CVE Daily
← All years

All CVEs — 2013

Page 5/25.

Browse all CVEs by publication year. Use filters to refine.

CVSS ≥ 0.0
2013-11-18
Medium

CVE-2013-3030

The servlet gateway in IBM Cognos Business Intelligence 8.4.1 before IF3, 10.1.0 before IF4, 10.1.1 before IF4, 10.2.0 before IF4, 10.2.1 before IF2, and 10.2.1.1 before IF1 allows remote attackers t…

CVSS: 5.0 CWE: CWE-20
Read more
Medium

CVE-2013-1418

The setup_server_realm function in main.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.7, when multiple realms are configured, allows remote attackers to cause a deni…

CVSS: 4.3 CWE: CWE-476
Read more
Medium

CVE-2013-6799

Apple Mac OS X 10.9 allows local users to cause a denial of service (memory corruption or panic) by creating a hard link to a directory. NOTE: this vulnerability exists because of an incomplete fix f…

CVSS: 4.7 CWE: CWE-119
Read more
High

CVE-2013-4557

The Security Screen (_core_/securite/ecran_securite.php) before 1.1.8 for SPIP, as used in SPIP 3.0.x before 3.0.12, allows remote attackers to execute arbitrary PHP via the connect parameter.

CVSS: 7.5 CWE: CWE-94
Read more
Medium

CVE-2013-4556

Cross-site scripting (XSS) vulnerability in the author page (prive/formulaires/editer_auteur.php) in SPIP before 2.1.24 and 3.0.x before 3.0.12 allows remote attackers to inject arbitrary web script…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2013-4555

Cross-site request forgery (CSRF) vulnerability in ecrire/action/logout.php in SPIP before 2.1.24 allows remote attackers to hijack the authentication of arbitrary users for requests that logout the…

CVSS: 6.8 CWE: CWE-352
Read more
Medium

CVE-2013-4551

Xen 4.2.x and 4.3.x, when nested virtualization is disabled, does not properly check the emulation paths for (1) VMLAUNCH and (2) VMRESUME, which allows local HVM guest users to cause a denial of ser…

CVSS: 5.7 CWE: CWE-20
Read more
High

CVE-2013-4510

Directory traversal vulnerability in the client in Tryton 3.0.0, as distributed before 20131104 and earlier, allows remote servers to write arbitrary files via path separators in the extension of a r…

CVSS: 7.8 CWE: CWE-22
Read more
High

CVE-2013-4480

Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts.

CVSS: 7.5 CWE: CWE-668
Read more
Medium

CVE-2013-4204

Multiple cross-site scripting (XSS) vulnerabilities in the JUnit files in the GWTTestCase in Google Web Toolkit (GWT) before 2.5.1 RC1 allow remote attackers to inject arbitrary web script or HTML vi…

CVSS: 4.3 CWE: CWE-79
Read more
Low

CVE-2013-2061

The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparis…

CVSS: 2.6 CWE: CWE-200
Read more
Medium

CVE-2013-2031

MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a CDATA section containing valid UTF-7 encoded sequences in…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2013-1057

Untrusted search path vulnerability in maas-import-pxe-files in MAAS before 13.10 allows local users to execute arbitrary code via a Trojan horse import_pxe_files configuration file in the current wo…

CVSS: 4.4 CWE: CWE-20
Read more
2013-11-14
Medium

CVE-2013-6794

Cross-site scripting (XSS) vulnerability in the Calendar module in Olat 7.8.0.1 (b20130821 N1) allows remote attackers to inject arbitrary web script or HTML via the Location field. NOTE: the proven…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2013-6793

Multiple cross-site scripting (XSS) vulnerabilities in the Calendar module in Olat 7.8.0.1 (b20130821 N1) allow remote attackers to inject arbitrary web script or HTML via the (1) event name or (2) d…

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2013-6226

Directory traversal vulnerability in plugins/editor.zoho/agent/save_zoho.php in the Zoho plugin in Pydio (formerly AjaXplorer) before 5.0.4 allows remote attackers to read or delete arbitrary files v…

CVSS: 8.5 CWE: CWE-22
Read more
Medium

CVE-2013-6168

Cross-site scripting (XSS) vulnerability in Zikula Application Framework before 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the returnpage parameter to index.php.

