Total
210374 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2010-5289 | 1 Incredimail | 1 Incredimail | 2013-08-27 | 7.5 HIGH | N/A |
Buffer overflow in the Authenticate method in the INCREDISPOOLERLib.Pop ActiveX control in ImSpoolU.dll in IncrediMail 2.0 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long string in the first argument. | |||||
CVE-2012-6584 | 1 Myrephp | 1 Myre Realty Manager | 2013-08-27 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in MYRE Realty Manager allow remote attackers to execute arbitrary SQL commands via the bathrooms1 parameter to (1) demo2/search.php or (2) search.php. | |||||
CVE-2012-6586 | 1 Myrephp | 1 Myre Vacation Rental | 2013-08-27 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in MYRE Vacation Rental Software allow remote attackers to execute arbitrary SQL commands via the (1) garage1 or (2) bathrooms1 parameter to vacation/1_mobile/search.php, or (3) unspecified input to vacation/widgate/request_more_information.php. | |||||
CVE-2012-6587 | 1 Myrephp | 1 Myre Vacation Rental | 2013-08-27 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in vacation/1_mobile/alert_members.php in MYRE Vacation Rental Software allows remote attackers to inject arbitrary web script or HTML via the link_idd parameter in a login action. | |||||
CVE-2012-6588 | 1 Myrephp | 1 Myre Business Directory | 2013-08-27 | 7.5 HIGH | N/A |
SQL injection vulnerability in links.php in MYRE Business Directory allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||||
CVE-2013-3387 | 1 Cisco | 1 Prime Central For Hosted Collaboration Solution Assurance | 2013-08-27 | 7.8 HIGH | N/A |
Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance 8.6 and 9.x before 9.2(1) allows remote attackers to cause a denial of service (disk consumption) via a flood of TCP packets to port 5400, leading to large error-log files, aka Bug ID CSCua42724. | |||||
CVE-2013-3389 | 1 Cisco | 1 Prime Central For Hosted Collaboration Solution Assurance | 2013-08-27 | 7.8 HIGH | N/A |
Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance 8.6 and 9.x before 9.2(1) allows remote attackers to cause a denial of service (memory consumption) via a flood of TCP packets to port (1) 61615 or (2) 61616, aka Bug ID CSCtz90114. | |||||
CVE-2013-3390 | 1 Cisco | 1 Prime Central For Hosted Collaboration Solution Assurance | 2013-08-27 | 7.8 HIGH | N/A |
Memory leak in Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance 8.6 and 9.x before 9.2(1) allows remote attackers to cause a denial of service (memory consumption) via a flood of TCP packets, aka Bug ID CSCub59158. | |||||
CVE-2013-3369 | 1 Bestpractical | 1 Rt | 2013-08-27 | 6.0 MEDIUM | N/A |
Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote authenticated users with the permissions to view the administration pages to execute arbitrary private components via unspecified vectors. | |||||
CVE-2013-4218 | 1 Intel | 1 Wimax Network Service | 2013-08-27 | 2.1 LOW | N/A |
The InitMethodAndPassword function in InfraStack/OSAgnostic/WiMax/Agents/Supplicant/Source/SupplicantAgent.c in the Intel WiMAX Network Service through 1.5.2 for Intel Wireless WiMAX Connection 2400 devices uses the same RSA private key in supplicant_key.pem on all systems, which allows local users to obtain sensitive information via unspecified decryption operations. | |||||
CVE-2013-3372 | 1 Bestpractical | 1 Rt | 2013-08-27 | 4.3 MEDIUM | N/A |
Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject multiple Content-Disposition HTTP headers and possibly conduct cross-site scripting (XSS) attacks via unspecified vectors. | |||||
CVE-2013-4216 | 1 Intel | 1 Wimax Network Service | 2013-08-27 | 2.1 LOW | N/A |
The Trace_OpenLogFile function in InfraStack/OSDependent/Linux/InfraStackModules/TraceModule/TraceModule.c in the Trace module in the Intel WiMAX Network Service through 1.5.2 for Intel Wireless WiMAX Connection 2400 devices uses world-writable permissions for wimaxd.log, which allows local users to cause a denial of service (data corruption) by modifying this file. | |||||
CVE-2013-3720 | 2 Feedweb, Wordpress | 2 Feedweb, Wordpress | 2013-08-27 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in widget_remove.php in the Feedweb plugin before 1.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wp_post_id parameter. | |||||
CVE-2008-0993 | 1 Apple | 3 Mac Os X, Mac Os X Server, Podcast Producer | 2013-08-26 | 2.1 LOW | N/A |
Podcast Capture in Podcast Producer for Apple Mac OS X 10.5.2 invokes a subtask with passwords in command line arguments, which allows local users to read the passwords via process listings. | |||||
CVE-2007-2625 | 1 Aiocp | 1 Aiocp | 2013-08-26 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in shared/code/cp_authorization.php in All In One Control Panel (AIOCP) before 1.3.016 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. NOTE: some of these details are obtained from third party information. | |||||
CVE-2013-4266 | 2013-08-26 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-5123. Reason: This candidate is a reservation duplicate of CVE-2013-5123. Notes: All CVE users should reference CVE-2013-5123 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
CVE-2013-4328 | 2013-08-26 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-4238. Reason: This candidate is a duplicate of CVE-2013-4238. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2013-4238 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
CVE-2012-4464 | 1 Ruby-lang | 1 Ruby | 2013-08-26 | 5.0 MEDIUM | N/A |
Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the (1) exc_to_s or (2) name_err_to_s API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466. NOTE: this issue might exist because of a CVE-2011-1005 regression. | |||||
CVE-2012-1118 | 1 Mantisbt | 1 Mantisbt | 2013-08-26 | 4.3 MEDIUM | N/A |
The access_has_bug_level function in core/access_api.php in MantisBT before 1.2.9 does not properly restrict access when the private_bug_view_threshold is set to an array, which allows remote attackers to bypass intended restrictions and perform certain operations on private bug reports. | |||||
CVE-2012-1122 | 1 Mantisbt | 1 Mantisbt | 2013-08-26 | 3.6 LOW | N/A |
bug_actiongroup.php in MantisBT before 1.2.9 does not properly check the report_bug_threshold permission of the receiving project when moving a bug report, which allows remote authenticated users with the report_bug_threshold and move_bug_threshold privileges for a project to bypass intended access restrictions and move bug reports to a different project. |