Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-6003 | 1 Cybozu | 1 Garoon | 2014-01-03 | 3.5 LOW | N/A |
| CRLF injection vulnerability in Cybozu Garoon 3.1 through 3.5 SP5, when Phone Messages forwarding is enabled, allows remote authenticated users to inject arbitrary e-mail headers via unspecified vectors. | |||||
| CVE-2013-6004 | 1 Cybozu | 1 Garoon | 2014-01-03 | 6.8 MEDIUM | N/A |
| Session fixation vulnerability in Cybozu Garoon before 3.7.2 allows remote attackers to hijack web sessions via unspecified vectors. | |||||
| CVE-2013-6900 | 1 Cybozu | 1 Garoon | 2014-01-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the system-administration component in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-6902 | 1 Cybozu | 1 Garoon | 2014-01-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Space function in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-5269 | 1 Projectforge | 1 Projectforge | 2014-01-02 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in ProjectForge before 3.5.3 allows remote authenticated users to inject arbitrary web script or HTML via a validation message. | |||||
| CVE-2012-0264 | 1 Op5 | 1 Monitor | 2014-01-02 | 10.0 HIGH | N/A |
| op5 Monitor and op5 Appliance before 5.5.0 do not properly manage session cookies, which allows remote attackers to have an unspecified impact via unspecified vectors. | |||||
| CVE-2012-0263 | 1 Op5 | 1 Monitor | 2014-01-02 | 4.0 MEDIUM | N/A |
| monitor/index.php in op5 Monitor and op5 Appliance before 5.5.1 allows remote authenticated users to obtain sensitive information such as database and user credentials via error messages that are triggered by (1) a malformed hoststatustypes parameter to status/service/all or (2) a crafted request to config. | |||||
| CVE-2012-0262 | 1 Op5 | 2 Monitor, System-op5config | 2014-01-02 | 10.0 HIGH | N/A |
| op5config/welcome in system-op5config before 2.0.3 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the password parameter. | |||||
| CVE-2012-0261 | 1 Op5 | 2 Monitor, System-portal | 2014-01-02 | 10.0 HIGH | N/A |
| license.php in system-portal before 1.6.2 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the timestamp parameter for an install action. | |||||
| CVE-2013-3282 | 2014-01-02 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none. | |||||
| CVE-2013-3283 | 2014-01-02 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none. | |||||
| CVE-2013-3284 | 2014-01-02 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none. | |||||
| CVE-2013-3289 | 2014-01-02 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none. | |||||
| CVE-2013-6179 | 2014-01-02 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none. | |||||
| CVE-2013-6183 | 2014-01-02 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none. | |||||
| CVE-2013-6184 | 2014-01-02 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none. | |||||
| CVE-2013-6185 | 2014-01-02 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none. | |||||
| CVE-2013-6186 | 2014-01-02 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none. | |||||
| CVE-2013-6187 | 2014-01-02 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none. | |||||
| CVE-2013-6907 | 1 Cybozu | 1 Garoon | 2013-12-31 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon 2.x and 3.x before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-6908 | 1 Cybozu | 1 Garoon | 2013-12-31 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon 3.x before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-6909 | 1 Cybozu | 1 Garoon | 2013-12-31 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in a report component in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-6910 | 1 Cybozu | 1 Garoon | 2013-12-31 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Ajax components in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-6914 | 1 Cybozu | 1 Garoon | 2013-12-31 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in a calendar component in Cybozu Garoon before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-6915 | 1 Cybozu | 1 Garoon | 2013-12-31 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the system-administration component in Cybozu Garoon before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-7209 | 1 Jforum | 1 Jforum | 2013-12-31 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in admBase/login.page in the Admin module in JForum allows remote attackers to hijack the authentication of administrators for requests that change the user group permissions of arbitrary users via a groupsSave action. | |||||
| CVE-2013-5221 | 1 Esri | 1 Arcgis | 2013-12-31 | 3.5 LOW | N/A |
| The mobile-upload feature in Esri ArcGIS for Server 10.1 through 10.2 allows remote authenticated users to upload .exe files by leveraging (1) publisher or (2) administrator privileges. | |||||
| CVE-2013-4339 | 1 Wordpress | 1 Wordpress | 2013-12-31 | 7.5 HIGH | N/A |
| WordPress before 3.6.1 does not properly validate URLs before use in an HTTP redirect, which allows remote attackers to bypass intended redirection restrictions via a crafted string. | |||||
| CVE-2012-5221 | 1 Hp | 37 Color Laserjet 3000, Color Laserjet 3800, Color Laserjet 4700 and 34 more | 2013-12-31 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the PostScript Interpreter, as used on the HP LaserJet 4xxx, 5200, 90xx, M30xx, M4345, M50xx, M90xx, P3005, and P4xxx; LaserJet Enterprise P3015; Color LaserJet 3xxx, 47xx, 5550, 9500, CM60xx, CP35xx, CP4005, and CP6015; Color LaserJet Enterprise CP4xxx; and 9250c Digital Sender with model-dependent firmware through 52.x allows remote attackers to read arbitrary files via unknown vectors. | |||||
| CVE-2011-2901 | 1 Xen | 1 Xen | 2013-12-31 | 5.5 MEDIUM | N/A |
