Security Vulnerabilities Published
In 2019
| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2013-6364 |
352 |
1
|
XSS CSRF |
2019-11-05 |
2019-11-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book |
|
2 |
CVE-2013-6275 |
352 |
1
|
CSRF |
2019-11-05 |
2019-11-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and earlier in basic.php. |
|
3 |
CVE-2013-6234 |
434 |
1
|
Exec Code XSS |
2019-11-22 |
2019-12-04 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
Unrestricted file upload vulnerability in the Worksheet designer in SpagoBI before 4.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, aka "XSS File Upload." |
|
4 |
CVE-2013-5978 |
79 |
1
|
XSS |
2019-12-11 |
2019-12-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in products.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) Product name or (2) Price description fields via a request to wp-admin/admin.php. NOTE: This issue may only cross privilege boundaries if used in combination with CVE-2013-5977. |
|
5 |
CVE-2013-4985 |
863 |
1
|
Bypass |
2019-12-27 |
2020-01-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Multiple Vivotek IP Cameras remote authentication bypass that could allow access to the video stream |
|
6 |
CVE-2013-4868 |
200 |
1
|
+Info |
2019-12-27 |
2020-01-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Karotz API 12.07.19.00: Session Token Information Disclosure |
|
7 |
CVE-2013-4867 |
269 |
1
|
|
2019-12-27 |
2020-01-13 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
Electronic Arts Karotz Smart Rabbit 12.07.19.00 allows Python module hijacking |
|
8 |
CVE-2013-4859 |
276 |
1
|
|
2019-12-27 |
2020-01-09 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
INSTEON Hub 2242-222 lacks Web and API authentication |
|
9 |
CVE-2013-4743 |
120 |
1
|
Overflow |
2019-12-27 |
2020-01-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Static HTTP Server 1.0 has a Local Overflow |
|
10 |
CVE-2013-4695 |
763 |
1
|
Exec Code |
2019-12-27 |
2020-01-04 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Winamp 5.63: Invalid Pointer Dereference leading to Arbitrary Code Execution |
|
11 |
CVE-2013-3314 |
200 |
1
|
+Info |
2019-11-21 |
2019-11-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Loftek Nexus 543 IP Camera allows remote attackers to obtain (1) IP addresses via a request to get_realip.cgi or (2) firmware versions (ui and system), timestamp, serial number, p2p port number, and wifi status via a request to get_status.cgi. |
|
12 |
CVE-2013-3311 |
22 |
1
|
Dir. Trav. |
2019-11-21 |
2019-11-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in the Loftek Nexus 543 IP Camera allows remote attackers to read arbitrary files via a .. (dot dot) in the URL of an HTTP GET request. |
|
13 |
CVE-2011-3923 |
732 |
1
|
Exec Code Bypass |
2019-11-01 |
2019-12-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands. |
Total number of vulnerabilities :
13
Page :
1
(This Page)
