Total
299317 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-7465 | 1 Icecoldapps | 1 Servers Ultimate | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Ice Cold Apps Servers Ultimate 6.0.2(12) does not require authentication for TELNET, SSH, or FTP, which allows remote attackers to execute arbitrary code by uploading PHP scripts. | |||||
| CVE-2013-7464 | 1 Csrf-magic Project | 1 Csrf-magic | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| In csrf-magic before 1.0.4, if $GLOBALS['csrf']['secret'] is not configured, the Anti-CSRF Token used is predictable and would permit an attacker to bypass the CSRF protections, because an automatically generated secret is not used. | |||||
| CVE-2013-7435 | 1 Evergreen-ils | 1 Evergreen | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The open-ils.pcrud endpoint in Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to obtain sensitive settings history information by leveraging lack of user permission for retrieval in fm_IDL.xml. | |||||
| CVE-2013-7390 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Unrestricted file upload vulnerability in AgentLogUploadServlet in ManageEngine DesktopCentral 7.x and 8.0.0 before build 80293 allows remote attackers to execute arbitrary code by uploading a file with a jsp extension, then accessing it via a direct request to the file in the webroot. | |||||
| CVE-2013-7381 | 1 Libnotify Project | 1 Libnotify | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| libnotify before 1.0.4 for Node.js allows remote attackers to execute arbitrary commands via unspecified characters in a call to libnotify.notify. | |||||
| CVE-2013-7380 | 1 Ep Imageconvert Project | 1 Ep Imageconvert | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Etherpad Lite ep_imageconvert Plugin has a Remote Command Injection Vulnerability | |||||
| CVE-2013-7378 | 1 Hubot Scripts Project | 1 Hubot Scripts | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| scripts/email.coffee in the Hubot Scripts module before 2.4.4 for Node.js allows remote attackers to execute arbitrary commands. | |||||
| CVE-2013-7371 | 2 Debian, Sencha | 2 Debian Linux, Connect | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| node-connects before 2.8.2 has cross site scripting in Sencha Labs Connect middleware (vulnerability due to incomplete fix for CVE-2013-7370) | |||||
| CVE-2013-7370 | 4 Debian, Opensuse, Redhat and 1 more | 4 Debian Linux, Opensuse, Openshift and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware | |||||
| CVE-2013-7351 | 1 Shaarli Project | 1 Shaarli | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Shaarli allow remote attackers to inject arbitrary web script or HTML via the URL to the (1) showRSS, (2) showATOM, or (3) showDailyRSS function; a (4) file name to the importFile function; or (5) vectors related to bookmarks. | |||||
| CVE-2013-7333 | 1 Projectfloodlight | 1 Open Sdn Controller | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability in version 0.90 of the Open Floodlight SDN controller software could allow an attacker with access to the OpenFlow control network to selectively disconnect individual switches from the SDN controller, causing degradation and eventually denial of network access to all devices connected to the targeted switch. | |||||
| CVE-2013-7325 | 1 Debian | 2 Debian Linux, Devscripts | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue exists in uscan in devscripts before 2.13.19, which could let a remote malicious user execute arbitrary code via a crafted tarball. | |||||
| CVE-2013-7324 | 1 Webkitgtk | 1 Webkitgtk | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Webkit-GTK 2.x (any version with HTML5 audio/video support based on GStreamer) allows remote attackers to trigger unexpectedly high sound volume via malicious javascript. NOTE: this WebKit-GTK behavior complies with existing W3C standards and existing practices for GNOME desktop integration. | |||||
| CVE-2013-7287 | 1 Mobileiron | 2 Sentry, Virtual Smartphone Platform | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| MobileIron VSP < 5.9.1 and Sentry < 5.0 has an insecure encryption scheme. | |||||
| CVE-2013-7286 | 1 Att | 2 Mobileiron Sentry, Mobileiron Virtual Smartphone Platform | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| MobileIron VSP < 5.9.1 and Sentry < 5.0 has a weak password obfuscation algorithm | |||||
| CVE-2013-7245 | 1 Sybase | 1 Adaptive Server Enterprise | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Backup Server component in SAP Sybase ASE 15.7 before SP51 allows remote attackers to bypass access restrictions and perform database dumps by leveraging failure to validate credentials, aka SAP Security Note 1927859. | |||||
| CVE-2013-7203 | 1 Gitolite | 1 Gitolite | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| gitolite before commit fa06a34 might allow local users to read arbitrary files in repositories via vectors related to the user umask when running gitolite setup. | |||||
| CVE-2013-7202 | 1 Paypal | 1 Paypal | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| The WebHybridClient class in PayPal 5.3 and earlier for Android allows remote attackers to execute arbitrary JavaScript on the system. | |||||
| CVE-2013-7201 | 1 Paypal | 1 Paypal | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| WebHybridClient.java in PayPal 5.3 and earlier for Android ignores SSL errors, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information. | |||||
| CVE-2013-7185 | 1 Daum | 1 Potplayer | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| PotPlayer 1.5.40688: .avi File Memory Corruption | |||||