CVEs from 2013
Total
5,687
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.1%
% with KEV
0.7%
% with exploit
11.6%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-5058 | medium | — | 7.9 | 13y ago | Integer overflow in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1,… | |||
| CVE-2013-1662 | medium | — | 7.9 | 13y ago | vmware-mount in VMware Workstation 8.x and 9.x and VMware Player 4.x and 5.x, on systems based on Debian GNU/Linux, allows host OS users to gain host OS privileges via a crafted lsb_release binary in… | |||
| CVE-2013-4015 | medium | — | 7.9 | 13y ago | Microsoft Internet Explorer 6 through 10 allows local users to bypass the elevation policy check in the (1) Protected Mode or (2) Enhanced Protected Mode protection mechanism, and consequently gain p… | |||
| CVE-2013-2171 | medium | — | 7.9 | 13y ago | The vm_map_lookup function in sys/vm/vm_map.c in the mmap implementation in the kernel in FreeBSD 9.0 through 9.1-RELEASE-p4 does not properly determine whether a task should have write access to a m… | |||
| CVE-2013-2852 | medium | — | 7.9 | 13y ago | Format string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain pr… | |||
| CVE-2013-1828 | medium | — | 7.9 | 13y ago | The sctp_getsockopt_assoc_stats function in net/sctp/socket.c in the Linux kernel before 3.8.4 does not validate a size value before proceeding to a copy_from_user operation, which allows local users… | |||
| CVE-2013-1775 | medium | — | 7.9 | 13y ago | sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by… | |||
| CVE-2013-7057 | medium | — | 7.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in Axway SecureTransport 5.1 SP2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that upload arbitra… | |||
| CVE-2013-3083 | medium | — | 7.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in cgi-bin/system_setting.exe in Belkin F5D8236-4 v2 allows remote attackers to hijack the authentication of administrators for requests that open the … | |||
| CVE-2013-3843 | medium | — | 7.8 | 12y ago | Stack-based buffer overflow in the mk_request_header_process function in mk_request.c in Monkey HTTP Daemon (monkeyd) before 1.2.1 allows remote attackers to cause a denial of service (crash) and pos… | |||
| CVE-2013-7387 | medium | — | 7.8 | 12y ago | Session fixation vulnerability in DataLife Engine (DLE) 9.7 and earlier allows remote attackers to hijack web sessions via the PHPSESSID cookie. | |||
| CVE-2013-2713 | medium | — | 7.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in users_maint.html in KrisonAV CMS before 3.0.2 allows remote attackers to hijack the authentication of administrators for requests that create user a… | |||
| CVE-2013-2107 | medium | — | 7.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the Mail On Update plugin before 5.2.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change… | |||
| CVE-2013-7376 | medium | — | 7.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.10, possibly before revision 82710, allow remote attackers to hijack the authentication of administrators, as demonstrated by r… | |||
| CVE-2013-5748 | medium | — | 7.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in management/prioritize_planning.php in SimpleRisk before 20130916-001 allows remote attackers to hijack the authentication of users for requests that… | |||
| CVE-2013-5954 | medium | — | 7.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.11 and earlier allow remote attackers to hijack the authentication of administrators for requests that delete (1) users via adm… | |||
| CVE-2013-5680 | medium | — | 7.8 | 12y ago | Heap-based buffer overflow in hfaxd in HylaFAX+ 5.2.4 through 5.5.3, when using LDAP authentication, might allow remote attackers to cause a denial of service (child hang) or execute arbitrary code v… | |||
| CVE-2013-4240 | medium | — | 7.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the HMS Testimonials plugin before 2.0.11 for WordPress allow remote attackers to hijack the authentication of administrators for request… | |||
| CVE-2013-7346 | medium | — | 7.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in Symphony CMS before 2.3.2 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via… | |||
