CVEs from 2013
Total
5,684
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.1%
% with KEV
0.7%
% with exploit
11.6%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-4295 | medium | — | 6.0 | 13y ago | Apache Shindig PHP Sensitive Information Disclosure | |||
| CVE-2013-3244 | medium | — | 6.0 | 13y ago | Multiple unspecified vulnerabilities in the CJDB_FILL_MEMORY_FROM_PPB function in the Project System (PS-IS) module for SAP ERP Central Component (ECC) allow remote attackers to execute arbitrary cod… | |||
| CVE-2013-4450 | medium | — | 6.0 | 13y ago | The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of service (memory and CPU consumption) by sending a large number of pipelined reque… | |||
| CVE-2013-3827 | medium | — | 6.0 | 13y ago | Path Traversal in Eclipse Mojarra | |||
| CVE-2013-5539 | medium | — | 6.0 | 13y ago | The upload-dialog implementation in Cisco Identity Services Engine (ISE) allows remote authenticated users to upload files with an arbitrary file type, and consequently conduct attacks against unspec… | |||
| CVE-2013-4826 | medium | — | 6.0 | 13y ago | Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to obtain sensitive information via unknown vectors… | |||
| CVE-2013-4823 | medium | — | 6.0 | 13y ago | Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Branch Intelligent Management System Software Module (aka BIMS) allows remote attackers to obtain sensitive information … | |||
| CVE-2013-5533 | medium | — | 6.0 | 13y ago | The image-upgrade functionality on Cisco 9900 Unified IP phones allows local users to gain privileges by placing shell commands in an unspecified parameter, aka Bug ID CSCuh10334. | |||
| CVE-2013-5979 | medium | — | 6.0 | 13y ago | Directory traversal vulnerability in Spring Signage Xibo 1.2.x before 1.2.3 and 1.4.x before 1.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter to index.php. | |||
| CVE-2013-4018 | medium | — | 6.0 | 13y ago | IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||
| CVE-2013-2218 | medium | — | 6.0 | 13y ago | Double free vulnerability in the virConnectListAllInterfaces method in interface/interface_backend_netcf.c in libvirt 1.0.6 allows remote attackers to cause a denial of service (libvirtd crash) via a… | |||
| CVE-2013-4123 | medium | — | 6.0 | 13y ago | client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a crafted port number in a HTTP Host header. | |||
| CVE-2013-4900 | medium | — | 6.0 | 13y ago | Directory traversal vulnerability in DeWeS web server 0.4.2 and possibly earlier, as used in Twilight CMS, allows remote attackers to read arbitrary files via a ..%5c (dot dot encoded backslash) in a… | |||
| CVE-2013-3601 | medium | — | 6.0 | 13y ago | Coursemill Learning Management System (LMS) 6.6 does not properly restrict JSP function calls, which allows remote authenticated users to perform arbitrary JSP operations by leveraging the Student ro… | |||
| CVE-2013-3276 | medium | — | 6.0 | 13y ago | EMC RSA Archer GRC 5.x before 5.4 allows remote authenticated users to bypass intended access restrictions and complete a login by leveraging a deactivated account. | |||
| CVE-2013-1647 | medium | — | 6.0 | 13y ago | Multiple CRLF injection vulnerabilities in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allow remote attackers to inject arbitrary HTTP headers and conduct HT… | |||
| CVE-2013-3597 | medium | — | 6.0 | 13y ago | servlet/CollectionListServlet in SearchBlox before 7.5 build 1 allows remote attackers to read usernames and passwords via a getList action. | |||
| CVE-2013-3585 | medium | — | 6.0 | 13y ago | Samsung Web Viewer for Samsung DVR devices stores credentials in cleartext, which allows context-dependent attackers to obtain sensitive information via vectors involving (1) direct access to a file … | |||
| CVE-2013-3369 | medium | — | 6.0 | 13y ago | Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote authenticated users with the permissions to view the administration pages to execute arbitrary private components via un… | |||
| CVE-2013-4230 | medium | — | 6.0 | 13y ago | The mm_webform submodule in the Monster Menus module 6.x-6.x before 6.x-6.61 and 7.x-1.x before 7.x-1.13 for Drupal does not properly restrict access to webform submissions, which allows remote authe… | |||
| CVE-2013-2160 | medium | — | 6.0 | 13y ago | Missing XML Validation in Apache CXF | |||
| CVE-2013-3319 | medium | — | 6.0 | 13y ago | The GetComputerSystem method in the HostControl service in SAP Netweaver 7.03 allows remote attackers to obtain sensitive information via a crafted SOAP request to TCP port 1128. | |||
| CVE-2013-3992 | medium | — | 6.0 | 13y ago | Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere BigInsights 2.0 through 2.1 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. | |||
