Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-3787 | 1 Sap | 1 Netweaver | 2014-05-20 | 5.0 MEDIUM | N/A |
| SAP NetWeaver 7.20 and earlier allows remote attackers to read arbitrary SAP Central User Administration (SAP CUA) tables via unspecified vectors. | |||||
| CVE-2013-7385 | 1 Livezilla | 1 Livezilla | 2014-05-20 | 6.8 MEDIUM | N/A |
| LiveZilla 5.1.2.1 and earlier includes the MD5 hash of the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which allows remote attackers to obtain sensitive information and gain privileges by accessing the loginName and loginPassword variables using an independent cross-site scripting (XSS) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7033. | |||||
| CVE-2013-7033 | 1 Livezilla | 1 Livezilla | 2014-05-20 | 4.3 MEDIUM | N/A |
| LiveZilla before 5.1.2.1 includes the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which might allow remote attackers to obtain sensitive information and gain privileges by accessing the loginName and loginPassword variables using an independent cross-site scripting (XSS) attack. | |||||
| CVE-2013-6766 | 1 Openvas | 1 Openvas Administrator | 2014-05-20 | 7.5 HIGH | N/A |
| OpenVAS Administrator 1.2 before 1.2.2 and 1.3 before 1.3.2 allows remote attackers to bypass the OAP authentication restrictions and execute OAP commands via a crafted OAP request for version information, which causes the state to be set to CLIENT_AUTHENTIC. | |||||
| CVE-2013-4467 | 1 Vicidial | 1 Vicidial | 2014-05-19 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the agent interface (agc/) in VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier allow (1) remote attackers to execute arbitrary SQL commands via the campaign variable in SCRIPT_multirecording_AJAX.php, (2) remote authenticated users to execute arbitrary SQL commands via the server_ip parameter to manager_send.php, or (3) other unspecified vectors. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2013-1407 | 1 Netweblogic | 2 Events Manager, Events Manager Pro | 2014-05-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Events Manager plugin before 5.3.5 and Events Manager Pro plugin before 2.2.9 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) scope parameter to index.php; (2) user_name, (3) dbem_phone, (4) user_email, or (5) booking_comment parameter to an event with registration enabled; or the (6) _wpnonce parameter to wp-admin/edit.php. | |||||
| CVE-2013-7384 | 1 Unrealircd | 1 Unrealircd | 2014-05-19 | 5.0 MEDIUM | N/A |
| UnrealIRCd 3.2.10 before 3.2.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors, related to SSL. NOTE: this issue was SPLIT from CVE-2013-6413 per ADT2 due to different vulnerability types. | |||||
| CVE-2013-6994 | 1 Opentext | 1 Exceed Ondemand | 2014-05-19 | 6.4 MEDIUM | N/A |
| OpenText Exceed OnDemand (EoD) 8 transmits the session ID in cleartext, which allows remote attackers to perform session fixation attacks by sniffing the network. | |||||
| CVE-2013-6807 | 1 Opentext | 1 Exceed Ondemand | 2014-05-19 | 6.8 MEDIUM | N/A |
| The client in OpenText Exceed OnDemand (EoD) 8 supports anonymous ciphers by default, which allows man-in-the-middle attackers to bypass server certificate validation, redirect a connection, and obtain sensitive information via crafted responses. | |||||
| CVE-2013-6806 | 1 Opentext | 1 Exceed Ondemand | 2014-05-19 | 6.8 MEDIUM | N/A |
| OpenText Exceed OnDemand (EoD) 8 allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information via a crafted string in a response, which triggers a downgrade to simple authentication that sends credentials in plaintext. | |||||
| CVE-2013-6805 | 1 Opentext | 1 Exceed Ondemand | 2014-05-19 | 5.0 MEDIUM | N/A |
| OpenText Exceed OnDemand (EoD) 8 uses weak encryption for passwords, which makes it easier for (1) remote attackers to discover credentials by sniffing the network or (2) local users to discover credentials by reading a .eod8 file. | |||||
| CVE-2013-6765 | 1 Openvas | 1 Openvas Manager | 2014-05-19 | 7.5 HIGH | N/A |
| OpenVAS Manager 3.0 before 3.0.7 and 4.0 before 4.0.4 allows remote attackers to bypass the OMP authentication restrictions and execute OMP commands via a crafted OMP request for version information, which causes the state to be set to CLIENT_AUTHENTIC, as demonstrated by the omp_xml_handle_end_element function in omp.c. | |||||
| CVE-2013-6413 | 1 Unrealircd | 1 Unrealircd | 2014-05-19 | 5.0 MEDIUM | N/A |
| Use-after-free vulnerability in UnrealIRCd 3.2.10 before 3.2.10.2 allows remote attackers to cause a denial of service (crash) via unspecified vectors. NOTE: this identifier was SPLIT per ADT2 due to different vulnerability types. CVE-2013-7384 was assigned for the NULL pointer dereference. | |||||
| CVE-2013-4431 | 1 Mahara | 1 Mahara | 2014-05-19 | 5.5 MEDIUM | N/A |
| Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 does not properly prevent access to blocks, which allows remote authenticated users to modify arbitrary blocks via the bock id in an edit request. | |||||
| CVE-2013-4430 | 1 Mahara | 1 Mahara | 2014-05-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 allows remote attackers to inject arbitrary web script or HTML via the Host header to lib/web.php. | |||||
| CVE-2013-4429 | 1 Mahara | 1 Mahara | 2014-05-19 | 4.0 MEDIUM | N/A |
| Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 does not properly restrict access to artefacts, which allows remote authenticated users to read arbitrary artefacts via the (1) artefact id in an upload action when creating a journal or (2) instconf_artefactid_selected[ID] parameter in an upload action when editing a block. | |||||
| CVE-2013-4432 | 1 Mahara | 1 Mahara | 2014-05-19 | 4.0 MEDIUM | N/A |
| Mahara before 1.5.13, 1.6.x before 1.6.8, and 1.7.x before 1.7.4 does not properly restrict access to folders, which allows remote authenticated users to read arbitrary folders (1) by leveraging an active folder tab loaded before permissions were removed or (2) via the folder parameter to artefact/file/groupfiles.php. | |||||
| CVE-2013-4427 | 1 Leon Weber | 1 Pyxtrlock | 2014-05-19 | 2.1 LOW | N/A |
| pyxtrlock before 0.2 does not properly check the return values of the (1) xcb_grab_pointer and (2) xcb_grab_keyboard XCB library functions, which allows physically proximate attackers to gain access to the keyboard or mouse without unlocking the screen via unspecified vectors. | |||||
| CVE-2013-4426 | 1 Leon Weber | 1 Pyxtrlock | 2014-05-19 | 3.6 LOW | N/A |
| pyxtrlock before 0.1 uses an incorrect variable name, which allows physically proximate attackers to bypass the lock screen via multiple failed authentication attempts, which trigger a crash. | |||||
| CVE-2013-4406 | 1 Quick Tabs Module Project | 1 Quicktabs | 2014-05-19 | 5.0 MEDIUM | N/A |
| The Quick Tabs module 6.x-2.x before 6.x-2.2, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.6 for Drupal does not properly check block permissions, which allows remote attackers to obtain sensitive information by reading a Quick Tab. | |||||