CVE Daily
← All years

All CVEs — 2013

Page 3/25.

Browse all CVEs by publication year. Use filters to refine.

CVSS ≥ 0.0
2013-12-10
Medium

CVE-2013-5447

Stack-based buffer overflow in IBM Forms Viewer 4.x before 4.0.0.3 and 8.x before 8.0.1.1 allows remote attackers to execute arbitrary code via an XFDL form with a long fontname value.

CVSS: 6.8 CWE: CWE-119
Read more
High

CVE-2013-4408

Heap-based buffer overflow in the dcerpc_read_ncacn_packet_done function in librpc/rpc/dcerpc_util.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote…

CVSS: 8.3 CWE: CWE-119
Read more
2013-12-09
Medium

CVE-2013-7027

The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow at…

CVSS: 6.1 CWE: CWE-119
Read more
Medium

CVE-2013-7026

Multiple race conditions in ipc/shm.c in the Linux kernel before 3.12.2 allow local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via…

CVSS: 4.7 CWE: CWE-362
Read more
Medium

CVE-2013-6427

upgrade.py in the hp-upgrade service in HP Linux Imaging and Printing (HPLIP) 3.x through 3.13.11 launches a program from an http URL, which allows man-in-the-middle attackers to execute arbitrary co…

CVSS: 6.8 CWE: CWE-94
Read more
Low

CVE-2013-4270

The net_ctl_permissions function in net/sysctl_net.c in the Linux kernel before 3.11.5 does not properly determine uid and gid values, which allows local users to bypass intended /proc/sys/net restri…

CVSS: 3.6 CWE: CWE-20
Read more
High

CVE-2013-6985

SQL injection vulnerability in m_worklog/log_searchday.jsp in Enorth Webpublisher CMS, possibly 5.0 and earlier, allows remote attackers to execute arbitrary SQL commands via the thisday parameter.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2013-6039

Multiple cross-site scripting (XSS) vulnerabilities in NagiosQL 3.2 SP2 allow remote attackers to inject arbitrary web script or HTML via the txtSearch parameter to (1) admin/hostdependencies.php, (2…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2013-5355

Multiple cross-site request forgery (CSRF) vulnerabilities in Sharetronix 3.1.1 allow remote attackers to hijack the authentication of administrators for requests that (1) change configuration settin…

CVSS: 6.8 CWE: CWE-352
Read more
High

CVE-2013-5354

Multiple SQL injection vulnerabilities in Sharetronix 3.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) fb_user_id or (2) tw_user_id parameter to signup.

CVSS: 7.5 CWE: CWE-89
Read more
Low

CVE-2013-3929

Cross-site scripting (XSS) vulnerability in admin/editevent.php in CMS Made Simple (CMSMS) 1.11.9 allows remote authenticated users with the "Modify Events" permission to inject arbitrary web script…

CVSS: 2.1 CWE: CWE-79
Read more
Low

CVE-2013-7025

Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before…

CVSS: 3.5 CWE: CWE-79
Read more
Medium

CVE-2013-7024

The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not consider the component number in certain calculations, which allows remote attackers to cause a denial of s…

CVSS: 6.8 CWE: CWE-119
Read more
Medium

CVE-2013-7023

The ff_combine_frame function in libavcodec/parser.c in FFmpeg before 2.1 does not properly handle certain memory-allocation errors, which allows remote attackers to cause a denial of service (out-of…

CVSS: 6.8 CWE: CWE-119
Read more
Medium

CVE-2013-7022

The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before 2.1 does not properly allocate memory for tiles, which allows remote attackers to cause a denial of service (out-of-bounds array…

CVSS: 6.8 CWE: CWE-119
Read more
Medium

CVE-2013-7020

The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not properly enforce certain bit-count and colorspace constraints, which allows remote attackers to cause a denial of servic…

CVSS: 6.8 CWE: CWE-119
Read more
Medium

CVE-2013-7019

The get_cox function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not properly validate the reduction factor, which allows remote attackers to cause a denial of service (out-of-bounds array…

CVSS: 6.8 CWE: CWE-20
Read more
Medium

CVE-2013-7018

libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not ensure the use of valid code-block dimension values, which allows remote attackers to cause a denial of service (out-of-bounds array access) or…

CVSS: 6.8 CWE: CWE-119
Read more
Medium

CVE-2013-7016

The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not ensure the expected sample separation, which allows remote attackers to cause a denial of service (out-of-bounds array a…

