Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-5025 | 1 Ni | 1 Labwindows | 2013-10-16 | 4.3 MEDIUM | N/A |
| An ActiveX control in exlauncher.dll in the Help subsystem in National Instruments LabWindows/CVI before 2013 allows remote attackers to cause a denial of service by triggering the display of local example files. | |||||
| CVE-2013-5539 | 1 Cisco | 2 Identity Services Engine, Identity Services Engine Software | 2013-10-16 | 6.0 MEDIUM | N/A |
| The upload-dialog implementation in Cisco Identity Services Engine (ISE) allows remote authenticated users to upload files with an arbitrary file type, and consequently conduct attacks against unspecified other systems, via a crafted file, aka Bug ID CSCui67511. | |||||
| CVE-2013-5541 | 1 Cisco | 2 Identity Services Engine, Identity Services Engine Software | 2013-10-16 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the file-upload interface in Cisco Identity Services Engine (ISE) allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename, aka Bug ID CSCui67495. | |||||
| CVE-2013-5540 | 1 Cisco | 2 Identity Services Engine, Identity Services Engine Software | 2013-10-16 | 6.8 MEDIUM | N/A |
| The file-upload feature in Cisco Identity Services Engine (ISE) allows remote authenticated users to cause a denial of service (disk consumption and administration-interface outage) by uploading many files, aka Bug ID CSCui67519. | |||||
| CVE-2013-5529 | 1 Cisco | 1 Webex Meetings Server | 2013-10-16 | 6.8 MEDIUM | N/A |
| The deployment module in the server in Cisco WebEx Meeting Center does not properly validate the passphrase, which allows remote attackers to launch a deployment or cause a denial of service (deployment interruption) via a direct request, aka Bug ID CSCuf52200. | |||||
| CVE-2013-5538 | 1 Cisco | 2 Identity Services Engine, Identity Services Engine Software | 2013-10-16 | 5.0 MEDIUM | N/A |
| The Sponsor Portal in Cisco Identity Services Engine (ISE) uses weak permissions for uploaded files, which allows remote attackers to read arbitrary files via a direct request, aka Bug ID CSCui67506. | |||||
| CVE-2012-4121 | 1 Cisco | 1 Nx-os | 2013-10-16 | 6.8 MEDIUM | N/A |
| Cisco NX-OS allows local users to gain privileges, and read or modify arbitrary files, via the sed (1) r and (2) w commands, aka Bug IDs CSCts56559, CSCts56565, CSCts56570, and CSCts56574. | |||||
| CVE-2013-5931 | 1 Real-estate-php-script | 1 Real Estate Php Script | 2013-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in property_listings_detail.php in Real Estate PHP Script allows remote attackers to execute arbitrary SQL commands via the listingid parameter. | |||||
| CVE-2013-3616 | 1 Knowledgeview | 1 Knowledgeview Editorial And Management Application | 2013-10-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the KnowledgeView Editorial and Management application allows remote attackers to inject arbitrary web script or HTML via the username parameter. | |||||
| CVE-2013-5506 | 1 Cisco | 1 Firewall Services Module Software | 2013-10-15 | 6.6 MEDIUM | N/A |
| The authorization functionality in Cisco Firewall Services Module (FWSM) 3.1.x and 3.2.x before 3.2(25) and 4.x before 4.1(13), when multiple-context mode is enabled, allows local users to read or modify any context's configuration via unspecified commands, aka Bug ID CSCue46080. | |||||
| CVE-2013-5911 | 1 Tenable | 1 Securitycenter | 2013-10-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in devform.php in Tenable SecurityCenter 4.6 through 4.7 allows remote attackers to inject arbitrary web script or HTML via the message parameter. | |||||
| CVE-2013-2787 | 1 Alstom | 1 E-terracontrol | 2013-10-15 | 7.8 HIGH | N/A |
| Alstom e-terracontrol 3.5, 3.6, and 3.7 allows remote attackers to cause a denial of service (infinite loop) via crafted DNP3 packets. | |||||
| CVE-2012-4108 | 1 Cisco | 1 Unified Computing System | 2013-10-15 | 6.8 MEDIUM | N/A |
| The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute arbitrary operating-system commands via crafted parameters to a file-related command, aka Bug ID CSCtq86554. | |||||
| CVE-2012-4709 | 1 Invensys | 1 Wonderware Intouch | 2013-10-15 | 6.9 MEDIUM | N/A |
| Invensys Wonderware InTouch HMI 2012 R2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2013-6079 | 1 Mostgear | 1 Easy Lan Folder Share | 2013-10-15 | 7.2 HIGH | N/A |
| Buffer overflow in MostGear Soft Easy LAN Folder Share 3.2.0.100 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string in the (1) registration code field in the activate license window or the (2) HKLM\SOFTWARE\MostGear\EasyLanFolderShare_V1\License registry key. NOTE: it is not clear from the original report whether this issue crosses privilege boundaries. If not, then it should not be included in CVE. | |||||
| CVE-2013-4319 | 1 Adaptivecomputing | 1 Torque Resource Manager | 2013-10-15 | 9.0 HIGH | N/A |
| pbs_mom in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 2.5.x, 4.x, and earlier does not properly restrict access by unprivileged ports, which allows remote authenticated users to execute arbitrary jobs by submitting a command. | |||||
| CVE-2013-4203 | 1 Richard Cook | 1 Rgpg | 2013-10-15 | 7.5 HIGH | N/A |
| The self.run_gpg function in lib/rgpg/gpg_helper.rb in the rgpg gem before 0.2.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors. | |||||
| CVE-2013-4173 | 1 Xymon | 1 Xymon | 2013-10-15 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the trend-data daemon (xymond_rrd) in Xymon 4.x before 4.3.12 allows remote attackers to delete arbitrary files via a .. (dot dot) in the host name in a "drophost" command. | |||||
| CVE-2013-4167 | 1 Cmsmadesimple | 1 Cms Made Simple | 2013-10-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) before 1.11.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-3693 | 1 Blackberry | 1 Blackberry Enterprise Service | 2013-10-15 | 7.9 HIGH | N/A |
| The BlackBerry Universal Device Service in BlackBerry Enterprise Service (BES) 10.0 through 10.1.2 does not properly restrict access to the JBoss Remote Method Invocation (RMI) interface, which allows remote attackers to upload and execute arbitrary packages via a request to port 1098. | |||||