CVEs from 2013
Total
5,687
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.1%
% with KEV
0.7%
% with exploit
11.6%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-6787 | medium | — | 7.0 | 13y ago | SQL injection vulnerability in the check_user_password function in main/auth/profile.php in Chamilo LMS 1.9.6 and earlier, when using the non-encrypted passwords mode set at installation, allows remo… | |||
| CVE-2013-3631 | medium | — | 7.0 | 13y ago | NAS4Free 9.1.0.1.804 and earlier allows remote authenticated users to execute arbitrary PHP code via a request to exec.php, aka the "Advanced | Execute Command" feature. NOTE: this issue might not b… | |||
| CVE-2013-1892 | medium | — | 7.0 | 13y ago | MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMonkey, which allows remote authenticated users to cause a denial of service (inv… | |||
| CVE-2013-2121 | medium | — | 7.0 | 13y ago | Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary c… | |||
| CVE-2013-2113 | medium | — | 7.0 | 13y ago | The create method in app/controllers/users_controller.rb in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create or edit other users to gain privileges by (1) changin… | |||
| CVE-2013-3238 | medium | — | 7.0 | 13y ago | phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote authenticated users to execute arbitrary code via a /e\x00 sequence, which is not properly handled before making a preg_replace fu… | |||
| CVE-2013-6123 | medium | — | 6.9 | 13y ago | Multiple array index errors in drivers/media/video/msm/server/msm_cam_server.c in the MSM camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions fo… | |||
| CVE-2013-3878 | medium | — | 6.9 | 13y ago | Stack-based buffer overflow in the LRPC client in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges by operating an LRPC server that sends a crafted LPC port … | |||
| CVE-2013-6840 | medium | — | 6.9 | 13y ago | Siemens COMOS before 9.2.0.8.1, 10.0 before 10.0.3.1.40, and 10.1 before 10.1.0.0.2 allows local users to gain database privileges via unspecified vectors. | |||
| CVE-2013-6383 | medium | — | 6.9 | 13y ago | The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restr… | |||
| CVE-2013-6381 | medium | — | 6.9 | 13y ago | Buffer overflow in the qeth_snmp_command function in drivers/s390/net/qeth_core_main.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service or possibly have unspecified … | |||
| CVE-2013-6689 | medium | — | 6.9 | 13y ago | Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier allows local users to bypass file permissions, and read, modify, or create arbitrary files, via an "overload" of the command-line … | |||
| CVE-2013-6763 | medium | — | 6.9 | 13y ago | The uio_mmap_physical function in drivers/uio/uio.c in the Linux kernel before 3.12 does not validate the size of a memory block, which allows local users to cause a denial of service (memory corrupt… | |||
| CVE-2013-6122 | medium | — | 6.9 | 13y ago | goodix_tool.c in the Goodix gt915 touchscreen driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly… | |||
| CVE-2013-4740 | medium | — | 6.9 | 13y ago | goodix_tool.c in the Goodix gt915 touchscreen driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, relies on user-sp… | |||
| CVE-2013-4511 | medium | — | 6.9 | 13y ago | Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequen… | |||
| CVE-2013-4470 | medium | — | 6.9 | 13y ago | The Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly initialize certain data structures, which allows local users to cause a denial of service (memory corr… | |||
| CVE-2013-5781 | medium | — | 6.9 | 13y ago | Unspecified vulnerability in Oracle PARC Enterprise T4 Servers running Sun System Firmware before 8.3.0.b allows local users to affect confidentiality, integrity, and availability via vectors related… | |||
| CVE-2013-5419 | medium | — | 6.9 | 13y ago | Multiple buffer overflows in (1) mkque and (2) mkquedev in bos.rte.printers in IBM AIX 6.1 and 7.1 allow local users to gain privileges by leveraging printq group membership. | |||
| CVE-2013-4327 | medium | — | 6.9 | 13y ago | systemd does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race con… | |||
