All CVEs — 2020 (Page 121/122)

Browse all CVEs by publication year. Use filters to refine.

CVSS ≥ 0.0

2020-01-06

High

CVE-2020-5515

Gila CMS 1.11.8 allows /admin/sql?query= SQL Injection.

CVSS: 7.2 CWE: CWE-89

Critical

CVE-2020-5514

Gila CMS 1.11.8 allows Unrestricted Upload of a File with a Dangerous Type via .phar or .phtml to the lzld/thumb?src= URI.

CVSS: 9.1 CWE: CWE-434

Medium

CVE-2015-4039

Multiple cross-site scripting (XSS) vulnerabilities in the WP Membership plugin 1.2.3 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via unspecified (1) profile…

CVSS: 5.4 CWE: CWE-79

High

CVE-2020-5840

An issue was discovered in HashBrown CMS before 1.3.2. Server/Entity/Resource/Connection.js allows an attacker to reach a parent directory via a crafted name or ID field.

CVSS: 7.5 CWE: CWE-22

Medium

CVE-2019-9472

In DCRYPTO_equals of compare.c, there is a possible timing attack due to improperly used crypto. This could lead to local information disclosure with no additional execution privileges needed. User i…

CVSS: 5.5 CWE: CWE-203

Medium

CVE-2019-9471

In set_outbound_iatu of abc-pcie.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. Us…

CVSS: 6.7 CWE: CWE-787

Medium

CVE-2019-9470

In dma_sblk_start of abc-pcie.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User…

CVSS: 6.7 CWE: CWE-787

High

CVE-2019-9469

In km_compute_shared_hmac of km4.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges…

CVSS: 7.8 CWE: CWE-787

High

CVE-2019-9468

In export_key_der of export_key.cpp, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User in…

CVSS: 7.8 CWE: CWE-415

Critical

CVE-2019-18792

An issue was discovered in Suricata 5.0.0. It is possible to bypass/evade any tcp based signature by overlapping a TCP segment with a fake FIN packet. The fake FIN packet is injected just before the…

CVSS: 9.1 CWE: CWE-436

Medium

CVE-2019-15603

The seefl package v0.1.1 is vulnerable to a stored Cross-Site Scripting (XSS) vulnerability via a malicious filename rendered in a directory listing.

CVSS: 6.1 CWE: CWE-79

Medium

CVE-2019-15602

The fileview package v0.1.6 has inadequate output encoding and escaping, which leads to a stored Cross-Site Scripting (XSS) vulnerability in files it serves.

CVSS: 6.1 CWE: CWE-79

Critical

CVE-2016-11017

The application login page in AKIPS Network Monitor 15.37 through 16.5 allows a remote unauthenticated attacker to execute arbitrary OS commands via shell metacharacters in the username parameter (a…

CVSS: 9.8 CWE: CWE-78

Critical

CVE-2019-20343

The MojoHaus Exec Maven plugin 1.1.1 for Maven allows code execution via a crafted XML document because a configuration element (within a plugin element) can specify an arbitrary program in an execut…

CVSS: 9.8 CWE: CWE-94

Critical

CVE-2020-5519

The WebAdmin Console in OpenLiteSpeed before v1.6.5 does not strictly check request URLs, as demonstrated by the "Server Configuration > External App" screen.

CVSS: 9.8 CWE: CWE-20

Medium

CVE-2019-15999

A vulnerability in the application environment of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to gain unauthorized access to the JBoss Enterprise Applicatio…

CVSS: 6.3 CWE: CWE-284

High

CVE-2019-15985

Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected…

CVSS: 7.2 CWE: CWE-89

High

CVE-2019-15984

CVSS: 7.2 CWE: CWE-89

Medium

CVE-2019-15983

A vulnerability in the SOAP API of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. To e…

CVSS: 4.9 CWE: CWE-611

High

CVE-2019-15982

Multiple vulnerabilities in the REST and SOAP API endpoints and the Application Framework feature of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct…