| CVE-2013-3729 | medium | — | 7.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Kasseler CMS before 2 r1232 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection… | |||
| CVE-2013-2754 | medium | — | 7.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in Umisoft UMI.CMS before 2.9 build 21905 allows remote attackers to hijack the authentication of administrators for requests that add administrator ac… | |||
| CVE-2013-6167 | medium | — | 7.8 | 13y ago | Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a pers… | |||
| CVE-2013-6166 | medium | — | 7.8 | 13y ago | Google Chrome before 29 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persist… | |||
| CVE-2013-3098 | medium | — | 7.8 | 13y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in TRENDnet TEW-812DRU router with firmware before 1.0.9.0 allow remote attackers to hijack the authentication of administrators for request… | |||
| CVE-2013-4889 | medium | — | 7.8 | 13y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in index.php in Digital Signage Xibo 1.4.2 allow remote attackers to hijack the authentication of administrators for requests that (1) add a… | |||
| CVE-2013-6922 | medium | — | 7.8 | 13y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the Seagate BlackArmor NAS 220 devices with firmware sg2000-2000.1331 allow remote attackers to hijack the authentication of administrato… | |||
| CVE-2013-7204 | medium | — | 7.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in set_users.cgi in Conceptronic CIPCAMPTIWL Camera 1.0 with firmware 21.37.2.49 allows remote attackers to hijack the authentication of administrators… | |||
| CVE-2013-7209 | medium | — | 7.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in admBase/login.page in the Admin module in JForum allows remote attackers to hijack the authentication of administrators for requests that change the… | |||
| CVE-2013-7233 | medium | — | 7.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in the retrospam component in wp-admin/options-discussion.php in WordPress 2.0.11 and earlier allows remote attackers to hijack the authentication of a… | |||
| CVE-2013-7102 | medium | — | 7.8 | 13y ago | Multiple unrestricted file upload vulnerabilities in (1) media-upload.php, (2) media-upload-lncthumb.php, and (3) media-upload-sq_button.php in lib/admin/ in the OptimizePress theme before 1.61 for W… | |||
| CVE-2013-6976 | medium | — | 7.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in goform/Quick_setup on Cisco EPC3925 devices allows remote attackers to hijack the authentication of administrators for requests that change a passwo… | |||
| CVE-2013-6883 | medium | — | 7.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in CRU Ditto Forensic FieldStation with firmware before 2013Oct15a allows remote attackers to hijack the authentication of administrators for requests … | |||
| CVE-2013-5447 | medium | — | 7.8 | 13y ago | Stack-based buffer overflow in IBM Forms Viewer 4.x before 4.0.0.3 and 8.x before 8.0.1.1 allows remote attackers to execute arbitrary code via an XFDL form with a long fontname value. | |||
| CVE-2013-4212 | medium | — | 7.8 | 13y ago | Certain getText methods in the ActionSupport controller in Apache Roller before 5.0.2 allow remote attackers to execute arbitrary OGNL expressions via the first or second parameter, as demonstrated b… | |||
| CVE-2013-6937 | medium | — | 7.8 | 13y ago | Buffer overflow in VideoCharge Software Watermark Master 2.2.23 allows remote attackers to execute arbitrary code via a long string in the name attribute of the cols element in a .wstyle file. | |||
| CVE-2013-4164 | medium | — | 7.8 | 13y ago | Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial o… | |||
| CVE-2013-6852 | medium | — | 7.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in html/json.html on HP 2620 switches allows remote attackers to hijack the authentication of administrators for requests that change an administrative… | |||
| CVE-2013-6826 | medium | — | 7.8 | 13y ago | cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrf_token parameter, which allows remote attackers to perform cross-site req… | |||
