SQL injection vulnerability in zp-core/zp-extensions/wordpress_import.php in Zenphoto before 1.4.5.4 allows remote authenticated administrators to execute arbitrary SQL commands via the tableprefix parameter.
Max CVSS
6.5
EPSS Score
0.34%
Published
2013-12-31
Updated
2016-12-31
Cross-site scripting (XSS) vulnerability in the export function in zp-core/zp-extensions/mergedRSS.php in Zenphoto before 1.4.5.4 allows remote attackers to inject arbitrary web script or HTML via the URI.
Max CVSS
4.3
EPSS Score
0.42%
Published
2013-12-31
Updated
2016-12-31
Cross-site request forgery (CSRF) vulnerability in the retrospam component in wp-admin/options-discussion.php in WordPress 2.0.11 and earlier allows remote attackers to hijack the authentication of administrators for requests that move comments to the moderation list.
Max CVSS
6.8
EPSS Score
0.11%
Published
2013-12-30
Updated
2013-12-31
SQL injection vulnerability in ESRI ArcGIS for Server through 10.2 allows remote attackers to execute arbitrary SQL commands via unspecified input to the map or feature service.
Max CVSS
7.5
EPSS Score
0.10%
Published
2013-12-30
Updated
2013-12-31
Unspecified vulnerability in Zimbra Collaboration Server 7.2.5 and earlier, and 8.0.x through 8.0.5, has "critical" impact and unspecified vectors, a different vulnerability than CVE-2013-7091.
Max CVSS
10.0
EPSS Score
0.76%
Published
2013-12-26
Updated
2017-08-29
Multiple SQL injection vulnerabilities in Classifieds Creator 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter to demo/classifieds/product.asp, or (2) UserID or (3) Password field to demo/classifieds/admin.asp.
Max CVSS
7.5
EPSS Score
2.06%
Published
2013-12-24
Updated
2017-08-29
Cross-site request forgery (CSRF) vulnerability in admBase/login.page in the Admin module in JForum allows remote attackers to hijack the authentication of administrators for requests that change the user group permissions of arbitrary users via a groupsSave action.
Max CVSS
6.8
EPSS Score
1.01%
Published
2013-12-30
Updated
2013-12-31
Multiple SQL injection vulnerabilities in C2C Forward Auction Creator 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) pa parameter to auction/asp/list.asp, or the (2) UserID or (3) Password to auction/casp/admin.asp.
Max CVSS
7.5
EPSS Score
0.24%
Published
2013-12-21
Updated
2017-08-29
Multiple SQL injection vulnerabilities in Dynamic Biz Website Builder (QuickWeb) allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to apps/news-events/newdetail.asp, or the (2) UserID or (3) Password to login.asp.
Max CVSS
7.5
EPSS Score
0.08%
Published
2013-12-21
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in Tenmiles Helpdesk Pilot allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI for a ticket.
Max CVSS
4.3
EPSS Score
0.19%
Published
2013-12-21
Updated
2017-08-29
Multiple directory traversal vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to read arbitrary files via the (1) tmpid parameter to websitebuilder/showtemplateimage.php, (2) fname parameter to admin/downloadfile.php, or (3) id parameter to support/admin/csvdownload.php; or (4) have an unspecified impact via unspecified vectors in support/parser/main_smtp.php.
Max CVSS
5.0
EPSS Score
1.99%
Published
2013-12-20
Updated
2017-08-29
Multiple SQL injection vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to execute arbitrary SQL commands via the cmbdomain parameter to (1) checktransferstatus.php, (2) checktransferstatusbck.php, or (3) additionalsettings.php; or (4) invno parameter to payinvoiceothers.php.
Max CVSS
7.5
EPSS Score
0.17%
Published
2013-12-20
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in KBKP Software HostBill before 2013-12-14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.26%
Published
2013-12-20
Updated
2017-08-29
SQL injection vulnerability in form.php in the FormCraft plugin 1.3.7 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
Max CVSS
7.5
EPSS Score
0.15%
Published
2013-12-20
Updated
2017-08-29
Buffer overflow in Steinberg MyMp3PRO 5.0 (Build 5.1.0.21) allows remote attackers to execute arbitrary code via a long string in a .m3u file.
Max CVSS
9.3
EPSS Score
28.32%
Published
2013-12-20
Updated
2017-08-29
SQL injection vulnerability in www/delivery/axmlrpc.php (aka the XML-RPC delivery invocation script) in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to execute arbitrary SQL commands via the what parameter to an XML-RPC method.
Max CVSS
7.5
EPSS Score
0.28%
Published
2013-12-28
Updated
2018-10-30
The UPC Ireland Cisco EPC 2425 router (aka Horizon Box) does not have a sufficiently large number of possible WPA-PSK passphrases, which makes it easier for remote attackers to obtain access via a brute-force attack.
Max CVSS
9.3
EPSS Score
6.53%
Published
2013-12-19
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in ThemeBeans Blooog theme 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the jQuery parameter to assets/js/jplayer.swf.
Max CVSS
4.3
EPSS Score
0.19%
Published
2013-12-17
Updated
2017-08-29
Multiple buffer overflows in the create_ntlmssp_v2_key function in epan/dissectors/packet-ntlmssp.c in the NTLMSSP v2 dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 allow remote attackers to cause a denial of service (application crash) via a long domain name in a packet.
Max CVSS
5.0
EPSS Score
0.38%
Published
2013-12-19
Updated
2014-04-19
epan/dissectors/packet-bssgp.c in the BSSGP dissector in Wireshark 1.10.x before 1.10.4 incorrectly relies on a global variable, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Max CVSS
5.0
EPSS Score
1.03%
Published
2013-12-19
Updated
2014-01-17
The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 does not check for empty lines, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
Max CVSS
5.0
EPSS Score
1.03%
Published
2013-12-19
Updated
2014-04-19
Buffer overflow in the Interstage HTTP Server log functionality, as used in Fujitsu Interstage Application Server 9.0.0, 9.1.0, 9.2.0, 9.3.1, and 10.0.0; and Interstage Studio 9.0.0, 9.1.0, 9.2.0, and 10.0.0, has unspecified impact and attack vectors related to "ihsrlog/rotatelogs."
Max CVSS
10.0
EPSS Score
0.38%
Published
2013-12-14
Updated
2013-12-20
McAfee Email Gateway 7.6 allows remote authenticated administrators to execute arbitrary commands by specifying them in the value attribute in a (1) Command or (2) Script XML element. NOTE: this issue can be combined with CVE-2013-7092 to allow remote attackers to execute commands.
Max CVSS
9.0
EPSS Score
0.69%
Published
2013-12-14
Updated
2017-08-29
McAfee Email Gateway 7.6 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the value attribute in a (1) TestFile XML element or the (2) hostname. NOTE: this issue can be combined with CVE-2013-7092 to allow remote attackers to execute commands.
Max CVSS
9.0
EPSS Score
0.69%
Published
2013-12-14
Updated
2017-08-29

CVE-2013-7102

Public exploit
Multiple unrestricted file upload vulnerabilities in (1) media-upload.php, (2) media-upload-lncthumb.php, and (3) media-upload-sq_button.php in lib/admin/ in the OptimizePress theme before 1.61 for WordPress allow remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images_comingsoon, images_lncthumbs, or images_optbuttons in wp-content/uploads/optpress/, as exploited in the wild in November 2013.
Max CVSS
6.8
EPSS Score
21.13%
Published
2013-12-23
Updated
2013-12-24
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!