CVSS: 7.2 CWE: CWE-22

High

CVE-2019-15981

CVSS: 7.2 CWE: CWE-22

High

CVE-2019-15980

CVSS: 7.2 CWE: CWE-22

High

CVE-2019-15979

Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with administrative privileges on the DCNM applic…

CVSS: 7.2 CWE: CWE-78

High

CVE-2019-15978

CVSS: 7.2 CWE: CWE-78

High

CVE-2019-15977

Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary ac…

CVSS: 7.5 CWE: CWE-798

Critical

CVE-2019-15976

CVSS: 9.8 CWE: CWE-798

Critical

CVE-2019-15975

CVSS: 9.8 CWE: CWE-798

High

CVE-2019-5990

Access analysis CGI An-Analyzer released in 2019 June 24 and earlier allow remote attackers to obtain a login password via HTTP referer.

CVSS: 7.5 CWE: CWE-522

Medium

CVE-2019-5989

DOM-based cross-site scripting vulnerability in Access analysis CGI An-Analyzer released in 2019 June 24 and earlier allows remote attackers to inject arbitrary web script or HTML via the Analysis Ob…

CVSS: 6.1 CWE: CWE-79

Medium

CVE-2019-5988

Stored cross-site scripting vulnerability in Access analysis CGI An-Analyzer released in 2019 June 24 and earlier allows remote attackers to inject arbitrary web script or HTML via the Management Pag…

CVSS: 6.1 CWE: CWE-79

High

CVE-2019-5987

Access analysis CGI An-Analyzer released in 2019 June 24 and earlier allows remote authenticated attackers to execute arbitrary OS commands via the Management Page.

CVSS: 8.8 CWE: CWE-78

Medium

CVE-2019-20354

The web application component of piSignage before 2.6.4 allows a remote attacker (authenticated as a low-privilege user) to download arbitrary files from the Raspberry Pi via api/settings/log?file=..…

CVSS: 4.3 CWE: CWE-22

High

CVE-2019-20352

In Netwide Assembler (NASM) 2.15rc0, a heap-based buffer over-read occurs (via a crafted .asm file) in set_text_free when called from expand_one_smacro in asm/preproc.c.

CVSS: 7.1 CWE: CWE-125

High

CVE-2020-5192

PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple SQL injection vulnerabilities: multiple pages and parameters are not validating user input, and allow for the application's dat…

CVSS: 8.8 CWE: CWE-89

Medium

CVE-2020-5191

PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple Persistent XSS vulnerabilities.

CVSS: 6.1 CWE: CWE-79

Medium

CVE-2019-19265

IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 1 of 2) in notes for contacts.

CVSS: 6.1 CWE: CWE-79

Medium

CVE-2019-19266

IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 2 of 2) in notes for objects.

CVSS: 5.4 CWE: CWE-79

2020-01-05

Medium

CVE-2020-5306

Codoforum 4.8.3 allows XSS via a post using parameters display name, title name, or content.

CVSS: 4.8 CWE: CWE-79

Medium

CVE-2020-5305

Codoforum 4.8.3 allows XSS in the admin dashboard via a name field of a new user, i.e., on the Manage Users screen.

CVSS: 4.8 CWE: CWE-79

High

CVE-2019-20155

An issue was discovered in report_edit.jsp in Determine (formerly Selectica) Contract Lifecycle Management (CLM) v5.4. Any authenticated user may execute Groovy code when generating a report, resulti…

CVSS: 8.8 CWE: CWE-94

Medium

CVE-2019-20154

An issue was discovered in Determine (formerly Selectica) Contract Lifecycle Management (CLM) v5.4. A cross-site scripting (XSS) vulnerability in multiple getchart.jsp parameters allows remote attack…

