CVEs from 2013
Total
5,688
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.1%
% with KEV
0.7%
% with exploit
11.6%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-7348 | medium | — | 4.6 | 12y ago | Double free vulnerability in the ioctx_alloc function in fs/aio.c in the Linux kernel before 3.12.4 allows local users to cause a denial of service (system crash) or possibly have unspecified other i… | |||
| CVE-2013-2089 | medium | — | 4.6 | 12y ago | Incomplete blacklist vulnerability in ownCloud before 5.0.6 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted file, then accessing it via a direct request to the … | |||
| CVE-2013-6412 | medium | — | 4.6 | 13y ago | The transform_save function in transform.c in Augeas 1.0.0 through 1.1.0 does not properly calculate the permission values when the umask contains a "7," which causes world-writable permissions to be… | |||
| CVE-2013-5888 | medium | — | 4.6 | 13y ago | Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, when running with GNOME, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | |||
| CVE-2013-5821 | medium | — | 4.6 | 13y ago | Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11.1 allows local users to affect confidentiality, integrity, and availability via vectors related to RPC. | |||
| CVE-2013-5010 | medium | — | 4.6 | 13y ago | The Application/Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x … | |||
| CVE-2013-7042 | medium | — | 4.6 | 13y ago | SUSE Lifecycle Management Server (SLMS) before 1.3.7 uses world-readable permissions for the secret keys, which allows local users to gain privileges via unspecified vectors. | |||
| CVE-2013-6432 | medium | — | 4.6 | 13y ago | The ping_recvmsg function in net/ipv4/ping.c in the Linux kernel before 3.12.4 does not properly interact with read system calls on ping sockets, which allows local users to cause a denial of service… | |||
| CVE-2013-4465 | medium | — | 4.6 | 13y ago | Unrestricted file upload vulnerability in the avatar upload functionality in Simple Machines Forum before 2.0.6 and 2.1 allows remote authenticated users to execute arbitrary code by uploading a file… | |||
| CVE-2013-5550 | medium | — | 4.6 | 13y ago | The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to cause a denial of service via crafted command parameters that trigger hardware-component write operatio… | |||
| CVE-2013-4370 | medium | — | 4.6 | 13y ago | The ocaml binding for the xc_vcpu_getaffinity function in Xen 4.2.x and 4.3.x frees certain memory that may still be intended for use, which allows local users to cause a denial of service (heap corr… | |||
| CVE-2013-5008 | medium | — | 4.6 | 13y ago | The agent and task-agent components in Symantec Management Platform 7.0 and 7.1 before 7.1 SP2 Mp1.1v7 rollup, as used in certain Altiris products, use the same registry-entry encryption key across d… | |||
| CVE-2013-4256 | medium | — | 4.6 | 13y ago | Multiple stack-based and heap-based buffer overflows in Network Audio System (NAS) 1.9.3 allow local users to cause a denial of service (crash) or possibly execute arbitrary code via the (1) display … | |||
| CVE-2013-4326 | medium | — | 4.6 | 13y ago | RealtimeKit (aka rtkit) 0.5 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess Po… | |||
| CVE-2013-4324 | medium | — | 4.6 | 13y ago | spice-gtk 0.14, and possibly other versions, invokes the polkit authority using the insecure polkit_unix_process_new API function, which allows local users to bypass intended access restrictions by l… | |||
| CVE-2013-4311 | medium | — | 4.6 | 13y ago | libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race c… | |||
| CVE-2013-1066 | medium | — | 4.6 | 13y ago | language-selector 0.110.x before 0.110.1, 0.90.x before 0.90.1, and 0.79.x before 0.79.4 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass inte… | |||
| CVE-2013-1065 | medium | — | 4.6 | 13y ago | backend.py in Jockey before 0.9.7-0ubuntu7.11 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a Po… | |||