| Off-by-one error in the __addr_ok macro in Xen 3.3 and earlier allows local 64 bit PV guest administrators to cause a denial of service (host crash) via unspecified hypercalls that ignore virtual-address bits. | |||||
| CVE-2011-2495 | 1 Linux | 1 Linux Kernel | 2013-12-31 | 2.1 LOW | N/A |
| fs/proc/base.c in the Linux kernel before 2.6.39.4 does not properly restrict access to /proc/#####/io files, which allows local users to obtain sensitive I/O statistics by polling a file, as demonstrated by discovering the length of another user's password. | |||||
| CVE-2013-7233 | 1 Wordpress | 1 Wordpress | 2013-12-31 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the retrospam component in wp-admin/options-discussion.php in WordPress 2.0.11 and earlier allows remote attackers to hijack the authentication of administrators for requests that move comments to the moderation list. | |||||
| CVE-2013-7232 | 1 Esri | 1 Arcgis | 2013-12-31 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ESRI ArcGIS for Server through 10.2 allows remote attackers to execute arbitrary SQL commands via unspecified input to the map or feature service. | |||||
| CVE-2013-7231 | 1 Esri | 1 Arcgis | 2013-12-31 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Mobile Content Server in ESRI ArcGIS for Server 10.1 and 10.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-5222. | |||||
| CVE-2013-5222 | 1 Esri | 1 Arcgis | 2013-12-31 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Server 10.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-5210 | 1 Adtran | 3 Aos, Netvanta 7060, Netvanta 7100 | 2013-12-31 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the GUI login page in ADTRAN AOS before R10.8.1 on the NetVanta 7100 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-5220 | 1 Hot | 2 Hotbox Router, Hotbox Router Firmware | 2013-12-30 | 6.1 MEDIUM | N/A |
| goform/login on the HOT HOTBOX router with software 2.1.11 allows remote attackers to cause a denial of service (device crash) via crafted HTTP POST data. | |||||
| CVE-2013-5218 | 1 Hot | 2 Hotbox Router, Hotbox Router Firmware | 2013-12-30 | 2.9 LOW | N/A |
| Cross-site scripting (XSS) vulnerability on the HOT HOTBOX router with software 2.1.11 allows remote attackers to inject arbitrary web script or HTML via a crafted DHCP Host Name option, which is not properly handled during rendering of the DHCP table in wlanAccess.asp. | |||||
| CVE-2013-5219 | 1 Hot | 2 Hotbox Router, Hotbox Router Firmware | 2013-12-30 | 3.3 LOW | N/A |
| Directory traversal vulnerability on the HOT HOTBOX router with software 2.1.11 allows remote attackers to read arbitrary files via a .. (dot dot) in a URI, as demonstrated by a request for /etc/passwd. | |||||
| CVE-2013-5039 | 1 Hot | 2 Hotbox Router, Hotbox Router Firmware | 2013-12-30 | 5.4 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in goform/wlanBasicSecurity on the HOT HOTBOX router with software 2.1.11 allows remote attackers to hijack the authentication of administrators for requests that change the WiFi Security field to Deactivated via the WifiSecurity parameter. | |||||
| CVE-2013-5038 | 1 Hot | 2 Hotbox Router, Hotbox Router Firmware | 2013-12-30 | 5.8 MEDIUM | N/A |
| The HOT HOTBOX router with software 2.1.11 allows remote attackers to bypass authentication by configuring a source IP address that had previously been used for an authenticated session. | |||||
| CVE-2013-5037 | 1 Hot | 2 Hotbox Router, Hotbox Router Firmware | 2013-12-30 | 3.3 LOW | N/A |
| The HOT HOTBOX router with software 2.1.11 has a default WPS PIN of 12345670, which makes it easier for remote attackers to obtain the WPA or WPA2 pre-shared key via EAP messages. | |||||
| CVE-2013-4858 | 1 Microsoft | 2 Windows Movie Maker, Windows Xp | 2013-12-30 | 4.3 MEDIUM | N/A |
| Microsoft Windows Movie Maker 2.1.4026.0 on Windows XP SP3 allows remote attackers to cause a denial of service (application crash) via a crafted .wav file, as demonstrated by movieMaker.wav. | |||||
| CVE-2013-6932 | 1 Irfanview | 1 Irfanview | 2013-12-30 | 7.6 HIGH | N/A |
| Buffer overflow in IrfanView before 4.37, when a multibyte-character directory name is used, allows user-assisted remote attackers to execute arbitrary code via a crafted file that is incorrectly handled by the Thumbnail tooltips feature in the Thumbnails window. | |||||
| CVE-2013-6929 | 1 Cybozu | 1 Garoon | 2013-12-30 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in Cybozu Garoon 3.7 SP2 and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted API input. | |||||
| CVE-2013-6886 | 3 Apple, Linux, Realvnc | 3 Mac Os X, Linux Kernel, Realvnc | 2013-12-30 | 7.2 HIGH | N/A |
| RealVNC VNC 5.0.6 on Mac OS X, Linux, and UNIX allows local users to gain privileges via a crafted argument to the (1) vncserver, (2) vncserver-x11, or (3) Xvnc helper. | |||||
| CVE-2013-6808 | 1 Zend | 1 Zendto | 2013-12-30 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in lib/NSSDropoff.php in ZendTo before 4.11-13 allows remote attackers to inject arbitrary web script or HTML via a modified emailAddr field to pickup.php. | |||||
| CVE-2013-6006 | 1 Cybozu | 1 Garoon | 2013-12-30 | 5.8 MEDIUM | N/A |
| Cybozu Garoon 3.5 through 3.7 SP2 allows remote attackers to bypass Keitai authentication via a modified user ID in a request. | |||||
| CVE-2013-4424 | 1 Redhat | 1 Jboss Enterprise Portal Platform | 2013-12-27 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the GateIn Portal component in Red Hat JBoss Portal 6.1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-6787 | 1 Chamilo | 1 Chamilo Lms | 2013-12-27 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in the check_user_password function in main/auth/profile.php in Chamilo LMS 1.9.6 and earlier, when using the non-encrypted passwords mode set at installation, allows remote authenticated users to execute arbitrary SQL commands via the "password0" parameter. | |||||