CVE Daily
← All years

All CVEs — 2013

Page 23/25.

Browse all CVEs by publication year. Use filters to refine.

CVSS ≥ 0.0
2013-02-13
Medium

CVE-2013-1252

Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold an…

CVSS: 4.9 CWE: CWE-362
Read more
Medium

CVE-2013-1251

Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold an…

CVSS: 4.9 CWE: CWE-362
Read more
Medium

CVE-2013-1250

Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold an…

CVSS: 4.9 CWE: CWE-362
Read more
Medium

CVE-2013-1249

Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP…

CVSS: 4.9 CWE: CWE-362
Read more
Medium

CVE-2013-1248

Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP…

CVSS: 4.9 CWE: CWE-362
Read more
Critical

CVE-2013-0077

Quartz.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via crafted media content in (1) a medi…

CVSS: 9.3 CWE: CWE-94
Read more
Critical

CVE-2013-0030

The Vector Markup Language (VML) implementation in Microsoft Internet Explorer 6 through 10 does not properly allocate buffers, which allows remote attackers to execute arbitrary code via a crafted w…

CVSS: 9.3 CWE: CWE-119
Read more
Medium

CVE-2013-0015

Microsoft Internet Explorer 6 through 9 does not properly perform auto-selection of the Shift JIS encoding, which allows remote attackers to read content from a different (1) domain or (2) zone via a…

CVSS: 4.3 CWE: CWE-200
Read more
Medium

CVE-2013-1455

Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors related to an "Undefined variable."

CVSS: 5.0 CWE: CWE-200
Read more
Medium

CVE-2013-1454

Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors related to "Coding errors."

CVSS: 5.0 CWE: CWE-200
Read more
High

CVE-2013-0269

The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mec…

CVSS: 7.5 CWE: CWE-20
Read more
Medium

CVE-2013-0255

PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare the enum_recv function in backend/utils/adt/enum.c, whic…

CVSS: 6.8 CWE: CWE-20
Read more
Medium

CVE-2013-0238

The try_parse_v4_netmask function in hostmask.c in IRCD-Hybrid before 8.0.6 does not properly validate masks, which allows remote attackers to cause a denial of service (crash) via a mask that causes…

CVSS: 5.0 CWE: CWE-20
Read more
Medium

CVE-2013-0231

The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to…

CVSS: 4.9 CWE: CWE-119
Read more
Medium

CVE-2013-0190

The xen_failsafe_callback function in Xen for the Linux kernel 2.6.23 and other versions, when running a 32-bit PVOPS guest, allows local users to cause a denial of service (guest crash) by triggerin…

CVSS: 4.9 CWE: CWE-20
Read more
Critical

CVE-2012-6075

Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a…

CVSS: 9.3 CWE: CWE-120
Read more
2013-02-12
Critical

CVE-2013-1373

Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2013-1372

Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2013-1370

Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2013-1369

Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2013-1368

Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2013-1367

Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2013-1366

Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2013-1365

Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2013-0647

Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, b…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2013-0645

Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2013-0642

Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2013-0638

Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, b…

CVSS: 10.0 CWE: CWE-119
Read more
Medium

CVE-2013-0637

Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, b…

CVSS: 5.0 CWE: CWE-200
Read more
Medium

CVE-2011-5265

Cross-site scripting (XSS) vulnerability in cached_image.php in the Featurific For WordPress plugin 1.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the snum par…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2011-5264

Cross-site scripting (XSS) vulnerability in lazyest-backup.php in the Lazyest Backup plugin before 0.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xml_or_al…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2011-5263

Cross-site scripting (XSS) vulnerability in RetrieveMailExamples in SAP NetWeaver 7.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the server parameter.

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2011-5262

SQL injection vulnerability in prodpage.cfm in SonicWALL Aventail allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2011-5261

Cross-site scripting (XSS) vulnerability in serverreport.cgi in Axis M10 Series Network Cameras M1054 firmware 5.21 and earlier allows remote attackers to inject arbitrary web script or HTML via the…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2011-5260

Cross-site scripting (XSS) vulnerability in SAP/BW/DOC/METADATA in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via the page parameter.