| CVE-2013-1064 | medium | — | 4.6 | 13y ago | apt-xapian-index before 0.45ubuntu2.1, 0.44ubuntu7.1, and 0.44ubuntu5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restr… | |||
| CVE-2013-1063 | medium | — | 4.6 | 13y ago | usb-creator 0.2.47 before 0.2.47.1, 0.2.40 before 0.2.40ubuntu2, and 0.2.38 before 0.2.38.2 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass i… | |||
| CVE-2013-1062 | medium | — | 4.6 | 13y ago | ubuntu-system-service 0.2.4 before 0.2.4.1. 0.2.3 before 0.2.3.1, and 0.2.2 before 0.2.2.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass in… | |||
| CVE-2013-1061 | medium | — | 4.6 | 13y ago | dbus/SoftwarePropertiesDBus.py in Software Properties 0.92.17 before 0.92.17.3, 0.92.9 before 0.92.9.3, and 0.82.7 before 0.82.7.5 does not properly use D-Bus for communication with a polkit authorit… | |||
| CVE-2013-3467 | medium | — | 4.6 | 13y ago | Memory leak in the CLI component on Cisco Unified Computing System (UCS) 6100 Fabric Interconnect devices, in certain situations that lack a SPAN session, allows local users to cause a denial of serv… | |||
| CVE-2013-4033 | medium | — | 4.6 | 13y ago | IBM DB2 and DB2 Connect 9.7 through FP8, 9.8 through FP5, 10.1 through FP2, and 10.5 through FP1 allow remote authenticated users to execute DML statements by leveraging EXPLAIN authority. | |||
| CVE-2013-3464 | medium | — | 4.6 | 13y ago | Cisco IOS XR allows local users to cause a denial of service (Silicon Packet Processor memory corruption, improper mutex handling, and device reload) by starting an outbound flood of large ICMP Echo … | |||
| CVE-2013-0943 | medium | — | 4.6 | 13y ago | EMC NetWorker 7.6.x and 8.x before 8.1 allows local users to obtain sensitive configuration information by leveraging operating-system privileges to perform decryption with nsradmin. | |||
| CVE-2013-3028 | medium | — | 4.6 | 13y ago | Multiple buffer overflows in mqm programs in IBM WebSphere MQ 7.0.x before 7.0.1.11, 7.1.x before 7.1.0.3, and 7.5.x before 7.5.0.2 on non-Windows platforms allow local users to gain privileges via u… | |||
| CVE-2013-2339 | medium | — | 4.6 | 13y ago | HP Smart Zero Core 4.3 and 4.3.1 on the t410 All-in-One Smart Zero Client, t410 Smart Zero Client, t510 Flexible Thin Client, t5565z Smart Client, t610 Flexible Thin Client, and t610 PLUS Flexible Th… | |||
| CVE-2013-3927 | medium | — | 4.6 | 13y ago | Unspecified vulnerability in the client library in Siemens COMOS 9.2 before 9.2.0.6.10 and 10.0 before 10.0.3.0.4 allows local users to obtain unintended write access to the database by leveraging re… | |||
| CVE-2013-3951 | medium | — | 4.6 | 13y ago | sys/openbsd/stack_protector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users… | |||
| CVE-2013-2119 | medium | — | 4.6 | 13y ago | Phusion Passenger Denial of Service | |||
| CVE-2013-1136 | medium | — | 4.6 | 13y ago | The crypto engine process in Cisco IOS on Aggregation Services Router (ASR) Route Processor 2 does not properly manage memory, which allows local users to cause a denial of service (route processor c… | |||
| CVE-2013-1240 | medium | — | 4.6 | 13y ago | The command-line interface in Cisco Unified Communications Manager (CUCM) does not properly validate input, which allows local users to read arbitrary files via unspecified vectors, aka Bug ID CSCue2… | |||
| CVE-2013-2418 | medium | — | 4.6 | 13y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows local users to affect confidentiality, integrity… | |||
| CVE-2013-1523 | medium | — | 4.6 | 13y ago | Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors relate… | |||
| CVE-2013-0977 | medium | — | 4.6 | 13y ago | dyld in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not properly manage the state of file loading for Mach-O executable files, which allows local users to bypass intended code-signing requi… | |||
| CVE-2013-0151 | medium | — | 4.6 | 13y ago | The do_hvm_op function in xen/arch/x86/hvm/hvm.c in Xen 4.2.x on the x86_32 platform does not prevent HVM_PARAM_NESTEDHVM (aka nested virtualization) operations, which allows guest OS users to cause … | |||
