Total
210374 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2005-4483 | 1 Iatek | 1 Siteenable | 2013-08-29 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in login.asp in SiteEnable 3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the ret_page parameter. | |||||
CVE-2013-5648 | 1 Id | 2 Id-software, Libdigidoc | 2013-08-29 | 6.8 MEDIUM | N/A |
Absolute path traversal vulnerability in the handleStartDataFile function in DigiDocSAXParser.c in libdigidoc 3.6.0.0, as used in ID-software before 3.7.2 and other products, allows remote attackers to overwrite arbitrary files via a filename beginning with / (slash) or \ (backslash) in a DDOC file. | |||||
CVE-2013-5647 | 2 Adam Zaninovich, Ruby-lang | 2 Sounder, Ruby | 2013-08-29 | 7.5 HIGH | N/A |
lib/sounder/sound.rb in the sounder gem 1.0.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a filename. | |||||
CVE-2013-5646 | 1 Roundcube | 1 Webmail | 2013-08-29 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in Roundcube webmail 1.0-git allows remote authenticated users to inject arbitrary web script or HTML via the Name field of an addressbook group. | |||||
CVE-2013-4274 | 2 Drupal, Erikwebb | 2 Drupal, Password Policy | 2013-08-29 | 2.1 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the password_policy_admin_view function in password_policy.admin.inc in the Password Policy module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with the "Administer policies" permission to inject arbitrary web script or HTML via the "Password Expiration Warning" field to the admin/config/people/password_policy/add page. | |||||
CVE-2013-4139 | 2 Drupal, Stage File Proxy Project | 2 Drupal, Stage File Proxy | 2013-08-29 | 5.0 MEDIUM | N/A |
The Stage File Proxy module 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to cause a denial of service (file operations performance degradation and failure) via a large number of requests. | |||||
CVE-2013-2800 | 1 Osisoft | 1 Pi Interface | 2013-08-29 | 5.0 MEDIUM | N/A |
The OSIsoft PI Interface for IEEE C37.118 before 1.0.6.158 allows remote attackers to cause a denial of service (memory consumption or memory corruption, instance shutdown, and data-collection outage) via crafted C37.118 configuration packets. | |||||
CVE-2013-3453 | 1 Cisco | 2 Unified Communications Manager, Unified Presence | 2013-08-29 | 7.8 HIGH | N/A |
Memory leak in Cisco Unified Communications Manager IM and Presence Service before 8.6(5)SU1 and 9.x before 9.1(2), and Cisco Unified Presence, allows remote attackers to cause a denial of service (memory and CPU consumption) by making many TCP connections to port (1) 5060 or (2) 5061, aka Bug ID CSCud84959. | |||||
CVE-2013-3586 | 1 Samsung | 2 Dvr, Smart Viewer | 2013-08-29 | 7.6 HIGH | N/A |
Samsung Web Viewer for Samsung DVR devices allows remote attackers to bypass authentication via an arbitrary SessionID value in a cookie. | |||||
CVE-2013-2782 | 1 Schneider-electric | 2 Tburjr900, Tburjr900 Firmware | 2013-08-29 | 9.3 HIGH | N/A |
Schneider Electric Trio J-Series License Free Ethernet Radio with firmware 3.6.0 through 3.6.3 uses the same AES encryption key across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation. | |||||
CVE-2013-3583 | 1 Corporater | 1 Epm Suite | 2013-08-29 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in saveProperties.html in Corporater EPM Suite allows remote attackers to hijack the authentication of arbitrary users for requests that change passwords. | |||||
CVE-2013-2176 | 1 Redhat | 1 Enterprise Virtualization | 2013-08-29 | 7.2 HIGH | N/A |
Unquoted Windows search path vulnerability in the Red Hat Enterprise Virtualization Application Provisioning Tool (RHEV-APT) in the rhev-guest-tools-iso package 3.2 allows local users to gain privileges via a Trojan horse application. | |||||
CVE-2013-0232 | 1 Zoneminder | 1 Zoneminder | 2013-08-28 | 7.5 HIGH | N/A |
includes/functions.php in ZoneMinder Video Server 1.24.0, 1.25.0, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) runState parameter in the packageControl function; or (2) key or (3) command parameter in the setDeviceStatusX10 function. | |||||
CVE-2012-2671 | 1 Rtomayko | 1 Rack-cach | 2013-08-27 | 7.5 HIGH | N/A |
The Rack::Cache rubygem 0.3.0 through 1.1 caches Set-Cookie and other sensitive headers, which allows attackers to obtain sensitive cookie information, hijack web sessions, or have other unspecified impact by accessing the cache. | |||||
CVE-2011-1848 | 1 Hp | 1 Intelligent Management Center | 2013-08-27 | 10.0 HIGH | N/A |
Stack-based buffer overflow in img.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a crafted length field in a packet. | |||||
CVE-2010-5020 | 1 Netartmedia | 1 Iboutique | 2013-08-27 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in NetArt Media iBoutique 4.0 allows remote attackers to execute arbitrary SQL commands via the page parameter. | |||||
CVE-2009-4456 | 1 Greendesktiny | 1 Green Desktiny | 2013-08-27 | 7.5 HIGH | N/A |
SQL injection vulnerability in news_detail.php in Green Desktiny 2.3.1, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2007-4656 | 1 Backup Manager | 1 Backup Manager | 2013-08-27 | 2.1 LOW | N/A |
backup-manager-upload in Backup Manager before 0.6.3 provides the FTP server hostname, username, and password as plaintext command line arguments during FTP uploads, which allows local users to obtain sensitive information by listing the process and its arguments, a different vulnerability than CVE-2007-2766. | |||||
CVE-2007-1523 | 1 Netbsd | 1 Netbsd | 2013-08-27 | 7.5 HIGH | N/A |
Heap-based buffer overflow in the kernel in NetBSD 3.0, certain versions of FreeBSD and OpenBSD, and possibly other BSD derived operating systems allows local users to have an unknown impact. NOTE: this information is based upon a vague pre-advisory with no actionable information. Details will be updated after 20070329. | |||||
CVE-2012-4733 | 1 Bestpractical | 1 Rt | 2013-08-27 | 6.0 MEDIUM | N/A |
Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the DeleteTicket and "custom lifecycle transition" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors. |