CVEs from 2013
Total
5,688
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.1%
% with KEV
0.7%
% with exploit
11.6%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-7304 | medium | — | 4.3 | 13y ago | Check Point Endpoint Security MI Server through R73 3.0.0 HFA2.5 does not configure X.509 certificate validation for client devices, which allows man-in-the-middle attackers to spoof SSL servers by p… | |||
| CVE-2013-6746 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in FileNet P8 Platform Documentation Installable Info Center 4.5.1 through 5.2.0 in IBM FileNet Business Process Manager 4.5.1 through 5.1.0, FileNet Content … | |||
| CVE-2013-6305 | medium | — | 4.3 | 13y ago | IBM Platform Symphony 5.2 before build 229037 and 6.1.0.1 before build 229073 uses the same credentials encryption key across different customers' installations, which makes it easier for context-dep… | |||
| CVE-2013-4030 | medium | — | 4.3 | 13y ago | Integrated Management Module (IMM) 2 1.00 through 2.00 on IBM System X and Flex System servers supports SSL cipher suites with short keys, which makes it easier for remote attackers to defeat cryptog… | |||
| CVE-2013-1438 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in dcraw 0.8.x through 0.8.9, as used in libraw, ufraw, shotwell, and other products, allows context-dependent attackers to cause a denial of service via a crafted photo fil… | |||
| CVE-2013-4231 | medium | — | 4.3 | 13y ago | Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) extension block in a GIF image or (2) GIF raster image to… | |||
| CVE-2013-7243 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.1.2 and 3.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) post-menu field to edit.php or (2) Displ… | |||
| CVE-2013-6325 | medium | — | 4.3 | 13y ago | IBM WebSphere Application Server 7.x before 7.0.0.31, 8.0.x before 8.0.0.8, and 8.5.x before 8.5.5.2 allows remote attackers to cause a denial of service (resource consumption) via a crafted request … | |||
| CVE-2013-6786 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Allegro RomPager before 4.51, as used on the ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, and D-Link DSL-2640R and DSL-2641R, when the "… | |||
| CVE-2013-6142 | medium | — | 4.3 | 13y ago | DNP3Driver.exe in the DNP3 driver in Schneider Electric ClearSCADA 2010 R2 through 2010 R3.1 and SCADA Expert ClearSCADA 2013 R1 through 2013 R1.2 allows remote attackers to cause a denial of service… | |||
| CVE-2013-5886 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote attackers to affect integrity via unknown vectors related to Common Appli… | |||
| CVE-2013-5901 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.2.0 and 11.1.2.1 allows remote attackers to affect confidentiality via unknown vectors related to I… | |||
| CVE-2013-5900 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.0, and 11.1.2.1 allows remote attackers to affect integrity via unknown vecto… | |||
| CVE-2013-4517 | medium | — | 4.3 | 13y ago | Improper Input Validation in Apache Santuario XML Security | |||
| CVE-2013-7289 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in register.php in Andy's PHP Knowledgebase (Aphpkb) before 0.95.8 allow remote attackers to inject arbitrary web script or HTML via the (1) first_… | |||
| CVE-2013-7288 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the mycode_parse_video function in inc/class_parser.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script … | |||
| CVE-2013-6974 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the web interface in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, … | |||
| CVE-2013-4353 | medium | — | 4.3 | 13y ago | The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next P… | |||
| CVE-2013-6997 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange (OX) AppSuite 7.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an HTML email with crafted CS… | |||
| CVE-2013-6982 | medium | — | 4.3 | 13y ago | The BGP implementation in Cisco NX-OS 6.2(2a) and earlier does not properly handle the interaction of UPDATE messages with IPv6, VPNv4, and VPNv6 labeled unicast-address families, which allows remote… | |||
| CVE-2013-7279 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in views/video-management/preview_video.php in the S3 Video plugin before 0.983 for WordPress allows remote attackers to inject arbitrary web script or HTML v… | |||
| CVE-2013-7277 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in Andy's PHP Knowledgebase (Aphpkb) before 0.95.8 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP Referer header to… | |||
| CVE-2013-7276 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in inc/raf_form.php in the Recommend to a friend plugin 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the current_url… | |||
| CVE-2013-7275 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via the editor parameter in a smilie li… | |||
