CVEs from 2013
Total
5,688
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.1%
% with KEV
0.7%
% with exploit
11.6%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-5358 | high | — | 7.5 | 13y ago | Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 allows remote attackers to trigger memory corruption via a crafted TIFF tag, as demonstrated using a KDC file with a DSLR-A100 model and certain… | |||
| CVE-2013-5357 | high | — | 7.5 | 13y ago | Integer overflow in Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 allows remote attackers to execute arbitrary code via a long TIFF tag that triggers a heap-based buffer overflow, as demonst… | |||
| CVE-2013-5349 | high | — | 7.5 | 13y ago | Integer underflow in Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 allows remote attackers to execute arbitrary code via a crafted JPEG tag that triggers a heap-based buffer overflow, as dem… | |||
| CVE-2013-6888 | high | — | 7.5 | 13y ago | Uscan in devscripts before 2.13.9 allows remote attackers to execute arbitrary code via a crafted tarball. | |||
| CVE-2013-7232 | high | — | 7.5 | 13y ago | SQL injection vulnerability in ESRI ArcGIS for Server through 10.2 allows remote attackers to execute arbitrary SQL commands via unspecified input to the map or feature service. | |||
| CVE-2013-7149 | high | — | 7.5 | 13y ago | SQL injection vulnerability in www/delivery/axmlrpc.php (aka the XML-RPC delivery invocation script) in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to e… | |||
| CVE-2013-7216 | high | — | 7.5 | 13y ago | Multiple SQL injection vulnerabilities in Classifieds Creator 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter to demo/classifieds/product.asp, or (2) UserID or (… | |||
| CVE-2013-4461 | high | — | 7.5 | 13y ago | SQL injection vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows remote attackers to execute arbitrary SQL commands via vectors related to the "filtering table ope… | |||
| CVE-2013-6824 | high | — | 7.5 | 13y ago | Zabbix before 1.8.19rc1, 2.0 before 2.0.10rc1, and 2.2 before 2.2.1rc1 allows remote Zabbix servers and proxies to execute arbitrary commands via a newline in a flexible user parameter. | |||
| CVE-2013-7096 | high | — | 7.5 | 13y ago | Multiple SQL injection vulnerabilities in SAP EMR Unwired allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2013-7094 | high | — | 7.5 | 13y ago | SQL injection vulnerability in the RSDDCVER_COUNT_TAB_COLS function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2013-6054 | high | — | 7.5 | 13y ago | Heap-based buffer overflow in OpenJPEG 1.3 has unspecified impact and remote vectors, a different vulnerability than CVE-2013-6045. | |||
| CVE-2013-6045 | high | — | 7.5 | 13y ago | Multiple heap-based buffer overflows in OpenJPEG 1.3 and earlier might allow remote attackers to execute arbitrary code via unspecified vectors. | |||
| CVE-2013-7086 | high | — | 7.5 | 13y ago | Webbynode Code Injection vulnerability | |||
| CVE-2013-5619 | high | — | 7.5 | 13y ago | Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 might allow remote attackers to cause a denial of service (out-… | |||
| CVE-2013-5354 | high | — | 7.5 | 13y ago | Multiple SQL injection vulnerabilities in Sharetronix 3.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) fb_user_id or (2) tw_user_id parameter to signup. | |||
| CVE-2013-4376 | high | — | 7.5 | 13y ago | The setgid wrapper libx2go-server-db-sqlite3-wrapper.c in X2Go Server before 4.0.0.2 allows remote attackers to execute arbitrary code via unspecified vectors, related to the path to libx2go-server-d… | |||
| CVE-2013-6410 | high | — | 7.5 | 13y ago | nbd-server in Network Block Device (nbd) before 3.5 does not properly check IP addresses, which might allow remote attackers to bypass intended access restrictions via an IP address that has a partia… | |||
| CVE-2013-6640 | high | — | 7.5 | 13y ago | The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of servi… | |||