| CVE-2013-1819 | medium | — | 4.6 | 13y ago | The _xfs_buf_find function in fs/xfs/xfs_buf.c in the Linux kernel before 3.7.6 does not validate block numbers, which allows local users to cause a denial of service (NULL pointer dereference and sy… | |||
| CVE-2013-1048 | medium | — | 4.6 | 13y ago | The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not proper… | |||
| CVE-2013-0407 | medium | — | 4.6 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/DTrace Framework. | |||
| CVE-2013-1874 | medium | — | 4.4 | 12y ago | Untrusted search path vulnerability in csi in Chicken before 4.8.2 allows local users to execute arbitrary code via a Trojan horse .csirc in the current working directory. | |||
| CVE-2013-4215 | medium | — | 4.4 | 12y ago | The IPXPING_COMMAND in contrib/check_ipxping.c in Nagios Plugins 1.4.16 allows local users to gain privileges via a symlink attack on /tmp/ipxping/ipxping. | |||
| CVE-2013-0296 | medium | — | 4.4 | 12y ago | Race condition in pigz before 2.2.5 uses permissions derived from the umask when compressing a file before setting that file's permissions to match those of the original file, which might allow local… | |||
| CVE-2013-6476 | medium | — | 4.4 | 12y ago | The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same… | |||
| CVE-2013-6024 | medium | — | 4.4 | 13y ago | The Edge Client components in F5 BIG-IP APM 10.x, 11.x, 12.x, 13.x, and 14.x, BIG-IP Edge Gateway 10.x and 11.x, and FirePass 7.0.0 allow attackers to obtain sensitive information from process memory… | |||
| CVE-2013-3713 | medium | — | 4.4 | 13y ago | The image creation configuration in aaa_base before 16.26.1 for openSUSE 13.1 KDE adds the root user to the "users" group when installing from a live image, which allows local users to obtain sensiti… | |||
| CVE-2013-5973 | medium | — | 4.4 | 13y ago | VMware ESXi 4.0 through 5.5 and ESX 4.0 and 4.1 allow local users to read or modify arbitrary files by leveraging the Virtual Machine Power User or Resource Pool Administrator role for a vCenter Serv… | |||
| CVE-2013-6378 | medium | — | 4.4 | 13y ago | The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a… | |||
| CVE-2013-1057 | medium | — | 4.4 | 13y ago | Untrusted search path vulnerability in maas-import-pxe-files in MAAS before 13.10 allows local users to execute arbitrary code via a Trojan horse import_pxe_files configuration file in the current wo… | |||
| CVE-2013-4371 | medium | — | 4.4 | 13y ago | Use-after-free vulnerability in the libxl_list_cpupool function in the libxl toolstack library in Xen 4.2.x and 4.3.x, when running "under memory pressure," returns the original pointer when the real… | |||
| CVE-2013-5161 | medium | — | 4.4 | 13y ago | Passcode Lock in Apple iOS before 7.0.2 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement, and open the Camera app or rea… | |||
| CVE-2013-3037 | medium | — | 4.4 | 13y ago | Unspecified vulnerability in IBM Rational Requirements Composer before 4.0.4 makes it easier for local users to gain privileges via unknown vectors. | |||
| CVE-2013-2035 | medium | — | 4.4 | 13y ago | Improper Control of Generation of Code in HawtJNI | |||
| CVE-2013-2145 | medium | — | 4.4 | 13y ago | The cpansign verify functionality in the Module::Signature module before 0.72 for Perl allows attackers to bypass the signature check and execute arbitrary code via a SIGNATURE file with a "special u… | |||
| CVE-2013-3136 | medium | — | 4.4 | 13y ago | The kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly handle unspecified page… | |||
| CVE-2013-4136 | medium | — | 4.4 | 13y ago | ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a… | |||
| CVE-2013-1929 | medium | — | 4.4 | 13y ago | Heap-based buffer overflow in the tg3_read_vpd function in drivers/net/ethernet/broadcom/tg3.c in the Linux kernel before 3.8.6 allows physically proximate attackers to cause a denial of service (sys… | |||
| CVE-2013-3302 | medium | — | 4.4 | 13y ago | Race condition in the smb_send_rqst function in fs/cifs/transport.c in the Linux kernel before 3.7.2 allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly ha… | |||