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2013-6164

SQL injection vulnerability in view/objectDetail.php in Project'Or RIA 3.4.0 allows remote attackers to execute arbitrary SQL commands via the objectId parameter.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2013-6163

Multiple cross-site scripting (XSS) vulnerabilities in ProjeQtOr (formerly Project'Or RIA) before 4.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) type parameter to vie…

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2013-6058

SQL injection vulnerability in appRain CMF 3.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to blog-by-cat/.

CVSS: 7.5 CWE: CWE-89
Read more
2013-11-13
Medium

CVE-2013-6780

Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via the allowedDoma…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2013-6684

The web framework on Cisco Wireless LAN Controller (WLC) devices does not properly validate configuration parameters, which allows remote authenticated users to cause a denial of service via a crafte…

CVSS: 6.8 CWE: CWE-20
Read more
Medium

CVE-2013-6683

The IPv6 implementation in Cisco NX-OS does not properly handle neighbor-table adjacencies, which allows remote attackers to cause a denial of service (NS processing outage) via a series of malformed…

CVSS: 6.1 CWE: CWE-20
Read more
Medium

CVE-2013-6682

The phone-proxy implementation in Cisco Adaptive Security Appliance (ASA) Software 9.0.3.6 and earlier does not properly validate X.509 certificates, which allows remote attackers to cause a denial o…

CVSS: 6.4 CWE: CWE-20
Read more
Medium

CVE-2013-6627

net/http/http_stream_parser.cc in Google Chrome before 31.0.1650.48 does not properly process HTTP Informational (aka 1xx) status codes, which allows remote web servers to cause a denial of service (…

CVSS: 5.0 CWE: CWE-119
Read more
Medium

CVE-2013-6623

The SVG implementation in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers to cause a denial of service (out-of-bounds read) by leveraging the use of tree order, rather th…

CVSS: 4.3 CWE: CWE-119
Read more
Medium

CVE-2013-6357

Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that…

CVSS: 6.8 CWE: CWE-352
Read more
High

CVE-2013-5568

The auto-update implementation in Cisco Adaptive Security Appliance (ASA) Software 9.0.3.6 and earlier allows remote attackers to cause a denial of service (device reload) via crafted update data, ak…

CVSS: 7.1 CWE: CWE-20
Read more
Medium

CVE-2013-5560

The IPv6 implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1.3 and earlier, when NAT64 or NAT66 is enabled, does not properly process NAT rules, which allows remote attackers to ca…

CVSS: 5.4 CWE: CWE-20
Read more
Low

CVE-2013-5453

IBM Security AppScan Enterprise 5.6 through 8.7.0.1 allows remote authenticated users to read arbitrary report files by leveraging knowledge of filenames that cannot be easily predicted.

CVSS: 3.5 CWE: CWE-200
Read more
Medium

CVE-2013-5442

Cross-site scripting (XSS) vulnerability in the Local Management Interface (LMI) in IBM Security Network Protection on XGS 5100 devices with firmware 5.1 before 5.1.0.6 and 5.1.1 before 5.1.1.1 allow…

CVSS: 4.3 CWE: CWE-79
Read more
Low

CVE-2013-5379

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.x before 7.0.0.2 CF25 and 8.x before 8.0.0.1 CF8 allows remote authenticated users to inject arbitrary web script or HTML by leverag…

CVSS: 3.5 CWE: CWE-79
Read more
Low

CVE-2013-5378

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.x before 8.0.0.1 CF8 allows remote authenticated users to inject arbitrary web script or HTML by leveraging incorrect IBM Connection…