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2011-5259

SQL injection vulnerability in lib/controllers/CentralController.php in OrangeHRM before 2.6.11.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS: 6.8 CWE: CWE-89
Read more
Medium

CVE-2011-5258

Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM before 2.6.11.2 allow remote attackers to inject arbitrary web script or HTML via the (1) uniqcode or (2) isAdmin parameter to index.p…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2011-5257

Multiple cross-site scripting (XSS) vulnerabilities in the Classipress theme before 3.1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) twitter_id parameter…

CVSS: 4.3 CWE: CWE-79
Read more
Low

CVE-2011-5256

Cross-site scripting (XSS) vulnerability in the tooltips in LimeSurvey before 1.91+ Build 11379-20111116, when viewing survey results, allows remote attackers to inject arbitrary web script or HTML v…

CVSS: 2.6 CWE: CWE-79
Read more
2013-02-11
High

CVE-2013-1406

The Virtual Machine Communication Interface (VMCI) implementation in vmci.sys in VMware Workstation 8.x before 8.0.5 and 9.x before 9.0.1 on Windows, VMware Fusion 4.1 before 4.1.4 and 5.0 before 5.0…

CVSS: 7.2 CWE: CWE-20
Read more
2013-02-08
Critical

CVE-2013-1465

The Cubecart::_basket method in classes/cubecart.class.php in CubeCart 5.0.0 through 5.2.0 allows remote attackers to unserialize arbitrary PHP objects via a crafted shipping parameter, as demonstrat…

CVSS: 9.8 CWE: CWE-502
Read more
Medium

CVE-2013-0262

rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable…

CVSS: 4.3 CWE: CWE-22
Read more
Medium

CVE-2013-0242

Buffer overflow in the extend_buffers function in the regular expression matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service…

CVSS: 5.0 CWE: CWE-119
Read more
Medium

CVE-2013-0189

cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service (resource consumption) via a crafted request. NOTE: this issue…

CVSS: 5.0 CWE: CWE-119
Read more
Medium

CVE-2013-0170

Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allo…

CVSS: 6.8 CWE: CWE-416
Read more
Medium

CVE-2013-1621

Array index error in the SSL module in PolarSSL before 1.2.5 might allow remote attackers to cause a denial of service via vectors involving a crafted padding-length value during validation of CBC pa…

CVSS: 4.3 CWE: CWE-20
Read more
Medium

CVE-2013-1620

The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC p…

CVSS: 4.3 CWE: CWE-203
Read more
Medium

CVE-2013-1639

Opera before 12.13 does not send CORS preflight requests in all required cases, which allows remote attackers to bypass a CSRF protection mechanism via a crafted web site that triggers a CORS request.

CVSS: 6.8 CWE: CWE-352
Read more
Critical

CVE-2013-1638

Opera before 12.13 allows remote attackers to execute arbitrary code via crafted clipPaths in an SVG document.

CVSS: 9.3 CWE: CWE-94
Read more
Critical

CVE-2013-1637

Opera before 12.13 allows remote attackers to execute arbitrary code via vectors involving DOM events.

CVSS: 9.3 CWE: CWE-94
Read more
Critical

CVE-2013-0634

Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on Linux, before 11.1.111.32 on Android 2.x and 3.x, and be…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2013-0633

Buffer overflow in Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on Linux, before 11.1.111.32 on Android…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2012-4700

Multiple buffer overflows in an ActiveX control in PE3DO32A.ocx in IntegraXor SCADA Server 4.00 build 4250.0 and earlier allow remote attackers to execute arbitrary code via a crafted HTML document.