| CVE-2013-6639 | high | — | 7.5 | 13y ago | The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of servi… | |||
| CVE-2013-6638 | high | — | 7.5 | 13y ago | Multiple buffer overflows in runtime.cc in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allow remote attackers to cause a denial of service or possibly have unspecified o… | |||
| CVE-2013-6637 | high | — | 7.5 | 13y ago | Multiple unspecified vulnerabilities in Google Chrome before 31.0.1650.63 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||
| CVE-2013-6945 | high | — | 7.5 | 13y ago | The M2M Broker in OSEHRA VistA, as distributed before September 30, 2013, allows attackers to bypass authentication and authorization to perform doctor-only actions and read or modify patient records… | |||
| CVE-2013-6421 | high | — | 7.5 | 13y ago | sprout Arbitrary Code Execution vulnerability | |||
| CVE-2013-4844 | high | — | 7.5 | 13y ago | Unspecified vulnerability in HP Service Manager 7.11, 9.21, 9.30, 9.31, and 9.32, and ServiceCenter 6.2.8, allows remote attackers to execute arbitrary code via unknown vectors. | |||
| CVE-2013-5957 | high | — | 7.5 | 13y ago | Multiple SQL injection vulnerabilities in CRM/Core/Page/AJAX/Location.php in CiviCRM before 4.2.12, 4.3.x before 4.3.7, and 4.4.x before 4.4.beta4 allow remote attackers to execute arbitrary SQL comm… | |||
| CVE-2013-6869 | high | — | 7.5 | 13y ago | SQL injection vulnerability in the SRTT_GET_COUNT_BEFORE_KEY_RFC function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2013-4263 | high | — | 7.5 | 13y ago | libavfilter in FFmpeg before 2.0.1 has unspecified impact and remote vectors related to a crafted "plane," which triggers an out-of-bounds heap write. | |||
| CVE-2013-4473 | high | — | 7.5 | 13y ago | Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary c… | |||
| CVE-2013-5607 | high | — | 7.5 | 13y ago | Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable Runtime (NSPR) before 4.10.2, as used in Firefox before 25.0.1, Firefox ESR 17.x before 17.0.11 and 24.x before 24.1.1, … | |||
| CVE-2013-4386 | high | — | 7.5 | 13y ago | Multiple SQL injection vulnerabilities in app/models/concerns/host_common.rb in Foreman before 1.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) fqdn or (2) hostgroup paramet… | |||
| CVE-2013-6631 | high | — | 7.5 | 13y ago | Use-after-free vulnerability in the Channel::SendRTCPPacket function in voice_engine/channel.cc in libjingle in WebRTC, as used in Google Chrome before 31.0.1650.48 and other products, allows remote … | |||
| CVE-2013-5605 | high | — | 7.5 | 13y ago | Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid handshake … | |||
| CVE-2013-1741 | high | — | 7.5 | 13y ago | Integer overflow in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large size value. | |||
| CVE-2013-4480 | high | — | 7.5 | 13y ago | Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts. | |||
| CVE-2013-6624 | high | — | 7.5 | 13y ago | Use-after-free vulnerability in Google Chrome before 31.0.1650.48 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the string value… | |||
| CVE-2013-6621 | high | — | 7.5 | 13y ago | Use-after-free vulnerability in Google Chrome before 31.0.1650.48 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the x-webkit-sp… | |||
| CVE-2013-5554 | high | — | 7.5 | 13y ago | Directory traversal vulnerability in the web-management interface in the server in Cisco Wide Area Application Services (WAAS) Mobile before 3.5.5 allows remote attackers to upload and execute arbitr… | |||
| CVE-2013-4508 | high | 7.5 | 7.5 | 13y ago | lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obta… | |||
| CVE-2013-4715 | high | — | 7.5 | 13y ago | SQL injection vulnerability in Tiki Wiki CMS Groupware 6 LTS before 6.13LTS, 9 LTS before 9.7LTS, 10.x before 10.4, and 11.x before 11.1 allows remote attackers to execute arbitrary SQL commands via … | |||
| CVE-2013-6172 | high | — | 7.5 | 13y ago | steps/utils/save_pref.inc in Roundcube webmail before 0.8.7 and 0.9.x before 0.9.5 allows remote attackers to modify configuration settings via the _session parameter, which can be leveraged to read … | |||
