CVEs from 2013
Total
5,687
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.1%
% with KEV
0.7%
% with exploit
11.6%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-6200 | medium | — | 6.2 | 12y ago | Unspecified vulnerability in m4 in HP HP-UX B.11.23 and B.11.31 allows local users to obtain sensitive information or modify data via unknown vectors. | |||
| CVE-2013-5834 | medium | — | 6.2 | 13y ago | Unspecified vulnerability in Oracle Solaris 8 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to ps. | |||
| CVE-2013-6368 | medium | — | 6.2 | 13y ago | The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end addre… | |||
| CVE-2013-5046 | medium | — | 6.2 | 13y ago | Microsoft Internet Explorer 7 through 11 allows local users to bypass the Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code, a… | |||
| CVE-2013-6409 | medium | — | 6.2 | 13y ago | Debian adequate before 0.8.1, when run by root with the --user option, allows local users to hijack the tty and possibly gain privileges via the TIOCSTI ioctl. | |||
| CVE-2013-4482 | medium | — | 6.2 | 13y ago | Untrusted search path vulnerability in python-paste-script (aka paster) in Luci 0.26.0, when started using the initscript, allows local users to gain privileges via a Trojan horse .egg-info file in t… | |||
| CVE-2013-4591 | medium | — | 6.2 | 13y ago | Buffer overflow in the __nfs4_get_acl_uncached function in fs/nfs/nfs4proc.c in the Linux kernel before 3.7.2 allows local users to cause a denial of service (memory corruption and system crash) or p… | |||
| CVE-2013-1726 | medium | — | 6.2 | 13y ago | Mozilla Updater in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 does not ensure exclusive access… | |||
| CVE-2013-2888 | medium | — | 6.2 | 13y ago | Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or … | |||
| CVE-2013-4876 | medium | — | 6.2 | 13y ago | The Verizon Wireless Network Extender SCS-2U01 has a hardcoded password for the root account, which makes it easier for physically proximate attackers to obtain administrative access by leveraging a … | |||
| CVE-2013-4875 | medium | — | 6.2 | 13y ago | The Uboot bootloader on the Verizon Wireless Network Extender SCS-2U01 allows physically proximate attackers to bypass the intended boot process and obtain a login prompt by connecting a crafted HDMI… | |||
| CVE-2013-4874 | medium | — | 6.2 | 13y ago | The Uboot bootloader on the Verizon Wireless Network Extender SCS-26UC4 allows physically proximate attackers to obtain root access by connecting a crafted HDMI cable and using a sys session to modif… | |||
| CVE-2013-3692 | medium | — | 6.2 | 13y ago | BlackBerry 10 OS before 10.0.10.648 on BlackBerry Z10 smartphones uses weak permissions for a BlackBerry Protect object, which allows physically proximate attackers to bypass intended access restrict… | |||
| CVE-2013-3955 | medium | — | 6.2 | 13y ago | The get_xattrinfo function in the XNU kernel in Apple iOS 5.x and 6.x through 6.1.3 on iPad devices does not properly validate the header of an AppleDouble file, which might allow local users to caus… | |||
| CVE-2013-3051 | medium | — | 6.2 | 13y ago | The TrustZone kernel, when used in conjunction with a certain Motorola build of Android 4.1.2, on Motorola Razr HD, Razr M, and Atrix HD devices with the Qualcomm MSM8960 chipset does not verify the … | |||
| CVE-2013-1848 | medium | — | 6.2 | 13y ago | fs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect arguments to functions in certain circumstances related to printk input, which allows local users to conduct format-string attacks and … | |||
| CVE-2013-1827 | medium | — | 6.2 | 13y ago | net/dccp/ccid.h in the Linux kernel before 3.5.4 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capabil… | |||
| CVE-2013-1826 | medium | — | 6.2 | 13y ago | The xfrm_state_netlink function in net/xfrm/xfrm_user.c in the Linux kernel before 3.5.7 does not properly handle error conditions in dump_one_state function calls, which allows local users to gain p… | |||