CVSS: 3.5 CWE: CWE-79
Read more
Critical

CVE-2013-5330

Adobe Flash Player before 11.7.700.252 and 11.8.x and 11.9.x before 11.9.900.152 on Windows and Mac OS X and before 11.2.202.327 on Linux, Adobe AIR before 3.9.0.1210, Adobe AIR SDK before 3.9.0.1210…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2013-5329

Adobe Flash Player before 11.7.700.252 and 11.8.x and 11.9.x before 11.9.900.152 on Windows and Mac OS X and before 11.2.202.327 on Linux, Adobe AIR before 3.9.0.1210, Adobe AIR SDK before 3.9.0.1210…

CVSS: 10.0 CWE: CWE-119
Read more
Low

CVE-2013-5326

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 9.0 before Update 12, 9.0.1 before Update 11, 9.0.2 before Update 6, and 10 before Update 12, when the CFIDE directory is available, allow…

CVSS: 3.5 CWE: CWE-79
Read more
Medium

CVE-2013-6789

security/MemberLoginForm.php in SilverStripe 3.0.3 supports credentials in a GET request, which allows remote or local attackers to obtain sensitive information by reading web-server access logs, web…

CVSS: 5.0 CWE: CWE-200
Read more
Critical

CVE-2013-3940

Integer overflow in the Graphics Device Interface (GDI) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8,…

CVSS: 9.3 CWE: CWE-190
Read more
Critical

CVE-2013-3917

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2013-3916

Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2013-3915

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2013-3914

Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2013-3912

Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2013-3911

Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruptio…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2013-3910

Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corrup…

CVSS: 9.3 CWE: CWE-119
Read more
Medium

CVE-2013-3909

Microsoft Internet Explorer 6 through 8 allows remote attackers to read content from a different (1) domain or (2) zone via crafted characters in Cascading Style Sheets (CSS) token sequences, aka "In…

CVSS: 4.3 CWE: CWE-200
Read more
Medium

CVE-2013-3908

Microsoft Internet Explorer 6 through 10 allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information from any visited document via a crafted web page that…

CVSS: 4.3 CWE: CWE-200
Read more
Medium

CVE-2013-3905

Microsoft Outlook 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT does not properly expand metadata contained in S/MIME certificates, which allows remote attackers to obtain sensitive network configura…

CVSS: 5.0 CWE: CWE-200
Read more
Medium

CVE-2013-3887

The Ancillary Function Driver (AFD) in afd.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, W…

CVSS: 4.9 CWE: CWE-200
Read more
Medium

CVE-2013-3869

Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows R…

CVSS: 5.0 CWE: CWE-20
Read more
Medium

CVE-2013-2653

security/MemberLoginForm.php in SilverStripe 3.0.3 supports login using a GET request, which makes it easier for remote attackers to conduct phishing attacks without detection by the victim.

CVSS: 5.8 CWE: CWE-20
Read more
Critical

CVE-2013-1325

Heap-based buffer overflow in Microsoft Office 2003 SP3 and 2007 SP3 allows remote attackers to execute arbitrary code via a crafted WordPerfect document (.wpd) file, aka "Word Heap Overwrite Vulnera…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2013-1324

Stack-based buffer overflow in Microsoft Office 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT allows remote attackers to execute arbitrary code via a crafted WordPerfect document (.wpd) fil…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2013-0082

Microsoft Office 2003 SP3 and 2007 SP3 allows remote attackers to execute arbitrary code via a crafted WordPerfect document (.wpd) file, aka "WPD File Format Memory Corruption Vulnerability."

