CVEs from 2013
Total
5,687
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.1%
% with KEV
0.7%
% with exploit
11.6%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-2113 | medium | — | 7.0 | 13y ago | The create method in app/controllers/users_controller.rb in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create or edit other users to gain privileges by (1) changin… | |||
| CVE-2013-3238 | medium | — | 7.0 | 13y ago | phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote authenticated users to execute arbitrary code via a /e\x00 sequence, which is not properly handled before making a preg_replace fu… | |||
| CVE-2013-2566 | medium | 5.9 | 6.9 | 13y ago | The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis… | |||
| CVE-2013-4200 | medium | — | 6.8 | 4y ago | The isURLInPortal method in the URLTool class in in_portal.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 treats URLs starting with a space as a relative URL, which allows … | |||
| CVE-2013-2182 | medium | — | 6.8 | 12y ago | The Mandril security plugin in Monkey HTTP Daemon (monkeyd) before 1.5.0 allows remote attackers to bypass access restrictions via a crafted URI, as demonstrated by an encoded forward slash. | |||
| CVE-2013-6492 | medium | — | 6.8 | 13y ago | The Piranha Configuration Tool in Piranha 0.8.6 does not properly restrict access to webpages, which allows remote attackers to bypass authentication and read or modify the LVS configuration via an H… | |||
| CVE-2013-5038 | medium | — | 6.8 | 13y ago | The HOT HOTBOX router with software 2.1.11 allows remote attackers to bypass authentication by configuring a source IP address that had previously been used for an authenticated session. | |||
| CVE-2013-2653 | medium | — | 6.8 | 13y ago | security/MemberLoginForm.php in SilverStripe 3.0.3 supports login using a GET request, which makes it easier for remote attackers to conduct phishing attacks without detection by the victim. | |||
| CVE-2013-6128 | medium | — | 6.8 | 13y ago | The KCHARTXYLib.KChartXY ActiveX control in KChartXY.ocx before 65.30.30000.10002 in WellinTech KingView before 6.53 does not properly restrict SaveToFile method calls, which allows remote attackers … | |||
| CVE-2013-6127 | medium | — | 6.8 | 13y ago | The SUPERGRIDLib.SuperGrid ActiveX control in SuperGrid.ocx before 65.30.30000.10002 in WellinTech KingView before 6.53 does not properly restrict ReplaceDBFile method calls, which allows remote atta… | |||
| CVE-2013-1651 | medium | — | 6.8 | 13y ago | OXUpdater in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spo… | |||
| CVE-2013-2248 | medium | — | 6.8 | 13y ago | Open redirect in Apache Struts | |||
| CVE-2013-2503 | medium | — | 6.8 | 13y ago | Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended… | |||
| CVE-2013-7196 | medium | — | 6.5 | 12y ago | static/ajax.php in PHPFox 3.7.3, 3.7.4, and 3.7.5 allows remote authenticated users to bypass intended "Only Me" restrictions and comment on a private publication via a request with a modified val[it… | |||
| CVE-2013-6720 | medium | — | 6.5 | 12y ago | Directory traversal vulnerability in download.php in the Passive Capture Application (PCA) web console in IBM Tealeaf CX 7.x, 8.x through 8.6, 8.7 before FP2, and 8.8 before FP2 allows remote authent… | |||
| CVE-2013-7108 | medium | — | 6.5 | 13y ago | Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information… | |||
| CVE-2013-5688 | medium | — | 6.5 | 13y ago | Multiple directory traversal vulnerabilities in index.php in AjaXplorer 5.0.2 and earlier allow remote authenticated users to read arbitrary files via a ../%00 (dot dot backslash encoded null byte) i… | |||
| CVE-2013-3763 | medium | — | 6.5 | 13y ago | Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 7.4.0 and 7.5.1.1 allows remote authenticated users to affect confidentiality and integrity via unknown vec… | |||
| CVE-2013-3242 | medium | — | 6.5 | 13y ago | plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 does not properly handle an object obtained by unserializing a cookie, which allows remote authenticated use… | |||
| CVE-2013-5039 | medium | — | 6.4 | 13y ago | Cross-site request forgery (CSRF) vulnerability in goform/wlanBasicSecurity on the HOT HOTBOX router with software 2.1.11 allows remote attackers to hijack the authentication of administrators for re… | |||
| CVE-2013-4788 | medium | — | 6.1 | 13y ago | The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it … | |||
| CVE-2013-5962 | medium | — | 6.1 | 13y ago | Unrestricted file upload vulnerability in frames/upload-images.php in the Complete Gallery Manager plugin before 3.3.4 rev40279 for WordPress allows remote attackers to execute arbitrary code by uplo… | |||
| CVE-2013-1414 | medium | — | 6.1 | 13y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Fortinet FortiOS on FortiGate firewall devices before 4.3.13 and 5.x before 5.0.2 allow remote attackers to hijack the authentication of … | |||
