or de… | |||
| CVE-2013-2077 | medium | — | 5.2 | 13y ago | Xen 4.0.x, 4.1.x, and 4.2.x does not properly restrict the contents of a XRSTOR, which allows local PV guest users to cause a denial of service (unhandled exception and hypervisor crash) via unspecif… | |||
| CVE-2013-0217 | medium | — | 5.2 | 14y ago | Memory leak in drivers/net/xen-netback/netback.c in the Xen netback functionality in the Linux kernel before 3.7.8 allows guest OS users to cause a denial of service (memory consumption) by triggerin… | |||
| CVE-2013-0216 | medium | — | 5.2 | 14y ago | The Xen netback functionality in the Linux kernel before 3.7.8 allows guest OS users to cause a denial of service (loop) by triggering ring pointer corruption. | |||
| CVE-2013-4761 | medium | — | 5.1 | 9y ago | Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby prog… | |||
| CVE-2013-7424 | medium | — | 5.1 | 11y ago | The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AI_IDN flag is used, allows context-dependent attackers to cause a denial of service (invalid free) and possibly execu… | |||
| CVE-2013-5906 | medium | — | 5.1 | 13y ago | Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install, a different v… | |||
| CVE-2013-5905 | medium | — | 5.1 | 13y ago | Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install, a different v… | |||
| CVE-2013-5902 | medium | — | 5.1 | 13y ago | Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnera… | |||
| CVE-2013-4550 | medium | — | 5.1 | 13y ago | Bip before 0.8.9, when running as a daemon, writes SSL handshake errors to an unexpected file descriptor that was previously associated with stderr before stderr has been closed, which allows remote … | |||
| CVE-2013-7039 | medium | — | 5.1 | 13y ago | Stack-based buffer overflow in the MHD_digest_auth_check function in libmicrohttpd before 0.9.32, when MHD_OPTION_CONNECTION_MEMORY_LIMIT is set to a large value, allows remote attackers to cause a d… | |||
| CVE-2013-6385 | medium | — | 5.1 | 13y ago | The form API in Drupal 6.x before 6.29 and 7.x before 7.24, when used with unspecified third-party modules, performs form validation even when CSRF validation has failed, which might allow remote att… | |||
| CVE-2013-4689 | medium | — | 5.1 | 13y ago | J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1R before 12.1R6, 12.1X44 before 12.1X44-D15, 12.1x45 before 12.1X45-D10, 12.2 before 12.2R3, 12.3 before 12.3R2, and 13.1 before 13.1R3 … | |||
| CVE-2013-2054 | medium | — | 5.1 | 13y ago | Buffer overflow in the atodn function in strongSwan 2.0.0 through 4.3.4, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote attackers to cause a denial of service (p… | |||
| CVE-2013-2052 | medium | — | 5.1 | 13y ago | Buffer overflow in the atodn function in libreswan 3.0 and 3.1, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote attackers to cause a denial of service (pluto IKE … | |||
| CVE-2013-1862 | medium | — | 5.1 | 13y ago | mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to exec… | |||
| CVE-2013-1912 | medium | — | 5.1 | 13y ago | Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through 1.5-dev17, when HTTP keep-alive is enabled, using HTTP keywords in TCP inspection rules, and running with rewrite rules that appends … | |||
| CVE-2013-0130 | medium | — | 5.1 | 13y ago | Multiple buffer overflows in Core FTP before 2.2 build 1769 allow remote FTP servers to execute arbitrary code or cause a denial of service (application crash) via a long directory name in a (1) DELE… | |||
| CVE-2013-0320 | medium | — | 5.1 | 13y ago | Cross-site request forgery (CSRF) vulnerability in the Taxonomy Manager (taxonomy_manager) module 6.x-2.x before 6.x-2.2 and 7.x-1.x before 7.x-1.0-rc1 for Drupal allows remote attackers to hijack th… | |||