CVSS: 6.8 CWE: CWE-119
Read more
Medium

CVE-2013-7015

The flashsv_decode_frame function in libavcodec/flashsv.c in FFmpeg before 2.1 does not properly validate a certain height value, which allows remote attackers to cause a denial of service (out-of-bo…

CVSS: 6.8 CWE: CWE-20
Read more
Medium

CVE-2013-7012

The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not prevent attempts to use non-zero image offsets, which allows remote attackers to cause a denial of service (out-of-bound…

CVSS: 6.8 CWE: CWE-119
Read more
Medium

CVE-2013-7011

The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not prevent changes to global parameters, which allows remote attackers to cause a denial of service (out-of-bounds array ac…

CVSS: 6.8 CWE: CWE-119
Read more
Medium

CVE-2013-7009

The rpza_decode_stream function in libavcodec/rpza.c in FFmpeg before 2.1 does not properly maintain a pointer to pixel data, which allows remote attackers to cause a denial of service (out-of-bounds…

CVSS: 6.8 CWE: CWE-119
Read more
Medium

CVE-2013-6171

checkpassword-reply in Dovecot before 2.2.7 performs setuid operations to a user who is authenticating, which allows local users to bypass authentication and access virtual email accounts by attachin…

CVSS: 5.8 CWE: CWE-287
Read more
High

CVE-2013-4376

The setgid wrapper libx2go-server-db-sqlite3-wrapper.c in X2Go Server before 4.0.0.2 allows remote attackers to execute arbitrary code via unspecified vectors, related to the path to libx2go-server-d…

CVSS: 7.5 CWE: CWE-94
Read more
High

CVE-2013-1349

Eval injection vulnerability in ajax.php in openSIS 4.5 through 5.2 allows remote attackers to execute arbitrary PHP code via the modname parameter.

CVSS: 7.5 CWE: CWE-94
Read more
High

CVE-2011-4351

Buffer overflow in FFmpeg before 0.5.6, 0.6.x before 0.6.4, 0.7.x before 0.7.8, and 0.8.x before 0.8.8 allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS: 7.5 CWE: CWE-119
Read more
High

CVE-2011-3941

The decode_mb function in libavcodec/error_resilience.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via vectors related to an uninitialized block index, which triggers…

CVSS: 7.5 CWE: CWE-119
Read more
2013-12-07
Medium

CVE-2013-7001

The Multimedia Messaging Centre (MMSC) in NowSMS Now SMS & MMS Gateway before 2013.11.15 allows remote attackers to cause a denial of service via a malformed MM1 message that is routed to a (1) MM4 o…

CVSS: 4.3 CWE: CWE-20
Read more
Medium

CVE-2013-7000

The Multimedia Messaging Centre (MMSC) in NowSMS Now SMS & MMS Gateway 2013.09.26 allows remote attackers to cause a denial of service via a malformed message to a MM4 connection.

CVSS: 4.3 CWE: CWE-20
Read more
Medium

CVE-2013-6389

Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.24 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

CVSS: 5.8 CWE: CWE-20
Read more
Medium

CVE-2013-6385

The form API in Drupal 6.x before 6.29 and 7.x before 7.24, when used with unspecified third-party modules, performs form validation even when CSRF validation has failed, which might allow remote att…

CVSS: 5.1 CWE: CWE-94
Read more
Critical

CVE-2013-0857

The decode_frame_ilbm function in libavcodec/iff.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted height value in IFF PBM/ILBM bitmap data.

CVSS: 9.3 CWE: CWE-20
Read more
Critical

CVE-2013-0856

The lpc_prediction function in libavcodec/alac.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Apple Lossless Audio Codec (ALAC) data, related to a large nb_s…

CVSS: 9.3 CWE: CWE-20
Read more
Critical

CVE-2013-0854

The mjpeg_decode_scan_progressive_ac function in libavcodec/mjpegdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted MJPEG data.

CVSS: 9.3 CWE: CWE-20
Read more
Critical

CVE-2013-0852

The parse_picture_segment function in libavcodec/pgssubdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted RLE data, which triggers an out-of-bounds array acc…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2013-0851

The decode_frame function in libavcodec/eamad.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Electronic Arts Madcow video data, which triggers an out-of-boun…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2013-0850

The decode_slice_header function in libavcodec/h264.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted H.264 data, which triggers an out-of-bounds array access.