| CVE-2013-2131 | medium | — | 6.0 | 12y ago | Format string vulnerability in the rrdtool module 1.4.7 for Python, as used in Zenoss, allows context-dependent attackers to cause a denial of service (crash) via format string specifiers to the rrdt… | |||
| CVE-2013-6043 | medium | — | 6.0 | 12y ago | The login function in Softaculous Webuzo before 2.1.4 provides different error messages for invalid authentication attempts depending on whether the user account exists, which allows remote attackers… | |||
| CVE-2013-3304 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in Dell EqualLogic PS4000 with firmware 6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI. | |||
| CVE-2013-6796 | medium | — | 6.0 | 12y ago | The SMTP server in DeepOfix 3.3 and earlier allows remote attackers to bypass authentication via an empty password, which triggers an LDAP anonymous bind. | |||
| CVE-2013-4727 | medium | — | 6.0 | 12y ago | DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a request to Admin/top.aspx. | |||
| CVE-2013-3739 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in editor.php in Network Weathermap 0.97c and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the mapname parameter in a show_config ac… | |||
| CVE-2013-3982 | medium | — | 6.0 | 12y ago | The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to obtain unspecified installation information and technical data via a request to a public page. | |||
| CVE-2013-3975 | medium | — | 6.0 | 12y ago | Unspecified vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to discover user names, full names, and e-mail addresses via a sear… | |||
| CVE-2013-7382 | medium | — | 6.0 | 12y ago | VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier has a hardcoded password of donotedit for the (1) VDAD and (2) VDCL users, which makes it easier for remote attackers to o… | |||
| CVE-2013-1807 | medium | — | 6.0 | 12y ago | PHP-Fusion before 7.02.06 stores backup files with predictable filenames in an unrestricted directory under the web document root, which might allow remote attackers to obtain sensitive information v… | |||
| CVE-2013-1604 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in MayGion IP Cameras with firmware before 2013.04.22 (05.53) allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI. | |||
| CVE-2013-2641 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in patience.cgi in Sophos Web Appliance before 3.7.8.2 allows remote attackers to read arbitrary files via the id parameter. | |||
| CVE-2013-2619 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in Aspen before 0.22 allows remote attackers to read arbitrary files via a .. (dot dot) to the default URI. | |||
| CVE-2013-6835 | medium | — | 6.0 | 12y ago | TelephonyUI Framework in Apple iOS 7 before 7.1, when Safari is used, does not require user confirmation for FaceTime audio calls, which allows remote attackers to obtain telephone number or e-mail a… | |||
| CVE-2013-7247 | medium | — | 6.0 | 13y ago | cgi-bin/tsaws.cgi in Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 allows remote attackers to discover sensitive information (user names and password ha… | |||
| CVE-2013-5880 | medium | — | 6.0 | 13y ago | Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 12.2.0, 12.2.1, and 12.2.2 allows remote attackers to affect confidentiality via unk… | |||
| CVE-2013-5877 | medium | — | 6.0 | 13y ago | Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.0, and 12.2.1 allows remote attackers to affe… | |||
| CVE-2013-5795 | medium | — | 6.0 | 13y ago | Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.1, 12.2.2, and 12.2.3 allows remote attackers… | |||
| CVE-2013-7097 | medium | — | 6.0 | 13y ago | Directory traversal vulnerability in 7 Media Web Solutions eduTrac before 1.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the showmask parameter to installer/overview.php. | |||
| CVE-2013-7240 | medium | — | 6.0 | 13y ago | Directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dew_file parameter. | |||
| CVE-2013-5211 | medium | — | 6.0 | 13y ago | The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_… | |||
| CVE-2013-6890 | medium | — | 6.0 | 13y ago | denyhosts 2.6 uses an incorrect regular expression when analyzing authentication logs, which allows remote attackers to cause a denial of service (incorrect block of IP addresses) via crafted login n… | |||
| CVE-2013-7190 | medium | — | 6.0 | 13y ago | Multiple directory traversal vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to read arbitrary files via the (1) tmpid parameter to websitebuilder/showtemplateimage.php, … | |||
| CVE-2013-7091 | medium | — | 6.0 | 13y ago | Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. (… | |||
| CVE-2013-6414 | medium | — | 6.0 | 13y ago | actionpack/lib/action_view/lookup_context.rb in Action View in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to cause a denial of service (memory consumption) via a hea… | |||
| CVE-2013-4474 | medium | — | 6.0 | 13y ago | Format string vulnerability in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.3 allows remote attackers to cause a denial of service (crash) via format string specifiers in … | |||
