Total
9170 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-4283 | 1 Fedoraproject | 1 389 Directory Server | 2013-09-11 | 5.0 MEDIUM | N/A |
| ns-slapd in 389 Directory Server before 1.3.0.8 allows remote attackers to cause a denial of service (server crash) via a crafted Distinguished Name (DN) in a MOD operation request. | |||||
| CVE-2013-3600 | 1 Trivantis | 1 Coursemill Learning Management System | 2013-09-06 | 8.5 HIGH | N/A |
| Coursemill Learning Management System (LMS) 6.6 allows remote authenticated users to gain privileges via a modified userid value to unspecified functions. | |||||
| CVE-2013-2804 | 1 Softwaretoolbox | 1 Top Server | 2013-09-06 | 7.1 HIGH | N/A |
| The DNP Master Driver in Software Toolbox TOP Server before 5.12.140.0 allows remote attackers to cause a denial of service (master-station infinite loop) via crafted DNP3 packets to TCP port 20000 and allows physically proximate attackers to cause a denial of service (master-station infinite loop) via crafted input over a serial line. | |||||
| CVE-2013-1648 | 1 Open-xchange | 1 Open-xchange Server | 2013-09-06 | 3.5 LOW | N/A |
| The Subscriptions feature in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not properly validate the publication-source URL, which allows remote authenticated users to trigger arbitrary outbound TCP traffic via a crafted Source field, as demonstrated by (1) an ftp: URL, (2) a gopher: URL, or (3) an http://127.0.0.1/ URL, related to a "Server-side request forging (SSRF)" issue. | |||||
| CVE-2013-3599 | 1 Trivantis | 1 Coursemill Learning Management System | 2013-09-06 | 9.3 HIGH | N/A |
| userlogin.jsp in Coursemill Learning Management System (LMS) 6.6 and 6.8 allows remote attackers to gain privileges via a modified user-role value to home.html. | |||||
| CVE-2013-3393 | 1 Cisco | 2 Jabber, Virtualization Experience Media Engine | 2013-08-30 | 5.0 MEDIUM | N/A |
| The Precision Video Engine component in Cisco Jabber for Windows and Cisco Virtualization Experience Media Engine allows remote attackers to cause a denial of service (process crash and call disconnection) via crafted RTP packets, aka Bug IDs CSCuh60706 and CSCue21117. | |||||
| CVE-2012-4922 | 1 Torproject | 1 Tor | 2013-08-21 | 5.0 MEDIUM | N/A |
| The tor_timegm function in common/util.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.22-rc, does not properly validate time values, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed directory object, a different vulnerability than CVE-2012-4419. | |||||
| CVE-2013-3400 | 1 Cisco | 2 Nexus 1000v, Nx-os | 2013-08-19 | 6.8 MEDIUM | N/A |
| The license-installation module in Cisco NX-OS on Nexus 1000V devices allows local users to execute arbitrary commands via crafted "install license" arguments, aka Bug ID CSCuh30824. | |||||
| CVE-2013-2790 | 1 Ioserver | 1 Ioserver | 2013-08-13 | 7.8 HIGH | N/A |
| The master-station DNP3 driver before driver19.exe, and Beta2041.exe, in IOServer allows remote attackers to cause a denial of service (infinite loop) via crafted DNP3 packets to TCP port 20000. | |||||
| CVE-2013-2204 | 2 Tinymce, Wordpress | 2 Media, Wordpress | 2013-08-13 | 4.3 MEDIUM | N/A |
| moxieplayer.as in Moxiecode moxieplayer, as used in the TinyMCE Media plugin in WordPress before 3.5.2 and other products, does not consider the presence of a # (pound sign) character during extraction of the QUERY_STRING, which allows remote attackers to pass arbitrary parameters to a Flash application, and conduct content-spoofing attacks, via a crafted string after a ? (question mark) character. | |||||
| CVE-2013-2798 | 1 Selinc | 4 Sel-2241, Sel-3505, Sel-3530 and 1 more | 2013-08-12 | 4.7 MEDIUM | N/A |
| Schweitzer Engineering Laboratories (SEL) SEL-2241, SEL-3505, and SEL-3530 RTAC master devices allow physically proximate attackers to cause a denial of service (infinite loop) via crafted input over a serial line. | |||||
| CVE-2013-2792 | 1 Selinc | 4 Sel-2241, Sel-3505, Sel-3530 and 1 more | 2013-08-12 | 7.1 HIGH | N/A |
| Schweitzer Engineering Laboratories (SEL) SEL-2241, SEL-3505, and SEL-3530 RTAC master devices allow remote attackers to cause a denial of service (infinite loop) via a crafted DNP3 TCP packet. | |||||
| CVE-2007-6062 | 1 Ngircd | 1 Ngircd | 2013-08-06 | 5.0 MEDIUM | N/A |
| irc-channel.c in ngIRCd before 0.10.3 allows remote attackers to cause a denial of service (crash) via a JOIN command without a channel argument. | |||||
| CVE-2013-3580 | 1 Trustgo | 1 Antivirus \& Mobile Security | 2013-07-29 | 4.3 MEDIUM | N/A |
| The TrustGo Antivirus & Mobile Security application before 1.3.6 for Android allows attackers to cause a denial of service (application crash) via a crafted application that sends an intent to com.trustgo.mobile.security.USSDScannerActivity with zero arguments. | |||||
| CVE-2013-3275 | 1 Emc | 2 Avamar Server, Avamar Server Virtual Edition | 2013-07-28 | 4.3 MEDIUM | N/A |
| EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly restrict use of FRAME elements, which makes it easier for remote attackers to obtain sensitive information via a crafted web site, related to "cross frame scripting vulnerabilities." | |||||
| CVE-2012-1008 | 1 Officesip | 1 Officesip Server | 2013-07-25 | 5.0 MEDIUM | N/A |
| OfficeSIP Server 3.1 allows remote attackers to cause a denial of service (daemon crash) via a crafted To header in a SIP INVITE message. | |||||
| CVE-2013-3299 | 1 Realnetworks | 1 Realplayer | 2013-07-07 | 4.3 MEDIUM | N/A |
| RealNetworks RealPlayer 16.0.2.32 and earlier allows remote attackers to cause a denial of service (resource consumption or application crash) via an HTML document containing JavaScript code that constructs a long string. | |||||
| CVE-2013-3925 | 1 Atlassian | 1 Crowd | 2013-07-01 | 5.8 MEDIUM | N/A |
| Atlassian Crowd 2.5.x before 2.5.4, 2.6.x before 2.6.3, 2.3.8, and 2.4.9 allows remote attackers to read arbitrary files and send HTTP requests to intranet servers via a request to (1) /services/2 or (2) services/latest with a DTD containing an XML external entity declaration in conjunction with an entity reference. | |||||
| CVE-2013-4098 | 1 Ds3 | 1 Authentication Server | 2013-07-01 | 5.0 MEDIUM | N/A |
| ServerAdmin/ErrorViewer.jsp in DS3 Authentication Server allow remote attackers to inject arbitrary error-page text via the message parameter. | |||||
| CVE-2013-4096 | 1 Ds3 | 1 Authentication Server | 2013-07-01 | 9.0 HIGH | N/A |
| ServerAdmin/TestTelnetConnection.jsp in DS3 Authentication Server allows remote authenticated users to execute arbitrary commands via shell metacharacters in the HOST_NAME field. | |||||