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2013-0849

The roq_decode_init function in libavcodec/roqvideodec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted (1) width or (2) height dimension that is not a multi…

CVSS: 9.3 CWE: CWE-20
Read more
Critical

CVE-2013-0848

The decode_init function in libavcodec/huffyuv.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted width in huffyuv data with the predictor set to median and th…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2013-0847

The ff_id3v2_parse function in libavformat/id3v2.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via ID3v2 header data, which triggers an out-of-bounds array access.

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2013-0846

Array index error in the qdm2_decode_super_block function in libavcodec/qdm2.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted QDM2 data, which triggers an out-…

CVSS: 9.3 CWE: CWE-20
Read more
Critical

CVE-2013-0845

libavcodec/alsdec.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via a crafted block length, which triggers an out-of-bounds write.

CVSS: 9.3 CWE: CWE-119
Read more
Medium

CVE-2013-6397

Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/selec…

CVSS: 4.3 CWE: CWE-22
Read more
Low

CVE-2013-4558

The get_parent_resource function in repos.c in mod_dav_svn Apache HTTPD server module in Subversion 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4, when built with assertions enabled and SVNAutoversio…

CVSS: 3.5 CWE: CWE-20
Read more
Medium

CVE-2013-4479

lib/sup/message_chunks.rb in Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the content_type of an email attachment.

CVSS: 6.8 CWE: CWE-94
Read more
Medium

CVE-2013-4478

Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an email attachment.

CVSS: 6.8 CWE: CWE-94
Read more
Medium

CVE-2013-4446

The _json_decode function in plugins/context_reaction_block.inc in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal, when using a version of PHP that does not support t…

CVSS: 6.8 CWE: CWE-94
Read more
Medium

CVE-2013-4212

Certain getText methods in the ActionSupport controller in Apache Roller before 5.0.2 allow remote attackers to execute arbitrary OGNL expressions via the first or second parameter, as demonstrated b…

CVSS: 6.8 CWE: CWE-94
Read more
Medium

CVE-2013-4171

Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to the search results in the (1) RS…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2013-6707

Memory leak in the connection-manager implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to cause a denial of service (multi-protocol manag…

CVSS: 4.3 CWE: CWE-772
Read more
Critical

CVE-2013-6920

Siemens SINAMICS S/G controllers with firmware before 4.6.11 do not require authentication for FTP and TELNET sessions, which allows remote attackers to bypass intended access restrictions via TCP tr…

CVSS: 10.0 CWE: CWE-287
Read more
High

CVE-2013-6640

The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of servi…

CVSS: 7.5 CWE: CWE-119
Read more
High

CVE-2013-6639

The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of servi…

CVSS: 7.5 CWE: CWE-119
Read more
High

CVE-2013-6638

Multiple buffer overflows in runtime.cc in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allow remote attackers to cause a denial of service or possibly have unspecified o…

CVSS: 7.5 CWE: CWE-119
Read more
Medium

CVE-2013-6636

The FrameLoader::notifyIfInitialDocumentAccessed function in core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 31.0.1650.63, makes an incorrect check for an empty document during…

CVSS: 4.3 CWE: CWE-20
Read more
Medium

CVE-2013-6634

The OneClickSigninHelper::ShowInfoBarIfPossible function in browser/ui/sync/one_click_signin_helper.cc in Google Chrome before 31.0.1650.63 uses an incorrect URL during realm validation, which allows…

CVSS: 6.8 CWE: CWE-287
Read more
Medium

CVE-2013-6416

Cross-site scripting (XSS) vulnerability in the simple_format helper in actionpack/lib/action_view/helpers/text_helper.rb in Ruby on Rails 4.x before 4.0.2 allows remote attackers to inject arbitrary…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2013-6415

Cross-site scripting (XSS) vulnerability in the number_to_currency helper in actionpack/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 allows remote atta…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2013-6414

actionpack/lib/action_view/lookup_context.rb in Action View in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to cause a denial of service (memory consumption) via a hea…

CVSS: 5.0 CWE: CWE-20
Read more
Medium

CVE-2013-4492

Cross-site scripting (XSS) vulnerability in exceptions.rb in the i18n gem before 0.6.6 for Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted I18n::MissingTranslationDa…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2013-4491

Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/translation_helper.rb in the internationalization component in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allo…

CVSS: 4.3 CWE: CWE-79
Read more
2013-12-05
Medium

CVE-2013-6804

Cross-site scripting (XSS) vulnerability in the Search module before 1.1.1 for Jamroom allows remote attackers to inject arbitrary web script or HTML via the search_string parameter to search/results…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2013-6787

SQL injection vulnerability in the check_user_password function in main/auth/profile.php in Chamilo LMS 1.9.6 and earlier, when using the non-encrypted passwords mode set at installation, allows remo…

CVSS: 6.0 CWE: CWE-89
Read more
Medium

CVE-2013-6395

Cross-site scripting (XSS) vulnerability in header.php in Ganglia Web 3.5.8 and 3.5.10 allows remote attackers to inject arbitrary web script or HTML via the host_regex parameter to the default URI,…

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2013-6341

SQL injection vulnerability in Dokeos 2.2 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the language parameter to index.php.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2013-6267

Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.11.9 allow remote attackers to inject arbitrary web script or HTML via the (1) box parameter to messaging/messagebox.php, cid…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2013-5108

Multiple cross-site scripting (XSS) vulnerabilities in the xn function in RockMongo 1.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) db parameter on the log…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2013-3921

Directory traversal vulnerability in Easytime Studio Easy File Manager 1.1 for iOS allows remote attackers to read arbitrary files via a ..%2f (encoded dot dot slash) to the default URI.

CVSS: 5.0 CWE: CWE-22
Read more
Medium

CVE-2013-6916

Cross-site scripting (XSS) vulnerability in the Yahoo! User Interface Library in Cybozu Garoon before 3.7.2, when Internet Explorer 9 or 10 or Chrome is used, allows remote attackers to inject arbitr…

CVSS: 4.3 CWE: CWE-79
Read more
Low

CVE-2013-6915

Cross-site scripting (XSS) vulnerability in the system-administration component in Cybozu Garoon before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified…

CVSS: 3.5 CWE: CWE-79
Read more
Low

CVE-2013-6914

Cross-site scripting (XSS) vulnerability in a calendar component in Cybozu Garoon before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CVSS: 3.5 CWE: CWE-79
Read more
Low

CVE-2013-6913

Cross-site scripting (XSS) vulnerability in a search component in Cybozu Garoon before 3.7.2, when Internet Explorer is used, allows remote authenticated users to inject arbitrary web script or HTML…

CVSS: 3.5 CWE: CWE-79
Read more
Low

CVE-2013-6912

Cross-site scripting (XSS) vulnerability in a calendar component in Cybozu Garoon before 3.7.2, when Internet Explorer 6 through 9 is used, allows remote authenticated users to inject arbitrary web s…

CVSS: 3.5 CWE: CWE-79
Read more
Low

CVE-2013-6911

Cross-site scripting (XSS) vulnerability in the bulletin-board component in Cybozu Garoon before 3.7.2, when Internet Explorer or Firefox is used, allows remote authenticated users to inject arbitrar…

CVSS: 3.5 CWE: CWE-79
Read more
Medium

CVE-2013-6910

Cross-site scripting (XSS) vulnerability in Ajax components in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2013-6909

Cross-site scripting (XSS) vulnerability in a report component in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2013-6908

Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon 3.x before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2013-6907

Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon 2.x and 3.x before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2013-6906

Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon before 3.7.0, when Internet Explorer 6 through 8 is used, allows remote attackers to inject arbitrary web script or HTML…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2013-6905

Cross-site scripting (XSS) vulnerability in a phone component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2013-6904

Cross-site scripting (XSS) vulnerability in a note component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML v…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2013-6903

Cross-site scripting (XSS) vulnerability in a schedule component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HT…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2013-6902

Cross-site scripting (XSS) vulnerability in the Space function in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2013-6901

Cross-site scripting (XSS) vulnerability in the Space function in Cybozu Garoon before 3.7.0, when Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vect…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2013-6900

Cross-site scripting (XSS) vulnerability in the system-administration component in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS: 4.3 CWE: CWE-79
Read more
Low

CVE-2013-6003

CRLF injection vulnerability in Cybozu Garoon 3.1 through 3.5 SP5, when Phone Messages forwarding is enabled, allows remote authenticated users to inject arbitrary e-mail headers via unspecified vect…

CVSS: 3.5 CWE: CWE-20
Read more
Medium

CVE-2013-6001

SQL injection vulnerability in the Space function in Cybozu Garoon before 3.7 SP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

CVSS: 6.5 CWE: CWE-89
Read more
Medium

CVE-2013-6000

Directory traversal vulnerability in Tattyan HP TOWN before 5_10_1 allows remote attackers to read arbitrary files via a .. (dot dot) in a request.