| CVE-2013-4124 | medium | — | 6.0 | 13y ago | Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (… | |||
| CVE-2013-3724 | medium | — | 6.0 | 13y ago | The mk_request_header_process function in mk_request.c in Monkey 1.1.1 allows remote attackers to cause a denial of service (thread crash and service outage) via a '\0' character in an HTTP request. | |||
| CVE-2013-4671 | medium | — | 6.0 | 13y ago | Cross-site request forgery (CSRF) vulnerability in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote authenticated users to hijack the authentication of un… | |||
| CVE-2013-3786 | medium | — | 6.0 | 13y ago | Unspecified vulnerability in Oracle Solaris 9, 10, and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel. | |||
| CVE-2013-2765 | medium | — | 6.0 | 13y ago | The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request … | |||
| CVE-2013-4098 | medium | — | 6.0 | 13y ago | ServerAdmin/ErrorViewer.jsp in DS3 Authentication Server allow remote attackers to inject arbitrary error-page text via the message parameter. | |||
| CVE-2013-4097 | medium | — | 6.0 | 13y ago | ServerAdmin/TestDRConnection.jsp in DS3 Authentication Server allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in a -REG-E-OPEN error … | |||
| CVE-2013-4093 | medium | — | 6.0 | 13y ago | The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote attackers to obtain sensitive information via (1) a direct request to dwr/call/plaincall/Asyn… | |||
| CVE-2013-4092 | medium | — | 6.0 | 13y ago | The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows context-dependent attackers to obtain sensitive information by leveraging the presence of (1) a sess… | |||
| CVE-2013-2323 | medium | — | 6.0 | 13y ago | HP SQL/MX 3.0 through 3.2 on NonStop servers, when SQL/MP Objects are used, allows remote authenticated users to bypass intended access restrictions and modify data via unspecified vectors, aka the "… | |||
| CVE-2013-4615 | medium | — | 6.0 | 13y ago | The Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers allow remote attackers to cause a denial of service (device hang) via a crafted LAN_TXT24 parameter to English/… | |||
| CVE-2013-3575 | medium | — | 6.0 | 13y ago | hpdiags/frontend2/help/pageview.php in HP Insight Diagnostics 9.4.0.4710 does not properly restrict PHP include or require statements, which allows remote attackers to include arbitrary hpdiags/front… | |||
| CVE-2013-4074 | medium | — | 6.0 | 13y ago | The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 incorrectly uses a -1 data value to represent an er… | |||
| CVE-2013-2851 | medium | — | 6.0 | 13y ago | Format string vulnerability in the register_disk function in block/genhd.c in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and writing format string … | |||
| CVE-2013-2059 | medium | — | 6.0 | 13y ago | OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, w… | |||
| CVE-2013-0145 | medium | — | 6.0 | 13y ago | Buffer overflow in the TFTPD service in Serva32 2.1.0 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long string in a read request. | |||
| CVE-2013-3336 | medium | — | 6.0 | 13y ago | Unspecified vulnerability in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to read arbitrary files via unknown vectors. | |||
| CVE-2013-1884 | medium | — | 6.0 | 13y ago | The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an inval… | |||
| CVE-2013-1847 | medium | — | 6.0 | 13y ago | The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an … | |||
| CVE-2013-3063 | medium | — | 6.0 | 13y ago | SAP BASIS Communication Services 4.6B through 7.30 allows remote authenticated users to execute arbitrary commands via unspecified vectors. | |||
| CVE-2013-2419 | medium | — | 6.0 | 13y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allow… | |||
| CVE-2013-2398 | medium | — | 6.0 | 13y ago | Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknow… | |||
| CVE-2013-1551 | medium | — | 6.0 | 13y ago | Unspecified vulnerability in the Siebel Enterprise Application Integration component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality, integrity, and a… | |||
| CVE-2013-1861 | medium | — | 6.0 | 13y ago | MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers… | |||
| CVE-2013-0489 | medium | — | 6.0 | 13y ago | Cross-site request forgery (CSRF) vulnerability in webadmin.nsf (aka the Web Administrator client) in IBM Domino 8.5.x allows remote authenticated users to hijack the authentication of administrators. | |||
| CVE-2013-0335 | medium | — | 6.0 | 13y ago | OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM t… | |||
| CVE-2013-0332 | medium | — | 6.0 | 13y ago | Multiple directory traversal vulnerabilities in ZoneMinder 1.24.x before 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) view, (2) request, or (3) action parameter. | |||