| CVE-2013-0472 | medium | — | 5.1 | 14y ago | The Web GUI in the client in IBM Tivoli Storage Manager (TSM) 6.3 before 6.3.1.0 and 6.4 before 6.4.0.1 allows man-in-the-middle attackers to obtain unspecified client access, and consequently obtain… | |||
| CVE-2013-0263 | medium | — | 5.1 | 14y ago | Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privile… | |||
| CVE-2013-0214 | medium | — | 5.1 | 14y ago | Cross-site request forgery (CSRF) vulnerability in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to hijack the… | |||
| CVE-2013-0213 | medium | — | 5.1 | 14y ago | The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a (1) FRAME or (2) IFRAME el… | |||
| CVE-2013-0974 | medium | — | 5.1 | 14y ago | StoreKit in Apple iOS before 6.1 does not properly handle the disabling of JavaScript within the preferences configuration of Mobile Safari, which allows remote attackers to bypass intended access re… | |||
| CVE-2013-4294 | medium | — | 5.0 | 4y ago | The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which a… | |||
| CVE-2013-1443 | medium | — | 5.0 | 4y ago | The authentication framework (django.contrib.auth) in Django 1.4.x before 1.4.8, 1.5.x before 1.5.4, and 1.6.x before 1.6 beta 4 allows remote attackers to cause a denial of service (CPU consumption)… | |||
| CVE-2013-6419 | medium | — | 5.0 | 4y ago | Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive… | |||
| CVE-2013-2014 | medium | — | 5.0 | 4y ago | OpenStack Identity (Keystone) before 2013.1 allows remote attackers to cause a denial of service (memory consumption and crash) via multiple long requests. | |||
| CVE-2013-7444 | medium | — | 5.0 | 11y ago | The Special:Contributions page in MediaWiki before 1.22.0 allows remote attackers to determine if an IP is autoblocked via the "Change block" text. | |||
| CVE-2013-7443 | medium | — | 5.0 | 11y ago | Buffer overflow in the skip-scan optimization in SQLite 3.8.2 allows remote attackers to cause a denial of service (crash) via crafted SQL statements. | |||
| CVE-2013-7437 | medium | — | 5.0 | 11y ago | Multiple integer overflows in potrace 1.11 allow remote attackers to cause a denial of service (crash) via large dimensions in a BMP image, which triggers a buffer overflow. | |||
| CVE-2013-7423 | medium | — | 5.0 | 11y ago | The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended l… | |||
| CVE-2013-7252 | medium | — | 5.0 | 12y ago | kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB mode instead of CBC mode when encrypting the password store, which makes it easier for attackers to guess passwords via a co… | |||
| CVE-2013-5958 | medium | — | 5.0 | 12y ago | The Security component in Symfony 2.0.x before 2.0.25, 2.1.x before 2.1.13, 2.2.x before 2.2.9, and 2.3.x before 2.3.6 allows remote attackers to cause a denial of service (CPU consumption) via a lon… | |||
| CVE-2013-7401 | medium | — | 5.0 | 12y ago | The parse_request function in request.c in c-icap 0.2.x allows remote attackers to cause a denial of service (crash) via a URI without a " " or "?" character in an ICAP request, as demonstrated by us… | |||
| CVE-2013-4442 | medium | — | 5.0 | 12y ago | Password Generator (aka Pwgen) before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers. | |||
| CVE-2013-4440 | medium | — | 5.0 | 12y ago | Password Generator (aka Pwgen) before 2.07 generates weak non-tty passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack. | |||
| CVE-2013-7402 | medium | — | 5.0 | 12y ago | Multiple unspecified vulnerabilities in request.c in c-icap 0.2.x allow remote attackers to cause a denial of service (crash) via a crafted ICAP request. | |||
