VIR Vulnerability Intelligence Relay

Search

Found 2,911 results in 478ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2013-4095 medium 7.5 EXP imperva 13y ago plain/actionsets.html in the SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to execute arbitrary commands via a task with a …
CVE-2013-4094 medium 7.5 EXP imperva 13y ago The Key Management feature in the SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to upload executable files via the (1) priv…
CVE-2013-4093 medium 6.0 EXP imperva 13y ago The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote attackers to obtain sensitive information via (1) a direct request to dwr/call/plaincall/Asyn…
CVE-2013-4092 medium 6.0 EXP imperva 13y ago The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows context-dependent attackers to obtain sensitive information by leveraging the presence of (1) a sess…
CVE-2013-4660 medium 7.8 EXP nodeca 13y ago Deserialization Code Execution in js-yaml
CVE-2013-4615 medium 6.0 EXP 13y ago The Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers allow remote attackers to cause a denial of service (device hang) via a crafted LAN_TXT24 parameter to English/…
CVE-2013-4614 low 3.1 EXP 13y ago English/pages_MacUS/wls_set_content.html on the Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers shows the Wi-Fi PSK passphrase in cleartext, which allows physicall…
CVE-2012-6568 medium 7.9 EXP huawei 13y ago Buffer overflow in the back-end component in Huawei UTPS 1.0 allows local users to gain privileges via a long IDS_PLUGIN_NAME string in a plug-in configuration file.
CVE-2012-4960 medium 7.5 EXP 13y ago The Huawei NE5000E, MA5200G, NE40E, NE80E, ATN, NE40, NE80, NE20E-X6, NE20, ME60, CX600, CX200, CX300, ACU, WLAN AC 6605, S9300, S7700, S2300, S3300, S5300, S3300HI, S5300HI, S5306, S6300, S2700, S37…
CVE-2013-3575 medium 6.0 EXP hp 13y ago hpdiags/frontend2/help/pageview.php in HP Insight Diagnostics 9.4.0.4710 does not properly restrict PHP include or require statements, which allows remote attackers to include arbitrary hpdiags/front…
CVE-2013-4074 medium 6.0 EXPFIX debian debiansuse suse wireshark 13y ago The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 incorrectly uses a -1 data value to represent an er…
CVE-2013-0143 medium 7.5 EXP qnap 13y ago cgi-bin/pingping.cgi on QNAP VioStor NVR devices with firmware 4.0.3, and in the Surveillance Station Pro component in QNAP NAS, allows remote authenticated users to execute arbitrary commands by lev…
CVE-2013-2852 medium 7.9 EXPFIX debian debianubuntu ubuntu linux-kernel 13y ago Format string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain pr…
CVE-2013-3661 medium 5.9 EXP windows windows 13y ago The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Se…
CVE-2011-4520 medium 5.3 EXP microsys 13y ago Heap-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page.
CVE-2011-4519 medium 5.3 EXP microsys 13y ago Stack-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page.
CVE-2011-4518 medium 6.0 EXP microsys 13y ago Directory traversal vulnerability in the PmWebDir object in the web server in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2012-6559 medium 5.3 EXP freenac 13y ago Multiple cross-site scripting (XSS) vulnerabilities in FreeNAC 3.02 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) mac, (3) graphtype, (4) name, or (5) type pa…
CVE-2012-6557 medium 5.3 EXP zodiacdmvanillaforums 13y ago Multiple cross-site scripting (XSS) vulnerabilities in the AboutMe plugin 1.1.1 for Vanilla Forums allow remote attackers to inject arbitrary web script or HTML via the (1) AboutMe/RealName, (2) Abou…
CVE-2012-6556 medium 5.3 EXP jspautsch 13y ago Multiple cross-site scripting (XSS) vulnerabilities in the FirstLastNames plugin 1.1.1 for Vanilla Forums allow remote attackers to inject arbitrary web script or HTML via the (1) User/FirstName or (…
CVE-2012-6555 medium 5.3 EXP vanillaforums 13y ago Cross-site scripting (XSS) vulnerability in the LatestComment plugin 1.1 for Vanilla Forums allows remote attackers to inject arbitrary web script or HTML via the discussion title.
