Multiple cross-site scripting (XSS) vulnerabilities in bb_admin.php in MiniBB before 3.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) forum_name, (2) forum_group, (3) forum_icon, or (4) forum_desc parameter. NOTE: the whatus vector is already covered by CVE-2008-2066.
Source: MITRE
Max CVSS
4.3
EPSS Score
0.61%
Published
2013-07-31
Updated
2013-07-31

CVE-2013-5019

Public exploit
Stack-based buffer overflow in Ultra Mini HTTPD 1.21 allows remote attackers to execute arbitrary code via a long resource name in an HTTP request.
Source: MITRE
Max CVSS
10.0
EPSS Score
91.29%
Published
2013-07-31
Updated
2018-04-27
main_internet.php on the Western Digital My Net N600 and N750 with firmware 1.03.12 and 1.04.16, and the N900 and N900C with firmware 1.05.12, 1.06.18, and 1.06.28, allows remote attackers to discover the cleartext administrative password by reading the "var pass=" line within the HTML source code.
Source: MITRE
Max CVSS
4.3
EPSS Score
9.24%
Published
2013-07-31
Updated
2020-02-24
Multiple SQL injection vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote authenticated users to execute arbitrary SQL commands via (1) the scale parameter to pmd_pdf.php or (2) the pdf_page_number parameter to schema_export.php.
Source: MITRE
Max CVSS
6.5
EPSS Score
0.17%
Published
2013-07-31
Updated
2016-12-31
Cross-site scripting (XSS) vulnerability in libraries/schema/Export_Relation_Schema.class.php in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted pageNumber value to schema_export.php.
Source: MITRE
Max CVSS
3.5
EPSS Score
0.09%
Published
2013-07-31
Updated
2016-12-31
Cross-site scripting (XSS) vulnerability in libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php in phpMyAdmin 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted object name associated with a TextLinkTransformationPlugin link.
Source: MITRE
Max CVSS
3.5
EPSS Score
0.07%
Published
2013-07-31
Updated
2013-07-31
phpMyAdmin 3.5.x before 3.5.8.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to config.default.php and other files.
Source: MITRE
Max CVSS
5.0
EPSS Score
0.14%
Published
2013-07-31
Updated
2013-07-31
phpMyAdmin 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to Error.class.php and Error_Handler.class.php.
Source: MITRE
Max CVSS
5.0
EPSS Score
0.14%
Published
2013-07-31
Updated
2013-07-31
phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to pmd_common.php and other files.
Source: MITRE
Max CVSS
5.0
EPSS Score
0.14%
Published
2013-07-31
Updated
2013-07-31
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a JavaScript event in (1) an anchor identifier to setup/index.php or (2) a chartTitle (aka chart title) value.
Source: MITRE
Max CVSS
4.3
EPSS Score
0.11%
Published
2013-07-31
Updated
2013-07-31
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a crafted database name, (2) a crafted user name, (3) a crafted logo URL in the navigation panel, (4) a crafted entry in a certain proxy list, or (5) crafted content in a version.json file.
Source: MITRE
Max CVSS
4.3
EPSS Score
0.22%
Published
2013-07-31
Updated
2016-12-31
Cross-site scripting (XSS) vulnerability in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SQL query that is not properly handled during the display of row information.
Source: MITRE
Max CVSS
3.5
EPSS Score
0.09%
Published
2013-07-31
Updated
2016-12-31
Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in the Genetech Solutions Pie-Register plugin before 1.31 for WordPress, when "Allow New Registrations to set their own Password" is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) pass1 or (2) pass2 parameter in a register action. NOTE: some of these details are obtained from third party information.
Source: MITRE
Max CVSS
2.6
EPSS Score
0.90%
Published
2013-07-29
Updated
2017-08-29
SQL injection vulnerability in play.php in Top Games Script 1.2 allows remote attackers to execute arbitrary SQL commands via the gid parameter.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.14%
Published
2013-07-29
Updated
2013-07-30
SQL injection vulnerability in functions/global.php in Elemata CMS RC 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.15%
Published
2013-07-29
Updated
2013-07-30
Multiple cross-site scripting (XSS) vulnerabilities in Mintboard 0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) pass parameter in views/login.php or (3) name or (4) pass parameter in views/signup.php.
Source: MITRE
Max CVSS
4.3
EPSS Score
0.57%
Published
2013-07-29
Updated
2013-07-30
Cross-site scripting (XSS) vulnerability in view.php in Machform 2 allows remote attackers to inject arbitrary web script or HTML via the element_2 parameter.
Source: MITRE
Max CVSS
4.3
EPSS Score
0.20%
Published
2013-07-29
Updated
2021-07-01
Unrestricted file upload vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in the upload form's directory in data/.
Source: MITRE
Max CVSS
6.8
EPSS Score
1.01%
Published
2013-07-29
Updated
2021-07-01
SQL injection vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary SQL commands via the element_2 parameter.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.15%
Published
2013-07-29
Updated
2021-07-01
Unspecified vulnerability in the update and build database page in Sawmill before 8.6.3 allows remote attackers to have unknown impact and attack vectors.
Source: MITRE
Max CVSS
7.5
EPSS Score
1.06%
Published
2013-07-29
Updated
2017-08-29
Multiple cross-site scripting (XSS) vulnerabilities in BMC Service Desk Express (SDE) 10.2.1.95 allow remote attackers to inject arbitrary web script or HTML via the (1) SelTab parameter to QV_admin.aspx, the (2) CallBack parameter to QV_grid.aspx, or the (3) HelpPage parameter to commonhelp.aspx.
Source: MITRE
Max CVSS
4.3
EPSS Score
0.44%
Published
2013-07-29
Updated
2013-07-30
Multiple SQL injection vulnerabilities in BMC Service Desk Express (SDE) 10.2.1.95 allow remote attackers to execute arbitrary SQL commands via the (1) ASPSESSIONIDASSRATTQ, (2) TABLE_WIDGET_1, (3) TABLE_WIDGET_2, (4) browserDateTimeInfo, or (5) browserNumberInfo cookie parameter to DashBoardGUI.aspx; or the (6) UID parameter to login.aspx.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.19%
Published
2013-07-29
Updated
2013-07-30
Cross-site scripting (XSS) vulnerability in the BuddyPress Extended Friendship Request plugin before 1.0.2 for WordPress, when the "Friend Connections" component is enabled, allows remote attackers to inject arbitrary web script or HTML via the friendship_request_message parameter to wp-admin/admin-ajax.php. NOTE: some of these details are obtained from third party information.
Source: MITRE
Max CVSS
2.6
EPSS Score
0.22%
Published
2013-07-29
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in flashuploader.swf in the Uploader component in Yahoo! YUI 3.5.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.
Source: MITRE
Max CVSS
4.3
EPSS Score
0.15%
Published
2013-07-29
Updated
2020-12-01
Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.
Source: MITRE
Max CVSS
4.3
EPSS Score
0.15%
Published
2013-07-29
Updated
2020-12-01
470 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!