| CVE-2013-1798 | medium | — | 6.2 | 13y ago | The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux kernel through 3.8.4 does not properly handle a certain combination of invalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, … | |||
| CVE-2013-0665 | medium | — | 6.2 | 13y ago | Schweitzer Engineering Laboratories (SEL) AcSELerator QuickSet before 5.12.0.1 uses weak permissions for its Program Files directory, which allows local users to replace executable files, and consequ… | |||
| CVE-2013-0228 | medium | — | 6.2 | 13y ago | The xen_iret function in arch/x86/xen/xen-asm_32.S in the Linux kernel before 3.7.9 on 32-bit Xen paravirt_ops platforms does not properly handle an invalid value in the DS segment register, which al… | |||
| CVE-2013-1767 | medium | — | 6.2 | 13y ago | Use-after-free vulnerability in the shmem_remount_fs function in mm/shmem.c in the Linux kernel before 3.7.10 allows local users to gain privileges or cause a denial of service (system crash) by remo… | |||
| CVE-2013-0313 | medium | — | 6.2 | 14y ago | The evm_update_evmxattr function in security/integrity/evm/evm_crypto.c in the Linux kernel before 3.7.5, when the Extended Verification Module (EVM) is enabled, allows local users to cause a denial … | |||
| CVE-2013-7433 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the Googlemaps plugin before 3.1 for Joomla!. | |||
| CVE-2013-7430 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the Googlemaps plugin before 3.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the xmlns parameter. | |||
| CVE-2013-7454 | medium | 6.1 | 6.1 | 10y ago | Multiple XSS Filter Bypasses in validator | |||
| CVE-2013-7453 | medium | 6.1 | 6.1 | 10y ago | Moderate severity vulnerability that affects validator | |||
| CVE-2013-7452 | medium | 6.1 | 6.1 | 10y ago | Moderate severity vulnerability that affects validator | |||
| CVE-2013-7451 | medium | 6.1 | 6.1 | 10y ago | Moderate severity vulnerability that affects validator | |||
| CVE-2013-3572 | medium | 6.1 | 6.1 | 13y ago | Cross-site scripting (XSS) vulnerability in the administer interface in the UniFi Controller in Ubiquiti Networks UniFi 2.3.5 and earlier allows remote attackers to inject arbitrary web script or HTM… | |||
| CVE-2013-7027 | medium | — | 6.1 | 13y ago | The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow at… | |||
| CVE-2013-6705 | medium | — | 6.1 | 13y ago | The IP Device Tracking (IPDT) feature in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (IPDT AVL corruption and device reload) via a crafted sequence of ARP packets, aka B… | |||
| CVE-2013-6864 | medium | — | 6.1 | 13y ago | Directory traversal vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenti… | |||
| CVE-2013-6683 | medium | — | 6.1 | 13y ago | The IPv6 implementation in Cisco NX-OS does not properly handle neighbor-table adjacencies, which allows remote attackers to cause a denial of service (NS processing outage) via a series of malformed… | |||
| CVE-2013-4387 | medium | — | 6.1 | 13y ago | net/ipv6/ip6_output.c in the Linux kernel through 3.11.4 does not properly determine the need for UDP Fragmentation Offload (UFO) processing of small packets after the UFO queueing of a large packet,… | |||
| CVE-2013-3610 | medium | — | 6.1 | 13y ago | qis/QIS_finish.htm on the ASUS RT-N10E router with firmware before 2.0.0.25 does not require authentication, which allows remote attackers to discover the administrator password via a direct request. | |||
| CVE-2013-4788 | medium | — | 6.1 | 13y ago | The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it … | |||
| CVE-2013-5962 | medium | — | 6.1 | 13y ago | Unrestricted file upload vulnerability in frames/upload-images.php in the Complete Gallery Manager plugin before 3.3.4 rev40279 for WordPress allows remote attackers to execute arbitrary code by uplo… | |||
| CVE-2013-1414 | medium | — | 6.1 | 13y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Fortinet FortiOS on FortiGate firewall devices before 4.3.13 and 5.x before 5.0.2 allow remote attackers to hijack the authentication of … | |||