CVSS: 9.3 CWE: CWE-119
Read more
2013-11-12
Medium

CVE-2013-5726

Tweetbot 1.3.3 for Mac, and 2.8.5 for iPad and iPhone, does not require confirmation of (1) follow or (2) favorite actions, which allows remote attackers to automatically force the user to perform un…

CVSS: 6.8 CWE: CWE-352
Read more
Medium

CVE-2013-6763

The uio_mmap_physical function in drivers/uio/uio.c in the Linux kernel before 3.12 does not validate the size of a memory block, which allows local users to cause a denial of service (memory corrupt…

CVSS: 6.9 CWE: CWE-119
Read more
Medium

CVE-2013-6122

goodix_tool.c in the Goodix gt915 touchscreen driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly…

CVSS: 6.9 CWE: CWE-20
Read more
Medium

CVE-2013-4740

goodix_tool.c in the Goodix gt915 touchscreen driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, relies on user-sp…

CVSS: 6.9 CWE: CWE-362
Read more
Medium

CVE-2013-4516

The mp_get_count function in drivers/staging/sb105x/sb_pci_mp.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information…

CVSS: 4.9 CWE: CWE-200
Read more
Medium

CVE-2013-4515

The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information fro…

CVSS: 4.9 CWE: CWE-200
Read more
Medium

CVE-2013-4514

Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveragin…

CVSS: 4.7 CWE: CWE-119
Read more
Medium

CVE-2013-4513

Buffer overflow in the oz_cdev_write function in drivers/staging/ozwpan/ozcdev.c in the Linux kernel before 3.12 allows local users to cause a denial of service or possibly have unspecified other imp…

CVSS: 4.9 CWE: CWE-119
Read more
Medium

CVE-2013-4512

Buffer overflow in the exitcode_proc_write function in arch/um/kernel/exitcode.c in the Linux kernel before 3.12 allows local users to cause a denial of service or possibly have unspecified other imp…

CVSS: 4.7 CWE: CWE-119
Read more
Critical

CVE-2013-3918

The InformationCardSigninHelper Class ActiveX control in icardie.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1…

CVSS: 9.3 CWE: CWE-119
Read more
2013-11-09
Low

CVE-2013-3045

The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote authenticated users to share crafted links via the Library function.

CVSS: 3.5 CWE: CWE-20
Read more
2013-11-08
Medium

CVE-2013-3986

IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote attackers to cause a denial of service (WebPlayer Firefox extension crash) via a crafted Audio Visual (AV) session.

CVSS: 4.3 CWE: CWE-119
Read more
Medium

CVE-2013-5566

Cisco NX-OS 5.0 and earlier on MDS 9000 devices allows remote attackers to cause a denial of service (supervisor CPU consumption) via Authentication Header (AH) authentication in a Virtual Router Red…

CVSS: 5.0 CWE: CWE-119
Read more
Medium

CVE-2013-5565

The OSPFv3 functionality in Cisco IOS XR 5.1 allows remote attackers to cause a denial of service (process crash) via a malformed LSA Type-1 packet, aka Bug ID CSCuj82176.

CVSS: 4.3 CWE: CWE-119
Read more
High

CVE-2013-5554

Directory traversal vulnerability in the web-management interface in the server in Cisco Wide Area Application Services (WAAS) Mobile before 3.5.5 allows remote attackers to upload and execute arbitr…

CVSS: 7.5 CWE: CWE-22
Read more
Medium

CVE-2013-4716

Cross-site scripting (XSS) vulnerability in Tattyan HP TOWN 5_9_3 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string.

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2013-4508

lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obta…

CVSS: 7.5 CWE: CWE-326
Read more
Low

CVE-2013-4055

Cross-site scripting (XSS) vulnerability in webadmin.nsf in Domino Web Administrator in IBM Domino 8.5 and 9.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified…

CVSS: 3.5 CWE: CWE-79
Read more
Low

CVE-2013-4051

Cross-site scripting (XSS) vulnerability in webadmin.nsf in Domino Web Administrator in IBM Domino 8.5 and 9.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified…