CVE-2012-6554 medium 7.5 EXP a51dev 13y ago functions/html_to_text.php in the Chat module before 1.5.2 for activeCollab allows remote authenticated users to execute arbitrary PHP code via the message[message_text] parameter to chat/add_messag,…
CVE-2013-0145 medium 6.0 EXP vercot 13y ago Buffer overflow in the TFTPD service in Serva32 2.1.0 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long string in a read request.
CVE-2013-1670 medium 5.3 EXP mozilla 13y ago The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acqui…
CVE-2013-3538 medium 5.3 EXP wesley_destailleur 13y ago Multiple cross-site scripting (XSS) vulnerabilities in todooforum.php in Todoo Forum 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id_post or (2) pg parameter.
CVE-2013-3535 medium 5.3 EXP themelogik 13y ago Multiple cross-site scripting (XSS) vulnerabilities in CMSLogik 1.2.0 and 1.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_email, (2) header_title, (3) site_title…
CVE-2013-3529 medium 5.3 EXP smartypantspluginswordpress 13y ago Multiple cross-site scripting (XSS) vulnerabilities in user/obits.php in the WP FuneralPress plugin before 1.1.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1…
CVE-2013-3526 medium 5.3 EXP wptrafficanalyzerwordpress 13y ago Cross-site scripting (XSS) vulnerability in js/ta_loaded.js.php in the Traffic Analyzer plugin, possibly 3.3.2 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTM…
CVE-2013-3522 medium 7.5 EXP vbulletin 13y ago SQL injection vulnerability in index.php/ajax/api/reputation/vote in vBulletin 5.0.0 Beta 11, 5.0.0 Beta 28, and earlier allows remote authenticated users to execute arbitrary SQL commands via the no…
CVE-2013-3336 medium 6.0 EXP adobe 13y ago Unspecified vulnerability in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to read arbitrary files via unknown vectors.
CVE-2013-3502 medium 7.5 EXP gwos 13y ago monarch_scan.cgi in the MONARCH component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to execute arbitrary commands, and consequently obtain sensitive information, by lev…
CVE-2013-3242 medium 6.5 EXP joomla 13y ago plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 does not properly handle an object obtained by unserializing a cookie, which allows remote authenticated use…
CVE-2013-1959 low 4.7 EXPFIX debian debian linux-kernel 13y ago kernel/user_namespace.c in the Linux kernel before 3.8.9 does not have appropriate capability requirements for the uid_map and gid_map files, which allows local users to gain privileges by opening a …
CVE-2013-1884 medium 6.0 EXPFIX debian debian apache 13y ago The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an inval…
CVE-2013-1847 medium 6.0 EXPFIX debian debian apache 13y ago The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an …
CVE-2009-5029 medium 7.8 EXPFIX debian debian gnu 13y ago Integer overflow in the __tzfile_read function in glibc before 2.15 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted timezone …
CVE-2009-5135 medium 6.0 EXP nextapp 13y ago The Java XML parser in Echo before 2.1.1 and 3.x before 3.0.b6 allows remote attackers to read arbitrary files via a request containing an external entity declaration in conjunction with an entity re…
CVE-2013-1428 medium 7.5 EXPFIX debian debian tinc-vpn 13y ago Stack-based buffer overflow in the receive_tcppacket function in net_packet.c in tinc before 1.0.21 and 1.1 before 1.1pre7 allows remote authenticated peers to cause a denial of service (crash) or po…
CVE-2013-3241 medium 5.0 EXPFIX debian debian phpmyadmin 13y ago export.php (aka the export script) in phpMyAdmin 4.x before 4.0.0-rc3 overwrites global variables on the basis of the contents of the POST superglobal array, which allows remote authenticated users t…
CVE-2013-3240 medium 7.5 EXPFIX debian debian phpmyadmin 13y ago Directory traversal vulnerability in the Export feature in phpMyAdmin 4.x before 4.0.0-rc3 allows remote authenticated users to read arbitrary files or possibly have unspecified other impact via a pa…
CVE-2013-3239 medium 5.6 EXPFIX debian debian phpmyadmin 13y ago phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename…
CVE-2013-3238 medium 7.0 EXPFIX debian debian phpmyadmin 13y ago phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote authenticated users to execute arbitrary code via a /e\x00 sequence, which is not properly handled before making a preg_replace fu…
CVE-2013-2419 medium 6.0 EXPFIX debian debian oraclesun 13y ago Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allow…
CVE-2013-2416 medium 5.3 EXP oracle 13y ago Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployme…
CVE-2013-1559 medium 5.0 EXP oracle 13y ago Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1 and 11.1.1.6.0 allows remote authenticated users to affect availability via unknown vectors …
CVE-2013-1509 medium 5.0 EXP oracle 13y ago Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 7.6.2, 11.1.1.6.0, and 11.1.1.6.1 allows remote authenticated users to affect integrity via unknown vecto…
CVE-2013-2760 medium 7.8 EXP bestwebsharing 13y ago Buffer overflow in Groovy Media Player 3.2.0 allows remote attackers to execute arbitrary code via a long string in a .m3u file.