| CVE-2013-1226 | medium | — | 6.1 | 13y ago | The Ethernet frame-forwarding implementation in Cisco NX-OS on Nexus 7000 devices allows remote attackers to cause a denial of service (forwarding loop and service outage) via a crafted frame, aka Bu… | |||
| CVE-2013-1815 | medium | 6.1 | 6.1 | 13y ago | A flaw was found in PackStack. This vulnerability allows a local user to modify deployed systems by changing the answer file, which is created in insecure directories such as /tmp or the current work… | |||
| CVE-2013-0675 | medium | — | 6.1 | 13y ago | Buffer overflow in CCEServer (aka the central communications component) in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to cause a deni… | |||
| CVE-2013-2486 | medium | — | 6.1 | 13y ago | The dissect_diagnosticrequest function in epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses an incorrect integer data … | |||
| CVE-2013-2485 | medium | — | 6.1 | 13y ago | The FCSP dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. | |||
| CVE-2013-2482 | medium | — | 6.1 | 13y ago | The AMPQ dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. | |||
| CVE-2013-2476 | medium | — | 6.1 | 13y ago | The dissect_hartip function in epan/dissectors/packet-hartip.c in the HART/IP dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a pack… | |||
| CVE-2013-1141 | medium | — | 6.1 | 13y ago | The mDNS snooping functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.4.1.54 and earlier does not properly manage buffers, which allows remote authenticated users to cause a … | |||
| CVE-2013-2256 | medium | — | 6.0 | 4y ago | OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to obtain sensitive info… | |||
| CVE-2013-2131 | medium | — | 6.0 | 12y ago | Format string vulnerability in the rrdtool module 1.4.7 for Python, as used in Zenoss, allows context-dependent attackers to cause a denial of service (crash) via format string specifiers to the rrdt… | |||
| CVE-2013-6043 | medium | — | 6.0 | 12y ago | The login function in Softaculous Webuzo before 2.1.4 provides different error messages for invalid authentication attempts depending on whether the user account exists, which allows remote attackers… | |||
| CVE-2013-3304 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in Dell EqualLogic PS4000 with firmware 6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI. | |||
| CVE-2013-6796 | medium | — | 6.0 | 12y ago | The SMTP server in DeepOfix 3.3 and earlier allows remote attackers to bypass authentication via an empty password, which triggers an LDAP anonymous bind. | |||
| CVE-2013-6309 | medium | — | 6.0 | 12y ago | IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to hijack sessions, and consequently read records, modify records, or conduct transactions, via an unspecified link injection. | |||
| CVE-2013-4727 | medium | — | 6.0 | 12y ago | DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a request to Admin/top.aspx. | |||
| CVE-2013-3739 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in editor.php in Network Weathermap 0.97c and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the mapname parameter in a show_config ac… | |||
| CVE-2013-5464 | medium | — | 6.0 | 12y ago | IBM Maximo Asset Management 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 before IFIX011, and 7.5.0.5 before IFIX006 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote aut… | |||
| CVE-2013-3982 | medium | — | 6.0 | 12y ago | The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to obtain unspecified installation information and technical data via a request to a public page. | |||
| CVE-2013-3975 | medium | — | 6.0 | 12y ago | Unspecified vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to discover user names, full names, and e-mail addresses via a sear… | |||
| CVE-2013-7382 | medium | — | 6.0 | 12y ago | VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier has a hardcoded password of donotedit for the (1) VDAD and (2) VDCL users, which makes it easier for remote attackers to o… | |||
