Total
210374 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-4600 | 1 Alkacon | 1 Opencms | 2013-08-12 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Alkacon OpenCms before 8.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to system/workplace/views/admin/admin-main.jsp or the (2) requestedResource parameter to system/login/index.html. | |||||
CVE-2013-3253 | 2 Wordpress, Xhanch | 2 Wordpress, My Twitter | 2013-08-12 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in admin/setting.php in the Xhanch - My Twitter plugin before 2.7.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change unspecified settings. | |||||
CVE-2013-0150 | 1 F5 | 2 Big-ip Access Policy Manager, Firepass | 2013-08-12 | 9.3 HIGH | N/A |
Directory traversal vulnerability in an unspecified signed Java applet in the client-side components in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, FirePass 6.0.0 through 6.1.0 and 7.0.0, and other products "when APM is provisioned," allows remote attackers to upload and execute arbitrary files via a .. (dot dot) in the filename parameter. | |||||
CVE-2013-3544 | 2013-08-09 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-3544. Reason: This candidate is a duplicate of CVE-2012-3544. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2012-3544 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
CVE-2013-3454 | 1 Cisco | 11 Telepresence System 1300, Telepresence System 1300-65, Telepresence System 3000 and 8 more | 2013-08-09 | 10.0 HIGH | N/A |
Cisco TelePresence System Software 1.10.1 and earlier on 500, 13X0, 1X00, 30X0, and 3X00 devices, and 6.0.3 and earlier on TX 9X00 devices, has a default password for the pwrecovery account, which makes it easier for remote attackers to modify the configuration or perform arbitrary actions via HTTPS requests, aka Bug ID CSCui43128. | |||||
CVE-2013-4678 | 1 Symantec | 1 Backup Exec | 2013-08-09 | 2.7 LOW | N/A |
The NDMP protocol implementation in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allows remote authenticated users to obtain sensitive host-version information via unspecified vectors. | |||||
CVE-2009-4584 | 1 Dbmasters | 1 Db Masters Multimedia Links Directory | 2013-08-08 | 7.5 HIGH | N/A |
admin.php in dB Masters Multimedia Links Directory 3.1.3 allows remote attackers to bypass authentication and gain administrative access via a certain value of the admin_log cookie. | |||||
CVE-2007-5509 | 1 Oracle | 1 Database Server | 2013-08-08 | 6.5 MEDIUM | N/A |
Unspecified vulnerability in the Spatial component in Oracle Database 9.2.0.8 and 9.2.0.8DV has unknown impact and remote attack vectors, aka DB06. | |||||
CVE-2007-6062 | 1 Ngircd | 1 Ngircd | 2013-08-06 | 5.0 MEDIUM | N/A |
irc-channel.c in ngIRCd before 0.10.3 allows remote attackers to cause a denial of service (crash) via a JOIN command without a channel argument. | |||||
CVE-2013-1610 | 1 Symantec | 2 Encryption Desktop, Pgp Desktop | 2013-08-05 | 6.8 MEDIUM | N/A |
Unquoted Windows search path vulnerability in RDDService in Symantec PGP Desktop 10.0.x through 10.2.x and Symantec Encryption Desktop 10.3.0 before MP3 allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory. | |||||
CVE-2013-3442 | 1 Cisco | 1 Unified Communications Manager | 2013-08-05 | 4.0 MEDIUM | N/A |
The web portal in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive stack-trace information via unspecified vectors that trigger a stack exception, aka Bug ID CSCug34854. | |||||
CVE-2013-3450 | 1 Cisco | 1 Unified Communications Manager | 2013-08-05 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in the User WebDialer page in Cisco Unified Communications Manager (Unified CM) allows remote attackers to hijack the authentication of arbitrary users for requests that dial calls, aka Bug ID CSCui13028. | |||||
CVE-2013-3451 | 1 Cisco | 1 Unified Communications Manager | 2013-08-05 | 6.8 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Unified Communications Manager (Unified CM) allow remote attackers to hijack the authentication of arbitrary users for requests that perform arbitrary Unified CM operations, aka Bug ID CSCui13033. | |||||
CVE-2011-3918 | 1 Google | 1 Android | 2013-08-03 | 7.8 HIGH | N/A |
The Zygote process in Android 4.0.3 and earlier accepts fork requests from processes with arbitrary UIDs, which allows remote attackers to cause a denial of service (reboot loop) via a crafted application. | |||||
CVE-2011-0277 | 1 Hp | 1 Power Manager | 2013-08-03 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in HP Power Manager (HPPM) 4.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts. | |||||
CVE-2002-0788 | 1 Pgp | 3 Corporate Desktop, Freeware, Personal Security | 2013-08-02 | 2.1 LOW | N/A |
An interaction between PGP 7.0.3 with the "wipe deleted files" option, when used on Windows Encrypted File System (EFS), creates a cleartext temporary files that cannot be wiped or deleted due to strong permissions, which could allow certain local users or attackers with physical access to obtain cleartext information. | |||||
CVE-2013-4652 | 1 Siemens | 17 Scalance W700 Series Firmware, Scalance W744-1, Scalance W744-1pro and 14 more | 2013-08-01 | 10.0 HIGH | N/A |
Unspecified vulnerability in the command-line management interface on Siemens Scalance W7xx devices with firmware before 4.5.4 allows remote attackers to bypass authentication and execute arbitrary code via a (1) SSH or (2) TELNET connection. | |||||
CVE-2012-3913 | 1 Cisco | 2 Vc240 Network Bullet Camera, Video Surveillance Vc220 Network Dome Camera | 2013-08-01 | 5.0 MEDIUM | N/A |
The Cisco VC220 and VC240 cameras allow remote attackers to cause a denial of service (WebUI outage) via crafted packets, aka Bug IDs CSCtf73188, CSCtf88059, CSCtf87951, CSCtf87908, and CSCtf88019. | |||||
CVE-2012-5460 | 1 Juniper | 17 Fips Secure Access 4000, Fips Secure Access 4500, Fips Secure Access 6000 and 14 more | 2013-08-01 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject arbitrary web script or HTML via the WWHSearchWordsText parameter. | |||||
CVE-2013-4651 | 1 Siemens | 17 Scalance W700 Series Firmware, Scalance W744-1, Scalance W744-1pro and 14 more | 2013-08-01 | 6.6 MEDIUM | N/A |
Siemens Scalance W7xx devices with firmware before 4.5.4 use the same hardcoded X.509 certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust relationship. |