| CVE-2013-1219 | medium | — | 4.4 | 13y ago | SensorApp in Cisco Intrusion Prevention System (IPS) allows local users to cause a denial of service (Regex hardware job failure and application hang) via a (1) initiate signature upgrade, (2) initia… | |||
| CVE-2013-0413 | medium | — | 4.4 | 13y ago | Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Remote Execution Service. | |||
| CVE-2013-1920 | medium | — | 4.4 | 13y ago | Xen 4.2.x, 4.1.x, and earlier, when the hypervisor is running "under memory pressure" and the Xen Security Module (XSM) is enabled, uses the wrong ordering of operations when extending the per-domain… | |||
| CVE-2013-2777 | medium | — | 4.4 | 13y ago | sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hi… | |||
| CVE-2013-2776 | medium | — | 4.4 | 13y ago | sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling ter… | |||
| CVE-2013-1776 | medium | — | 4.4 | 13y ago | sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions t… | |||
| CVE-2013-0224 | medium | — | 4.4 | 13y ago | The Video module 7.x-2.x before 7.x-2.9 for Drupal, when using the FFmpeg transcoder, allows local users to execute arbitrary PHP code by modifying a temporary PHP file. | |||
| CVE-2013-4314 | medium | — | 4.3 | 4y ago | The X509Extension in pyOpenSSL before 0.13.1 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle a… | |||
| CVE-2013-4193 | medium | — | 4.3 | 4y ago | typeswidget.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce the immutable setting on unspecified content edit forms, which allows remote attackers … | |||
| CVE-2013-2209 | medium | — | 4.3 | 4y ago | Cross-site scripting (XSS) vulnerability in the auto-complete widget in htdocs/media/rb/js/reviews.js in Review Board 1.6.x before 1.6.17 and 1.7.x before 1.7.10 allows remote attackers to inject arb… | |||
| CVE-2013-4346 | medium | — | 4.3 | 4y ago | The Server.verify_request function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL. | |||
| CVE-2013-4249 | medium | — | 4.3 | 4y ago | Cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget widget in contrib/admin/widgets.py in Django 1.5.x before 1.5.2 and 1.6.x before 1.6 beta 2 allows remote attackers to inject arbit… | |||
| CVE-2013-2191 | medium | — | 4.3 | 4y ago | python-bugzilla before 0.9.0 does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof Bugzilla servers via a crafted certificate. | |||
| CVE-2013-1812 | medium | — | 4.3 | 9y ago | The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service (CPU consumption) via (1) a large XRDS document or (2) an XML Entity Expansion (XEE) attack. | |||
| CVE-2013-7398 | medium | — | 4.3 | 11y ago | Insufficient Verification of Data Authenticity in Async Http Client | |||
| CVE-2013-7397 | medium | — | 4.3 | 11y ago | Insufficient Verification of Data Authenticity in Async Http Client | |||
| CVE-2013-7436 | medium | — | 4.3 | 11y ago | noVNC before 0.5 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http sessi… | |||
| CVE-2013-7419 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in includes/refreshDate.php in the Joomlaskin JS Multi Hotel (aka JS MultiHotel and Js-Multi-Hotel) plugin 2.2.1 for WordPress allows remote attackers to inje… | |||
| CVE-2013-7417 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in cgi-bin/ipinfo.cgi in IPCop (aka IPCop Firewall) before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING. NOTE: t… | |||
| CVE-2013-6919 | medium | — | 4.3 | 12y ago | phpThumb is vulnerable to Server-Side Request Forgery (SSRF) | |||
| CVE-2013-4769 | medium | — | 4.3 | 12y ago | The cloud controller (aka CLC) component in Eucalyptus 3.3.x and 3.4.x before 3.4.2, when the dns.recursive.enabled setting is used, allows remote attackers to cause a denial of service (traffic ampl… | |||
| CVE-2013-4399 | medium | — | 4.3 | 12y ago | The remoteClientFreeFunc function in daemon/remote.c in libvirt before 1.1.3, when ACLs are used, does not set an identity, which causes event handler removal to be denied and remote attackers to cau… | |||