| CVE-2013-1807 | medium | — | 6.0 | 12y ago | PHP-Fusion before 7.02.06 stores backup files with predictable filenames in an unrestricted directory under the web document root, which might allow remote attackers to obtain sensitive information v… | |||
| CVE-2013-1604 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in MayGion IP Cameras with firmware before 2013.04.22 (05.53) allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI. | |||
| CVE-2013-2641 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in patience.cgi in Sophos Web Appliance before 3.7.8.2 allows remote attackers to read arbitrary files via the id parameter. | |||
| CVE-2013-2619 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in Aspen before 0.22 allows remote attackers to read arbitrary files via a .. (dot dot) to the default URI. | |||
| CVE-2013-6835 | medium | — | 6.0 | 12y ago | TelephonyUI Framework in Apple iOS 7 before 7.1, when Safari is used, does not require user confirmation for FaceTime audio calls, which allows remote attackers to obtain telephone number or e-mail a… | |||
| CVE-2013-7247 | medium | — | 6.0 | 13y ago | cgi-bin/tsaws.cgi in Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 allows remote attackers to discover sensitive information (user names and password ha… | |||
| CVE-2013-5880 | medium | — | 6.0 | 13y ago | Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 12.2.0, 12.2.1, and 12.2.2 allows remote attackers to affect confidentiality via unk… | |||
| CVE-2013-5877 | medium | — | 6.0 | 13y ago | Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.0, and 12.2.1 allows remote attackers to affe… | |||
| CVE-2013-5795 | medium | — | 6.0 | 13y ago | Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.1, 12.2.2, and 12.2.3 allows remote attackers… | |||
| CVE-2013-7097 | medium | — | 6.0 | 13y ago | Directory traversal vulnerability in 7 Media Web Solutions eduTrac before 1.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the showmask parameter to installer/overview.php. | |||
| CVE-2013-7240 | medium | — | 6.0 | 13y ago | Directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dew_file parameter. | |||
| CVE-2013-5211 | medium | — | 6.0 | 13y ago | The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_… | |||
| CVE-2013-6890 | medium | — | 6.0 | 13y ago | denyhosts 2.6 uses an incorrect regular expression when analyzing authentication logs, which allows remote attackers to cause a denial of service (incorrect block of IP addresses) via crafted login n… | |||
| CVE-2013-7190 | medium | — | 6.0 | 13y ago | Multiple directory traversal vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to read arbitrary files via the (1) tmpid parameter to websitebuilder/showtemplateimage.php, … | |||
| CVE-2013-7091 | medium | — | 6.0 | 13y ago | Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. (… | |||
| CVE-2013-6414 | medium | — | 6.0 | 13y ago | actionpack/lib/action_view/lookup_context.rb in Action View in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to cause a denial of service (memory consumption) via a hea… | |||
| CVE-2013-4474 | medium | — | 6.0 | 13y ago | Format string vulnerability in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.3 allows remote attackers to cause a denial of service (crash) via format string specifiers in … | |||
| CVE-2013-6627 | medium | — | 6.0 | 13y ago | net/http/http_stream_parser.cc in Google Chrome before 31.0.1650.48 does not properly process HTTP Informational (aka 1xx) status codes, which allows remote web servers to cause a denial of service (… | |||
| CVE-2013-4548 | medium | — | 6.0 | 13y ago | The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows … | |||
| CVE-2013-4050 | medium | — | 6.0 | 13y ago | Cross-site request forgery (CSRF) vulnerability in webadmin.nsf in Domino Web Administrator in IBM Domino 8.5 and 9.0 allows remote authenticated users to hijack the authentication of unspecified vic… | |||
| CVE-2013-4435 | medium | — | 6.0 | 13y ago | Salt (aka SaltStack) 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another rou… | |||