CVSS: 3.5 CWE: CWE-79
Read more
Medium

CVE-2013-4050

Cross-site request forgery (CSRF) vulnerability in webadmin.nsf in Domino Web Administrator in IBM Domino 8.5 and 9.0 allows remote authenticated users to hijack the authentication of unspecified vic…

CVSS: 6.0 CWE: CWE-352
Read more
2013-11-06
Medium

CVE-2013-5563

Cross-site scripting (XSS) vulnerability in Query/NewQueryResult.jsp in Cisco Security Monitoring, Analysis and Response System (CS-MARS) allows remote attackers to inject arbitrary web script or HTM…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2013-5562

The ITM web server in Cisco Prime Central for Hosted Collaboration Solution (HCS) allows remote attackers to cause a denial of service (temporary HTTP service outage) via a flood of TCP packets, aka…

CVSS: 5.0 CWE: CWE-119
Read more
Medium

CVE-2013-5387

Buffer overflow in IBM Platform Symphony 5.2, 6.1, and 6.1.1 allows remote attackers to cause a denial of service (process crash or hang) via a malformed SOAP request with a large amount of request d…

CVSS: 4.3 CWE: CWE-119
Read more
High

CVE-2013-4715

SQL injection vulnerability in Tiki Wiki CMS Groupware 6 LTS before 6.13LTS, 9 LTS before 9.7LTS, 10.x before 10.4, and 11.x before 11.1 allows remote attackers to execute arbitrary SQL commands via…

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2013-4714

Cross-site scripting (XSS) vulnerability in Tiki Wiki CMS Groupware 6 LTS before 6.13LTS, 9 LTS before 9.7LTS, 10.x before 10.4, and 11.x before 11.1 allows remote attackers to inject arbitrary web s…

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2013-3906

GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2; Office 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Office Compatibility Pack SP3; and Lync 2010, 2010 Attendee, 2013, and Basic 2013 allows remo…

CVSS: 7.8 CWE: CWE-94
Read more
Critical

CVE-2013-3626

Directory traversal vulnerability in the Session Server in Attachmate Verastream Host Integrator (VHI) 6.0 through 7.5 SP 1 HF 1 allows remote attackers to upload and execute arbitrary files via a cr…

CVSS: 9.3 CWE: CWE-22
Read more
Medium

CVE-2013-3286

Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum eRoom before 7.4.4 P11 allow remote attackers to inject arbitrary web script or HTML via a crafted URL.

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2013-3281

Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2 P07, Documentum WDK before 6.7 SP2 P07, Documentum Taskspace before 6.7 SP2 P07, Documentum Records Manager before 6.7…

CVSS: 4.3 CWE: CWE-79
Read more
2013-11-05
Medium

CVE-2013-5688

Multiple directory traversal vulnerabilities in index.php in AjaXplorer 5.0.2 and earlier allow remote authenticated users to read arbitrary files via a ../%00 (dot dot backslash encoded null byte) i…

CVSS: 5.5 CWE: CWE-22
Read more
Medium

CVE-2012-4503

cmdmon.c in Chrony before 1.29 allows remote attackers to obtain potentially sensitive information from stack memory via vectors related to (1) an invalid subnet in a RPY_SUBNETS_ACCESSED command to…

CVSS: 5.0 CWE: CWE-200
Read more
Critical

CVE-2013-6618

jsdm/ajax/port.php in J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1 before 12.1R5, 12.2 before 12.2R3, and 12.3 before 12.3R1 allows remote authenticated users to execute arbitrary…

CVSS: 9.0 CWE: CWE-20
Read more
Medium

CVE-2013-5695

Multiple cross-site scripting (XSS) vulnerabilities in Opsview before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/auditlog/, (2) PATH_INFO to…

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2013-5694

SQL injection vulnerability in status/service/acknowledge in Opsview before 4.4.1 allows remote attackers to execute arbitrary SQL commands via the service_selection parameter.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2013-4453

Cross-site scripting (XSS) vulnerability in templates/login.php in LDAP Account Manager (LAM) 4.3 and 4.2.1 allows remote attackers to inject arbitrary web script or HTML via the language parameter.