| CVE-2013-1863 | medium | — | 6.0 | 13y ago | Samba 4.x before 4.0.4, when configured as an Active Directory domain controller, uses world-writable permissions on non-default CIFS shares, which allows remote authenticated users to read, modify, … | |||
| CVE-2013-0226 | medium | — | 6.0 | 13y ago | The Keyboard Shortcut Utility module 7.x-1.x before 7.x-1.1 for Drupal does not properly check node restrictions, which allows (1) remote authenticated users with the "view shortcuts" permission to r… | |||
| CVE-2013-0206 | medium | — | 6.0 | 13y ago | Unrestricted file upload vulnerability in the Live CSS module 6.x-2.x before 6.x-2.1 and 7.x-2.x before 7.x-2.7 for Drupal allows remote authenticated users with the "administer CSS" permissions to e… | |||
| CVE-2013-0477 | medium | — | 6.0 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Master Data Management - Collaborative Edition 10.0 and 10.1 before FP1 and InfoSphere Master Data Management Server for Product … | |||
| CVE-2013-1402 | medium | — | 6.0 | 14y ago | DigiLIBE 3.4 and possibly other versions sends a redirect but does not exit, which allows remote attackers to obtain sensitive configuration information via a direct request to configuration/general_… | |||
| CVE-2013-0701 | medium | — | 6.0 | 14y ago | SQL injection vulnerability in Cybozu Garoon 2.5.0 through 3.5.3 allows remote authenticated users to execute arbitrary SQL commands by leveraging a logging privilege. | |||
| CVE-2013-0238 | medium | — | 6.0 | 14y ago | The try_parse_v4_netmask function in hostmask.c in IRCD-Hybrid before 8.0.6 does not properly validate masks, which allows remote attackers to cause a denial of service (crash) via a mask that causes… | |||
| CVE-2013-0415 | medium | — | 6.0 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the Bind/Postinstall script for Bind packag… | |||
| CVE-2013-7440 | medium | 5.9 | 5.9 | 10y ago | The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof serve… | |||
| CVE-2013-6673 | medium | 5.9 | 5.9 | 13y ago | Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it e… | |||
| CVE-2013-4394 | medium | — | 5.9 | 13y ago | The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change the group permissions on the X Keyboard Extension (XKB) layouts description, allows local users in the … | |||
| CVE-2013-3661 | medium | — | 5.9 | 13y ago | The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Se… | |||
| CVE-2013-0411 | medium | — | 5.9 | 13y ago | Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows local users to affect confidentiality, integrity, and availability via vectors related to RBAC Configuration. | |||
| CVE-2013-1909 | medium | — | 5.8 | 4y ago | The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which al… | |||
| CVE-2013-6078 | medium | — | 5.8 | 12y ago | The default configuration of EMC RSA BSAFE Toolkits and RSA Data Protection Manager (DPM) 20130918 uses the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm, which mak… | |||
| CVE-2013-4596 | medium | — | 5.8 | 12y ago | The Node Access Keys module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permissions, which allows remote attackers to bypass access restrictions via a node listing. | |||
| CVE-2013-4347 | medium | — | 5.8 | 12y ago | The (1) make_nonce, (2) generate_nonce, and (3) generate_verifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess… | |||
| CVE-2013-6444 | medium | — | 5.8 | 12y ago | PyWBEM 0.7 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middl… | |||
| CVE-2013-6418 | medium | — | 5.8 | 12y ago | PyWBEM 0.7 and earlier uses a separate connection to validate X.509 certificates, which allows man-in-the-middle attackers to spoof a peer via an arbitrary certificate. | |||
| CVE-2013-7065 | medium | — | 5.8 | 12y ago | The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to bypass access restrictions and post to arbitrary groups via a group audience field, as demonstrated by the … | |||
| CVE-2013-4723 | medium | — | 5.8 | 12y ago | Open redirect vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allows remote attackers to redirect users to arbitrary web sites … | |||
| CVE-2013-6456 | medium | — | 5.8 | 12y ago | The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allows local users to (1) delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the contain… | |||
| CVE-2013-0740 | medium | — | 5.8 | 12y ago | Open redirect vulnerability in Dell OpenManage Server Administrator (OMSA) before 7.3.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the … | |||
| CVE-2013-2694 | medium | — | 5.8 | 12y ago | Open redirect vulnerability in invite.php in the WP Symposium plugin 13.04 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the… | |||