CVE-2013-1937 medium 6.1 7.1 EXPFIX debian debian phpmyadmin 13y ago Multiple cross-site scripting (XSS) vulnerabilities in tbl_gis_visualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the (1) visua…
CVE-2013-0125 medium 5.3 EXP c2enterprise 13y ago Cross-site scripting (XSS) vulnerability in fileview.asp in C2 WebResource allows remote attackers to inject arbitrary web script or HTML via the File parameter.
CVE-2013-1899 medium 7.5 EXP ubuntu ubuntu postgresql 13y ago Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remot…
CVE-2013-0663 medium 7.8 EXP 13y ago Cross-site request forgery (CSRF) vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103, TSX…
CVE-2012-1038 medium 5.3 EXP juniper 13y ago Cross-site scripting (XSS) vulnerability in the WebAAA login functionality (wba_login.html) in Juniper Networks Mobility System Software (MSS) 7.6.x before 7.6.3, 7.7.x before 7.7.1, 7.5.x before 7.5…
CVE-2012-6550 medium 5.3 EXP debian debian zeroclipboard_project 13y ago Cross-site scripting (XSS) vulnerability in ZeroClipboard before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via "the clipText returned from the flash object," a different vu…
CVE-2012-6534 medium 5.3 EXP novell 13y ago Novell Sentinel Log Manager before 1.2.0.3 allows remote attackers to create data retention policies via a crafted text/x-gwt-rpc request to novelllogmanager/datastorageservice.rpc, and allows remote…
CVE-2013-1861 medium 6.0 EXP ubuntu ubuntudebian debian rhel mariadboracle 13y ago MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers…
CVE-2013-2501 medium 5.3 EXP terillionwordpress 13y ago Cross-site scripting (XSS) vulnerability in the Terillion Reviews plugin before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ProfileId field.
CVE-2013-1828 medium 7.9 EXPFIX linux-kerneldebian debian 13y ago The sctp_getsockopt_assoc_stats function in net/sctp/socket.c in the Linux kernel before 3.8.4 does not validate a size value before proceeding to a copy_from_user operation, which allows local users…
CVE-2013-0126 medium 7.8 EXP 13y ago Multiple cross-site request forgery (CSRF) vulnerabilities in index.cgi on the Verizon FIOS Actiontec MI424WR-GEN3I router with firmware 40.19.36 allow remote attackers to hijack the authentication o…
CVE-2013-0332 medium 6.0 EXPFIX debian debian zoneminder 13y ago Multiple directory traversal vulnerabilities in ZoneMinder 1.24.x before 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) view, (2) request, or (3) action parameter.
CVE-2013-2492 medium 7.8 EXP firebirdsql 13y ago Stack-based buffer overflow in Firebird 2.1.3 through 2.1.5 before 18514, and 2.5.1 through 2.5.3 before 26623, on Windows allows remote attackers to execute arbitrary code via a crafted packet to TC…
CVE-2013-2566 medium 5.9 6.9 EXP ubuntu ubuntu oraclemozilla 13y ago The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis…
CVE-2013-1814 medium 5.0 EXP apache 13y ago Apache Rave information disclosure vulnerability
CVE-2013-1469 medium 5.0 EXP piwigo 13y ago Directory traversal vulnerability in install.php in Piwigo before 2.4.7 allows remote attackers to read and delete arbitrary files via a .. (dot dot) in the dl parameter.