| CVE-2013-4594 | medium | — | 4.3 | 12y ago | The Payment for Webform module 7.x-1.x before 7.x-1.5 for Drupal does not restrict access by anonymous users, which allows remote anonymous users to use the payment of other anonymous users when subm… | |||
| CVE-2013-4488 | medium | — | 4.3 | 12y ago | libgadu before 1.12.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. | |||
| CVE-2013-6222 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Mobility Web Client and Service Request Catalog (SRC) components in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to inject … | |||
| CVE-2013-7144 | medium | — | 4.3 | 12y ago | LINE 3.2.1.83 and earlier on Windows and 3.2.1 and earlier on OS X does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive … | |||
| CVE-2013-4352 | medium | — | 4.3 | 12y ago | The cache_invalidate function in modules/cache/cache_storage.c in the mod_cache module in the Apache HTTP Server 2.4.6, when a caching forward proxy is enabled, allows remote HTTP servers to cause a … | |||
| CVE-2013-5855 | medium | — | 4.3 | 12y ago | Improper Neutralization of Input During Web Page Generation in Mojarra | |||
| CVE-2013-1841 | medium | — | 4.3 | 12y ago | Net-Server, when the reverse-lookups option is enabled, does not check if the hostname resolves to the source IP address, which might allow remote attackers to bypass ACL restrictions via the hostnam… | |||
| CVE-2013-4599 | medium | — | 4.3 | 12y ago | The Misery module 6.x-2.x before 6.x-2.5 and 7.x-2.x before 7.x-2.2 for Drupal, when the "delay misery" configuration is set to a high value, allows remote attackers to cause a denial of service (pro… | |||
| CVE-2013-4595 | medium | — | 4.3 | 12y ago | The Secure Pages module 6.x-2.x before 6.x-2.0 for Drupal does not properly match URLs, which causes HTTP to be used instead of HTTPS and makes it easier for remote attackers to obtain sensitive info… | |||
| CVE-2013-2193 | medium | — | 4.3 | 12y ago | Apache HBase 0.92.x before 0.92.3 and 0.94.x before 0.94.9, when the Kerberos features are enabled, allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive inf… | |||
| CVE-2013-2124 | medium | — | 4.3 | 12y ago | Double free vulnerability in inspect-fs.c in LibguestFS 1.20.x before 1.20.7, 1.21.x, 1.22.0, and 1.23.0 allows remote attackers to cause a denial of service (crash) via empty guest files. | |||
| CVE-2013-3046 | medium | — | 4.3 | 12y ago | The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not send the HSTS Strict-Transport-Security header, which makes it easier for man-in-the-middle attackers to hijack… | |||
| CVE-2013-1864 | medium | — | 4.3 | 12y ago | The Portable Tool Library (aka PTLib) before 2.10.10, as used in Ekiga before 4.0.1, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of ser… | |||
| CVE-2013-0289 | medium | — | 4.3 | 12y ago | Isync 0.4 before 1.0.6, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-midd… | |||
| CVE-2013-7040 | medium | — | 4.3 | 12y ago | Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictab… | |||
| CVE-2013-7033 | medium | — | 4.3 | 12y ago | LiveZilla before 5.1.2.1 includes the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which might allow remote attackers to obtain sensitive information and… | |||
| CVE-2013-4430 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 allows remote attackers to inject arbitrary web script or HTML via the Host header to lib/… | |||
| CVE-2013-0197 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the filter_draw_selection_area2 function in core/filter_api.php in MantisBT 1.2.12 before 1.2.13 allows remote attackers to inject arbitrary web script or … | |||
| CVE-2013-5939 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Guestbook module for PHPCMS allow remote attackers to inject arbitrary web script or HTML via the (1) list or (2) introduce parameter to ind… | |||
| CVE-2013-2087 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in Gallery 3 before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) movie title to modules/gallery/controllers/movi… |