| CVE-2013-4438 | high | — | 7.5 | 13y ago | Salt (aka SaltStack) before 0.17.1 allows remote attackers to execute arbitrary YAML code via unspecified vectors. NOTE: the vendor states that this might not be a vulnerability because the YAML to … | |||
| CVE-2013-6366 | medium | — | 7.5 | 13y ago | The Groovy script console in VMware Hyperic HQ 4.6.6 allows remote authenticated administrators to execute arbitrary code via a Runtime.getRuntime().exec call. | |||
| CVE-2013-4839 | high | — | 7.5 | 13y ago | Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vector… | |||
| CVE-2013-4836 | high | — | 7.5 | 13y ago | Unspecified vulnerability in the GossipService SOAP Request implementation in the Synchronizer component before 1.4.2 in HP Application LifeCycle Management (ALM) allows remote attackers to execute a… | |||
| CVE-2013-4834 | high | — | 7.5 | 13y ago | Unspecified vulnerability in the client component in HP Application LifeCycle Management (ALM) before 11 p11 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1327. | |||
| CVE-2013-4391 | high | — | 7.5 | 13y ago | Integer overflow in the valid_user_field function in journal/journald-native.c in systemd allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large … | |||
| CVE-2013-2186 | high | — | 7.5 | 13y ago | Arbitrary file write in Apache Commons Fileupload | |||
| CVE-2013-0337 | high | — | 7.5 | 13y ago | The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive informati… | |||
| CVE-2013-6284 | high | — | 7.5 | 13y ago | Unspecified vulnerability in the Statutory Reporting for Insurance (FS_SR) component in the Financial Services module for SAP ERP Central Component (ECC) allows attackers to execute arbitrary code vi… | |||
| CVE-2013-3280 | high | — | 7.5 | 13y ago | EMC RSA Authentication Agent 7.1.x before 7.1.2 for Web for Internet Information Services has a fail-open design, which allows remote attackers to bypass intended access restrictions via vectors that… | |||
| CVE-2013-5179 | high | — | 7.5 | 13y ago | App Sandbox in Apple Mac OS X before 10.9 allows attackers to bypass intended sandbox restrictions via a crafted app that uses the LaunchServices interface to specify process arguments. | |||
| CVE-2013-5135 | high | — | 7.5 | 13y ago | Format string vulnerability in Screen Sharing Server in Apple Mac OS X before 10.9 and Apple Remote Desktop before 3.5.4 allows remote attackers to execute arbitrary code via format string specifiers… | |||
| CVE-2013-6243 | high | — | 7.5 | 13y ago | SQL injection vulnerability in the Landing Pages plugin 1.2.3, before 20131009, and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the "post" parameter to index.p… | |||
| CVE-2013-4365 | high | — | 7.5 | 13y ago | Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified im… | |||
| CVE-2013-2928 | high | — | 7.5 | 13y ago | Multiple unspecified vulnerabilities in Google Chrome before 30.0.1599.101 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||
| CVE-2013-5815 | high | — | 7.5 | 13y ago | Unspecified vulnerability in the Oracle Identity Analytics component in Oracle Fusion Middleware Oracle Identity Analytics 11.1.1.5 and Sun Role Manager 4.1 and 5.0 allows remote attackers to affect … | |||
| CVE-2013-5802 | high | — | 7.5 | 13y ago | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40… | |||
| CVE-2013-5775 | high | — | 7.5 | 13y ago | Unspecified vulnerability in the Java SE and JavaFX components in Oracle Java SE 7u40 and earlier and JavaFX 2.2.40 and earlier allows remote attackers to affect confidentiality, integrity, and avail… | |||
| CVE-2013-5393 | high | — | 7.5 | 13y ago | The monitoring console in IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, 8.5.0, and 8.6.0 does not properly process logoff actions, which has unspecified impact and remote attack vectors. | |||