CVE-2013-2503 medium 6.8 EXPFIX slesdebian debian privoxy 13y ago Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended…
CVE-2013-1775 medium 7.9 EXPFIX macos macosdebian debian todd_miller 13y ago sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by…
CVE-2013-1773 medium 7.2 EXPFIX debian debian linux-kernel rhel 14y ago Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service (system crash) via a VFAT write operation on a …
CVE-2012-5337 medium 5.3 EXP jforum 14y ago Multiple cross-site scripting (XSS) vulnerabilities in jforum.page in JForum 2.1.9 allow remote attackers to inject arbitrary web script or HTML via the (1) action, (2) match_type, (3) sort_by, or (4…
CVE-2013-0108 medium 7.8 EXP honeywell 14y ago An ActiveX control in HscRemoteDeploy.dll in Honeywell Enterprise Buildings Integrator (EBI) R310, R400.2, R410.1, and R410.2; SymmetrE R310, R410.1, and R410.2; ComfortPoint Open Manager (aka CPO-M)…
CVE-2012-6274 medium 6.0 EXP bigantsoft 14y ago BigAntSoft BigAnt IM Message Server does not require authentication for file uploading, which allows remote attackers to create arbitrary files under AntServer\DocData\Public via unspecified vectors.
CVE-2012-6533 medium 5.4 EXP windows windows symantec 14y ago Buffer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encryption Desktop 10.3.0 before MP1 on Windows XP and Server 2003 allows local users to gain privileges via a crafted application.
CVE-2012-5375 medium 5.0 EXPFIX debian debian linux-kernel 14y ago The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc1 allows local users to cause a denial of service (prevention of file creation) by leveraging the ability to write to a…
CVE-2013-0268 medium 7.2 EXPFIX linux-kerneldebian debian 14y ago The msr_open function in arch/x86/kernel/msr.c in the Linux kernel before 3.7.6 allows local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrat…
CVE-2013-0160 low 3.1 EXPFIX debian debian linux-kernel 14y ago The Linux kernel through 3.7.9 allows local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device.
CVE-2012-4530 low 3.1 EXPFIX linux-kerneldebian debian 14y ago The load_script function in fs/binfmt_script.c in the Linux kernel before 3.7.2 does not properly handle recursion, which allows local users to obtain sensitive information from kernel stack memory v…
CVE-2013-1402 medium 6.0 EXP digitiliti 14y ago DigiLIBE 3.4 and possibly other versions sends a redirect but does not exit, which allows remote attackers to obtain sensitive configuration information via a direct request to configuration/general_…
CVE-2013-1114 medium 5.3 EXP cisco 14y ago Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unity Express before 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud87527.