CVSS: 9.3 CWE: CWE-119
Read more
2013-02-07
Medium

CVE-2013-1464

Cross-site scripting (XSS) vulnerability in assets/player.swf in the Audio Player plugin before 2.0.4.6 for Wordpress allows remote attackers to inject arbitrary web script or HTML via the playerID p…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2013-1463

Cross-site scripting (XSS) vulnerability in js/tabletools/zeroclipboard.swf in the WP-Table Reloaded module before 1.9.4 for Wordpress allows remote attackers to inject arbitrary web script or HTML v…

CVSS: 4.3 CWE: CWE-79
Read more
2013-02-06
Medium

CVE-2013-1120

Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Unity Express with software before 8.0 allow remote attackers to hijack the authentication of unspecified victims via unknown v…

CVSS: 6.8 CWE: CWE-352
Read more
Medium

CVE-2013-1107

The search function in Cisco Webex Social (formerly Cisco Quad) allows remote authenticated users to read files via unspecified parameters, aka Bug ID CSCud40235.

CVSS: 4.0 CWE: CWE-200
Read more
Medium

CVE-2012-5186

Cross-site scripting (XSS) vulnerability in FLUGELz netmania myu-s and PHP WeblogSystem allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2012-3279

Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node Manager i (NNMi) 8.x, 9.0x, 9.1x, and 9.20 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2012-2294

EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to conduct clickjacking attacks via a crafted web page.

CVSS: 6.8 CWE: CWE-20
Read more
Medium

CVE-2012-2293

Directory traversal vulnerability in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allows remote authenticated users to upload files, and consequently execute arbitrary…

CVSS: 6.5 CWE: CWE-22
Read more
Medium

CVE-2012-1064

Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to inject arbitrary web script or HTML via u…

CVSS: 4.3 CWE: CWE-79
Read more
2013-02-05
Low

CVE-2013-0218

The GUI installer in JBoss Enterprise Application Platform (EAP) and Enterprise Web Platform (EWP) 5.2.0 and possibly 5.1.2 uses world-readable permissions for the auto-install XML file, which allows…

CVSS: 2.1 CWE: CWE-200
Read more
Medium

CVE-2012-0874

The (1) JMXInvokerHAServlet and (2) EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and…

CVSS: 6.8 CWE: CWE-287
Read more
Medium

CVE-2011-4575

Cross-site scripting (XSS) vulnerability in the JMX console in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform…

CVSS: 4.3 CWE: CWE-20
Read more
Medium

CVE-2011-1352

The PowerVR SGX driver in Android before 2.3.6 allows attackers to gain root privileges via an application that triggers kernel memory corruption using crafted user data to the pvrsrvkm device.

CVSS: 6.9 CWE: CWE-119
Read more
High

CVE-2011-1350

The PowerVR SGX driver in Android before 2.3.6 allows attackers to obtain potentially sensitive information from kernel stack memory via an application that uses a crafted length parameter in a reque…

CVSS: 7.1 CWE: CWE-200
Read more
2013-02-04
Medium

CVE-2013-1471

Multiple cross-site scripting (XSS) vulnerabilities in admin/FEAdmin.html in Fortinet FortiMail before 4.3.4 on FortiMail Identity-Based Encryption (IBE) appliances allow user-assisted remote attacke…

CVSS: 4.3 CWE: CWE-79
Read more
2013-02-03
Low

CVE-2013-1590

Buffer overflow in the NTLMSSP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allows remote attackers to cause a denial of service (application crash) via a malformed packet.

CVSS: 2.9 CWE: CWE-119
Read more
Low

CVE-2013-1588

Multiple buffer overflows in the dissect_pft_fec_detailed function in the DCP-ETSI dissector in epan/dissectors/packet-dcp-etsi.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allow remote…

CVSS: 2.9 CWE: CWE-119
Read more
Low

CVE-2013-1585

epan/tvbuff.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly validate certain length values for the MS-MMC dissector, which allows remote attackers to cause a denial of ser…

CVSS: 2.9 CWE: CWE-20
Read more
Low

CVE-2013-1584

The dissect_version_5_and_6_primary_header function in epan/dissectors/packet-dtn.c in the DTN dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 accesses an inappropriate pointer, whi…

CVSS: 2.9 CWE: CWE-20
Read more
Low

CVE-2013-1583

The dissect_version_4_primary_header function in epan/dissectors/packet-dtn.c in the DTN dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 accesses an inappropriate pointer, which all…