| CVE-2013-7258 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in web2ldap 1.1.x before 1.1.49 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "displaying group DN and ent… | |||
| CVE-2013-7257 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Codiad 2.0.7 allows remote attackers to inject arbitrary web script or HTML via the Project Name field. | |||
| CVE-2013-7254 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Opsview before 4.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-6993 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the Ad-minister plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the key parameter in a delete actio… | |||
| CVE-2013-6991 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the WP-Cron Dashboard plugin 1.1.5 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the procname parameter to w… | |||
| CVE-2013-7241 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the export function in zp-core/zp-extensions/mergedRSS.php in Zenphoto before 1.4.5.4 allows remote attackers to inject arbitrary web script or HTML via th… | |||
| CVE-2013-5210 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the GUI login page in ADTRAN AOS before R10.8.1 on the NetVanta 7100 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-6198 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in HP Service Manager WebTier and Windows Client 9.20 and 9.21 before 9.21.661 p8 allows remote attackers to inject arbitrary web script or HTML via unspecifi… | |||
| CVE-2013-5583 | medium | — | 4.3 | 13y ago | Joomla! Cross-site Scripting vulnerability | |||
| CVE-2013-6808 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in lib/NSSDropoff.php in ZendTo before 4.11-13 allows remote attackers to inject arbitrary web script or HTML via a modified emailAddr field to pickup.php. | |||
| CVE-2013-1096 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the Roles Based Provisioning Module 4.0.2 before Field Patch D for Novell Identity Manager (aka IDM) allows remote attackers to inject arbitrary web script… | |||
| CVE-2013-2179 | medium | — | 4.3 | 13y ago | X.Org xdm 1.1.10, 1.1.11, and possibly other versions, when performing authentication using certain implementations of the crypt API function that can return NULL, allows remote attackers to cause a … | |||
| CVE-2013-6388 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the Color module in Drupal 7.x before 7.24 allows remote attackers to inject arbitrary web script or HTML via vectors related to CSS. | |||
| CVE-2013-7049 | medium | — | 4.3 | 13y ago | Stack-based buffer overflow in fish.cpp in the Fish plugin for ZNC, as used in ZNC for Windows (znc-msvc) 0.206 and earlier, allows remote attackers to cause a denial of service (crash) via a long st… | |||
| CVE-2013-4424 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in the GateIn Portal component in Red Hat JBoss Portal 6.1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-6449 | medium | — | 4.3 | 13y ago | The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (… | |||
| CVE-2013-4414 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows remote attackers to inject arbitrary web script or HTML via the "Max allowance" field… | |||
| CVE-2013-6328 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the Web Content Manager (WCM) UI in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.… | |||
| CVE-2013-6316 | medium | — | 4.3 | 13y ago | IBM WebSphere Portal 7.0.0.x before 7.0.0.2 CF26 and 8.0.0.x before 8.0.0.1 CF09 does not properly handle content-selection changes during Taxonomy component rendering, which allows remote attackers … | |||
| CVE-2013-5421 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote attackers to inject arbitrary web s… | |||
| CVE-2013-5413 | medium | — | 4.3 | 13y ago | IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 do not invalidate a session upon a logout action, which allows remote attackers to bypass authentication by leveraging an unattended work… | |||
| CVE-2013-5411 | medium | — | 4.3 | 13y ago | IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote attackers to inject links and trigger unintended navigation or actions via unspecified vectors. | |||
| CVE-2013-4063 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1 allows remote attackers to inject arbitrary web script or HTML via active content in an … | |||
| CVE-2013-4045 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the Portal application in IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote attackers to inject arbi… | |||
| CVE-2013-7191 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Tenmiles Helpdesk Pilot allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI for a ticket. | |||
| CVE-2013-7082 | medium | — | 4.3 | 13y ago | TYPO3 Flow Cross-site scripting (XSS) vulnerability | |||
