Security Vulnerabilities Published In 2013
SQL injection vulnerability in zp-core/zp-extensions/wordpress_import.php in Zenphoto before 1.4.5.4 allows remote authenticated administrators to execute arbitrary SQL commands via the tableprefix parameter.
| Max Base Score | 6.5 |
| Published | 2013-12-31 |
| Updated | 2016-12-31 |
| EPSS | 0.38% |
Cross-site scripting (XSS) vulnerability in the export function in zp-core/zp-extensions/mergedRSS.php in Zenphoto before 1.4.5.4 allows remote attackers to inject arbitrary web script or HTML via the URI.
| Max Base Score | 4.3 |
| Published | 2013-12-31 |
| Updated | 2016-12-31 |
| EPSS | 0.42% |
Cross-site request forgery (CSRF) vulnerability in the retrospam component in wp-admin/options-discussion.php in WordPress 2.0.11 and earlier allows remote attackers to hijack the authentication of administrators for requests that move comments to the moderation list.
| Max Base Score | 6.8 |
| Published | 2013-12-30 |
| Updated | 2013-12-31 |
| EPSS | 0.16% |
SQL injection vulnerability in ESRI ArcGIS for Server through 10.2 allows remote attackers to execute arbitrary SQL commands via unspecified input to the map or feature service.
| Max Base Score | 7.5 |
| Published | 2013-12-30 |
| Updated | 2013-12-31 |
| EPSS | 0.25% |
Cross-site scripting (XSS) vulnerability in the Mobile Content Server in ESRI ArcGIS for Server 10.1 and 10.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-5222.
| Max Base Score | 3.5 |
| Published | 2013-12-30 |
| Updated | 2013-12-31 |
| EPSS | 0.07% |
Unspecified vulnerability in Zimbra Collaboration Server 7.2.5 and earlier, and 8.0.x through 8.0.5, has "critical" impact and unspecified vectors, a different vulnerability than CVE-2013-7091.
| Max Base Score | 10.0 |
| Published | 2013-12-26 |
| Updated | 2017-08-29 |
| EPSS | 0.76% |
Multiple SQL injection vulnerabilities in Classifieds Creator 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter to demo/classifieds/product.asp, or (2) UserID or (3) Password field to demo/classifieds/admin.asp.
| Max Base Score | 7.5 |
| Published | 2013-12-24 |
| Updated | 2017-08-29 |
| EPSS | 1.65% |
Cross-site request forgery (CSRF) vulnerability in admBase/login.page in the Admin module in JForum allows remote attackers to hijack the authentication of administrators for requests that change the user group permissions of arbitrary users via a groupsSave action.
| Max Base Score | 6.8 |
| Published | 2013-12-30 |
| Updated | 2013-12-31 |
| EPSS | 1.01% |
Multiple cross-site scripting (XSS) vulnerabilities in www/administrator.php in eFront 3.6.14 (build 18012) allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) Last name, (2) Lesson name, or (3) Course name field.
| Max Base Score | 3.5 |
| Published | 2013-12-21 |
| Updated | 2017-08-29 |
| EPSS | 0.13% |
Multiple SQL injection vulnerabilities in C2C Forward Auction Creator 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) pa parameter to auction/asp/list.asp, or the (2) UserID or (3) Password to auction/casp/admin.asp.
| Max Base Score | 7.5 |
| Published | 2013-12-21 |
| Updated | 2017-08-29 |
| EPSS | 0.24% |
Multiple SQL injection vulnerabilities in Dynamic Biz Website Builder (QuickWeb) allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to apps/news-events/newdetail.asp, or the (2) UserID or (3) Password to login.asp.
| Max Base Score | 7.5 |
| Published | 2013-12-21 |
| Updated | 2017-08-29 |
| EPSS | 0.08% |
Cross-site scripting (XSS) vulnerability in Tenmiles Helpdesk Pilot allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI for a ticket.
| Max Base Score | 4.3 |
| Published | 2013-12-21 |
| Updated | 2017-08-29 |
| EPSS | 0.19% |
Multiple directory traversal vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to read arbitrary files via the (1) tmpid parameter to websitebuilder/showtemplateimage.php, (2) fname parameter to admin/downloadfile.php, or (3) id parameter to support/admin/csvdownload.php; or (4) have an unspecified impact via unspecified vectors in support/parser/main_smtp.php.