CVSS: 5.0 CWE: CWE-22
Read more
2013-12-04
Medium

CVE-2013-2825

The DNP3 service in the Outstation component on Elecsys Director Gateway devices with kernel 2.6.32.11ael1 and earlier allows remote attackers to cause a denial of service (CPU consumption and commun…

CVSS: 4.3 CWE: CWE-20
Read more
High

CVE-2013-6936

Multiple SQL injection vulnerabilities in ajaxfs.php in the Ajax forum stat (Ajaxfs) Plugin 2.0 for MyBB (aka MyBulletinBoard) allow remote attackers to execute arbitrary SQL commands via the (1) too…

CVSS: 7.5 CWE: CWE-89
Read more
Critical

CVE-2013-6935

Buffer overflow in VideoCharge Software Watermark Master 2.2.23 allows remote attackers to execute arbitrary code via a long string in the SourcePath value in a .wcf file.

CVSS: 9.3 CWE: CWE-119
Read more
Medium

CVE-2013-6702

The management implementation on Cisco ONS 15454 controller cards with software 9.8 and earlier allows remote attackers to cause a denial of service (card reset) via crafted packets, aka Bug ID CSCtz…

CVSS: 4.3 CWE: CWE-20
Read more
Medium

CVE-2013-6029

Stack-based buffer overflow in the AT&T Connect Participant Application before 9.5.51 on Windows allows remote attackers to execute arbitrary code via a malformed .SVT file.

CVSS: 6.8 CWE: CWE-119
Read more
Medium

CVE-2013-5449

Cross-site scripting (XSS) vulnerability in workingSet.jsp in IBM Eclipse Help System (IEHS), as used in the installable InfoCenter component in IBM FileNet Content Manager 4.5.1, 5.0.0, 5.1.0, and 5…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2013-6937

Buffer overflow in VideoCharge Software Watermark Master 2.2.23 allows remote attackers to execute arbitrary code via a long string in the name attribute of the cols element in a .wstyle file.

CVSS: 6.8 CWE: CWE-119
Read more
2013-12-03
Medium

CVE-2013-6705

The IP Device Tracking (IPDT) feature in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (IPDT AVL corruption and device reload) via a crafted sequence of ARP packets, aka B…

CVSS: 6.1 CWE: CWE-20
Read more
High

CVE-2013-6703

The TLS/SSLv3 module on Cisco ONS 15454 controller cards allows remote attackers to cause a denial of service (card reset) via crafted (1) TLS or (2) SSLv3 packets, aka Bug ID CSCuh34787.

CVSS: 7.1 CWE: CWE-20
Read more
Medium

CVE-2013-6690

Multiple cross-site scripting (XSS) vulnerabilities in the web interface in the Assurance component in Cisco Prime Collaboration allow remote attackers to inject arbitrary web script or HTML via unsp…

CVSS: 4.3 CWE: CWE-79
Read more
Low

CVE-2012-6150

The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which all…

CVSS: 3.6 CWE: CWE-20
Read more
2013-12-02
High

CVE-2013-6696

Cisco Adaptive Security Appliance (ASA) Software does not properly handle errors during the processing of DNS responses, which allows remote attackers to cause a denial of service (device reload) via…

CVSS: 7.1 CWE: CWE-20
Read more
Critical

CVE-2012-6535

DjVuLibre before 3.5.25.3, as used in Evince, Sumatra PDF Reader, VuDroid, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a…

CVSS: 9.3 CWE: CWE-94
Read more
High

CVE-2012-0426

Race condition in sap_suse_cluster_connector before 1.0.0-0.8.1 in SUSE Linux Enterprise for SAP Applications 11 SP2 allows local users to have an unspecified impact via vectors related to a tmp/ dir…

CVSS: 7.2 CWE: CWE-362
Read more
High

CVE-2012-0425

LanItems.ycp in save_y2logs in yast2-network before 2.24.4 in SUSE YaST writes cleartext Wi-Fi credentials to the y2log log file, which allows context-dependent attackers to obtain sensitive informat…