CVSS: 6.1 CWE: CWE-79

Medium

CVE-2019-20153

An issue was discovered in Determine (formerly Selectica) Contract Lifecycle Management (CLM) in v5.4. An XML external entity (XXE) vulnerability in the upload definition feature in definition_upload…

CVSS: 4.9 CWE: CWE-611

Medium

CVE-2019-20077

The Typesetter CMS 5.1 logout functionality is affected by a CSRF vulnerability. The logout function of the admin panel is not protected by any CSRF tokens. An attacker can logout the user using this…

CVSS: 4.3 CWE: CWE-352

High

CVE-2019-20004

An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. When the administrator password is changed from a certain client IP address, administrative authorization remains available to any client…

CVSS: 8.8 CWE: CWE-640

High

CVE-2019-20337

In PHP Scripts Mall advanced-real-estate-script 4.0.9, the news_edit.php news_id parameter is vulnerable to SQL Injection.

CVSS: 7.2 CWE: CWE-89

Medium

CVE-2019-20336

In PHP Scripts Mall advanced-real-estate-script 4.0.9, the search-results.php searchtext parameter is vulnerable to XSS.

CVSS: 6.1 CWE: CWE-79

High

CVE-2019-19911

There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows running 32-bit…

CVSS: 7.5 CWE: CWE-190

Critical

CVE-2019-19628

In GitLab EE 11.3 through 12.5.3, 12.4.5, and 12.3.8, insufficient parameter sanitization for the Maven package registry could lead to privilege escalation and remote code execution vulnerabilities u…

CVSS: 9.8 CWE: CWE-22

High

CVE-2019-19314

GitLab EE 8.4 through 12.5, 12.4.3, and 12.3.6 stored several tokens in plaintext.

CVSS: 7.5 CWE: CWE-312

High

CVE-2019-19313

GitLab EE 12.3 through 12.5, 12.4.3, and 12.3.6 allows Denial of Service. Certain characters were making it impossible to create, edit, or view issues and commits.

CVSS: 7.5 CWE: CWE-755

2020-01-04

Medium

CVE-2019-20334

In Netwide Assembler (NASM) 2.14.02, stack consumption occurs in expr# functions in asm/eval.c. This potentially affects the relationships among expr0, expr1, expr2, expr3, expr4, expr5, and expr6 (a…

CVSS: 5.5 CWE: CWE-674

Medium

CVE-2015-9540

Chamilo LMS through 1.9.10.2 allows a link_goto.php?link_url= open redirect, a related issue to CVE-2015-5503.

CVSS: 6.1 CWE: CWE-601

Medium

CVE-2020-5497

The OpenID Connect reference implementation for MITREid Connect through 1.3.3 allows XSS due to userInfoJson being included in the page unsanitized. This is related to header.tag. The issue can be ex…

CVSS: 6.1 CWE: CWE-79

2020-01-03

Medium

CVE-2019-5846

Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 6.5 CWE: CWE-787

Medium

CVE-2019-5845

Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 6.5 CWE: CWE-787

Medium

CVE-2019-5844

Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 6.5 CWE: CWE-787

Medium

CVE-2019-3768

RSA Authentication Manager versions prior to 8.4 P7 contain an XML Entity Injection Vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to cause informat…

CVSS: 6.5 CWE: CWE-611

Medium

CVE-2019-13766

Use-after-free in accessibility in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 6.5 CWE: CWE-416

Medium

CVE-2019-13765

Use-after-free in content delivery manager in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 6.5 CWE: CWE-416

High

CVE-2020-5496

FontForge 20190801 has a heap-based buffer overflow in the Type2NotDefSplines() function in splinesave.c.