| CVE-2013-4830 | high | — | 7.5 | 13y ago | HP Service Manager 9.30 through 9.32 allows remote attackers to execute arbitrary code via an unspecified "injection" approach. | |||
| CVE-2013-4827 | high | — | 7.5 | 13y ago | SQL injection vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to execute arbitrary SQL commands via unspecified… | |||
| CVE-2013-4825 | high | — | 7.5 | 13y ago | Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to bypass intended access restrictions via unknown … | |||
| CVE-2013-4137 | high | — | 7.5 | 13y ago | Multiple SQL injection vulnerabilities in StatusNet 1.0 before 1.0.2 and 1.1.0 allow remote attackers to execute arbitrary SQL commands via vectors related to user lists and "a particular tag format." | |||
| CVE-2013-5028 | medium | — | 7.5 | 13y ago | SQL injection vulnerability in IT/hardware-list.dll in Kwoksys Kwok Information Server before 2.8.5 allows remote authenticated users to execute arbitrary SQL commands via the (1) hardwareType, (2) h… | |||
| CVE-2013-4271 | high | — | 7.5 | 13y ago | Restlet Arbitrary Java Code Execution via a serialized object | |||
| CVE-2013-4221 | high | — | 7.5 | 13y ago | Restlet is vulnerable to Arbitrary Java Code Execution via crafted XML | |||
| CVE-2013-2240 | high | — | 7.5 | 13y ago | lib/flowplayer.swf.php in Gallery 3 before 3.0.9 does not properly remove query fragments, which allows remote attackers to have an unspecified impact via a replay attack, a different vulnerability t… | |||
| CVE-2013-2138 | high | — | 7.5 | 13y ago | The (1) uploadify and (2) flowplayer SWF files in Gallery 3 before 3.0.8 do not properly remove query parameters and fragments, which allows remote attackers to have an unspecified impact via a repla… | |||
| CVE-2013-4385 | high | — | 7.5 | 13y ago | Buffer overflow in the "read-string!" procedure in the "extras" unit in CHICKEN stable before 4.8.0.5 and development snapshots before 4.8.3 allows remote attackers to cause a denial of service (memo… | |||
| CVE-2013-4258 | high | — | 7.5 | 13y ago | Format string vulnerability in the osLogMsg function in server/os/aulog.c in Network Audio System (NAS) 1.9.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitra… | |||
| CVE-2013-5091 | medium | — | 7.5 | 13y ago | SQL injection vulnerability in CalendarCommon.php in vTiger CRM 5.4.0 and possibly earlier allows remote authenticated users to execute arbitrary SQL commands via the onlyforuser parameter in an inde… | |||
| CVE-2013-2221 | high | — | 7.5 | 13y ago | Heap-based buffer overflow in the ZRtp::storeMsgTemp function in GNU ZRTPCPP before 3.2.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large … | |||
| CVE-2013-2924 | high | — | 7.5 | 13y ago | Use-after-free vulnerability in International Components for Unicode (ICU), as used in Google Chrome before 30.0.1599.66 and other products, allows remote attackers to cause a denial of service or po… | |||
| CVE-2013-2923 | high | — | 7.5 | 13y ago | Multiple unspecified vulnerabilities in Google Chrome before 30.0.1599.66 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||
| CVE-2013-2919 | high | — | 7.5 | 13y ago | Google V8, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | |||
| CVE-2013-2918 | high | — | 7.5 | 13y ago | Use-after-free vulnerability in the RenderBlock::collapseAnonymousBlockChild function in core/rendering/RenderBlock.cpp in the DOM implementation in Blink, as used in Google Chrome before 30.0.1599.6… | |||
| CVE-2013-2912 | high | — | 7.5 | 13y ago | Use-after-free vulnerability in the PepperInProcessRouter::SendToHost function in content/renderer/pepper/pepper_in_process_router.cc in the Pepper Plug-in API (PPAPI) in Google Chrome before 30.0.15… | |||
| CVE-2013-2910 | high | — | 7.5 | 13y ago | Use-after-free vulnerability in modules/webaudio/AudioScheduledSourceNode.cpp in the Web Audio implementation in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause … | |||
| CVE-2013-2909 | high | — | 7.5 | 13y ago | Use-after-free vulnerability in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related… | |||