| CVE-2013-2044 | medium | — | 5.8 | 12y ago | Open redirect vulnerability in the Login Page (index.php) in ownCloud before 5.0.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redir… | |||
| CVE-2013-6442 | medium | — | 5.8 | 12y ago | The owner_set function in smbcacls.c in smbcacls in Samba 4.0.x before 4.0.16 and 4.1.x before 4.1.6 removes an ACL during use of a --chown or --chgrp option, which allows remote attackers to bypass … | |||
| CVE-2013-4195 | medium | — | 5.8 | 12y ago | Multiple open redirect vulnerabilities in (1) marmoset_patch.py, (2) publish.py, and (3) principiaredirect.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attac… | |||
| CVE-2013-4191 | medium | — | 5.8 | 12y ago | zip.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce access restrictions when including content in a zip archive, which allows remote attackers to o… | |||
| CVE-2013-6666 | medium | — | 5.8 | 12y ago | The PepperFlashRendererHost::OnNavigate function in renderer/pepper/pepper_flash_renderer_host.cc in Google Chrome before 33.0.1750.146 does not verify that all headers are Cross-Origin Resource Shar… | |||
| CVE-2013-4286 | medium | — | 5.8 | 12y ago | Apache Tomcat is vulnerable to HTTP request-smuggling | |||
| CVE-2013-4420 | medium | — | 5.8 | 13y ago | Multiple directory traversal vulnerabilities in the (1) tar_extract_glob and (2) tar_extract_all functions in libtar 1.2.20 and earlier allow remote attackers to overwrite arbitrary files via a .. (d… | |||
| CVE-2013-6396 | medium | — | 5.8 | 13y ago | The OpenStack Python client library for Swift (python-swiftclient) 1.0 through 1.9.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and… | |||
| CVE-2013-7328 | medium | — | 5.8 | 13y ago | Multiple integer signedness errors in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allow remote attackers to cause a denial of service (application crash) or obtain sensitive inf… | |||
| CVE-2013-6722 | medium | — | 5.8 | 13y ago | Unrestricted file upload vulnerability in the Registration/Edit My Profile portlet in IBM WebSphere Portal 7.x before 7.0.0.2 CF27 and 8.x through 8.0.0.1 CF09 allows remote attackers to cause a deni… | |||
| CVE-2013-6728 | medium | — | 5.8 | 13y ago | The charting component in IBM WebSphere Dashboard Framework (WDF) 6.1.5 and 7.0.1 allows remote attackers to view or delete image files by leveraging incorrect security constraints for a temporary di… | |||
| CVE-2013-1740 | medium | — | 5.8 | 13y ago | The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to sp… | |||
| CVE-2013-7255 | medium | — | 5.8 | 13y ago | Open redirect vulnerability in Opsview before 4.4.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||
| CVE-2013-6450 | medium | — | 5.8 | 13y ago | The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-t… | |||
| CVE-2013-6812 | medium | — | 5.8 | 13y ago | The ONEDC app before 1.7 for iOS does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted… | |||
| CVE-2013-6006 | medium | — | 5.8 | 13y ago | Cybozu Garoon 3.5 through 3.7 SP2 allows remote attackers to bypass Keitai authentication via a modified user ID in a request. | |||
| CVE-2013-7080 | medium | — | 5.8 | 13y ago | TYPO3 is vulnerable to Mass Assignment in the Extension table administration library | |||
| CVE-2013-7079 | medium | — | 5.8 | 13y ago | TYPO3 OpenID extension Open redirect vulnerability | |||
| CVE-2013-4046 | medium | — | 5.8 | 13y ago | Open redirect vulnerability in IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote attackers to redirect users to arbitrary web sites and conduct … | |||
| CVE-2013-7067 | medium | — | 5.8 | 13y ago | The OG Features module 6.x-1.x before 6.x-1.4 for Drupal does not properly override pages that have an access callback set to false, which allows remote attackers to bypass intended access restrictio… | |||
| CVE-2013-6966 | medium | — | 5.8 | 13y ago | Open redirect vulnerability in Cisco WebEx Training Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul36031. | |||
| CVE-2013-6971 | medium | — | 5.8 | 13y ago | Open redirect vulnerability in Cisco WebEx Training Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul57140. | |||
| CVE-2013-6967 | medium | — | 5.8 | 13y ago | Open redirect vulnerability in the mobile-browser subsystem in Cisco WebEx Sales Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified v… | |||
| CVE-2013-6959 | medium | — | 5.8 | 13y ago | Open redirect vulnerability in Cisco WebEx Sales Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul25557. | |||
| CVE-2013-7085 | medium | — | 5.8 | 13y ago | Uscan in devscripts 2.13.5, when USCAN_EXCLUSION is enabled, allows remote attackers to delete arbitrary files via a whitespace character in a filename. | |||
| CVE-2013-6391 | medium | — | 5.8 | 13y ago | The ec2tokens API in OpenStack Identity (Keystone) before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to … |