| CVE-2013-6114 | medium | — | 6.0 | 13y ago | Integer overflow in the OZDocument::parseElement function in Apple Motion 5.0.7 allows remote attackers to cause a denial of service (application crash) via a (1) large or (2) small value in the subv… | |||
| CVE-2013-4299 | medium | — | 6.0 | 13y ago | Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or modify data via a crafted mapping to… | |||
| CVE-2013-6246 | medium | — | 6.0 | 13y ago | The Dell Quest One Password Manager, possibly 5.0, allows remote attackers to bypass CAPTCHA protections and obtain sensitive information (user's full name) by sending a login request with a valid do… | |||
| CVE-2013-4295 | medium | — | 6.0 | 13y ago | Apache Shindig PHP Sensitive Information Disclosure | |||
| CVE-2013-3244 | medium | — | 6.0 | 13y ago | Multiple unspecified vulnerabilities in the CJDB_FILL_MEMORY_FROM_PPB function in the Project System (PS-IS) module for SAP ERP Central Component (ECC) allow remote attackers to execute arbitrary cod… | |||
| CVE-2013-4450 | medium | — | 6.0 | 13y ago | The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of service (memory and CPU consumption) by sending a large number of pipelined reque… | |||
| CVE-2013-3827 | medium | — | 6.0 | 13y ago | Path Traversal in Eclipse Mojarra | |||
| CVE-2013-5539 | medium | — | 6.0 | 13y ago | The upload-dialog implementation in Cisco Identity Services Engine (ISE) allows remote authenticated users to upload files with an arbitrary file type, and consequently conduct attacks against unspec… | |||
| CVE-2013-4826 | medium | — | 6.0 | 13y ago | Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to obtain sensitive information via unknown vectors… | |||
| CVE-2013-4823 | medium | — | 6.0 | 13y ago | Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Branch Intelligent Management System Software Module (aka BIMS) allows remote attackers to obtain sensitive information … | |||
| CVE-2013-5533 | medium | — | 6.0 | 13y ago | The image-upgrade functionality on Cisco 9900 Unified IP phones allows local users to gain privileges by placing shell commands in an unspecified parameter, aka Bug ID CSCuh10334. | |||
| CVE-2013-5979 | medium | — | 6.0 | 13y ago | Directory traversal vulnerability in Spring Signage Xibo 1.2.x before 1.2.3 and 1.4.x before 1.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter to index.php. | |||
| CVE-2013-4018 | medium | — | 6.0 | 13y ago | IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||
| CVE-2013-2218 | medium | — | 6.0 | 13y ago | Double free vulnerability in the virConnectListAllInterfaces method in interface/interface_backend_netcf.c in libvirt 1.0.6 allows remote attackers to cause a denial of service (libvirtd crash) via a… | |||
| CVE-2013-4123 | medium | — | 6.0 | 13y ago | client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a crafted port number in a HTTP Host header. | |||
| CVE-2013-4900 | medium | — | 6.0 | 13y ago | Directory traversal vulnerability in DeWeS web server 0.4.2 and possibly earlier, as used in Twilight CMS, allows remote attackers to read arbitrary files via a ..%5c (dot dot encoded backslash) in a… | |||
| CVE-2013-3601 | medium | — | 6.0 | 13y ago | Coursemill Learning Management System (LMS) 6.6 does not properly restrict JSP function calls, which allows remote authenticated users to perform arbitrary JSP operations by leveraging the Student ro… | |||
| CVE-2013-3276 | medium | — | 6.0 | 13y ago | EMC RSA Archer GRC 5.x before 5.4 allows remote authenticated users to bypass intended access restrictions and complete a login by leveraging a deactivated account. | |||
| CVE-2013-1647 | medium | — | 6.0 | 13y ago | Multiple CRLF injection vulnerabilities in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allow remote attackers to inject arbitrary HTTP headers and conduct HT… | |||
| CVE-2013-3597 | medium | — | 6.0 | 13y ago | servlet/CollectionListServlet in SearchBlox before 7.5 build 1 allows remote attackers to read usernames and passwords via a getList action. |