| Max Base Score | 5.0 |
| Published | 2013-12-20 |
| Updated | 2017-08-29 |
| EPSS | 2.18% |
Multiple SQL injection vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to execute arbitrary SQL commands via the cmbdomain parameter to (1) checktransferstatus.php, (2) checktransferstatusbck.php, or (3) additionalsettings.php; or (4) invno parameter to payinvoiceothers.php.
| Max Base Score | 7.5 |
| Published | 2013-12-20 |
| Updated | 2017-08-29 |
| EPSS | 0.17% |
Cross-site scripting (XSS) vulnerability in KBKP Software HostBill before 2013-12-14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
| Max Base Score | 4.3 |
| Published | 2013-12-20 |
| Updated | 2017-08-29 |
| EPSS | 0.26% |
SQL injection vulnerability in form.php in the FormCraft plugin 1.3.7 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
| Max Base Score | 7.5 |
| Published | 2013-12-20 |
| Updated | 2017-08-29 |
| EPSS | 0.17% |
Buffer overflow in Steinberg MyMp3PRO 5.0 (Build 5.1.0.21) allows remote attackers to execute arbitrary code via a long string in a .m3u file.
| Max Base Score | 9.3 |
| Published | 2013-12-20 |
| Updated | 2017-08-29 |
| EPSS | 28.06% |
SQL injection vulnerability in www/delivery/axmlrpc.php (aka the XML-RPC delivery invocation script) in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to execute arbitrary SQL commands via the what parameter to an XML-RPC method.
| Max Base Score | 7.5 |
| Published | 2013-12-28 |
| Updated | 2018-10-30 |
| EPSS | 0.19% |
The UPC Ireland Cisco EPC 2425 router (aka Horizon Box) does not have a sufficiently large number of possible WPA-PSK passphrases, which makes it easier for remote attackers to obtain access via a brute-force attack.
| Max Base Score | 9.3 |
| Published | 2013-12-19 |
| Updated | 2017-08-29 |
| EPSS | 7.12% |
Cross-site scripting (XSS) vulnerability in ThemeBeans Blooog theme 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the jQuery parameter to assets/js/jplayer.swf.
| Max Base Score | 4.3 |
| Published | 2013-12-17 |
| Updated | 2017-08-29 |
| EPSS | 0.19% |
Valve Bug Reporter in the valve-bugreporter package 2.10+bsos1 in Valve SteamOS Beta stores cleartext credentials in a .valve-bugreporter.cfg file upon a Remember Credentials action, which allows local users to obtain sensitive information by reading this file.
| Max Base Score | 2.1 |
| Published | 2013-12-17 |
| Updated | 2013-12-18 |
| EPSS | 0.04% |
Apple Safari 6.0.5 on Mac OS X 10.7.5 and 10.8.5 stores cleartext credentials in LastSession.plist, which allows local users to obtain sensitive information by reading this file.
| Max Base Score | 2.1 |
| Published | 2013-12-17 |
| Updated | 2017-08-29 |
| EPSS | 0.04% |
Multiple buffer overflows in the create_ntlmssp_v2_key function in epan/dissectors/packet-ntlmssp.c in the NTLMSSP v2 dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 allow remote attackers to cause a denial of service (application crash) via a long domain name in a packet.
| Max Base Score | 5.0 |
| Published | 2013-12-19 |
| Updated | 2014-04-19 |
| EPSS | 0.38% |
epan/dissectors/packet-bssgp.c in the BSSGP dissector in Wireshark 1.10.x before 1.10.4 incorrectly relies on a global variable, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
| Max Base Score | 5.0 |
| Published | 2013-12-19 |
| Updated | 2014-01-17 |
| EPSS | 1.03% |
The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 does not check for empty lines, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
| Max Base Score | 5.0 |
| Published | 2013-12-19 |
| Updated | 2014-04-19 |
| EPSS | 1.03% |
5187 vulnerabilities found
1
2
3
4
5
6 ......
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208