SQL injection vulnerability in zp-core/zp-extensions/wordpress_import.php in Zenphoto before 1.4.5.4 allows remote authenticated administrators to execute arbitrary SQL commands via the tableprefix parameter.
Max CVSS
6.5
EPSS Score
0.34%
Published
2013-12-31
Updated
2016-12-31
Cross-site scripting (XSS) vulnerability in the export function in zp-core/zp-extensions/mergedRSS.php in Zenphoto before 1.4.5.4 allows remote attackers to inject arbitrary web script or HTML via the URI.
Max CVSS
4.3
EPSS Score
0.42%
Published
2013-12-31
Updated
2016-12-31
Cross-site request forgery (CSRF) vulnerability in the retrospam component in wp-admin/options-discussion.php in WordPress 2.0.11 and earlier allows remote attackers to hijack the authentication of administrators for requests that move comments to the moderation list.
Max CVSS
6.8
EPSS Score
0.10%
Published
2013-12-30
Updated
2013-12-31
SQL injection vulnerability in ESRI ArcGIS for Server through 10.2 allows remote attackers to execute arbitrary SQL commands via unspecified input to the map or feature service.
Max CVSS
7.5
EPSS Score
0.10%
Published
2013-12-30
Updated
2013-12-31
Cross-site scripting (XSS) vulnerability in the Mobile Content Server in ESRI ArcGIS for Server 10.1 and 10.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-5222.
Max CVSS
3.5
EPSS Score
0.06%
Published
2013-12-30
Updated
2013-12-31
Unspecified vulnerability in Zimbra Collaboration Server 7.2.5 and earlier, and 8.0.x through 8.0.5, has "critical" impact and unspecified vectors, a different vulnerability than CVE-2013-7091.
Max CVSS
10.0
EPSS Score
0.76%
Published
2013-12-26
Updated
2017-08-29
Multiple SQL injection vulnerabilities in Classifieds Creator 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter to demo/classifieds/product.asp, or (2) UserID or (3) Password field to demo/classifieds/admin.asp.
Max CVSS
7.5
EPSS Score
2.06%
Published
2013-12-24
Updated
2017-08-29
Cross-site request forgery (CSRF) vulnerability in admBase/login.page in the Admin module in JForum allows remote attackers to hijack the authentication of administrators for requests that change the user group permissions of arbitrary users via a groupsSave action.
Max CVSS
6.8
EPSS Score
1.01%
Published
2013-12-30
Updated
2013-12-31
Multiple cross-site scripting (XSS) vulnerabilities in www/administrator.php in eFront 3.6.14 (build 18012) allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) Last name, (2) Lesson name, or (3) Course name field.
Max CVSS
3.5
EPSS Score
0.13%
Published
2013-12-21
Updated
2017-08-29
Multiple SQL injection vulnerabilities in C2C Forward Auction Creator 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) pa parameter to auction/asp/list.asp, or the (2) UserID or (3) Password to auction/casp/admin.asp.
Max CVSS
7.5
EPSS Score
0.24%
Published
2013-12-21
Updated
2017-08-29
Multiple SQL injection vulnerabilities in Dynamic Biz Website Builder (QuickWeb) allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to apps/news-events/newdetail.asp, or the (2) UserID or (3) Password to login.asp.
Max CVSS
7.5
EPSS Score
0.08%
Published
2013-12-21
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in Tenmiles Helpdesk Pilot allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI for a ticket.
Max CVSS
4.3
EPSS Score
0.19%
Published
2013-12-21
Updated
2017-08-29
Multiple directory traversal vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to read arbitrary files via the (1) tmpid parameter to websitebuilder/showtemplateimage.php, (2) fname parameter to admin/downloadfile.php, or (3) id parameter to support/admin/csvdownload.php; or (4) have an unspecified impact via unspecified vectors in support/parser/main_smtp.php.
Max CVSS
5.0
EPSS Score
1.99%
Published
2013-12-20
Updated
2017-08-29
Multiple SQL injection vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to execute arbitrary SQL commands via the cmbdomain parameter to (1) checktransferstatus.php, (2) checktransferstatusbck.php, or (3) additionalsettings.php; or (4) invno parameter to payinvoiceothers.php.
Max CVSS
7.5
EPSS Score
0.17%
Published
2013-12-20
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in KBKP Software HostBill before 2013-12-14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.26%
Published
2013-12-20
Updated
2017-08-29
SQL injection vulnerability in form.php in the FormCraft plugin 1.3.7 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
Max CVSS
7.5
EPSS Score
0.15%
Published
2013-12-20
Updated
2017-08-29
Buffer overflow in Steinberg MyMp3PRO 5.0 (Build 5.1.0.21) allows remote attackers to execute arbitrary code via a long string in a .m3u file.
Max CVSS
9.3
EPSS Score
28.32%
Published
2013-12-20
Updated
2017-08-29
SQL injection vulnerability in www/delivery/axmlrpc.php (aka the XML-RPC delivery invocation script) in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to execute arbitrary SQL commands via the what parameter to an XML-RPC method.
Max CVSS
7.5
EPSS Score
0.28%
Published
2013-12-28
Updated
2018-10-30
The UPC Ireland Cisco EPC 2425 router (aka Horizon Box) does not have a sufficiently large number of possible WPA-PSK passphrases, which makes it easier for remote attackers to obtain access via a brute-force attack.
Max CVSS
9.3
EPSS Score
6.53%
Published
2013-12-19
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in ThemeBeans Blooog theme 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the jQuery parameter to assets/js/jplayer.swf.
Max CVSS
4.3
EPSS Score
0.19%
Published
2013-12-17
Updated
2017-08-29
Valve Bug Reporter in the valve-bugreporter package 2.10+bsos1 in Valve SteamOS Beta stores cleartext credentials in a .valve-bugreporter.cfg file upon a Remember Credentials action, which allows local users to obtain sensitive information by reading this file.
Max CVSS
2.1
EPSS Score
0.04%
Published
2013-12-17
Updated
2013-12-18
Apple Safari 6.0.5 on Mac OS X 10.7.5 and 10.8.5 stores cleartext credentials in LastSession.plist, which allows local users to obtain sensitive information by reading this file.
Max CVSS
2.1
EPSS Score
0.04%
Published
2013-12-17
Updated
2017-08-29
Multiple buffer overflows in the create_ntlmssp_v2_key function in epan/dissectors/packet-ntlmssp.c in the NTLMSSP v2 dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 allow remote attackers to cause a denial of service (application crash) via a long domain name in a packet.
Max CVSS
5.0
EPSS Score
0.38%
Published
2013-12-19
Updated
2014-04-19
epan/dissectors/packet-bssgp.c in the BSSGP dissector in Wireshark 1.10.x before 1.10.4 incorrectly relies on a global variable, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Max CVSS
5.0
EPSS Score
1.03%
Published
2013-12-19
Updated
2014-01-17
The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 does not check for empty lines, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
Max CVSS
5.0
EPSS Score
1.03%
Published
2013-12-19
Updated
2014-04-19
484 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!