| CVE-2013-3969 | medium | — | 7.5 | 13y ago | The find prototype in scripting/engine_v8.h in MongoDB 2.4.0 through 2.4.4 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and server crash) or possi… | |||
| CVE-2013-5395 | high | — | 7.5 | 13y ago | IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote attackers to bypass intended access restrictions via unspecified vectors. | |||
| CVE-2013-7463 | high | 7.5 | 7.5 | 13y ago | Aescrypt does not sufficiently use random values | |||
| CVE-2013-5200 | high | — | 7.5 | 13y ago | The (1) REST and (2) memcache interfaces in the Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 do not require authentication, which allows remote… | |||
| CVE-2013-5931 | high | — | 7.5 | 13y ago | SQL injection vulnerability in property_listings_detail.php in Real Estate PHP Script allows remote attackers to execute arbitrary SQL commands via the listingid parameter. | |||
| CVE-2013-4182 | high | — | 7.5 | 13y ago | app/controllers/api/v1/hosts_controller.rb in Foreman before 1.2.2 does not properly restrict access to hosts, which allows remote attackers to access arbitrary hosts via an API request. | |||
| CVE-2013-5674 | high | — | 7.5 | 13y ago | badges/external.php in Moodle 2.5.x before 2.5.2 does not properly handle an object obtained by unserializing a description of an external badge, which allows remote attackers to conduct PHP object i… | |||
| CVE-2013-4313 | high | — | 7.5 | 13y ago | Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 does not prevent use of '\0' characters in query strings, which might allow remote attackers to conduct SQL injec… | |||
| CVE-2013-4809 | high | — | 7.5 | 13y ago | Multiple SQL injection vulnerabilities in GetEventsServlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 allow remote attackers to execute arbitr… | |||
| CVE-2013-2601 | high | — | 7.5 | 13y ago | The NDVM in Citrix XenClient XT before 2.1.3 and 3.x before 3.1.4 allows remote attackers to execute arbitrary commands by using the UIVM to create a network connection. | |||
| CVE-2013-5723 | high | — | 7.5 | 13y ago | SQL injection vulnerability in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "ABAD0_DELETE_DERIVATION_TABLE." | |||
| CVE-2013-4339 | high | — | 7.5 | 13y ago | WordPress before 3.6.1 does not properly validate URLs before use in an HTTP redirect, which allows remote attackers to bypass intended redirection restrictions via a crafted string. | |||
| CVE-2013-4338 | high | — | 7.5 | 13y ago | wp-includes/functions.php in WordPress before 3.6.1 does not properly determine whether data has been serialized, which allows remote attackers to execute arbitrary code by triggering erroneous PHP u… | |||
| CVE-2013-3657 | high | — | 7.5 | 13y ago | Buffer overflow in VMware ESXi 4.0 through 5.0, and ESX 4.0 and 4.1, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors. | |||
| CVE-2013-3602 | high | — | 7.5 | 13y ago | SQL injection vulnerability in admindocumentworker.jsp in Coursemill Learning Management System (LMS) 6.6 allows remote authenticated users to execute arbitrary SQL commands via the docID parameter. | |||
| CVE-2013-5671 | high | — | 7.5 | 13y ago | Code injection in dragonfly gem | |||
| CVE-2013-5589 | high | — | 7.5 | 13y ago | SQL injection vulnerability in cacti/host.php in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2013-2247 | high | — | 7.5 | 13y ago | The Fast Permissions Administration module 6.x-2.x before 6.x-2.5 and 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to the modal content callback, which allows remote attackers … | |||
| CVE-2013-4219 | high | — | 7.5 | 13y ago | Multiple integer overflows in the Intel WiMAX Network Service through 1.5.2 for Intel Wireless WiMAX Connection 2400 devices allow remote attackers to cause a denial of service (component crash) or p… | |||
| CVE-2013-1435 | high | — | 7.5 | 13y ago | (1) snmp.php and (2) rrd.php in Cacti before 0.8.8b allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors. |