| CVE-2013-7077 | medium | — | 4.3 | 13y ago | TYPO3 Cross-site scripting (XSS) vulnerability in the Backend User Administration Module | |||
| CVE-2013-7076 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Extension Manager in TYPO3 4.5.x before 4.5.32 and 4.7.x before 4.7.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vecto… | |||
| CVE-2013-7002 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in mobile/php/translation/index.php in LiveZilla before 5.1.1.0 allows remote attackers to inject arbitrary web script or HTML via the g_language parameter. | |||
| CVE-2013-7188 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in KBKP Software HostBill before 2013-12-14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-6178 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer GRC 5.x before 5.4 SP1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-5462 | medium | — | 4.3 | 13y ago | IBM/ECMClient/configure/explodedformat/navigator/header.jsp in IBM Content Navigator 2.0.0, 2.0.1 before 2.0.1.2-ICN-FP002, and 2.0.2 before 2.0.2.1-ICN-FP001 allows remote attackers to conduct click… | |||
| CVE-2013-5422 | medium | — | 4.3 | 13y ago | The Web Client in IBM Rational ClearQuest 7.1 through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2, when a multi-database dataset exists, allows remote attackers to read database name… | |||
| CVE-2013-6837 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the setTimeout function in js/jquery.prettyPhoto.js in prettyPhoto 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a c… | |||
| CVE-2013-6836 | medium | — | 4.3 | 13y ago | Heap-based buffer overflow in the ms_escher_get_data function in plugins/excel/ms-escher.c in GNOME Office Gnumeric before 1.12.9 allows remote attackers to cause a denial of service (crash) via a cr… | |||
| CVE-2013-7129 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in ThemeBeans Blooog theme 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the jQuery parameter to assets/js/jplayer.swf. | |||
| CVE-2013-6733 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the Web Application in the Classic Meeting Server in IBM Sametime 7.5.1.2 through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML vi… | |||
| CVE-2013-6327 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the HTTP Option in IBM Sterling Connect:Enterprise 1.3 before 1.3.0.2 iFix 1 and 1.4 before 1.4.0.0 iFix 1 allows remote attackers to inject arbitrary web … | |||
| CVE-2013-6191 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in HP Operations Orchestration before 9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-6973 | medium | — | 4.3 | 13y ago | Cisco WebEx Training Center allows remote attackers to discover registration IDs via a crafted URL, aka Bug ID CSCul57121. | |||
| CVE-2013-6969 | medium | — | 4.3 | 13y ago | The training-registration page in Cisco WebEx Training Center allows remote attackers to modify unspecified fields via unknown vectors, aka Bug ID CSCul35990. | |||
| CVE-2013-6963 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the registration component in Cisco WebEx Training Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCu… | |||
| CVE-2013-6962 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the mobile-browser subsystem in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSC… | |||
| CVE-2013-6961 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the Collaboration Partner Access Console (CPAC) in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted … | |||
| CVE-2013-6960 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in Cisco WebEx Meeting Center allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36248. | |||
| CVE-2013-6711 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the product-creation administrative page in Cisco WebEx Sales Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka … | |||
| CVE-2013-5438 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the web server in IBM Flex System Manager (FSM) 1.1.0 through 1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-4845 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability on HP Officejet Pro 8500 (aka A909) All-in-One printers allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-4001 | medium | — | 4.3 | 13y ago | Session fixation vulnerability in IBM Cognos Command Center before 10.2 allows remote attackers to hijack web sessions via an authorization cookie. | |||
| CVE-2013-4520 | medium | — | 4.3 | 13y ago | xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service (crash) via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type… | |||
| CVE-2013-6051 | medium | — | 4.3 | 13y ago | The bgp_attr_unknown function in bgp_attr.c in Quagga 0.99.21 does not properly initialize the total variable, which allows remote attackers to cause a denial of service (bgpd crash) via a crafted BG… | |||