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2013-3263

Multiple cross-site scripting (XSS) vulnerabilities in the WP Ultimate Email Marketer plugin 1.1.0 and possibly earlier for Wordpress allow remote attackers to inject arbitrary web script or HTML via…

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2013-6172

steps/utils/save_pref.inc in Roundcube webmail before 0.8.7 and 0.9.x before 0.9.5 allows remote attackers to modify configuration settings via the _session parameter, which can be leveraged to read…

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2013-5670

Cross-site scripting (XSS) vulnerability in spell-check-savedicts.php in the htmlarea SpellChecker module, as used in Serendipity before 1.7.3 and possibly other products, allows remote attackers to…

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2013-4438

Salt (aka SaltStack) before 0.17.1 allows remote attackers to execute arbitrary YAML code via unspecified vectors. NOTE: the vendor states that this might not be a vulnerability because the YAML to…

CVSS: 7.5 CWE: CWE-94
Read more
Critical

CVE-2013-4436

The default configuration for salt-ssh in Salt (aka SaltStack) 0.17.0 does not validate the SSH host key of requests, which allows remote attackers to have unspecified impact via a man-in-the-middle…

CVSS: 9.3 CWE: CWE-20
Read more
Medium

CVE-2013-4435

Salt (aka SaltStack) 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another rou…

CVSS: 6.0 CWE: CWE-287
Read more
Medium

CVE-2011-5267

Multiple cross-site scripting (XSS) vulnerabilities in spell-check-savedicts.php in the SpellChecker module in Xinha, as used in WikiWig 5.01 and possibly other products, allow remote attackers to in…

CVSS: 4.3 CWE: CWE-79
Read more
2013-11-04
Medium

CVE-2013-6366

The Groovy script console in VMware Hyperic HQ 4.6.6 allows remote authenticated administrators to execute arbitrary code via a Runtime.getRuntime().exec call.

CVSS: 6.5 CWE: CWE-94
Read more
Medium

CVE-2013-6340

epan/dissectors/packet-tcp.c in the TCP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 does not properly determine the amount of remaining data, which allows remote attackers to…

CVSS: 4.3 CWE: CWE-20
Read more
Medium

CVE-2013-6339

The dissect_openwire_type function in epan/dissectors/packet-openwire.c in the OpenWire dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 allows remote attackers to cause a denial o…

CVSS: 4.3 CWE: CWE-20
Read more
Medium

CVE-2013-6338

The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 does not properly initialize a data structure, which all…

CVSS: 4.3 CWE: CWE-20
Read more
Medium

CVE-2013-6336

The ieee802154_map_rec function in epan/dissectors/packet-ieee802154.c in the IEEE 802.15.4 dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 uses an incorrect pointer chain, which…

CVSS: 4.3 CWE: CWE-20
Read more
Medium

CVE-2013-5564

The Java process in the Impact server in Cisco Prime Central for Hosted Collaboration Solution (HCS) allows remote attackers to cause a denial of service (process crash) via a flood of TCP packets, a…

CVSS: 5.0 CWE: CWE-119
Read more
Medium

CVE-2013-5561

The Safe Search enforcement feature in Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security Software does not properly perform filtering, which allows remote attackers to bypass intended…

CVSS: 5.0 CWE: CWE-20
Read more
Medium

CVE-2013-5559

Buffer overflow in the Active Template Library (ATL) framework in the VPNAPI COM module in Cisco AnyConnect Secure Mobility Client 2.x allows user-assisted remote attackers to execute arbitrary code…

CVSS: 6.8 CWE: CWE-119
Read more
Medium

CVE-2013-6114

Integer overflow in the OZDocument::parseElement function in Apple Motion 5.0.7 allows remote attackers to cause a denial of service (application crash) via a (1) large or (2) small value in the subv…

CVSS: 5.0 CWE: CWE-190
Read more
Medium

CVE-2013-2058

The host_start function in drivers/usb/chipidea/host.c in the Linux kernel before 3.7.4 does not properly support a certain non-streaming option, which allows local users to cause a denial of service…

CVSS: 4.7 CWE: CWE-119
Read more
2013-11-02
High

CVE-2013-6349

McAfee Email Gateway (MEG) 7.0 before 7.0.4 and 7.5 before 7.5.1 allows remote authenticated users to execute arbitrary commands via unspecified vectors.

