Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-5961 | 2 Danny Morris, Wordpress | 2 Lazy Seo, Wordpress | 2017-08-28 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in lazyseo.php in the Lazy SEO plugin 1.1.9 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in lazy-seo/. | |||||
| CVE-2013-5962 | 1 Envato | 1 Complete Gallery Manager Plugin | 2017-08-28 | 5.1 MEDIUM | N/A |
| Unrestricted file upload vulnerability in frames/upload-images.php in the Complete Gallery Manager plugin before 3.3.4 rev40279 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/[year]/[month]/. | |||||
| CVE-2013-5963 | 2 Cdsincdesign, Wordpress | 2 Simple Dropbox Upload Form, Wordpress | 2017-08-28 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in multi.php in Simple Dropbox Upload plugin before 1.8.8.1 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/wpdb/. | |||||
| CVE-2013-5970 | 1 Vmware | 2 Esx, Esxi | 2017-08-28 | 7.1 HIGH | N/A |
| hostd-vmdb in VMware ESXi 4.0 through 5.0 and ESX 4.0 through 4.1 allows remote attackers to cause a denial of service (hostd-vmdb service outage) by modifying management traffic. | |||||
| CVE-2013-5971 | 1 Vmware | 1 Vcenter Server | 2017-08-28 | 6.8 MEDIUM | N/A |
| Session fixation vulnerability in the vSphere Web Client Server in VMware vCenter Server 5.0 before Update 3 allows remote attackers to hijack web sessions and gain privileges via unspecified vectors. | |||||
| CVE-2013-5983 | 1 Guppy | 1 Guppy | 2017-08-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in GuppY before 4.6.28 allow remote attackers to inject arbitrary web script or HTML via the (1) "an" parameter to agenda.php or (2) cat parameter to mobile/thread.php. | |||||
| CVE-2013-6005 | 1 Cybozu | 1 Dezie | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Cybozu Dezie before 8.1.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to the Cancel button. | |||||
| CVE-2013-6010 | 2 Wearegumball, Wordpress | 2 Comment-attachment, Wordpress | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Comment Attachment plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "Attachment field title." | |||||
| CVE-2013-6013 | 1 Juniper | 13 Junos, Srx100, Srx110 and 10 more | 2017-08-28 | 6.8 MEDIUM | N/A |
| Buffer overflow in the flow daemon (flowd) in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7-S2, 12.1.X44 before 12.1X44-D15, 12.1X45 before 12.1X45-D10 on SRX devices, when using telnet pass-through authentication on the firewall, might allow remote attackers to execute arbitrary code via a crafted telnet message. | |||||
| CVE-2013-6016 | 1 F5 | 9 Big-ip Access Policy Manager, Big-ip Application Security Manager, Big-ip Edge Gateway and 6 more | 2017-08-28 | 7.8 HIGH | N/A |
| The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, APM, ASM, Edge Gateway, GTM, Link Controller, and WOM 10.0.0 through 10.2.2 and 11.0.0; Analytics 11.0.0; PSM 9.4.0 through 9.4.8, 10.0.0 through 10.2.4, and 11.0.0 through 11.4.1; and WebAccelerator 9.4.0 through 9.4.8, 10.0.0 through 10.2.4, and 11.0.0 through 11.3.0 might change a TCP connection to the ESTABLISHED state before receiving the ACK packet, which allows remote attackers to cause a denial of service (SIGFPE or assertion failure and TMM restart) via unspecified vectors. | |||||
| CVE-2013-6047 | 1 Ikiwiki Hosting Project | 1 Ikiwiki Hosting | 2017-08-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the site creation interface in ikiwiki-hosting before 0.20131025 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-6058 | 1 Apprain | 1 Apprain | 2017-08-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in appRain CMF 3.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to blog-by-cat/. | |||||
| CVE-2013-6074 | 1 Open-xchange | 1 Open-xchange Appsuite | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14 allows remote attackers to inject arbitrary web script or HTML via an attached SVG file. | |||||
| CVE-2013-6123 | 2 Codeaurora, Qualcomm | 2 Android-msm, Quic Mobile Station Modem Kernel | 2017-08-28 | 6.9 MEDIUM | N/A |
| Multiple array index errors in drivers/media/video/msm/server/msm_cam_server.c in the MSM camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to gain privileges by leveraging camera device-node access, related to the (1) msm_ctrl_cmd_done, (2) msm_ioctl_server, and (3) msm_server_send_ctrl functions. | |||||
| CVE-2013-6162 | 1 Code-crafters | 1 Ability Mail Server | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Code-Crafters Ability Mail Server 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the body of an email. | |||||
| CVE-2013-6163 | 1 Projeqtor | 1 Projeqtor | 2017-08-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ProjeQtOr (formerly Project'Or RIA) before 4.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) type parameter to view/parameter.php, (2) p1value parameter to view/main.php, or (3) objectClass parameter to view/objectDetail.php. | |||||
| CVE-2013-6164 | 1 Projeqtor | 1 Projeqtor | 2017-08-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view/objectDetail.php in Project'Or RIA 3.4.0 allows remote attackers to execute arbitrary SQL commands via the objectId parameter. | |||||
| CVE-2013-6168 | 1 Zikula | 1 Zikula Application Framework | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Zikula Application Framework before 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the returnpage parameter to index.php. | |||||
| CVE-2013-6196 | 1 Hp | 1 Autonomy Ultraseek | 2017-08-28 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in HP Autonomy Ultraseek 5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-6197 | 1 Hp | 3 Service Manager, Service Manager Web Client, Service Manager Web Tier | 2017-08-28 | 5.2 MEDIUM | N/A |
| Unspecified vulnerability in HP Service Manager WebTier and Windows Client 9.20 and 9.21 before 9.21.661 p8 allows remote authenticated users to execute arbitrary code via unknown vectors. | |||||