| CVE-2013-6359 | medium | — | 4.3 | 13y ago | Munin::Master::Node in Munin before 2.0.18 allows remote attackers to cause a denial of service (abort data collection for node) via a plugin that uses "multigraph" as a multigraph service name. | |||
| CVE-2013-6957 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the web administrative component in Juniper IDP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to the ACM web serve… | |||
| CVE-2013-4569 | medium | — | 4.3 | 13y ago | The CleanChanges extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3, when "Group changes by page in recent changes and watchlist" is enabled, allows remote attacker… | |||
| CVE-2013-4568 | medium | — | 4.3 | 13y ago | Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting (XSS) atta… | |||
| CVE-2013-4567 | medium | — | 4.3 | 13y ago | Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting (XSS) atta… | |||
| CVE-2013-6005 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Cybozu Dezie before 8.1.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to the Cancel button. | |||
| CVE-2013-6672 | medium | — | 4.3 | 13y ago | Mozilla Firefox before 26.0 and SeaMonkey before 2.23 on Linux allow user-assisted remote attackers to read clipboard data by leveraging certain middle-click paste operations. | |||
| CVE-2013-5614 | medium | — | 4.3 | 13y ago | Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote attacker… | |||
| CVE-2013-5612 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same Orig… | |||
| CVE-2013-5072 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Outlook Web Access in Microsoft Exchange Server 2010 SP2 and SP3 and 2013 Cumulative Update 2 and 3 allows remote attackers to inject arbitrary web script … | |||
| CVE-2013-5057 | medium | — | 4.3 | 13y ago | hxds.dll in Microsoft Office 2007 SP3 and 2010 SP1 and SP2 does not implement the ASLR protection mechanism, which makes it easier for remote attackers to execute arbitrary code via a crafted COM com… | |||
| CVE-2013-5054 | medium | — | 4.3 | 13y ago | Microsoft Office 2013 and 2013 RT allows remote attackers to discover authentication tokens via a crafted response to a file-open request for an Office file on a web site, as exploited in the wild in… | |||
| CVE-2013-5042 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Microsoft ASP.NET SignalR 1.1.x before 1.1.4 and 2.0.x before 2.0.1, and Visual Studio Team Foundation Server 2013, allows remote attackers to inject arbit… | |||
| CVE-2013-3710 | medium | — | 4.3 | 13y ago | SUSE Lifecycle Management Server (SLMS) before 1.3.7 does not generate a new secret key when the service starts, which allows remote attackers to defeat intended cryptographic protection mechanisms b… | |||
| CVE-2013-6224 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) a name in the call administrator feature, (2) uns… | |||
| CVE-2013-6039 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in NagiosQL 3.2 SP2 allow remote attackers to inject arbitrary web script or HTML via the txtSearch parameter to (1) admin/hostdependencies.php, (2… | |||
| CVE-2013-7001 | medium | — | 4.3 | 13y ago | The Multimedia Messaging Centre (MMSC) in NowSMS Now SMS & MMS Gateway before 2013.11.15 allows remote attackers to cause a denial of service via a malformed MM1 message that is routed to a (1) MM4 o… | |||
| CVE-2013-7000 | medium | — | 4.3 | 13y ago | The Multimedia Messaging Centre (MMSC) in NowSMS Now SMS & MMS Gateway 2013.09.26 allows remote attackers to cause a denial of service via a malformed message to a MM4 connection. | |||
| CVE-2013-6397 | medium | — | 4.3 | 13y ago | Improper Limitation of a Pathname to a Restricted Directory in Apache Solr | |||
| CVE-2013-6050 | medium | — | 4.3 | 13y ago | Integer overflow in Links before 2.8 allows remote attackers to cause a denial of service (crash) via crafted HTML tables. | |||
| CVE-2013-4171 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to the search results in the (1) RS… | |||
| CVE-2013-6707 | medium | — | 4.3 | 13y ago | Memory leak in the connection-manager implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to cause a denial of service (multi-protocol manag… | |||
| CVE-2013-6636 | medium | — | 4.3 | 13y ago | The FrameLoader::notifyIfInitialDocumentAccessed function in core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 31.0.1650.63, makes an incorrect check for an empty document during … | |||
| CVE-2013-6804 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the Search module before 1.1.1 for Jamroom allows remote attackers to inject arbitrary web script or HTML via the search_string parameter to search/results… | |||
| CVE-2013-6395 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in header.php in Ganglia Web 3.5.8 and 3.5.10 allows remote attackers to inject arbitrary web script or HTML via the host_regex parameter to the default URI, … |