CVSS: 2.9 CWE: CWE-20
Read more
Low

CVE-2013-1581

The dissect_pft_fec_detailed function in epan/dissectors/packet-dcp-etsi.c in the DCP-ETSI dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle fragment gaps, wh…

CVSS: 2.9 CWE: CWE-20
Read more
Low

CVE-2013-1580

The dissect_cmstatus_tlv function in plugins/docsis/packet-cmstatus.c in the DOCSIS CM-STATUS dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 uses an incorrect data type for a posit…

CVSS: 2.9 CWE: CWE-20
Read more
Low

CVE-2013-1578

The dissect_pw_eth_heuristic function in epan/dissectors/packet-pw-eth.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle apparent Ethernet address values at the begin…

CVSS: 2.9 CWE: CWE-20
Read more
Low

CVE-2013-1577

The dissect_sip_p_charging_func_addresses function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle offset data as…

CVSS: 2.9 CWE: CWE-20
Read more
Low

CVE-2013-1575

The dissect_r3_cmd_alarmconfigure function in epan/dissectors/packet-assa_r3.c in the R3 dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle a certain alarm len…

CVSS: 2.9 CWE: CWE-20
Read more
Low

CVE-2013-1574

The dissect_bthci_eir_ad_data function in epan/dissectors/packet-bthci_cmd.c in the Bluetooth HCI dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 uses an incorrect data type for a c…

CVSS: 2.9 CWE: CWE-20
Read more
Low

CVE-2013-1573

The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle a large number of padding bits…

CVSS: 2.9 CWE: CWE-20
Read more
Low

CVE-2013-1572

The dissect_oampdu_event_notification function in epan/dissectors/packet-slowprotocols.c in the IEEE 802.3 Slow Protocols dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not pr…

CVSS: 2.9 CWE: CWE-20
Read more
2013-02-02
Medium

CVE-2013-0214

Cross-site request forgery (CSRF) vulnerability in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to hijack the…

CVSS: 5.1 CWE: CWE-352
Read more
Medium

CVE-2013-0213

The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a (1) FRAME or (2) IFRAME el…

CVSS: 5.1 CWE: CWE-20
Read more
Medium

CVE-2012-6352

The Session Manager in IBM Sterling Connect:Direct through 4.1.0.3 on UNIX allows remote attackers to cause a denial of service (daemon crash and disk consumption) via crafted data.

CVSS: 5.0 CWE: CWE-119
Read more
2013-02-01
Low

CVE-2012-3268

Certain HP Access Controller, Fabric Module, Firewall, Router, Switch, and UTM Appliance products; certain HP 3Com Access Controller, Router, and Switch products; certain HP H3C Access Controller, Fi…

CVSS: 3.5 CWE: CWE-522
Read more
2013-01-31
Critical

CVE-2013-1591

Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4 and possibly other products, has unspecified impact and context-dependent attack vectors. NOTE: this issue might be resulta…

CVSS: 9.8 CWE: CWE-190
Read more
Critical

CVE-2013-0230

Stack-based buffer overflow in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to execute arbitrary code via a long quot…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2012-5965

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2012-5964

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2012-5963

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2012-5962

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2012-5961

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2012-5960

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) be…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2012-5959

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) be…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2012-5958

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) be…

CVSS: 10.0 CWE: CWE-119
Read more
High

CVE-2013-0930

Buffer overflow in Drive Control Program (DCP) in EMC AlphaStor 4.0 before build 814 allows remote attackers to execute arbitrary code via vectors involving a new device name.

CVSS: 7.6 CWE: CWE-119
Read more
Medium

CVE-2013-0431

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandb…

CVSS: 5.3 CWE: CWE-693
Read more
Medium

CVE-2013-1113

Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager allows remote attackers to inject arbitrary web script or HTML via a crafted parameter value, aka Bug ID CSCue2…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2013-1112

Cisco Carrier Routing System (CRS) allows remote attackers to cause a denial of service (packet loss) via short malformed packets that trigger inefficient processing, aka Bug ID CSCud79136.

