Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-6081 | 1 Moinmo | 1 Moinmoin | 2013-12-12 | 6.0 MEDIUM | N/A |
| Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as exploited in the wild in July 2012. | |||||
| CVE-2012-1193 | 1 Powerdns | 1 Powerdns Recursor | 2013-12-12 | 6.4 MEDIUM | N/A |
| The resolver in PowerDNS Recursor (aka pdns_recursor) 3.3 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack. | |||||
| CVE-2013-6076 | 1 Strongswan | 1 Strongswan | 2013-11-21 | 5.0 MEDIUM | N/A |
| strongSwan 5.0.2 through 5.1.0 allows remote attackers to cause a denial of service (NULL pointer dereference and charon daemon crash) via a crafted IKEv1 fragmentation packet. | |||||
| CVE-2013-2114 | 1 Mediawiki | 1 Mediawiki | 2013-11-21 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in the chunk upload API in MediaWiki 1.19 through 1.19.6 and 1.20.x before 1.20.6 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. | |||||
| CVE-2013-1439 | 1 Libraw | 1 Libraw | 2013-11-14 | 4.3 MEDIUM | N/A |
| The "faster LJPEG decoder" in libraw 0.13.x, 0.14.x, and 0.15.x before 0.15.4 allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a crafted photo file. | |||||
| CVE-2013-5138 | 1 Apple | 1 Iphone Os | 2013-10-30 | 4.7 MEDIUM | N/A |
| IOCatalogue in IOKitUser in Apple iOS before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via a crafted application. | |||||
| CVE-2013-4465 | 1 Simplemachines | 1 Simple Machines Forum | 2013-10-28 | 4.6 MEDIUM | N/A |
| Unrestricted file upload vulnerability in the avatar upload functionality in Simple Machines Forum before 2.0.6 and 2.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. | |||||
| CVE-2013-5143 | 1 Apple | 1 Os X Server | 2013-10-24 | 6.8 MEDIUM | N/A |
| The RADIUS service in Server App in Apple OS X Server before 3.0 selects a fallback X.509 certificate in unspecified circumstances, which might allow man-in-the-middle attackers to hijack RADIUS sessions by leveraging knowledge of the private key that matches this fallback certificate. | |||||
| CVE-2005-4278 | 1 Larry Wall | 1 Perl | 2013-10-23 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in Perl before 5.8.7-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH. | |||||
| CVE-2013-2580 | 1 Tp-link | 5 Lm Firmware, Tl-sc3130, Tl-sc3130g and 2 more | 2013-10-15 | 7.1 HIGH | N/A |
| Unrestricted file upload vulnerability in cgi-bin/uploadfile in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6, allows remote attackers to upload arbitrary files, then accessing it via a direct request to the file in the mnt/mtd directory. | |||||
| CVE-2012-0218 | 1 Xen | 1 Xen | 2013-10-10 | 1.9 LOW | N/A |
| Xen 3.4, 4.0, and 4.1, when the guest OS has not registered a handler for a syscall or sysenter instruction, does not properly clear a flag for exception injection when injecting a General Protection Fault, which allows local PV guest OS users to cause a denial of service (guest crash) by later triggering an exception that would normally be handled within Xen. | |||||
| CVE-2013-3590 | 1 Searchblox | 1 Searchblox | 2013-10-07 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 7.5 build 1 allows remote attackers to execute arbitrary code by uploading an executable file with the image/jpeg content type, and then accessing this file via unspecified vectors, as demonstrated by access to a JSP file. | |||||
| CVE-2013-3248 | 1 Corel | 1 Pdf Fusion | 2013-10-04 | 9.3 HIGH | N/A |
| Untrusted search path vulnerability in Corel PDF Fusion 1.11 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .pdf or .xps file. | |||||
| CVE-2013-3926 | 1 Atlassian | 1 Crowd | 2013-10-04 | 7.5 HIGH | N/A |
| ** DISPUTED ** Atlassian Crowd 2.6.3 allows remote attackers to execute arbitrary commands via unspecified vectors related to a "symmetric backdoor." NOTE: as of 20130704, the vendor could not reproduce the issue, stating "We've been unable to substantiate the existence of [CVE-2013-3926]. The author of the article has not contacted Atlassian and has provided no detail, making it difficult to validate the claim... If we can confirm that there is a vulnerability, a patch will be issued." | |||||
| CVE-2002-1005 | 1 Argosoft | 1 Argosoft Mail Server | 2013-09-30 | 5.0 MEDIUM | N/A |
| ArGoSoft Mail Server 1.8.1.7 and earlier allows a webmail user to cause a denial of service (CPU consumption) by forwarding the email to the user while autoresponse is enabled, which creates an infinite loop. | |||||
| CVE-2005-4476 | 1 Openedit Inc | 1 Openedit | 2013-09-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in store/search/results.html in OpenEdit 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) oe-action and (2) page parameters. | |||||
| CVE-2007-3544 | 1 Wordpress | 2 Wordpress, Wordpress Mu | 2013-09-07 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.php in WordPress 2.2.1 and WordPress MU 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code via unspecified vectors, possibly related to the wp_postmeta table and the use of custom fields in normal (non-attachment) posts. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-3543. | |||||
| CVE-2006-1220 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2013-09-05 | 4.6 MEDIUM | N/A |
| Integer overflow in the mach_msg_send function in the kernel for Mac OS X might allow local users to execute arbitrary code via unknown attack vectors related to a large message header size, which leads to a heap-based buffer overflow. | |||||
| CVE-2013-3485 | 1 Lulusoftware | 1 Soda Pdf | 2013-09-05 | 6.9 MEDIUM | N/A |
| Multiple untrusted search path vulnerabilities in Soda PDF 5.1.183.10520 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) api-ms-win-core-localregistry-l1-1-0.dll file in the current working directory. | |||||
| CVE-2006-2205 | 1 Netbsd | 1 Netbsd | 2013-09-04 | 2.1 LOW | N/A |
| The audio_write function in NetBSD 3.0 allows local users to cause a denial of service (kernel crash) by using the audiosetinfo ioctl to change the sample rate of an audio device. | |||||