CVSS: 8.8 CWE: CWE-787

Medium

CVE-2019-9542

: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in itemlookup.asp of Telos Automated Message Handling System allows a remote attacker to inject ar…

CVSS: 6.1 CWE: CWE-79

Medium

CVE-2019-9541

: Information Exposure vulnerability in itemlookup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos A…

CVSS: 6.1 CWE: CWE-200

Medium

CVE-2019-9540

: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in prefs.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitra…

CVSS: 6.1 CWE: CWE-79

Medium

CVE-2019-9539

: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ModalWindowPopup.asp of Telos Automated Message Handling System allows a remote attacker to inj…

CVSS: 6.1 CWE: CWE-79

Medium

CVE-2019-9538

: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the LDAP cbURL parameter of Telos Automated Message Handling System allows a remote attacker to…

CVSS: 6.1 CWE: CWE-79

Medium

CVE-2019-9537

: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uploaditem.asp of Telos Automated Message Handling System allows a remote attacker to inject ar…

CVSS: 6.1 CWE: CWE-79

Critical

CVE-2014-8516

Unrestricted file upload vulnerability in Visual Mining NetCharts Server allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unsp…

CVSS: 9.8 CWE: CWE-434

High

CVE-2020-5395

FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd.c.

CVSS: 8.8 CWE: CWE-416

Critical

CVE-2014-8337

Unrestricted file upload vulnerability in includes/classes/uploadify-v2.1.4/uploadify.php in HelpDEZk 1.0.1 and earlier allows remote attackers to execute arbitrary code by uploading a file with an e…

CVSS: 9.8 CWE: CWE-434

Medium

CVE-2014-5516

Cross-site request forgery (CSRF) vulnerability in the Storefront Application in DS Data Systems KonaKart before 7.3.0.0 allows remote attackers to hijack the authentication of administrators for req…

CVSS: 6.5 CWE: CWE-352

High

CVE-2014-5140

The bindReplace function in the query factory in includes/classes/database.php in Loaded Commerce 7 does not properly handle : (colon) characters, which allows remote authenticated users to conduct S…

CVSS: 8.8 CWE: CWE-89

Medium

CVE-2014-4196

Cross-site scripting (XSS) vulnerability in bsi.dll in Bank Soft Systems (BSS) RBS BS-Client 3.17.9 allows remote attackers to inject arbitrary web script or HTML via the colorstyle parameter.

CVSS: 6.1 CWE: CWE-79

Medium

CVE-2014-10398

Multiple cross-site scripting (XSS) vulnerabilities in bsi.dll in Bank Soft Systems (BSS) RBS BS-Client. Private Client (aka RBS BS-Client. Retail Client) 2.5, 2.4, and earlier allow remote attackers…

CVSS: 6.1 CWE: CWE-79

Critical

CVE-2012-5878

Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostingPath parameter to (1) SEAttack.pl or…

CVSS: 9.8 CWE: CWE-78

High

CVE-2012-5693

Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddressTB parameter to (1) remoteAttack.pl or (2)…

CVSS: 8.8 CWE: CWE-78

Critical

CVE-2019-11994

A security vulnerability has been identified in HPE SimpliVity 380 Gen 9, HPE SimpliVity 380 Gen 10, HPE SimpliVity 380 Gen 10 G, HPE SimpliVity 2600 Gen 10, SimpliVity OmniCube, SimpliVity OmniStack…

CVSS: 9.8 CWE: CWE-22

High

CVE-2019-5064

An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV, before version 4.2.0. A specially crafted JSON file can cause a buffer overflow, re…

CVSS: 8.8 CWE: CWE-120

High

CVE-2019-5063

An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV 4.1.0. A specially crafted XML file can cause a buffer overflow, resulting in multip…

CVSS: 8.8 CWE: CWE-120

Medium

CVE-2019-19310

GitLab Enterprise Edition (EE) 9.0 and later through 12.5 allows Information Disclosure.

CVSS: 4.9 CWE: CWE-522

Medium

CVE-2019-19263

GitLab Enterprise Edition (EE) 8.2 and later through 12.5 has Insecure Permissions.

CVSS: 4.3 CWE: CWE-732

Medium

CVE-2019-19262

GitLab Enterprise Edition (EE) 11.9 and later through 12.5 has Insecure Permissions.

