Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-2129 | 2 Drupal, Nathan Haug | 2 Drupal, Webform | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Webform module 6.x-3.x before 6.x-3.19 for Drupal allows remote authenticated users with the "edit own webform content" or "edit all webform content" permissions to inject arbitrary web script or HTML via a component label. | |||||
| CVE-2013-2136 | 1 Apache | 1 Cloudstack | 2017-08-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Apache CloudStack before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Physical network name to the Zone wizard; (2) New network name, (3) instance name, or (4) group to the Instance wizard; (5) unspecified "multi-edit fields;" and (6) unspecified "list view" edit fields related to global settings. | |||||
| CVE-2013-2152 | 1 Redhat | 1 Enterprise Virtualization | 2017-08-28 | 7.2 HIGH | N/A |
| Unquoted Windows search path vulnerability in the SPICE service, as used in Red Hat Enterprise Virtualization (RHEV) 3.2, allows local users to gain privileges via a crafted application in an unspecified folder. | |||||
| CVE-2013-2158 | 2 Drupal, Services Project | 2 Drupal, Services | 2017-08-28 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Services module 6.x-3.x and 7.x-3.x before 7.x-3.4 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2013-2254 | 1 Apache | 2 Org.apache.sling.servlets.post, Sling | 2017-08-28 | 5.0 MEDIUM | N/A |
| The deepGetOrCreateNode function in impl/operations/AbstractCreateOperation.java in org.apache.sling.servlets.post.bundle 2.2.0 and 2.3.0 in Apache Sling does not properly handle a NULL value that returned when the session does not have permissions to the root node, which allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors. | |||||
| CVE-2013-2263 | 1 Citrix | 1 Access Gateway | 2017-08-28 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Citrix Access Gateway Standard Edition 5.0.x before 5.0.4.223524 allows remote attackers to access network resources via unknown attack vectors. | |||||
| CVE-2013-2270 | 2 Airvana, Sprint | 3 Hubbub C1-600-rt, Airave, Airave Software | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the administration page in Airvana HubBub C1-600-RT and Sprint AIRAVE 2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-2289 | 1 Batavi | 1 Batavi | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/templates/default.php in Batavi 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to admin/index.php. | |||||
| CVE-2013-2290 | 1 Arubanetworks | 1 Arubaos | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the dashboard of the ArubaOS Administration WebUI in Aruba Networks ArubaOS 6.2.x before 6.2.0.3, 6.1.3.x before 6.1.3.7, 6.1.x-FIPS before 6.1.4.3-FIPS, and 6.1.x-AirGroup before 6.1.3.6-AirGroup, as used by Mobility Controller, allows remote wireless access points to inject arbitrary web script or HTML via a crafted SSID. | |||||
| CVE-2013-2298 | 1 Rom Walton | 1 Boinc | 2017-08-28 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in the XML parser in BOINC 7.x allow attackers to have unspecified impact via a crafted XML file, related to the scheduler. | |||||
| CVE-2013-2498 | 1 Simplehrm | 1 Simplehrm | 2017-08-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the login page in flexycms/modules/user/user_manager.php in SimpleHRM 2.3, 2.2, and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to index.php/user/setLogin. | |||||
| CVE-2013-2501 | 2 Terillion, Wordpress | 2 Terillion Reviews Plugin, Wordpress | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Terillion Reviews plugin before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ProfileId field. | |||||
| CVE-2013-2507 | 1 Brother | 2 Mfc-9970cdw, Mfc-9970cdw Firmware | 2017-08-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Brother MFC-9970CDW printer with firmware G (1.03) allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/log_to_net.html or (2) kind parameter to fax/copy_settings.html, a different vulnerability than CVE-2013-2670 and CVE-2013-2671. | |||||
| CVE-2013-2576 | 1 B-e-soft | 1 Artweaver | 2017-08-28 | 6.8 MEDIUM | N/A |
| Buffer overflow in Artweaver before 3.1.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted AWD file. | |||||
| CVE-2013-2577 | 1 Xnview | 1 Xnview | 2017-08-28 | 9.3 HIGH | N/A |
| Buffer overflow in XnView before 2.04 allows remote attackers to execute arbitrary code via a crafted PCT file. | |||||
| CVE-2013-2586 | 1 Apachefriends | 1 Xampp | 2017-08-28 | 4.3 MEDIUM | N/A |
| XAMPP 1.8.1 does not properly restrict access to xampp/lang.php, which allows remote attackers to modify xampp/lang.tmp and execute cross-site scripting (XSS) attacks via the WriteIntoLocalDisk method. | |||||
| CVE-2013-2594 | 1 Hornbill | 1 Supportworks Itsm | 2017-08-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in reports/calldiary.php in Hornbill Supportworks ITSM 1.0.0 through 3.4.14 allows remote attackers to execute arbitrary SQL commands via the callref parameter. | |||||
| CVE-2013-2601 | 1 Citrix | 1 Xenclient Xt | 2017-08-28 | 7.5 HIGH | N/A |
| The NDVM in Citrix XenClient XT before 2.1.3 and 3.x before 3.1.4 allows remote attackers to execute arbitrary commands by using the UIVM to create a network connection. | |||||
| CVE-2013-2618 | 1 Network-weathermap | 1 .network Weathermap | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in editor.php in Network Weathermap before 0.97b allows remote attackers to inject arbitrary web script or HTML via the map_title parameter. | |||||
| CVE-2013-2619 | 1 Aspen | 1 Aspen | 2017-08-28 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Aspen before 0.22 allows remote attackers to read arbitrary files via a .. (dot dot) to the default URI. | |||||