CVE-2013-0238 medium 6.0 EXPFIX debian debian ircd-hybrid 14y ago The try_parse_v4_netmask function in hostmask.c in IRCD-Hybrid before 8.0.6 does not properly validate masks, which allows remote attackers to cause a denial of service (crash) via a mask that causes…
CVE-2011-5265 medium 5.3 EXP featurific_for_wordpress_projectwordpress 14y ago Cross-site scripting (XSS) vulnerability in cached_image.php in the Featurific For WordPress plugin 1.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the snum par…
CVE-2011-5261 medium 5.3 EXP 14y ago Cross-site scripting (XSS) vulnerability in serverreport.cgi in Axis M10 Series Network Cameras M1054 firmware 5.21 and earlier allows remote attackers to inject arbitrary web script or HTML via the …
CVE-2011-5259 medium 7.8 EXP orangehrm 14y ago SQL injection vulnerability in lib/controllers/CentralController.php in OrangeHRM before 2.6.11.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2011-5258 medium 5.3 EXP orangehrm 14y ago Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM before 2.6.11.2 allow remote attackers to inject arbitrary web script or HTML via the (1) uniqcode or (2) isAdmin parameter to index.p…
CVE-2011-5257 medium 5.3 EXP appthemeswordpress 14y ago Multiple cross-site scripting (XSS) vulnerabilities in the Classipress theme before 3.1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) twitter_id parameter …
CVE-2012-2686 medium 6.0 EXPFIX debian debian openssl 14y ago crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service (application cr…
CVE-2013-1464 medium 5.3 EXP doryphoreswordpress 14y ago Cross-site scripting (XSS) vulnerability in assets/player.swf in the Audio Player plugin before 2.0.4.6 for Wordpress allows remote attackers to inject arbitrary web script or HTML via the playerID p…
CVE-2013-1463 medium 5.3 EXP wp-table_reloaded_project 14y ago Cross-site scripting (XSS) vulnerability in js/tabletools/zeroclipboard.swf in the WP-Table Reloaded module before 1.9.4 for Wordpress allows remote attackers to inject arbitrary web script or HTML v…
CVE-2013-1120 medium 7.8 EXP cisco 14y ago Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Unity Express with software before 8.0 allow remote attackers to hijack the authentication of unspecified victims via unknown v…
CVE-2012-0874 medium 7.8 EXP redhat 14y ago The (1) JMXInvokerHAServlet and (2) EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and …
CVE-2013-1471 medium 5.3 EXP fortinet 14y ago Multiple cross-site scripting (XSS) vulnerabilities in admin/FEAdmin.html in Fortinet FortiMail before 4.3.4 on FortiMail Identity-Based Encryption (IBE) appliances allow user-assisted remote attacke…
CVE-2012-6528 medium 5.3 EXP atutor 14y ago Multiple cross-site scripting (XSS) vulnerabilities in ATutor before 2.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) themes/default/tile_search/index.tmpl.p…
CVE-2012-6523 medium 5.3 EXP w-cms 14y ago Multiple cross-site scripting (XSS) vulnerabilities in w-CMS 2.01 allow remote attackers to inject arbitrary web script or HTML via (1) the p parameter in the getMenus function in codes/wcms.php; or …
CVE-2012-6522 medium 6.0 EXP w-cms 14y ago Directory traversal vulnerability in the getContent function in codes/wcms.php in w-CMS 2.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter. NOTE: some of thes…
CVE-2013-1451 medium 5.0 EXP microsoft 14y ago Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not ensure that the SSL lock icon is consistent…
CVE-2013-0233 medium 7.8 EXPFIX suse susedebian debian plataformatecruby-lang 14y ago Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certain databases, does not properly perform type conversion when performing databas…
CVE-2013-0653 medium 5.3 EXP ge 14y ago Directory traversal vulnerability in substitute.bcl in the WebView CimWeb subsystem in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPL…
CVE-2012-6276 medium 5.3 EXP 14y ago Directory traversal vulnerability in the web-based management interface on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier allows remote attackers to read arbitr…
CVE-2012-6272 medium 5.3 EXP dell 14y ago Multiple cross-site scripting (XSS) vulnerabilities in Dell OpenManage Server Administrator 6.5.0.1, 7.0.0.1, and 7.1.0.1 allow remote attackers to inject arbitrary web script or HTML via the topic p…
CVE-2012-6518 medium 7.8 EXP diy-cms 14y ago Cross-site request forgery (CSRF) vulnerability in mod.php in DiY-CMS 1.0 allows remote attackers to hijack the authentication of administrators for requests that create a poll via an add action to t…
CVE-2012-6517 medium 5.3 EXP diy-cms 14y ago Multiple cross-site scripting (XSS) vulnerabilities in DiY-CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) question parameter to in /modules/poll/add.php or (2) ques…
CVE-2012-6513 medium 5.3 EXP gpeasy 14y ago Cross-site scripting (XSS) vulnerability in index.php/Admin_Preferences in gpEasy CMS 2.3.3 allows remote attackers to inject arbitrary web script or HTML via the jsoncallback parameter.
CVE-2012-6510 medium 5.3 EXP netartmedia 14y ago Multiple cross-site scripting (XSS) vulnerabilities in NetArt Media Car Portal 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) PWRS or (2) Description field when posting…