CVSS: 4.3 CWE: CWE-732

High

CVE-2019-19261

GitLab Enterprise Edition (EE) 6.7 and later through 12.5 allows SSRF.

CVSS: 8.8 CWE: CWE-918

Medium

CVE-2019-19259

GitLab Enterprise Edition (EE) 11.3 and later through 12.5 allows an Insecure Direct Object Reference (IDOR).

CVSS: 4.3 CWE: CWE-639

Medium

CVE-2019-19256

GitLab Enterprise Edition (EE) 12.2 and later through 12.5 has Incorrect Access Control.

CVSS: 5.3 CWE: CWE-200

Medium

CVE-2012-4451

Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) Debug, (2) Feed\Pub…

CVSS: 6.1 CWE: CWE-79

Medium

CVE-2019-19311

GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 allows XSS in group and profile fields.

CVSS: 5.4 CWE: CWE-79

Medium

CVE-2019-19254

GitLab Community Edition (CE) and Enterprise Edition (EE). 9.6 and later through 12.5 has Incorrect Access Control.

CVSS: 5.3 CWE: CWE-200

Critical

CVE-2019-19088

Gitlab Enterprise Edition (EE) 11.3 through 12.4.2 allows Directory Traversal.

CVSS: 9.8 CWE: CWE-22

Medium

CVE-2019-19087

Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 2 of 2).

CVSS: 4.3 CWE: CWE-732

Medium

CVE-2019-19086

Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 1 of 2).

CVSS: 4.3 CWE: CWE-732

High

CVE-2019-5304

Some Huawei products have a buffer error vulnerability. An unauthenticated, remote attacker could send specific MPLS Echo Request messages to the target products. Due to insufficient input validation…

CVSS: 7.5 CWE: CWE-120

Critical

CVE-2019-20330

FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.

CVSS: 9.8 CWE: CWE-502

High

CVE-2020-5313

libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.

CVSS: 7.1 CWE: CWE-125

Critical

CVE-2020-5312

libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow.

CVSS: 9.8 CWE: CWE-120

Critical

CVE-2020-5311

libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow.

CVSS: 9.8 CWE: CWE-120

High

CVE-2020-5310

libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc.

CVSS: 8.8 CWE: CWE-190

High

CVE-2019-20329

OpenLambda 2019-09-10 allows DNS rebinding attacks against the OL server for the REST API on TCP port 5000.

CVSS: 8.1 CWE: CWE-346

2020-01-02

Critical

CVE-2016-1000027

Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented with…

CVSS: 9.8 CWE: CWE-502

High

CVE-2014-8182

An off-by-one error leading to a crash was discovered in openldap 2.4 when processing DNS SRV messages. If slapd was configured to use the dnssrv backend, an attacker could crash the service with cra…

CVSS: 7.5 CWE: CWE-193

Medium

CVE-2014-6275

FusionForge before 5.3.2 use scripts that run under the shared Apache user, which is also used by project homepages by default. If project webpages are hosted on the same server than FusionForge, it…

CVSS: 5.9 CWE: CWE-200

Medium

CVE-2013-1642

Multiple cross-site scripting (XSS) vulnerabilities in QuiXplorer before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via the (1) dir, (2) item, (3) order, (4) searchitem, (5)…

CVSS: 6.1 CWE: CWE-79

Medium

CVE-2013-1420

Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to backup-edit.php; (2) title…

CVSS: 6.1 CWE: CWE-79

Medium

CVE-2013-0737

Cross-site scripting (XSS) vulnerability in BoltWire 3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the fieldnames parameter.