| CVE-2013-6627 | medium | — | 6.0 | 13y ago | net/http/http_stream_parser.cc in Google Chrome before 31.0.1650.48 does not properly process HTTP Informational (aka 1xx) status codes, which allows remote web servers to cause a denial of service (… | |||
| CVE-2013-6114 | medium | — | 6.0 | 13y ago | Integer overflow in the OZDocument::parseElement function in Apple Motion 5.0.7 allows remote attackers to cause a denial of service (application crash) via a (1) large or (2) small value in the subv… | |||
| CVE-2013-6246 | medium | — | 6.0 | 13y ago | The Dell Quest One Password Manager, possibly 5.0, allows remote attackers to bypass CAPTCHA protections and obtain sensitive information (user's full name) by sending a login request with a valid do… | |||
| CVE-2013-4295 | medium | — | 6.0 | 13y ago | Apache Shindig PHP Sensitive Information Disclosure | |||
| CVE-2013-4450 | medium | — | 6.0 | 13y ago | The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of service (memory and CPU consumption) by sending a large number of pipelined reque… | |||
| CVE-2013-3827 | medium | — | 6.0 | 13y ago | Path Traversal in Eclipse Mojarra | |||
| CVE-2013-4826 | medium | — | 6.0 | 13y ago | Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to obtain sensitive information via unknown vectors… | |||
| CVE-2013-4823 | medium | — | 6.0 | 13y ago | Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Branch Intelligent Management System Software Module (aka BIMS) allows remote attackers to obtain sensitive information … | |||
| CVE-2013-5979 | medium | — | 6.0 | 13y ago | Directory traversal vulnerability in Spring Signage Xibo 1.2.x before 1.2.3 and 1.4.x before 1.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter to index.php. | |||
| CVE-2013-2218 | medium | — | 6.0 | 13y ago | Double free vulnerability in the virConnectListAllInterfaces method in interface/interface_backend_netcf.c in libvirt 1.0.6 allows remote attackers to cause a denial of service (libvirtd crash) via a… | |||
| CVE-2013-4123 | medium | — | 6.0 | 13y ago | client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a crafted port number in a HTTP Host header. | |||
| CVE-2013-4900 | medium | — | 6.0 | 13y ago | Directory traversal vulnerability in DeWeS web server 0.4.2 and possibly earlier, as used in Twilight CMS, allows remote attackers to read arbitrary files via a ..%5c (dot dot encoded backslash) in a… | |||
| CVE-2013-1647 | medium | — | 6.0 | 13y ago | Multiple CRLF injection vulnerabilities in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allow remote attackers to inject arbitrary HTTP headers and conduct HT… | |||
| CVE-2013-3597 | medium | — | 6.0 | 13y ago | servlet/CollectionListServlet in SearchBlox before 7.5 build 1 allows remote attackers to read usernames and passwords via a getList action. | |||
| CVE-2013-3585 | medium | — | 6.0 | 13y ago | Samsung Web Viewer for Samsung DVR devices stores credentials in cleartext, which allows context-dependent attackers to obtain sensitive information via vectors involving (1) direct access to a file … | |||
| CVE-2013-2160 | medium | — | 6.0 | 13y ago | Missing XML Validation in Apache CXF | |||
| CVE-2013-3319 | medium | — | 6.0 | 13y ago | The GetComputerSystem method in the HostControl service in SAP Netweaver 7.03 allows remote attackers to obtain sensitive information via a crafted SOAP request to TCP port 1128. | |||
| CVE-2013-4124 | medium | — | 6.0 | 13y ago | Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (… | |||
| CVE-2013-3724 | medium | — | 6.0 | 13y ago | The mk_request_header_process function in mk_request.c in Monkey 1.1.1 allows remote attackers to cause a denial of service (thread crash and service outage) via a '\0' character in an HTTP request. | |||
| CVE-2013-2765 | medium | — | 6.0 | 13y ago | The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request … | |||
| CVE-2013-4098 | medium | — | 6.0 | 13y ago | ServerAdmin/ErrorViewer.jsp in DS3 Authentication Server allow remote attackers to inject arbitrary error-page text via the message parameter. | |||
| CVE-2013-4097 | medium | — | 6.0 | 13y ago | ServerAdmin/TestDRConnection.jsp in DS3 Authentication Server allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in a -REG-E-OPEN error … | |||
| CVE-2013-4093 | medium | — | 6.0 | 13y ago | The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote attackers to obtain sensitive information via (1) a direct request to dwr/call/plaincall/Asyn… | |||
| CVE-2013-4092 | medium | — | 6.0 | 13y ago | The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows context-dependent attackers to obtain sensitive information by leveraging the presence of (1) a sess… | |||
| CVE-2013-4615 | medium | — | 6.0 | 13y ago | The Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers allow remote attackers to cause a denial of service (device hang) via a crafted LAN_TXT24 parameter to English/… | |||
