Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-4946 | 1 Bmc | 1 Service Desk Express | 2013-07-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in BMC Service Desk Express (SDE) 10.2.1.95 allow remote attackers to inject arbitrary web script or HTML via the (1) SelTab parameter to QV_admin.aspx, the (2) CallBack parameter to QV_grid.aspx, or the (3) HelpPage parameter to commonhelp.aspx. | |||||
| CVE-2013-4951 | 1 Mintboard | 1 Mintboard | 2013-07-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Mintboard 0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) pass parameter in views/login.php or (3) name or (4) pass parameter in views/signup.php. | |||||
| CVE-2013-4952 | 1 Elemata | 1 Elemata Cms | 2013-07-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in functions/global.php in Elemata CMS RC 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2013-4953 | 1 Topgames | 1 Top Games Script | 2013-07-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in play.php in Top Games Script 1.2 allows remote attackers to execute arbitrary SQL commands via the gid parameter. | |||||
| CVE-2013-3300 | 1 Liftweb | 1 Lift | 2013-07-29 | 4.0 MEDIUM | N/A |
| The JsonParser class in json/JsonParser.scala in Lift before 2.5 interprets a certain end-index value as a length value, which allows remote authenticated users to obtain sensitive information from other users' sessions via invalid input data containing a < (less than) character. | |||||
| CVE-2013-3580 | 1 Trustgo | 1 Antivirus \& Mobile Security | 2013-07-29 | 4.3 MEDIUM | N/A |
| The TrustGo Antivirus & Mobile Security application before 1.3.6 for Android allows attackers to cause a denial of service (application crash) via a crafted application that sends an intent to com.trustgo.mobile.security.USSDScannerActivity with zero arguments. | |||||
| CVE-2012-6349 | 2 Autonomy, Ibm | 2 Keyview Idol, Lotus Notes | 2013-07-28 | 9.3 HIGH | N/A |
| Buffer overflow in the .mdb parser in Autonomy KeyView IDOL, as used in IBM Notes 8.5.x before 8.5.3 FP4, allows remote attackers to execute arbitrary code via a crafted file, aka SPR KLYH92XL3W. | |||||
| CVE-2013-1955 | 1 Nashtech | 1 Easy Php Calendar | 2013-07-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php and (2) datePicker.php in Easy PHP Calendar 6.x and 7.x before 7.0.13 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-3274 | 1 Emc | 2 Avamar Server, Avamar Server Virtual Edition | 2013-07-28 | 9.0 HIGH | N/A |
| EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly determine authorization for calls to Java RMI methods, which allows remote authenticated users to execute arbitrary code via unspecified vectors. | |||||
| CVE-2013-3275 | 1 Emc | 2 Avamar Server, Avamar Server Virtual Edition | 2013-07-28 | 4.3 MEDIUM | N/A |
| EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly restrict use of FRAME elements, which makes it easier for remote attackers to obtain sensitive information via a crafted web site, related to "cross frame scripting vulnerabilities." | |||||
| CVE-2013-3665 | 1 Autodesk | 14 Autocad, Autocad Architecture, Autocad Civil 3d and 11 more | 2013-07-28 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in Autodesk AutoCAD through 2014, AutoCAD LT through 2014, and DWG TrueView through 2014 allows remote attackers to execute arbitrary code via a crafted DWG file. | |||||
| CVE-2013-4878 | 2 Linux, Parallels | 3 Linux Kernel, Parallels Plesk Panel, Parallels Small Business Panel | 2013-07-28 | 7.5 HIGH | N/A |
| The default configuration of Parallels Plesk Panel 9.0.x and 9.2.x on UNIX, and Small Business Panel 10.x on UNIX, has an improper ScriptAlias directive for phppath, which makes it easier for remote attackers to execute arbitrary code via a crafted request, a different vulnerability than CVE-2012-1823. | |||||
| CVE-2013-4937 | 1 Asus | 14 Dsl-n55u, Dsl-n56u Firmware, Rt-ac66u and 11 more | 2013-07-26 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the AiCloud feature on the ASUS RT-AC66U, RT-N66U, RT-N65U, RT-N14U, RT-N16, RT-N56U, and DSL-N55U with firmware before 3.0.4.372 have unknown impact and attack vectors. | |||||
| CVE-2012-1008 | 1 Officesip | 1 Officesip Server | 2013-07-25 | 5.0 MEDIUM | N/A |
| OfficeSIP Server 3.1 allows remote attackers to cause a denial of service (daemon crash) via a crafted To header in a SIP INVITE message. | |||||
| CVE-2012-6579 | 1 Bestpractical | 1 Request Tracker | 2013-07-25 | 6.4 MEDIUM | N/A |
| Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to configure encryption or signing for certain outbound e-mail, and possibly cause a denial of service (loss of e-mail readability), via an e-mail message to a queue's address. | |||||
| CVE-2013-3418 | 1 Cisco | 1 Unified Communications Domain Manager | 2013-07-25 | 6.8 MEDIUM | N/A |
| Cisco Unified Communications Domain Manager does not properly allocate memory for GET and POST requests, which allows remote authenticated users to cause a denial of service (memory consumption and process crash) via crafted requests to the management interface, aka Bug ID CSCud22922. | |||||
| CVE-2012-4680 | 1 Ioserver | 1 Ioserver | 2013-07-25 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in the XML Server in IOServer before 1.0.19.0, when the Root Directory pathname lacks a trailing \ (backslash) character, allows remote attackers to read arbitrary files or list arbitrary directories via a .. (dot dot) in a URI. | |||||
| CVE-2001-1096 | 1 Ibm | 1 Aix | 2013-07-25 | 4.6 MEDIUM | N/A |
| Buffer overflows in muxatmd in AIX 4 allows an attacker to cause a core dump and possibly execute code. | |||||
| CVE-2012-4735 | 2013-07-24 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6578, CVE-2012-6579, CVE-2012-6580, CVE-2012-6581. Reason: This candidate is a duplicate of CVE-2012-6578, CVE-2012-6579, CVE-2012-6580, and CVE-2012-6581. Notes: All CVE users should reference one or more of CVE-2012-6578, CVE-2012-6579, CVE-2012-6580, and CVE-2012-6581 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2012-6578 | 1 Bestpractical | 1 Request Tracker | 2013-07-24 | 4.3 MEDIUM | N/A |
| Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled with a "Sign by default" queue configuration, uses a queue's key for signing, which might allow remote attackers to spoof messages by leveraging the lack of authentication semantics. | |||||