Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-1354 | 2 Joomla, Ternaria | 2 Joomla\!, Com Vjdeo | 2013-09-08 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the VJDEO (com_vjdeo) component 1.0 and 1.0.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-1228 | 1 Minigal | 1 Mg2 | 2013-09-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin.php in MG2 (formerly Minigal) allows remote attackers to inject arbitrary web script or HTML via the list parameter in an import action. | |||||
| CVE-2007-3544 | 1 Wordpress | 2 Wordpress, Wordpress Mu | 2013-09-07 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.php in WordPress 2.2.1 and WordPress MU 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code via unspecified vectors, possibly related to the wp_postmeta table and the use of custom fields in normal (non-attachment) posts. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-3543. | |||||
| CVE-2013-3742 | 1 Phpmyadmin | 1 Phpmyadmin | 2013-09-06 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in view_create.php (aka the Create View page) in phpMyAdmin 4.x before 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via an invalid SQL CREATE VIEW statement with a crafted name that triggers an error message. | |||||
| CVE-2012-5990 | 1 Cisco | 2 Prime Network Control System, Wireless Control System | 2013-09-06 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Health Monitor Login pages in Cisco Prime Network Control System (NCS) and Wireless Control System (WCS) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud18375. | |||||
| CVE-2013-3603 | 1 Trivantis | 1 Coursemill Learning Management System | 2013-09-06 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Coursemill Learning Management System (LMS) 6.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages. | |||||
| CVE-2013-3604 | 1 Trivantis | 1 Coursemill Learning Management System | 2013-09-06 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Coursemill Learning Management System (LMS) 6.6 allow remote attackers to inject arbitrary web script or HTML via crafted input. | |||||
| CVE-2013-3605 | 1 Trivantis | 1 Coursemill Learning Management System | 2013-09-06 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Coursemill Learning Management System (LMS) 6.6 allows remote attackers to hijack the authentication of arbitrary users via vectors related to cookies. | |||||
| CVE-2013-5706 | 1 Trivantis | 1 Coursemill Learning Management System | 2013-09-06 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Coursemill Learning Management System (LMS) 6.8 allow remote attackers to inject arbitrary web script or HTML via vectors related to error messages and (1) crafted event attributes or (2) > (greater than) characters that are optional within a browser's HTML implementation, a different issue than CVE-2013-3603. | |||||
| CVE-2013-5708 | 1 Trivantis | 1 Coursemill Learning Management System | 2013-09-06 | 6.8 MEDIUM | N/A |
| Coursemill Learning Management System (LMS) 6.8 constructs secret tokens based on time values, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via vectors related to cookies, a different vulnerability than CVE-2013-3605. | |||||
| CVE-2013-3600 | 1 Trivantis | 1 Coursemill Learning Management System | 2013-09-06 | 8.5 HIGH | N/A |
| Coursemill Learning Management System (LMS) 6.6 allows remote authenticated users to gain privileges via a modified userid value to unspecified functions. | |||||
| CVE-2013-2804 | 1 Softwaretoolbox | 1 Top Server | 2013-09-06 | 7.1 HIGH | N/A |
| The DNP Master Driver in Software Toolbox TOP Server before 5.12.140.0 allows remote attackers to cause a denial of service (master-station infinite loop) via crafted DNP3 packets to TCP port 20000 and allows physically proximate attackers to cause a denial of service (master-station infinite loop) via crafted input over a serial line. | |||||
| CVE-2013-5698 | 1 Open-xchange | 2 Open-xchange Appsuite, Open-xchange Server | 2013-09-06 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite and Server before 6.22.0 rev16, 6.22.1 before rev19, 7.0.1 before rev7, 7.0.2 before rev11, and 7.2.0 before rev8 allows remote authenticated users to inject arbitrary web script or HTML via a delivery=view action, aka Bug ID 26373, a different vulnerability than CVE-2013-3106. | |||||
| CVE-2013-1648 | 1 Open-xchange | 1 Open-xchange Server | 2013-09-06 | 3.5 LOW | N/A |
| The Subscriptions feature in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not properly validate the publication-source URL, which allows remote authenticated users to trigger arbitrary outbound TCP traffic via a crafted Source field, as demonstrated by (1) an ftp: URL, (2) a gopher: URL, or (3) an http://127.0.0.1/ URL, related to a "Server-side request forging (SSRF)" issue. | |||||
| CVE-2013-5707 | 1 Trivantis | 1 Coursemill Learning Management System | 2013-09-06 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Coursemill Learning Management System (LMS) 6.8 allow remote attackers to inject arbitrary web script or HTML via crafted input containing a %22 sequence, a different issue than CVE-2013-3604. | |||||
| CVE-2013-3602 | 1 Trivantis | 1 Coursemill Learning Management System | 2013-09-06 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admindocumentworker.jsp in Coursemill Learning Management System (LMS) 6.6 allows remote authenticated users to execute arbitrary SQL commands via the docID parameter. | |||||
| CVE-2013-3599 | 1 Trivantis | 1 Coursemill Learning Management System | 2013-09-06 | 9.3 HIGH | N/A |
| userlogin.jsp in Coursemill Learning Management System (LMS) 6.6 and 6.8 allows remote attackers to gain privileges via a modified user-role value to home.html. | |||||
| CVE-2013-1119 | 1 Cisco | 1 Webex Recording Format Player | 2013-09-06 | 9.3 HIGH | N/A |
| Buffer overflow in Cisco WebEx Recording Format (WRF) player T27 LD before SP32 EP16, T27 L10N before SP32_ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted DHT index value in JPEG data within a WRF file, aka Bug ID CSCuc24503. | |||||
| CVE-2013-1118 | 1 Cisco | 1 Webex Recording Format Player | 2013-09-06 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Cisco WebEx Recording Format (WRF) player T27 LD before SP32 EP16, T27 L10N before SP32_ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCuc27645. | |||||
| CVE-2013-1117 | 1 Cisco | 1 Webex Recording Format Player | 2013-09-06 | 9.3 HIGH | N/A |
| Buffer overflow in the exception handler in Cisco WebEx Recording Format (WRF) player T27 LD before SP32 EP16, T27 L10N before SP32_ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted WRF file, aka Bug ID CSCuc27639. | |||||