| CVE-2013-5730 | medium | — | 7.8 | 13y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DSL-2740B Gateway with firmware EU_1.00 allow remote attackers to hijack the authentication of administrators for requests that (1… | |||
| CVE-2013-3095 | medium | — | 7.8 | 13y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR865L router (Rev. A1) with firmware before 1.05b07 allow remote attackers to hijack the authentication of administrators for re… | |||
| CVE-2013-6797 | medium | — | 7.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in bluewrench-video-widget.php in the Blue Wrench Video Widget plugin before 2.0.0 for WordPress allows remote attackers to hijack the authentication o… | |||
| CVE-2013-6357 | medium | — | 7.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that… | |||
| CVE-2013-5977 | medium | — | 7.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in Cart66Product.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allows remote attackers to hijack the authentication of administrators for… | |||
| CVE-2013-4885 | medium | — | 7.8 | 13y ago | The http-domino-enum-passwords.nse script in NMap before 6.40, when domino-enum-passwords.idpath is set, allows remote servers to upload "arbitrarily named" files via a crafted FullName parameter in … | |||
| CVE-2013-5576 | medium | — | 7.8 | 13y ago | administrator/components/com_media/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote authenticated users or remote attackers to bypass intended … | |||
| CVE-2013-3540 | medium | — | 7.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in cgi-bin/admin/usrgrp.cgi in AirLive POE2600HD, POE250HD, POE200HD, OD-325HD, OD-2025HD, OD-2060HD, POE100HD, and possibly other camera models allows… | |||
| CVE-2013-3963 | medium | — | 7.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in goform/usermanage in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, an… | |||
| CVE-2013-3690 | medium | — | 7.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in cgi-bin/users.cgi in Brickcom FB-100Ap, WCB-100Ap, MD-100Ap, WFB-100Ap, OB-100Ae, OSD-040E, and possibly other camera models with firmware 3.1.0.8 a… | |||
| CVE-2013-3539 | medium | — | 7.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in the command/user.cgi in Sony SNC CH140, SNC CH180, SNC CH240, SNC CH280, SNC DH140, SNC DH140T, SNC DH180, SNC DH240, SNC DH240T, SNC DH280, and pos… | |||
| CVE-2013-5961 | medium | — | 7.8 | 13y ago | Unrestricted file upload vulnerability in lazyseo.php in the Lazy SEO plugin 1.1.9 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a… | |||
| CVE-2013-5093 | medium | — | 7.8 | 13y ago | The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a … | |||
| CVE-2013-5696 | medium | — | 7.8 | 13y ago | inc/central.class.php in GLPI before 0.84.2 does not attempt to make install/install.php unavailable after an installation is completed, which allows remote attackers to conduct cross-site request fo… | |||
| CVE-2013-5672 | medium | — | 7.8 | 13y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the IndiaNIC Testimonial plugin 2.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that… | |||
| CVE-2013-5316 | medium | — | 7.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in RiteCMS 1.0.0 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via an edit… | |||
| CVE-2013-4881 | medium | — | 7.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/create.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to hijack the authentication of administrators for re… | |||
| CVE-2013-2576 | medium | — | 7.8 | 13y ago | Buffer overflow in Artweaver before 3.1.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted AWD file. | |||
| CVE-2013-4949 | medium | — | 7.8 | 13y ago | Unrestricted file upload vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in t… | |||
| CVE-2013-4660 | medium | — | 7.8 | 13y ago | Deserialization Code Execution in js-yaml | |||
| CVE-2013-2760 | medium | — | 7.8 | 13y ago | Buffer overflow in Groovy Media Player 3.2.0 allows remote attackers to execute arbitrary code via a long string in a .m3u file. | |||
| CVE-2013-0663 | medium | — | 7.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103, TSX… | |||
