Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-2940 | 1 Citrix | 1 Cloudportal Services Manager | 2013-09-13 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, a different vulnerability than other CVEs listed in CTX137162. | |||||
| CVE-2013-2934 | 1 Citrix | 1 Cloudportal Services Manager | 2013-09-13 | 10.0 HIGH | N/A |
| Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 does not properly restrict access to web services, which has unspecified impact and attack vectors, a different vulnerability than other CVEs listed in CTX137162. | |||||
| CVE-2013-2936 | 1 Citrix | 1 Cloudportal Services Manager | 2013-09-13 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, a different vulnerability than other CVEs listed in CTX137162. | |||||
| CVE-2010-1491 | 2 Joomla, Mms.pipp | 2 Joomla\!, Com Mmsblog | 2013-09-12 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the MMS Blog (com_mmsblog) component 2.3.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2010-1190 | 1 Mediawiki | 1 Mediawiki | 2013-09-12 | 4.3 MEDIUM | N/A |
| thumb.php in MediaWiki before 1.15.2, when used with access-restriction mechanisms such as img_auth.php, does not check user permissions before providing scaled images, which allows remote attackers to bypass intended access restrictions and read private images via unspecified manipulations. | |||||
| CVE-2009-3192 | 1 Linkorcms | 1 Linkorcms | 2013-09-12 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in LinkorCMS 1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the searchstr parameter in a search action; or the (2) nikname, (3) realname, (4) homepage, or (5) city parameter in a registration action. | |||||
| CVE-2007-4925 | 1 Ewire | 1 Payment Client | 2013-09-12 | 7.5 HIGH | N/A |
| The ewirePC_Decrypt function in ewirepcfunctions.php in eWire Payment Client (ePC) 1.60 and 1.70 allows remote attackers to execute arbitrary commands via shell metacharacters in the paymentinfo parameter to simplePHPLinux/3payment_receive.php. | |||||
| CVE-2013-3658 | 1 Vmware | 2 Esx, Esxi | 2013-09-12 | 9.4 HIGH | N/A |
| Directory traversal vulnerability in VMware ESXi 4.0 through 5.0, and ESX 4.0 and 4.1, allows remote attackers to delete arbitrary host OS files via unspecified vectors. | |||||
| CVE-2013-3360 | 1 Adobe | 1 Shockwave Player | 2013-09-12 | 10.0 HIGH | N/A |
| Adobe Shockwave Player before 12.0.4.144 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3359. | |||||
| CVE-2013-3359 | 1 Adobe | 1 Shockwave Player | 2013-09-12 | 10.0 HIGH | N/A |
| Adobe Shockwave Player before 12.0.4.144 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3360. | |||||
| CVE-2011-5147 | 1 Freewebshop | 1 Freewebshop | 2013-09-11 | 5.0 MEDIUM | N/A |
| Static code injection vulnerability in ajax_save_name.php in the Ajax File Manager module in the tinymce plugin in FreeWebshop 2.2.9 R2 and earlier allows remote attackers to inject arbitrary PHP code into data.php via the selected document, as demonstrated by a call to ajax_file_cut.php and then to ajax_save_name.php. | |||||
| CVE-2010-1049 | 1 Uiga | 1 Business Portal | 2013-09-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Uiga Business Portal allow remote attackers to execute arbitrary SQL commands via the (1) noentryid parameter to blog/index.php and the (2) p parameter to index2.php. | |||||
| CVE-2005-4476 | 1 Openedit Inc | 1 Openedit | 2013-09-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in store/search/results.html in OpenEdit 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) oe-action and (2) page parameters. | |||||
| CVE-2013-4973 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2013-09-11 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in RealNetworks RealPlayer before 16.0.3.51, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted .rmp file. | |||||
| CVE-2013-4974 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2013-09-11 | 9.3 HIGH | N/A |
| RealNetworks RealPlayer before 16.0.3.51, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed RealMedia file. | |||||
| CVE-2013-5095 | 1 Juniper | 3 Junos Space, Junos Space Ja1500 Appliance, Junos Space Virtual Appliance | 2013-09-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web-based interface in Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka PR 884469. | |||||
| CVE-2013-5096 | 1 Juniper | 3 Junos Space, Junos Space Ja1500 Appliance, Junos Space Virtual Appliance | 2013-09-11 | 4.0 MEDIUM | N/A |
| Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, does not properly implement role-based access control, which allows remote authenticated users to modify the configuration by leveraging the read-only privilege, aka PR 863804. | |||||
| CVE-2013-5097 | 1 Juniper | 3 Junos Space, Junos Space Ja1500 Appliance, Junos Space Virtual Appliance | 2013-09-11 | 4.0 MEDIUM | N/A |
| Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, does not properly restrict access to the list of user accounts and their MD5 password hashes, which makes it easier for remote authenticated users to obtain sensitive information via a dictionary attack, aka PR 879462. | |||||
| CVE-2013-5471 | 1 Cisco | 1 Global Site Selector | 2013-09-11 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Global Site Selector (GSS) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuh42164. | |||||
| CVE-2013-5641 | 1 Digium | 2 Asterisk, Certified Asterisk | 2013-09-11 | 5.0 MEDIUM | N/A |
| The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.17.x through 1.8.22.x, 1.8.23.x before 1.8.23.1, and 11.x before 11.5.1 and Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an ACK with SDP to a previously terminated channel. NOTE: some of these details are obtained from third party information. | |||||