| CVE-2013-3575 | medium | — | 6.0 | 13y ago | hpdiags/frontend2/help/pageview.php in HP Insight Diagnostics 9.4.0.4710 does not properly restrict PHP include or require statements, which allows remote attackers to include arbitrary hpdiags/front… | |||
| CVE-2013-4074 | medium | — | 6.0 | 13y ago | The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 incorrectly uses a -1 data value to represent an er… | |||
| CVE-2013-0145 | medium | — | 6.0 | 13y ago | Buffer overflow in the TFTPD service in Serva32 2.1.0 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long string in a read request. | |||
| CVE-2013-3336 | medium | — | 6.0 | 13y ago | Unspecified vulnerability in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to read arbitrary files via unknown vectors. | |||
| CVE-2013-1884 | medium | — | 6.0 | 13y ago | The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an inval… | |||
| CVE-2013-1847 | medium | — | 6.0 | 13y ago | The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an … | |||
| CVE-2013-2419 | medium | — | 6.0 | 13y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allow… | |||
| CVE-2013-1861 | medium | — | 6.0 | 13y ago | MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers… | |||
| CVE-2013-0332 | medium | — | 6.0 | 13y ago | Multiple directory traversal vulnerabilities in ZoneMinder 1.24.x before 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) view, (2) request, or (3) action parameter. | |||
| CVE-2013-1402 | medium | — | 6.0 | 14y ago | DigiLIBE 3.4 and possibly other versions sends a redirect but does not exit, which allows remote attackers to obtain sensitive configuration information via a direct request to configuration/general_… | |||
| CVE-2013-0238 | medium | — | 6.0 | 14y ago | The try_parse_v4_netmask function in hostmask.c in IRCD-Hybrid before 8.0.6 does not properly validate masks, which allows remote attackers to cause a denial of service (crash) via a mask that causes… | |||
| CVE-2013-3661 | medium | — | 5.9 | 13y ago | The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Se… | |||
| CVE-2013-6799 | medium | — | 5.7 | 13y ago | Apple Mac OS X 10.9 allows local users to cause a denial of service (memory corruption or panic) by creating a hard link to a directory. NOTE: this vulnerability exists because of an incomplete fix f… | |||
| CVE-2013-3630 | medium | — | 5.6 | 13y ago | Moodle Authenticated Spelling Binary Remote Code Execution | |||
| CVE-2013-3239 | medium | — | 5.6 | 13y ago | phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename… | |||
| CVE-2013-0722 | medium | — | 5.4 | 14y ago | Stack-based buffer overflow in the scan_load_hosts function in ec_scan.c in Ettercap 0.7.5.1 and earlier might allow local users to gain privileges via a Trojan horse hosts list containing a long lin… | |||
| CVE-2013-2586 | medium | — | 5.3 | 12y ago | XAMPP 1.8.1 does not properly restrict access to xampp/lang.php, which allows remote attackers to modify xampp/lang.tmp and execute cross-site scripting (XSS) attacks via the WriteIntoLocalDisk metho… | |||
| CVE-2013-7389 | medium | — | 5.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. A1) with firmware before 1.04B11 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceid … | |||
| CVE-2013-3082 | medium | — | 5.3 | 12y ago | Cross-site scripting (XSS) vulnerability in plugins/jojo_core/forgot_password.php in Jojo before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the search parameter to forgo… | |||
| CVE-2013-2618 | medium | — | 5.3 | 12y ago | Cross-site scripting (XSS) vulnerability in editor.php in Network Weathermap before 0.97b allows remote attackers to inject arbitrary web script or HTML via the map_title parameter. | |||
| CVE-2013-3977 | medium | — | 5.3 | 12y ago | The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to determine which meeting rooms are owned by a user by leveraging knowledge of valid user names. | |||
| CVE-2013-2712 | medium | — | 5.3 | 12y ago | Cross-site scripting (XSS) vulnerability in services/get_article.php in KrisonAV CMS before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the content parameter. | |||
| CVE-2013-3514 | medium | — | 5.3 | 12y ago | Multiple directory traversal vulnerabilities in OpenX before 2.8.10 revision 82710 allow remote administrators to read arbitrary files via a .. (dot dot) in the group parameter to (1) plugin-preferen… | |||
| CVE-2013-1765 | medium | — | 5.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in jwplayer.swf in the smart-flv plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) link or (2) playerr… | |||
| CVE-2013-1804 | medium | — | 5.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion before 7.02.06 allow remote attackers to inject arbitrary web script or HTML via the (1) highlight parameter to forum/viewthread.php;… | |||
| CVE-2013-7368 | medium | — | 5.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in Gnew 2013.1 allow remote attackers to inject arbitrary web script or HTML via the gnew_template parameter to (1) users/profile.php, (2) articles… |