| CVE-2013-4291 | medium | — | 6.9 | 13y ago | The virSecurityManagerSetProcessLabel function in libvirt 0.10.2.7, 1.0.5.5, and 1.1.1, when the domain has read an uid:gid label, does not properly set group memberships, which allows local users to… | |||
| CVE-2013-5933 | medium | — | 6.9 | 13y ago | Stack-based buffer overflow in the sub_E110 function in init in a certain configuration of Android 2.3.7 on the Motorola Defy XT phone for Republic Wireless allows local users to gain privileges or c… | |||
| CVE-2013-5373 | medium | — | 6.9 | 13y ago | The RemoteClient component in IBM Rational ClearCase 8.0.0.03 through 8.0.0.07, and 8.0.1, uses world-writable permissions for the rcleartool script, which allows local users to gain privileges by ap… | |||
| CVE-2013-4777 | medium | — | 6.9 | 13y ago | A certain configuration of Android 2.3.7 on the Motorola Defy XT phone for Republic Wireless uses init to create a /dev/socket/init_runit socket that listens for shell commands, which allows local us… | |||
| CVE-2013-4343 | medium | — | 6.9 | 13y ago | Use-after-free vulnerability in drivers/net/tun.c in the Linux kernel through 3.11.1 allows local users to gain privileges by leveraging the CAP_NET_ADMIN capability and providing an invalid tuntap i… | |||
| CVE-2013-1060 | medium | — | 6.9 | 13y ago | A certain Ubuntu build procedure for perf, as distributed in the Linux kernel packages in Ubuntu 10.04 LTS, 12.04 LTS, 12.10, 13.04, and 13.10, sets the HOME environment variable to the ~buildd direc… | |||
| CVE-2013-5691 | medium | — | 6.9 | 13y ago | The (1) IPv6 and (2) ATM ioctl request handlers in the kernel in FreeBSD 8.3 through 9.2-STABLE do not validate SIOCSIFADDR, SIOCSIFBRDADDR, SIOCSIFDSTADDR, and SIOCSIFNETMASK requests, which allows … | |||
| CVE-2013-4325 | medium | — | 6.9 | 13y ago | The check_permission_v1 function in base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.9 does not properly use D-Bus for communication with a polkit authority, which allows local user… | |||
| CVE-2013-2297 | medium | — | 6.9 | 13y ago | Eucalyptus EuStore sets a blank root password in the default configuration of EMI 3868652036, EMI 0400376721, EMI 2425352071, and EMI 1347115203, which allows local users to gain privileges via unspe… | |||
| CVE-2013-5740 | medium | — | 6.9 | 13y ago | Unspecified vulnerability in the Intel Trusted Execution Technology (TXT) SINIT Authenticated Code Modules (ACM) before 1.2, as used by the Intel QM77, QS77, Q77 Express, C216, Q67 Express, C202, C20… | |||
| CVE-2013-3862 | medium | — | 6.9 | 13y ago | Double free vulnerability in Microsoft Windows 7 and Server 2008 R2 SP1 allows local users to gain privileges via a crafted service description that is not properly handled by services.exe in the Ser… | |||
| CVE-2013-3859 | medium | — | 6.9 | 13y ago | Microsoft Pinyin IME 2010, when used in conjunction with Microsoft Office 2010 SP1, does not properly restrict configuration options, which allows local users to gain privileges by starting Internet … | |||
| CVE-2013-4169 | medium | — | 6.9 | 13y ago | GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a symlink attack on /tmp/.X11-unix/. | |||
| CVE-2013-3485 | medium | — | 6.9 | 13y ago | Multiple untrusted search path vulnerabilities in Soda PDF 5.1.183.10520 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) api-ms-win-core-localregistry-l1-1-0.dll file in… | |||
| CVE-2013-4254 | medium | — | 6.9 | 13y ago | The validate_event function in arch/arm/kernel/perf_event.c in the Linux kernel before 3.10.8 on the ARM platform allows local users to gain privileges or cause a denial of service (NULL pointer dere… | |||
| CVE-2013-2196 | medium | — | 6.9 | 13y ago | Multiple unspecified vulnerabilities in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel, … | |||
| CVE-2013-2195 | medium | — | 6.9 | 13y ago | The Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel, related to "pointer dereferences" involv… | |||
| CVE-2013-2194 | medium | — | 6.9 | 13y ago | Multiple integer overflows in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel. | |||
