Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-6521 | 1 Elefantcms | 1 Elefantcms | 2013-01-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in apps/admin/handlers/versions.php in Elefant CMS 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter to admin/versions. | |||||
| CVE-2011-5254 | 2 Connections Project, Wordpress | 2 Connections, Wordpress | 2013-01-22 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Connections plugin before 0.7.1.6 for WordPress has unknown impact and attack vectors. | |||||
| CVE-2012-6500 | 1 Pragyan Cms Project | 1 Pragyan Cms | 2013-01-22 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in download.lib.php in Pragyan CMS 3.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the fileget parameter in a profile action to index.php. | |||||
| CVE-2012-6315 | 2013-01-22 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-0209. Reason: This candidate is a reservation duplicate of CVE-2013-0209. Notes: All CVE users should reference CVE-2013-0209 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2012-2291 | 3 Apple, Emc, Hp | 4 Mac Os X, Avamar, Avamar Plugin and 1 more | 2013-01-21 | 7.2 HIGH | N/A |
| EMC Avamar Client 4.x, 5.x, and 6.x on HP-UX and Mac OS X, and the EMC Avamar plugin 4.x, 5.x, and 6.x for Oracle, uses world-writable permissions for cache directories, which allows local users to gain privileges via an unspecified symlink attack. | |||||
| CVE-2013-0655 | 1 Schneider-electric | 1 Software Update Utility | 2013-01-21 | 9.3 HIGH | N/A |
| The client in Schneider Electric Software Update (SESU) Utility 1.0.x and 1.1.x does not ensure that updates have a valid origin, which allows man-in-the-middle attackers to spoof updates, and consequently execute arbitrary code, by modifying the data stream on TCP port 80. | |||||
| CVE-2013-0656 | 1 Siemens | 2 Simatic Rf-manager, Simatic Rf-manager 2008 | 2013-01-21 | 6.8 MEDIUM | N/A |
| Buffer overflow in a third-party ActiveX component in Siemens SIMATIC RF-MANAGER 2008, and RF-MANAGER Basic 3.0 and earlier, allows remote attackers to execute arbitrary code via a crafted web site. | |||||
| CVE-2012-4607 | 1 Emc | 1 Networker | 2013-01-20 | 9.3 HIGH | N/A |
| Buffer overflow in nsrindexd in EMC NetWorker 7.5.x and 7.6.x before 7.6.5, and 8.x before 8.0.0.6, allows remote attackers to execute arbitrary code via crafted SunRPC data. | |||||
| CVE-2012-5184 | 1 Olivetoast | 1 Documents Pro File Viewer | 2013-01-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Olive Toast Documents Pro File Viewer (formerly Files HD) app before 1.11.1 for iOS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-5874 | 1 Elite-board | 1 Elite Bulletin Board | 2013-01-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the (1) update_whosonline_reg and (2) update_whosonline_guest functions in Elite Bulletin Board before 2.1.22 allow remote attackers to execute arbitrary SQL commands via the PATH_INFO to (a) checkuser.php, (b) groups.php, (c) index.php, (d) login.php, (e) quicklogin.php, (f) register.php, (g) Search.php, (h) viewboard.php, or (i) viewtopic.php. | |||||
| CVE-2012-5531 | 1 Redhat | 1 Jboss Enterprise Portal Platform | 2013-01-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the GateIn Portal in JBoss Enterprise Portal Platform 5.2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-5875 | 1 Fireflymediaserver | 1 Firefly Media Server | 2013-01-18 | 5.0 MEDIUM | N/A |
| Firefly Media Server 1.0.0.1359 allows remote attackers to cause a denial of service (NULL pointer dereference) via a (1) crafted Connection HTTP header; a return carriage control character in the (2) Accept Language header, (3) User-agent header, (4) Host header, or (5) protocol version; or a (6) crafted HTTP protocol version. | |||||
| CVE-2012-5429 | 2 Cisco, Microsoft | 2 Vpn Client, Windows | 2013-01-17 | 4.6 MEDIUM | N/A |
| The VPN driver in Cisco VPN Client on Windows does not properly interact with the kernel, which allows local users to cause a denial of service (kernel fault and system crash) via a crafted application, aka Bug ID CSCuc81669. | |||||
| CVE-2012-5972 | 1 Specview | 1 Specview | 2013-01-17 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the web server in SpecView 2.5 build 853 and earlier allows remote attackers to read arbitrary files via a ... (dot dot dot) in a URI. | |||||
| CVE-2013-0172 | 1 Samba | 1 Samba | 2013-01-17 | 3.5 LOW | N/A |
| Samba 4.0.x before 4.0.1, in certain Active Directory domain-controller configurations, does not properly interpret Access Control Entries that are based on an objectClass, which allows remote authenticated users to bypass intended restrictions on modifying LDAP directory objects by leveraging (1) objectClass access by a user, (2) objectClass access by a group, or (3) write access to an attribute. | |||||
| CVE-2013-0625 | 1 Adobe | 1 Coldfusion | 2013-01-17 | 6.8 MEDIUM | N/A |
| Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, as exploited in the wild in January 2013. | |||||
| CVE-2013-0629 | 1 Adobe | 1 Coldfusion | 2013-01-17 | 4.3 MEDIUM | N/A |
| Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10, when a password is not configured, allows attackers to access restricted directories via unspecified vectors, as exploited in the wild in January 2013. | |||||
| CVE-2013-0631 | 1 Adobe | 1 Coldfusion | 2013-01-17 | 5.0 MEDIUM | N/A |
| Adobe ColdFusion 9.0, 9.0.1, and 9.0.2 allows attackers to obtain sensitive information via unspecified vectors, as exploited in the wild in January 2013. | |||||
| CVE-2010-2793 | 1 Redhat | 2 Enterprise Virtualization Manager, Spice-activex | 2013-01-15 | 6.8 MEDIUM | N/A |
| Race condition in the SPICE (aka spice-activex) plug-in for Internet Explorer in Red Hat Enterprise Virtualization (RHEV) Manager before 2.2.4 allows local users to create a certain named pipe, and consequently gain privileges, via vectors involving knowledge of the name of this named pipe, in conjunction with use of the ImpersonateNamedPipeClient function. | |||||
| CVE-2012-5155 | 2 Apple, Google | 2 Mac Os X, Chrome | 2013-01-15 | 5.0 MEDIUM | N/A |
| Google Chrome before 24.0.1312.52 on Mac OS X does not use an appropriate sandboxing approach for worker processes, which makes it easier for remote attackers to bypass intended access restrictions via unspecified vectors. | |||||