CVSS: 6.1 CWE: CWE-79

Medium

CVE-2014-3590

Versions of Foreman as shipped with Red Hat Satellite 6 does not check for a correct CSRF token in the logout action. Therefore, an attacker can log out a user by having them view specially crafted c…

CVSS: 6.5 CWE: CWE-352

Medium

CVE-2014-0245

It was found that the implementation of the GTNSubjectCreatingInterceptor class in gatein-wsrp was not thread safe. For a specific WSRP endpoint, under high-concurrency scenarios or scenarios where S…

CVSS: 5.9 CWE: CWE-362

Medium

CVE-2014-0183

Versions of Katello as shipped with Red Hat Subscription Asset Manager 1.4 are vulnerable to a XSS via HTML in the systems name when registering.

CVSS: 6.1 CWE: CWE-79

Medium

CVE-2014-0169

In JBoss EAP 6 a security domain is configured to use a cache that is shared between all applications that are in the security domain. This could allow an authenticated user in one application to acc…

CVSS: 6.5 CWE: CWE-863

Critical

CVE-2014-0011

Multiple heap-based buffer overflows in the ZRLE_DECODE function in common/rfb/zrleDecode.h in TigerVNC before 1.3.1, when NDEBUG is enabled, allow remote VNC servers to cause a denial of service (vn…

CVSS: 9.8 CWE: CWE-787

Medium

CVE-2013-7351

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Shaarli allow remote attackers to inject arbitrary web script or HTML via the URL to the (1) showRSS, (2) showATOM, or (3) showDail…

CVSS: 6.1 CWE: CWE-79

Critical

CVE-2013-3941

Xjp2.dll in XnView before 2.13 allows remote attackers to execute arbitrary code via (1) the Csiz parameter in a SIZ marker, which triggers an incorrect memory allocation, or (2) the lqcd field in a…

CVSS: 9.8 CWE: CWE-787

High

CVE-2013-3939

xnview.exe in XnView before 2.13 does not properly handle RLE strip lengths during processing of RGB files, which allows remote attackers to execute arbitrary code via the RLE strip size field in a R…

CVSS: 7.8 CWE: CWE-787

High

CVE-2013-3937

Heap-based buffer overflow in xnview.exe in XnView before 2.13 allows remote attackers to execute arbitrary code via the biBitCount field in a BMP file.

CVSS: 7.8 CWE: CWE-787

High

CVE-2013-3932

SQL injection vulnerability in the Jomres (com_jomres) component before 7.3.1 for Joomla! allows remote authenticated users with the "Business Manager" permission to execute arbitrary SQL commands vi…

CVSS: 8.8 CWE: CWE-89

Medium

CVE-2013-3931

Cross-site scripting (XSS) vulnerability in the Jomres (com_jomres) component before 7.3.1 for Joomla! allows remote authenticated users with the "Business Manager" permission to inject arbitrary web…

CVSS: 5.4 CWE: CWE-79

High

CVE-2013-3247

Heap-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted RLE compressed layer in an XCF file.

CVSS: 7.8 CWE: CWE-787

High

CVE-2013-3246

Stack-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted image layer in an XCF file.

CVSS: 7.8 CWE: CWE-787

Medium

CVE-2014-4553

Cross-site Scripting (XSS) in the spreadshirt-rss-3d-cube-flash-gallery plugin 2014 for WordPress allows remote attackers to execute arbitrary web script or HTML via unspecified parameters.

CVSS: 6.1 CWE: CWE-79

Medium

CVE-2013-7486

Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev27 and 7.4.x before 7.4.0-rev20 allows remote attackers to inject arbitrary web script or H…

CVSS: 6.1 CWE: CWE-79

Medium

CVE-2013-7485

Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev26 and 7.4.x before 7.4.0-rev16 allows remote attackers to inject arbitrary web script or H…

CVSS: 6.1 CWE: CWE-79

Medium

CVE-2013-7062

Multiple cross-site scripting (XSS) vulnerabilities in Zope, as used in Plone 3.3.x through 3.3.6, 4.0.x through 4.0.9, 4.1.x through 4.1.6, 4.2.x through 4.2.7, and 4.3 through 4.3.2, allow remote a…

CVSS: 6.1 CWE: CWE-79