| CVE-2013-4958 | medium | — | 6.9 | 13y ago | Puppet Enterprise before 3.0.1 does not use a session timeout, which makes it easier for attackers to gain privileges by leveraging an unattended workstation. | |||
| CVE-2013-2796 | medium | — | 6.9 | 13y ago | Schneider Electric Vijeo Citect 7.20 and earlier, CitectSCADA 7.20 and earlier, and PowerLogic SCADA 7.20 and earlier allow remote attackers to read arbitrary files, send HTTP requests to intranet se… | |||
| CVE-2013-1715 | medium | — | 6.9 | 13y ago | Multiple untrusted search path vulnerabilities in the (1) full installer and (2) stub installer in Mozilla Firefox before 23.0 on Windows allow local users to gain privileges via a Trojan horse DLL i… | |||
| CVE-2013-1712 | medium | — | 6.9 | 13y ago | Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Updater in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x be… | |||
| CVE-2013-4872 | medium | — | 6.9 | 13y ago | Google Glass before XE6 does not properly restrict the processing of QR codes, which allows physically proximate attackers to modify the configuration or redirect users to arbitrary web sites via a c… | |||
| CVE-2013-3154 | medium | — | 6.9 | 13y ago | The signature-update functionality in Windows Defender on Microsoft Windows 7 and Windows Server 2008 R2 relies on an incorrect pathname, which allows local users to gain privileges via a Trojan hors… | |||
| CVE-2013-1976 | medium | — | 6.9 | 13y ago | The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow loca… | |||
| CVE-2013-2224 | medium | — | 6.9 | 13y ago | A certain Red Hat patch for the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 allows local users to cause a denial of service (invalid free operation and system crash) or possibly gain pri… | |||
| CVE-2013-2467 | medium | — | 6.9 | 13y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 5.0 Update 45 and earlier allows local users to affect confidentiality, integrity, and availability via unk… | |||
| CVE-2013-3954 | medium | — | 6.9 | 13y ago | The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not properly validate the data for file actions and port actions, which allows local users to (1) cause a denial of service… | |||
| CVE-2013-2007 | medium | — | 6.9 | 13y ago | The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in daemon mode, uses weak permissions for certain files, which allows local users to read and write to these files. | |||
| CVE-2013-1964 | medium | — | 6.9 | 13y ago | Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releasing a non-v1, non-transitive grant, which allows local guest administrators to cause a denial of service (host crash), obtain sen… | |||
| CVE-2013-1673 | medium | — | 6.9 | 13y ago | The Mozilla Updater in Mozilla Firefox before 21.0 on Windows does not properly maintain Mozilla Maintenance Service registry entries in certain situations involving upgrades from older Firefox versi… | |||
| CVE-2013-1672 | medium | — | 6.9 | 13y ago | The Mozilla Maintenance Service in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 on Windows allows local users to bypa… | |||
| CVE-2013-1979 | medium | — | 6.9 | 13y ago | The scm_set_cred function in include/net/scm.h in the Linux kernel before 3.8.11 uses incorrect uid and gid values during credentials passing, which allows local users to gain privileges via a crafte… | |||
| CVE-2013-0727 | medium | — | 6.9 | 13y ago | Multiple untrusted search path vulnerabilities in Global Mapper 14.1.0 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) ibfs32.dll file in the current working directory, … | |||
| CVE-2013-2439 | medium | — | 6.9 | 13y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier a… | |||
| CVE-2013-1293 | medium | — | 6.9 | 13y ago | The NTFS kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (NUL… | |||
| CVE-2013-1283 | medium | — | 6.9 | 13y ago | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP… | |||
| CVE-2013-0797 | medium | — | 6.9 | 13y ago | Untrusted search path vulnerability in the Mozilla Updater in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey… | |||
