Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-1116 | 1 Cisco | 1 Webex Advanced Recording Format Player | 2013-09-06 | 9.3 HIGH | N/A |
| Buffer overflow in Cisco WebEx Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T27 L10N before SP32_ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted ARF file, aka Bug IDs CSCue74147 and CSCub28383. | |||||
| CVE-2013-1115 | 1 Cisco | 1 Webex Advanced Recording Format Player | 2013-09-06 | 9.3 HIGH | N/A |
| Buffer overflow in Cisco WebEx Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T27 L10N before SP32_ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted ARF file, aka Bug IDs CSCue74118, CSCub28371, CSCud23401, and CSCud31109. | |||||
| CVE-2006-1220 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2013-09-05 | 4.6 MEDIUM | N/A |
| Integer overflow in the mach_msg_send function in the kernel for Mac OS X might allow local users to execute arbitrary code via unknown attack vectors related to a large message header size, which leads to a heap-based buffer overflow. | |||||
| CVE-2013-3597 | 1 Searchblox | 1 Searchblox | 2013-09-05 | 5.0 MEDIUM | N/A |
| servlet/CollectionListServlet in SearchBlox before 7.5 build 1 allows remote attackers to read usernames and passwords via a getList action. | |||||
| CVE-2013-4272 | 2 Botcha Spam Prevention Project, Drupal | 2 Botcha, Drupal | 2013-09-05 | 4.3 MEDIUM | N/A |
| The BOTCHA Spam Prevention module 7.x-1.x before 7.x-1.6, 7.x-2.x before 7.x-2.1, and 7.x-3.x before 7.x-3.3 for Drupal, when the debugging level is set to 5 or 6, logs the content of submitted forms, which allows context-dependent users to obtain sensitive information such as usernames and passwords by reading the log file. | |||||
| CVE-2013-3485 | 1 Lulusoftware | 1 Soda Pdf | 2013-09-05 | 6.9 MEDIUM | N/A |
| Multiple untrusted search path vulnerabilities in Soda PDF 5.1.183.10520 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) api-ms-win-core-localregistry-l1-1-0.dll file in the current working directory. | |||||
| CVE-2012-1901 | 1 Flexcms | 1 Flexcms | 2013-09-04 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in FlexCMS 3.2.1 and earlier allow remote attackers to (1) hijack the authentication of users for requests that change account settings via a request to index.php/profile-edit-save or (2) hijack the authentication of administrators for requests that add a new page via a request to admin/pages-new-save. | |||||
| CVE-2006-2205 | 1 Netbsd | 1 Netbsd | 2013-09-04 | 2.1 LOW | N/A |
| The audio_write function in NetBSD 3.0 allows local users to cause a denial of service (kernel crash) by using the audiosetinfo ioctl to change the sample rate of an audio device. | |||||
| CVE-2010-4849 | 1 Alibabaclone | 1 Alibaba Clone B2b | 2013-09-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in countrydetails.php in Alibaba Clone B2B 3.4 allows remote attackers to execute arbitrary SQL commands via the es_id parameter. | |||||
| CVE-2002-0658 | 1 Ossp | 1 Mm | 2013-09-03 | 6.2 MEDIUM | N/A |
| OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack. | |||||
| CVE-2012-6502 | 1 Microsoft | 1 Internet Explorer | 2013-09-03 | 2.6 LOW | N/A |
| Microsoft Internet Explorer before 10 allows remote attackers to obtain sensitive information about the existence of files, and read certain data from files, via a UNC share pathname in the SRC attribute of a SCRIPT element, as demonstrated by reading a name-value pair from a local file via a \\127.0.0.1\C$\ sequence. | |||||
| CVE-1999-0353 | 1 Hp | 1 Hp-ux | 2013-09-02 | 9.3 HIGH | N/A |
| rpc.pcnfsd in HP gives remote root access by changing the permissions on the main printer spool directory. | |||||
| CVE-2012-6571 | 1 Huawei | 18 Ar 18-1x, Ar 18-2x, Ar 18-3x and 15 more | 2013-09-01 | 7.5 HIGH | N/A |
| The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, and S7800 switches uses predictable Session ID values, which makes it easier for remote attackers to hijack sessions via a brute-force attack. | |||||
| CVE-2011-2486 | 1 Nspluginwrapper | 1 Nspluginwrapper | 2013-08-31 | 5.0 MEDIUM | N/A |
| nspluginwrapper before 1.4.4 does not properly provide access to NPNVprivateModeBool variable settings, which could prevent Firefox plugins from determining if they should run in Private Browsing mode and allow remote attackers to bypass intended access restrictions, as demonstrated using Flash. | |||||
| CVE-2013-3393 | 1 Cisco | 2 Jabber, Virtualization Experience Media Engine | 2013-08-30 | 5.0 MEDIUM | N/A |
| The Precision Video Engine component in Cisco Jabber for Windows and Cisco Virtualization Experience Media Engine allows remote attackers to cause a denial of service (process crash and call disconnection) via crafted RTP packets, aka Bug IDs CSCuh60706 and CSCue21117. | |||||
| CVE-2007-1724 | 1 Reactos | 1 Reactos | 2013-08-30 | 10.0 HIGH | N/A |
| Unspecified vulnerability in ReactOS 0.3.1 has unknown impact and attack vectors, related to a fix for "dozens of win32k bugs and failures," in which the fix itself introduces a vulnerability, possibly related to user-mode and kernel-mode copy failures. | |||||
| CVE-2006-6957 | 1 Docebo | 1 Docebo | 2013-08-30 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in addons/mod_media/body.php in Docebo 3.0.3 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[where_framework] parameter. NOTE: this issue might be resultant from a global overwrite vulnerability. This issue is similar to CVE-2006-2576 and CVE-2006-3107, but the vectors are different. | |||||
| CVE-2012-5744 | 1 Cisco | 1 Identity Services Engine Software | 2013-08-30 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the guest portal in Cisco Identity Services Engine (ISE) Software allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs CSCud11139 and CSCug02904. | |||||
| CVE-2013-1435 | 1 Cacti | 1 Cacti | 2013-08-29 | 7.5 HIGH | N/A |
| (1) snmp.php and (2) rrd.php in Cacti before 0.8.8b allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors. | |||||
| CVE-2007-2613 | 1 Wikkawiki | 1 Wikkawiki | 2013-08-29 | 8.3 HIGH | N/A |
| WikkaWiki (Wikka Wiki) before 1.1.6.3 allows attackers in a shared virtual host server environment to upload and execute an arbitrary configuration file by modifying the WAKKA_CONFIG environment variable. | |||||