| CVE-2013-0126 | medium | — | 7.8 | 13y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in index.cgi on the Verizon FIOS Actiontec MI424WR-GEN3I router with firmware 40.19.36 allow remote attackers to hijack the authentication o… | |||
| CVE-2013-2492 | medium | — | 7.8 | 13y ago | Stack-based buffer overflow in Firebird 2.1.3 through 2.1.5 before 18514, and 2.5.1 through 2.5.3 before 26623, on Windows allows remote attackers to execute arbitrary code via a crafted packet to TC… | |||
| CVE-2013-0108 | medium | — | 7.8 | 14y ago | An ActiveX control in HscRemoteDeploy.dll in Honeywell Enterprise Buildings Integrator (EBI) R310, R400.2, R410.1, and R410.2; SymmetrE R310, R410.1, and R410.2; ComfortPoint Open Manager (aka CPO-M)… | |||
| CVE-2013-1120 | medium | — | 7.8 | 14y ago | Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Unity Express with software before 8.0 allow remote attackers to hijack the authentication of unspecified victims via unknown v… | |||
| CVE-2013-0233 | medium | — | 7.8 | 14y ago | Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certain databases, does not properly perform type conversion when performing databas… | |||
| CVE-2013-4679 | medium | — | 7.6 | 13y ago | Symantec Workspace Virtualization before 6.x before 6.4.1953.0, when a virtual application layer is configured, allows local users to gain privileges via an application that performs crafted interact… | |||
| CVE-2013-4468 | medium | — | 7.5 | 12y ago | VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in the extension parameter in an … | |||
| CVE-2013-4490 | medium | — | 7.5 | 12y ago | The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before 1.7.3, as used in GitLab 5.0 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands … | |||
| CVE-2013-1806 | medium | — | 7.5 | 12y ago | Multiple directory traversal vulnerabilities in PHP-Fusion before 7.02.06 allow remote authenticated users to include and execute arbitrary files via a .. (dot dot) in the (1) user_theme parameter to… | |||
| CVE-2013-2143 | medium | — | 7.5 | 12y ago | The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by se… | |||
| CVE-2013-2945 | medium | — | 7.5 | 12y ago | SQL injection vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote authenticated administrators to execute arbitrary SQL commands via the show_statuses[] parameter. NOTE: this … | |||
| CVE-2013-2559 | medium | — | 7.5 | 12y ago | SQL injection vulnerability in Symphony CMS before 2.3.2 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter to system/authors/. NOTE: this can be leveraged us… | |||
| CVE-2013-1408 | medium | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in the Wysija Newsletters plugin before 2.2.1 for WordPress allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search or (2… | |||
| CVE-2013-4467 | medium | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in the agent interface (agc/) in VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier allow (1) remote attackers to execute arbitrary SQ… | |||
| CVE-2013-3961 | medium | — | 7.5 | 12y ago | SQL injection vulnerability in edit_event.php in Simple PHP Agenda before 2.2.9 allows remote authenticated users to execute arbitrary SQL commands via the eventid parameter. | |||
| CVE-2013-5015 | medium | — | 7.5 | 13y ago | SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Bu… | |||
| CVE-2013-4898 | medium | — | 7.5 | 13y ago | Unrestricted file upload vulnerability in the user profile page feature in the Timeline Plugin 4.2.5p9 for SocialEngine allows remote authenticated users to execute arbitrary code by uploading a file… | |||
| CVE-2013-6872 | medium | — | 7.5 | 13y ago | SQL injection vulnerability in managetimetracker.php in Collabtive before 1.2 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a projectpdf action. | |||
| CVE-2013-6366 | medium | — | 7.5 | 13y ago | The Groovy script console in VMware Hyperic HQ 4.6.6 allows remote authenticated administrators to execute arbitrary code via a Runtime.getRuntime().exec call. | |||
| CVE-2013-5028 | medium | — | 7.5 | 13y ago | SQL injection vulnerability in IT/hardware-list.dll in Kwoksys Kwok Information Server before 2.8.5 allows remote authenticated users to execute arbitrary SQL commands via the (1) hardwareType, (2) h… | |||