| CVE-2013-1860 | medium | — | 6.9 | 13y ago | Heap-based buffer overflow in the wdm_in_callback function in drivers/usb/class/cdc-wdm.c in the Linux kernel before 3.8.4 allows physically proximate attackers to cause a denial of service (system c… | |||
| CVE-2013-1495 | medium | — | 6.9 | 13y ago | asr in Oracle Auto Service Request in Oracle Support Tools before 4.3.2 allows local users to modify arbitrary files via a symlink attack on a predictable filename in /tmp. | |||
| CVE-2013-2566 | medium | 5.9 | 6.9 | 13y ago | The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis… | |||
| CVE-2013-1423 | medium | — | 6.9 | 13y ago | (1) contrib/gforge-3.0-cronjobs.patch, (2) cronjobs/homedirs.php, (3) deb-specific/fileforge.pl, (4) deb-specific/group_dump_update.pl, (5) deb-specific/ssh_dump_update.pl, (6) deb-specific/user_dump… | |||
| CVE-2013-0871 | medium | — | 6.9 | 14y ago | Race condition in the ptrace functionality in the Linux kernel before 3.7.5 allows local users to gain privileges via a PTRACE_SETREGS ptrace system call in a crafted application, as demonstrated by … | |||
| CVE-2013-0430 | medium | — | 6.9 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38, allows local users to affect confidentiality, integrity, and a… | |||
| CVE-2013-0340 | medium | — | 6.8 | 4y ago | RHSA-2025:21776: expat security update (Important) | |||
| CVE-2013-1633 | medium | — | 6.8 | 4y ago | easy_install in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to e… | |||
| CVE-2013-1865 | medium | — | 6.8 | 4y ago | OpenStack Keystone Folsom (2012.2) does not properly perform revocation checks for Keystone PKI tokens when done through a server, which allows remote attackers to bypass intended access restrictions… | |||
| CVE-2013-4200 | medium | — | 6.8 | 4y ago | The isURLInPortal method in the URLTool class in in_portal.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 treats URLs starting with a space as a relative URL, which allows … | |||
| CVE-2013-7407 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the MRBS module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||
| CVE-2013-3089 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in apply.cgi in Belkin N300 (F7D7301v1) router allows remote attackers to hijack the authentication of administrators for requests that modify configur… | |||
| CVE-2013-3086 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in util_system.html in Belkin N900 router allows remote attackers to hijack the authentication of administrators for requests that change configuration… | |||
| CVE-2013-3068 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in apply.cgi in Linksys WRT310Nv2 2.0.0.1 allows remote attackers to hijack the authentication of administrators for requests that change passwords and… | |||
| CVE-2013-3064 | medium | — | 6.8 | 12y ago | Open redirect vulnerability in ui/dynamic/unsecured.html in Linksys EA6500 with firmware 1.1.28.147876 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks vi… | |||
| CVE-2013-4444 | medium | — | 6.8 | 12y ago | Apache Tomcat Unrestricted file upload vulnerability | |||
| CVE-2013-6691 | medium | — | 6.8 | 12y ago | The WebVPN CIFS implementation in Cisco Adaptive Security Appliance (ASA) Software 9.0(.4.1) and earlier allows remote CIFS servers to cause a denial of service (device reload) via a long share list,… | |||
| CVE-2013-5353 | medium | — | 6.8 | 12y ago | Unrestricted file upload vulnerability in system/controllers/ajax/attachments.php in Sharetronix 3.1.1.3, 3.1.1, and earlier allows remote attackers to execute arbitrary code by uploading a file with… | |||
| CVE-2013-5352 | medium | — | 6.8 | 12y ago | Sharetronix 3.1.1.3, 3.1.1, and earlier allows remote attackers to execute arbitrary PHP code via the (1) activities_text parameter to services/activities/set or (2) comments_text parameter to servic… | |||
| CVE-2013-2182 | medium | — | 6.8 | 12y ago | The Mandril security plugin in Monkey HTTP Daemon (monkeyd) before 1.5.0 allows remote attackers to bypass access restrictions via a crafted URI, as demonstrated by an encoded forward slash. | |||
| CVE-2013-3476 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the WordPress Related Posts plugin before 2.6.2 for WordPress allows remote attackers to hijack the authentication of users for requests that change… | |||