CVSS: 8.5 CWE: CWE-94
Read more
Medium

CVE-2013-6348

Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.3.15.3 allow remote attackers to inject arbitrary web script or HTML via the namespace parameter to (1) actionNames.action and (…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2013-6111

Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.x, 1.0.22.7, 1.1.x, 1.24.1, 1.3.25.1 through 1.3.25.4, 1.4.26.1 through 1.4.26.4, 1.5.27.1 through 1.5.27.3, and 1.6.29.1 throug…

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2013-6023

Directory traversal vulnerability in the TVT TD-2308SS-B DVR with firmware 3.2.0.P-3520A-00 and earlier allows remote attackers to read arbitrary files via .. (dot dot) in the URI.

CVSS: 7.8 CWE: CWE-22
Read more
Medium

CVE-2013-6347

Session fixation vulnerability in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows remote attackers to hijack web sessions via unspecified vectors.

CVSS: 6.8 CWE: CWE-287
Read more
Medium

CVE-2013-6346

Cross-site request forgery (CSRF) vulnerability in the ZCC page in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows remote attackers to hijack the authentication of unspecified vic…

CVSS: 6.8 CWE: CWE-352
Read more
Medium

CVE-2013-6344

The ZCC page in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows attackers to conduct cross-frame scripting attacks via unknown vectors.

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2013-4416

The Ocaml xenstored implementation (oxenstored) in Xen 4.1.x, 4.2.x, and 4.3.x allows local guest domains to cause a denial of service (domain shutdown) via a large message reply.

CVSS: 5.2 CWE: CWE-119
Read more
Medium

CVE-2013-4282

Stack-based buffer overflow in the reds_handle_ticket function in server/reds.c in SPICE 0.12.0 allows remote attackers to cause a denial of service (crash) via a long password in a SPICE ticket.

CVSS: 5.0 CWE: CWE-119
Read more
Medium

CVE-2013-3631

NAS4Free 9.1.0.1.804 and earlier allows remote authenticated users to execute arbitrary PHP code via a request to exec.php, aka the "Advanced | Execute Command" feature. NOTE: this issue might not b…

CVSS: 6.0 CWE: CWE-94
Read more
Medium

CVE-2013-1084

Directory traversal vulnerability in the GetFle method in the umaninv service in Novell ZENworks Configuration Management (ZCM) 11.2.3 allows remote attackers to read arbitrary files via a .. (dot do…

CVSS: 5.0 CWE: CWE-22
Read more
Medium

CVE-2013-6075

The compare_dn function in utils/identification.c in strongSwan 4.3.3 through 5.1.1 allows (1) remote attackers to cause a denial of service (out-of-bounds read, NULL pointer dereference, and daemon…

CVSS: 5.0 CWE: CWE-119
Read more
Medium

CVE-2013-4494

Xen before 4.1.x, 4.2.x, and 4.3.x does not take the page_alloc_lock and grant_table.lock in the same order, which allows local guest administrators with access to multiple vcpus to cause a denial of…

CVSS: 5.2 CWE: CWE-20
Read more
Medium

CVE-2013-4457

The Cocaine gem 0.4.0 through 0.5.2 for Ruby allows context-dependent attackers to execute arbitrary commands via a crafted has object, related to recursive variable interpolation.

CVSS: 6.8 CWE: CWE-78
Read more