| CVE-2013-3737 | medium | — | 5.0 | 12y ago | The MobileUI (aka RT-Extension-MobileUI) extension before 1.04 in Request Tracker (RT) 4.0.0 before 4.0.13, when using the file-based session store (Apache::Session::File) and certain authentication … | |||
| CVE-2013-0336 | medium | — | 5.0 | 12y ago | The ipapwd_chpwop function in daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c in the directory server (dirsrv) in FreeIPA before 3.2.0 allows remote attackers to cause a denial of service (cr… | |||
| CVE-2013-7329 | medium | — | 5.0 | 12y ago | The CGI::Application module before 4.50_50 and 4.50_51 for Perl, when run modes are not specified, allows remote attackers to obtain sensitive information (web queries and environment details) via ve… | |||
| CVE-2013-6496 | medium | — | 5.0 | 12y ago | Red Hat Conga 0.12.2 allows remote attackers to obtain sensitive information via a crafted request to the (1) homebase, (2) cluster, (3) storage, (4) portal_skins/custom, or (5) logs Luci extension. | |||
| CVE-2013-2599 | medium | — | 5.0 | 12y ago | A certain Qualcomm Innovation Center (QuIC) patch to the NativeDaemonConnector class in services/java/com/android/server/NativeDaemonConnector.java in Code Aurora Forum (CAF) releases of Android 4.1.… | |||
| CVE-2013-0334 | medium | — | 5.0 | 12y ago | Bundler may install gems from a different source than expected | |||
| CVE-2013-5757 | medium | — | 5.0 | 12y ago | Absolute path traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a full pathname in the dumpConfigFile function in the command parame… | |||
| CVE-2013-5756 | medium | — | 5.0 | 12y ago | Directory traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a .. (dot dot) in the page parameter to cgi-bin/cgiServer.exx. | |||
| CVE-2013-7391 | medium | — | 5.0 | 12y ago | The Entity API module 7.x-1.x before 7.x-1.2 for Drupal, when using the (a) Views field or (b) area plugins, allows remote attackers to read restricted entities via the (1) field, (2) header, or (3) … | |||
| CVE-2013-5423 | medium | — | 5.0 | 12y ago | IBM Flex System Manager (FSM) 1.1 through 1.3 before 1.3.2.0 allows remote attackers to enumerate user accounts via unspecified vectors. | |||
| CVE-2013-1068 | medium | — | 5.0 | 12y ago | The OpenStack Nova (python-nova) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.2 and 1:2014.1-0 before 1:2014.1-0ubuntu1.2 and Openstack Cinder (python-cinder) package 1:2013.2.3-0 before 1:2013.2.… | |||
| CVE-2013-2163 | medium | — | 5.0 | 12y ago | Monkey HTTP Daemon (monkeyd) before 1.2.2 allows remote attackers to cause a denial of service (infinite loop) via an offset equal to the file size in the Range HTTP header. | |||
| CVE-2013-5760 | medium | — | 5.0 | 12y ago | QNAP Photo Station before firmware 4.0.3 build0912 allows remote attackers to list OS user accounts via a request to photo/p/api/list.php. | |||
| CVE-2013-2564 | medium | — | 5.0 | 12y ago | Mambo CMS 4.6.5 allows remote attackers to cause a denial of service (memory and bandwidth consumption) by uploading a crafted file. | |||
| CVE-2013-4728 | medium | — | 5.0 | 12y ago | DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a .. (dot dot) in the "l" parameter… | |||
| CVE-2013-4725 | medium | — | 5.0 | 12y ago | DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not set the secure flag for an unspecified cookie in an https session, which makes it easi… | |||
| CVE-2013-4724 | medium | — | 5.0 | 12y ago | DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which make… | |||
| CVE-2013-0250 | medium | — | 5.0 | 12y ago | The init_nss_hash function in exec/totemcrypto.c in Corosync 2.0 before 2.3 does not properly initialize the HMAC key, which allows remote attackers to cause a denial of service (crash) via a crafted… |