| CVE-2013-3258 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in he Digg Digg plugin before 5.3.5 for WordPress allows remote attackers to hijack the authentication of users for requests that modify settings via u… | |||
| CVE-2013-3257 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the Related Posts plugin before 2.7.2 for WordPress allows remote attackers to hijack the authentication of users for requests that modify settings … | |||
| CVE-2013-2710 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the Contextual Related Posts plugin before 1.8.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests t… | |||
| CVE-2013-3477 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the Related Posts by Zemanta plugin before 1.3.2 for WordPress allows remote attackers to hijack the authentication of unspecified users for request… | |||
| CVE-2013-2698 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the Calendar plugin before 1.3.3 for WordPress allows remote attackers to hijack the authentication of users for requests that add a calendar entry … | |||
| CVE-2013-7385 | medium | — | 6.8 | 12y ago | LiveZilla 5.1.2.1 and earlier includes the MD5 hash of the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which allows remote attackers to obtain sensitive… | |||
| CVE-2013-6807 | medium | — | 6.8 | 12y ago | The client in OpenText Exceed OnDemand (EoD) 8 supports anonymous ciphers by default, which allows man-in-the-middle attackers to bypass server certificate validation, redirect a connection, and obta… | |||
| CVE-2013-6806 | medium | — | 6.8 | 12y ago | OpenText Exceed OnDemand (EoD) 8 allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information via a crafted string in a response, which triggers a downg… | |||
| CVE-2013-7379 | medium | — | 6.8 | 12y ago | API Admin Auth Weakness in tomato | |||
| CVE-2013-2700 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the Add/Edit page (adminmenus.php) in the WP125 plugin before 1.5.0 for WordPress allows remote attackers to hijack the authentication of administra… | |||
| CVE-2013-2034 | medium | — | 6.8 | 12y ago | Jenkins Cross-Site Request Forgery vulnerabilities | |||
| CVE-2013-2705 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the WordPress Simple Paypal Shopping Cart plugin before 3.6 for WordPress allows remote attackers to hijack the authentication of administrators for… | |||
| CVE-2013-2692 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the Admin web interface in OpenVPN Access Server before 1.8.5 allows remote attackers to hijack the authentication of administrators for requests th… | |||
| CVE-2013-4581 | medium | — | 6.8 | 12y ago | GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote attackers to execute arbitrary code via a crafted change using SSH. | |||
| CVE-2013-4580 | medium | — | 6.8 | 12y ago | GitLab before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1, when using a MySQL backend, allows remote attackers to impersonate arbitrary users and bypass authentication … | |||
| CVE-2013-7302 | medium | — | 6.8 | 12y ago | Session fixation vulnerability in the Ubercart module 6.x-2.x before 6.x-2.13 and 7.x-3.x before 7.x-3.6 for Drupal, when the "Log in new customers after checkout" option is enabled, allows remote at… | |||
| CVE-2013-7284 | medium | — | 6.8 | 12y ago | The PlRPC module, possibly 0.2020 and earlier, for Perl uses the Storable module, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it … | |||
| CVE-2013-7259 | medium | — | 6.8 | 12y ago | Neo4J vulnerable to Cross-Site Request Forgery | |||
| CVE-2013-4726 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to hijack the authen… | |||
| CVE-2013-4565 | medium | — | 6.8 | 12y ago | Heap-based buffer overflow in the __OLEdecode function in ppthtml 0.5.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted .ppt… | |||
| CVE-2013-6369 | medium | — | 6.8 | 12y ago | Stack-based buffer overflow in the jbg_dec_in function in libjbig/jbig.c in JBIG-KIT before 2.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary… |