The Node View Permissions module 7.x-1.x before 7.x-1.2 for Drupal does not properly implement the hook_query_alter function, which might allow remote attackers to obtain sensitive information by reading a node listing.
Max CVSS
5.0
EPSS Score
0.43%
Published
2013-09-30
Updated
2014-05-05
Cross-site scripting (XSS) vulnerability in the administration page in the Flag module 7.x-3.x before 7.x-3.1 for Drupal allows remote authenticated users with the "Administer flags" permission to inject arbitrary web script or HTML via the flag title.
Max CVSS
2.1
EPSS Score
0.09%
Published
2013-09-30
Updated
2013-10-10
Unrestricted file upload vulnerability in multi.php in Simple Dropbox Upload plugin before 1.8.8.1 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/wpdb/.
Max CVSS
6.8
EPSS Score
10.19%
Published
2013-09-30
Updated
2017-08-29
Unrestricted file upload vulnerability in frames/upload-images.php in the Complete Gallery Manager plugin before 3.3.4 rev40279 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/[year]/[month]/.
Max CVSS
5.1
EPSS Score
71.78%
Published
2013-09-30
Updated
2017-08-29
Unrestricted file upload vulnerability in lazyseo.php in the Lazy SEO plugin 1.1.9 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in lazy-seo/.
Max CVSS
6.8
EPSS Score
12.11%
Published
2013-09-30
Updated
2017-08-29
The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API (ESAPI) for Java 2.x before 2.1.0.1 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryptographic protection mechanisms via an attack against the intended cipher mode in a non-default configuration, a different vulnerability than CVE-2013-5679.
Max CVSS
5.8
EPSS Score
0.33%
Published
2013-09-30
Updated
2019-02-04
Blue Coat ProxySG before 6.2.14.1, 6.3.x, 6.4.x, and 6.5 before 6.5.2 allows remote attackers to cause a denial of service (memory consumption and dropped connections) via a recursive href in an HTML page, which triggers a large number of HTTP RW pipeline pre-fetch requests.
Max CVSS
7.1
EPSS Score
1.14%
Published
2013-09-28
Updated
2013-10-11
Multiple cross-site scripting (XSS) vulnerabilities in Graphite before 0.9.11 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.11%
Published
2013-09-27
Updated
2013-10-07
Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to (1) remote_storage.py, (2) storage.py, (3) render/datalib.py, and (4) whitelist/views.py, a different vulnerability than CVE-2013-5093.
Max CVSS
6.8
EPSS Score
1.03%
Published
2013-09-27
Updated
2013-10-07
Cross-site scripting (XSS) vulnerability in the Click2Sell Suite module 6.x-1.x for Drupal allows remote attackers to inject arbitrary web script or HTML via a confirmation form.
Max CVSS
4.3
EPSS Score
0.25%
Published
2013-09-25
Updated
2017-08-29
Cross-site request forgery (CSRF) vulnerability in the Click2Sell Suite module 6.x-1.x for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete database information via vectors involving the Drupal Form API.
Max CVSS
6.8
EPSS Score
0.21%
Published
2013-09-25
Updated
2017-08-29
The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 allows remote attackers to obtain sensitive information about (1) runtime activity, (2) network configuration, (3) user sessions, (4) the memcache interface, and (5) the REST interface via API calls such as a hazelcast/rest/cluster/ call, a different vulnerability than CVE-2013-5200.
Max CVSS
4.3
EPSS Score
0.18%
Published
2013-09-25
Updated
2013-09-25
The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 does not properly restrict the set of network interfaces that can receive API calls, which makes it easier for remote attackers to obtain access by sending network traffic from an unintended location, a different vulnerability than CVE-2013-5200.
Max CVSS
4.3
EPSS Score
0.13%
Published
2013-09-25
Updated
2013-09-25
Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 has a hardcoded password for node join operations, which allows remote attackers to expand a cluster by finding this password in the source code and then sending the password in a Hazelcast cluster API call, a different vulnerability than CVE-2013-5200.
Max CVSS
4.0
EPSS Score
0.24%
Published
2013-09-25
Updated
2013-09-25
Stack-based buffer overflow in the sub_E110 function in init in a certain configuration of Android 2.3.7 on the Motorola Defy XT phone for Republic Wireless allows local users to gain privileges or cause a denial of service (memory corruption) by writing a long string to the /dev/socket/init_runit socket that is inconsistent with a certain length value that was previously written to this socket.
Max CVSS
6.9
EPSS Score
0.05%
Published
2013-09-25
Updated
2013-09-25
Unspecified vulnerability in WebAdmin in Sophos UTM (aka Astaro Security Gateway) before 9.105 has unknown impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.54%
Published
2013-09-23
Updated
2013-10-03
SQL injection vulnerability in property_listings_detail.php in Real Estate PHP Script allows remote attackers to execute arbitrary SQL commands via the listingid parameter.
Max CVSS
7.5
EPSS Score
0.13%
Published
2013-09-23
Updated
2013-10-15
Cross-site scripting (XSS) vulnerability in search_residential.php in Real Estate PHP Script allows remote attackers to inject arbitrary web script or HTML via the bos parameter.
Max CVSS
4.3
EPSS Score
0.16%
Published
2013-09-23
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in platinum_seo_pack.php in the Platinum SEO plugin before 1.3.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
Max CVSS
4.3
EPSS Score
0.11%
Published
2013-09-23
Updated
2013-09-23
SQL injection vulnerability in wp-comments-post.php in the NOSpam PTI plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the comment_post_ID parameter.
Max CVSS
7.5
EPSS Score
0.12%
Published
2013-09-23
Updated
2013-09-23
Cross-site scripting (XSS) vulnerability in devform.php in Tenable SecurityCenter 4.6 through 4.7 allows remote attackers to inject arbitrary web script or HTML via the message parameter.
Max CVSS
4.3
EPSS Score
0.11%
Published
2013-09-24
Updated
2013-10-15
The authorization implementation on Dahua DVR appliances accepts a hash string representing the current date for the role of a master password, which makes it easier for remote attackers to obtain administrative access and change the administrator password via requests involving (1) ActiveX, (2) a standalone client, or (3) unspecified other vectors, a different vulnerability than CVE-2013-3612.
Max CVSS
10.0
EPSS Score
0.30%
Published
2013-09-17
Updated
2013-09-25
Directory traversal vulnerability in SAP NetWeaver 7.x allows remote attackers to read arbitrary files via unspecified vectors.
Max CVSS
5.0
EPSS Score
0.57%
Published
2013-09-16
Updated
2017-08-29
The login form in the FriendsOfSymfony FOSUserBundle bundle before 1.3.3 for Symfony allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation.
Max CVSS
5.0
EPSS Score
0.16%
Published
2013-09-25
Updated
2013-10-15
Unspecified vulnerability in the Intel Trusted Execution Technology (TXT) SINIT Authenticated Code Modules (ACM) before 1.2, as used by the Intel QM77, QS77, Q77 Express, C216, Q67 Express, C202, C204, and C206 chipsets and Mobile Intel QM67 and QS67 chipsets, when the measured launch environment (MLE) is invoked, allows local users to bypass the Trusted Execution Technology protection mechanism and perform other unspecified SINIT ACM functions via unspecified vectors.
Max CVSS
6.9
EPSS Score
0.04%
Published
2013-09-12
Updated
2014-07-11
454 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!