CVSS: 5.0 CWE: CWE-20
Read more
Medium

CVE-2012-6350

Cross-site scripting (XSS) vulnerability in the Web component in IBM Cognos TM1 before 9.5.2 FP3 and 10.1 before 10.1 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecifie…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2012-6029

Multiple cross-site scripting (XSS) vulnerabilities in the web-authentication function on the Cisco NAC Appliance 4.9.2 and earlier allow remote attackers to inject arbitrary web script or HTML via t…

CVSS: 4.3 CWE: CWE-79
Read more
Low

CVE-2012-4832

Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 and InfoSphere Business Glossary 8.1.1 and 8.1.2 does not have an off autocomplete attribute for…

CVSS: 1.9 CWE: CWE-200
Read more
Medium

CVE-2012-4819

Cross-site scripting (XSS) vulnerability in InfoSphere Business Glossary 8.1.1 and 8.1.2, InfoSphere DataStage Operation Console, InfoSphere Administration, and Reporting and Repository Management We…

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2012-0705

InfoSphere Import Export Manager in InfoSphere Information Server MetaBrokers & Bridges (MBB) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, 8.7, and 9.1 does not validate unspecified inpu…

CVSS: 7.1 CWE: CWE-20
Read more
Medium

CVE-2012-0703

Open redirect vulnerability in Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 allows remote attackers to redirect users to arbitrary web sites…

CVSS: 5.8 CWE: CWE-20
Read more
Medium

CVE-2012-0702

Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly determine authorization, which allows remote authenticated users to gain privi…

CVSS: 4.0 CWE: CWE-287
Read more
Medium

CVE-2012-0203

Cross-site scripting (XSS) vulnerability in InfoSphere Metadata Workbench (MWB) 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 allows remote attackers to inject arb…

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2012-6530

Stack-based buffer overflow in Sysax Multi Server before 5.52, when HTTP is enabled, allows remote authenticated users with the create folder permission to execute arbitrary code via a crafted reques…

CVSS: 7.1 CWE: CWE-119
Read more
High

CVE-2012-6529

Multiple SQL injection vulnerabilities in Marinet CMS allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) galleryphoto.php or (2) gallery.php; or the roomid parameter…

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2012-6528

Multiple cross-site scripting (XSS) vulnerabilities in ATutor before 2.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) themes/default/tile_search/index.tmpl.p…

CVSS: 4.3 CWE: CWE-79
Read more
Low

CVE-2012-6527

Cross-site scripting (XSS) vulnerability in the My Calendar plugin before 1.10.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

CVSS: 2.6 CWE: CWE-79
Read more
High

CVE-2012-6526

SQL injection vulnerability in show_code.php in Vastal I-Tech Freelance Zone allows remote attackers to execute arbitrary SQL commands via the code_id parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2012-6525

SQL injection vulnerability in members.php in PHPBridges allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2012-6524

SQL injection vulnerability in kommentar.php in pGB 2.12 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2012-6523

Multiple cross-site scripting (XSS) vulnerabilities in w-CMS 2.01 allow remote attackers to inject arbitrary web script or HTML via (1) the p parameter in the getMenus function in codes/wcms.php; or…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2012-6522

Directory traversal vulnerability in the getContent function in codes/wcms.php in w-CMS 2.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter. NOTE: some of thes…

CVSS: 5.0 CWE: CWE-22
Read more
Medium

CVE-2011-5255

Multiple cross-site scripting (XSS) vulnerabilities in admin/login in X3 CMS 0.4.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, (2) username, or…

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2010-5287

SQL injection vulnerability in default.php in Cornerstone Technologies webConductor allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS: 7.5 CWE: CWE-89
Read more
2013-01-29
Medium

CVE-2013-0968

WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different v…

CVSS: 6.8 CWE: CWE-119
Read more
Low

CVE-2013-0964

The kernel in Apple iOS before 6.1 and Apple TV before 5.2 does not properly validate copyin and copyout arguments, which allows local users to bypass intended pointer restrictions and access locatio…

CVSS: 3.6 CWE: CWE-20
Read more