CVSS: 7.8 CWE: CWE-200
Read more
Medium

CVE-2012-0414

Cross-site scripting (XSS) vulnerability in the Spacewalk service in SUSE Manager 1.2 for SUSE Linux Enterprise (SLE) 11 SP1 allows remote attackers to inject arbitrary web script or HTML via an imag…

CVSS: 4.3 CWE: CWE-79
Read more
2013-12-01
Medium

CVE-2013-3707

The HTTPSTK service in the novell-nrm package before 2.0.2-297.305.302.3 in Novell Open Enterprise Server 2 (OES 2) Linux, and OES 11 Linux Gold and SP1, does not make the intended SSL_free and SSL_s…

CVSS: 4.3 CWE: CWE-20
Read more
Medium

CVE-2013-2818

The DNP Master Driver in Alstom e-terracontrol 3.5, 3.6, and 3.7 allows physically proximate attackers to cause a denial of service (infinite loop and DNP3 service disruption) via crafted input over…

CVSS: 4.7 CWE: CWE-20
Read more
2013-11-29
Medium

CVE-2013-6791

Microsoft Enhanced Mitigation Experience Toolkit (EMET) before 4.0 uses predictable addresses for hooked functions, which makes it easier for context-dependent attackers to defeat the ASLR protection…

CVSS: 4.3 CWE: CWE-200
Read more
Low

CVE-2013-6307

Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CVSS: 3.5 CWE: CWE-79
Read more
Low

CVE-2013-5448

Cross-site scripting (XSS) vulnerability in the Right Click Plugin context menus in IBM Security QRadar SIEM 7.1 and 7.2 before 7.2 MR1 Patch 1 allows remote authenticated users to inject arbitrary w…

CVSS: 3.5 CWE: CWE-79
Read more
Medium

CVE-2013-6706

The Cisco Express Forwarding processing module in Cisco IOS XE allows remote attackers to cause a denial of service (device reload) via crafted MPLS packets that are not properly handled during IP he…

CVSS: 5.4 CWE: CWE-20
Read more
Medium

CVE-2013-6700

The SNMP module in Cisco IOS XR allows remote attackers to cause a denial of service (process reload) via a request for an unspecified MIB, aka Bug ID CSCuh43144.

CVSS: 5.0 CWE: CWE-20
Read more
2013-11-28
Medium

CVE-2013-6712

The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of servi…

CVSS: 5.0 CWE: CWE-119
Read more
Low

CVE-2013-6322

Cross-site scripting (XSS) vulnerability in Sterling Order Management in IBM Sterling Selling and Fulfillment Suite 8.0 before HF128 and 8.5 before HF93 allows remote authenticated users to inject ar…

CVSS: 3.5 CWE: CWE-79
Read more
Critical

CVE-2013-5912

VhttpdMgr in Thomson Reuters Velocity Analytics Vhayu Analytic Server 6.94 build 2995 allows remote attackers to execute arbitrary code via a URL in the fileName parameter during an importFile action.

CVSS: 10.0 CWE: CWE-94
Read more
2013-11-27
High

CVE-2013-5957

Multiple SQL injection vulnerabilities in CRM/Core/Page/AJAX/Location.php in CiviCRM before 4.2.12, 4.3.x before 4.3.7, and 4.4.x before 4.4.beta4 allow remote attackers to execute arbitrary SQL comm…

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2013-4624

Multiple cross-site scripting (XSS) vulnerabilities in Jahia xCM 6.6.1.0 before hotfix 7 allow remote attackers to inject arbitrary web script or HTML via (1) the site parameter to engines/manager.js…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2013-4617

Jahia xCM before 6.6.2 does not include the HTTPOnly flag in a Set-Cookie header for the JSESSIONID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via…

CVSS: 5.0 CWE: CWE-200
Read more
Low

CVE-2013-3920

Cross-site scripting (XSS) vulnerability in Jahia xCM before 6.6.2 allows remote authenticated users to inject arbitrary web script or HTML via the "about me" field.

CVSS: 3.5 CWE: CWE-79
Read more
Medium

CVE-2013-6382

Multiple buffer underflows in the XFS implementation in the Linux kernel through 3.12.1 allow local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by…

CVSS: 4.0 CWE: CWE-119
Read more