| CVE-2013-5091 | medium | — | 7.5 | 13y ago | SQL injection vulnerability in CalendarCommon.php in vTiger CRM 5.4.0 and possibly earlier allows remote authenticated users to execute arbitrary SQL commands via the onlyforuser parameter in an inde… | |||
| CVE-2013-3969 | medium | — | 7.5 | 13y ago | The find prototype in scripting/engine_v8.h in MongoDB 2.4.0 through 2.4.4 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and server crash) or possi… | |||
| CVE-2013-4882 | medium | — | 7.5 | 13y ago | Multiple SQL injection vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePolicy Orchestrator (ePO) extension for McAfee Agent (MA) 4.5 and 4.6, allow remote authenticated use… | |||
| CVE-2013-4095 | medium | — | 7.5 | 13y ago | plain/actionsets.html in the SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to execute arbitrary commands via a task with a … | |||
| CVE-2013-4094 | medium | — | 7.5 | 13y ago | The Key Management feature in the SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to upload executable files via the (1) priv… | |||
| CVE-2013-0143 | medium | — | 7.5 | 13y ago | cgi-bin/pingping.cgi on QNAP VioStor NVR devices with firmware 4.0.3, and in the Surveillance Station Pro component in QNAP NAS, allows remote authenticated users to execute arbitrary commands by lev… | |||
| CVE-2013-3522 | medium | — | 7.5 | 13y ago | SQL injection vulnerability in index.php/ajax/api/reputation/vote in vBulletin 5.0.0 Beta 11, 5.0.0 Beta 28, and earlier allows remote authenticated users to execute arbitrary SQL commands via the no… | |||
| CVE-2013-3502 | medium | — | 7.5 | 13y ago | monarch_scan.cgi in the MONARCH component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to execute arbitrary commands, and consequently obtain sensitive information, by lev… | |||
| CVE-2013-1428 | medium | — | 7.5 | 13y ago | Stack-based buffer overflow in the receive_tcppacket function in net_packet.c in tinc before 1.0.21 and 1.1 before 1.1pre7 allows remote authenticated peers to cause a denial of service (crash) or po… | |||
| CVE-2013-3240 | medium | — | 7.5 | 13y ago | Directory traversal vulnerability in the Export feature in phpMyAdmin 4.x before 4.0.0-rc3 allows remote authenticated users to read arbitrary files or possibly have unspecified other impact via a pa… | |||
| CVE-2013-1899 | medium | — | 7.5 | 13y ago | Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remot… | |||
| CVE-2013-2225 | medium | — | 7.4 | 12y ago | inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the _predefined_fields parameter to front/ticket.form.php. | |||
| CVE-2013-0235 | medium | — | 7.4 | 13y ago | The XMLRPC API in WordPress before 3.5.1 allows remote attackers to send HTTP requests to intranet servers, and conduct port-scanning attacks, by specifying a crafted source URL for a pingback, relat… | |||
| CVE-2013-0397 | medium | — | 7.4 | 14y ago | Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect confidentiality and integrity via u… | |||
| CVE-2013-5045 | medium | — | 7.2 | 13y ago | Microsoft Internet Explorer 10 and 11 allows local users to bypass the Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code, aka … | |||
| CVE-2013-1773 | medium | — | 7.2 | 13y ago | Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service (system crash) via a VFAT write operation on a … | |||
| CVE-2013-0268 | medium | — | 7.2 | 14y ago | The msr_open function in arch/x86/kernel/msr.c in the Linux kernel before 3.7.6 allows local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrat… | |||
| CVE-2013-5220 | medium | — | 7.1 | 13y ago | goform/login on the HOT HOTBOX router with software 2.1.11 allows remote attackers to cause a denial of service (device crash) via crafted HTTP POST data. | |||
| CVE-2013-1937 | medium | 6.1 | 7.1 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in tbl_gis_visualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the (1) visua… | |||
| CVE-2013-6719 | medium | — | 7.0 | 12y ago | delivery.php in the Passive Capture Application (PCA) web console in IBM Tealeaf CX 7.x, 8.x through 8.6, 8.7 before FP2, and 8.8 before FP2 allows remote authenticated users to execute arbitrary com… |