Vulnerabilities (CVE)

CWE filter

CWE-20

Filter

7461 total CVE
CVE Vendors Products Updated CVSS
CVE-2013-5738 1 Wordpress 1 Wordpress 2013-09-27 4.3
The get_allowed_mime_types function in wp-includes/functions.php in WordPress before 3.6.1 does not require the unfiltered_html capability for uploads of .htm and .html files, which might make it easier for remote authenticated users to conduct...
CVE-2013-1028 1 Apple 2 Mac Os X, Iphone Os 2013-09-27 5.8
The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid Auth is used, does not verify X.509 certificates from security gateways, which allows man-in-the-middle attackers to spoof security gateways and obtain sensitive information...
CVE-2013-4812 1 Hp 2 Identity Driven Manager, Procurve Manager 2013-09-26 10.0
UpdateCertificatesServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the fileName argument, which allows remote attackers to...
CVE-2013-4811 1 Hp 2 Identity Driven Manager, Procurve Manager 2013-09-26 10.0
UpdateDomainControllerServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the adCert argument, which allows remote attackers to...
CVE-2013-1441 1 Exactcode 1 Exactimage 2013-09-25 4.3
econvert in ExactImage 0.8.9 and earlier does not properly initialize the setjmp variable, which allows context-dependent users to cause a denial of service (crash) via a crafted image file.
CVE-2012-5338 1 Jforum 1 Jforum 2013-09-24 5.8
Open redirect vulnerability in JForum 2.1.9 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the returnPath parameter in a validateLogin action to jforum.page.
CVE-2013-1629 1 Pip-installer 1 Pip 2013-09-24 6.8
pip before 1.3 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to a "pip install" operation.
CVE-2013-3277 1 Emc 1 Rsa Archer Egrc 2013-09-19 5.8
Open redirect vulnerability in EMC RSA Archer GRC 5.x before 5.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2013-2788 1 Subnet 1 Substation Server 2013-09-18 4.3
The DNP3 Slave service in SUBNET Solutions SubSTATION Server 2.7.0033 and 2.8.0106 allows remote attackers to cause a denial of service (unhandled exception and process crash) via unspecified vectors.
CVE-2013-1029 1 Apple 1 Mac Os X 2013-09-18 4.9
The kernel in Apple Mac OS X before 10.8.5 allows remote attackers to cause a denial of service (panic) via crafted IGMP packets that leverage incorrect, extraneous code in the IGMP parser.
CVE-2013-4180 2 Theforeman, Redhat 2 Openstack, Foreman 2013-09-17 5.0
The (1) power and (2) ipmi_boot actions in the HostController in Foreman before 1.2.2 allow remote attackers to cause a denial of service (memory consumption) via unspecified input that is converted to a symbol.
CVE-2013-3446 1 Cisco 1 Digital Media Manager 2013-09-13 5.8
Open redirect vulnerability in the login page in Cisco Digital Media Manager (DMM) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCub23849.
CVE-2007-4925 1 Ewire 1 Payment Client 2013-09-13 7.5
The ewirePC_Decrypt function in ewirepcfunctions.php in eWire Payment Client (ePC) 1.60 and 1.70 allows remote attackers to execute arbitrary commands via shell metacharacters in the paymentinfo parameter to simplePHPLinux/3payment_receive.php.
CVE-2013-5642 1 Digium 3 Asterisk, Asterisk Digiumphones, Certified Asterisk 2013-09-12 5.0
The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.x before 1.8.23.1, 10.x before 10.12.3, and 11.x before 11.5.1; Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2; and Asterisk Digiumphones...
CVE-2013-0290 1 Linux 1 Linux Kernel 2013-09-12 4.9
The __skb_recv_datagram function in net/core/datagram.c in the Linux kernel before 3.8 does not properly handle the MSG_PEEK flag with zero-length data, which allows local users to cause a denial of service (infinite loop and system hang) via a...
CVE-2012-4388 1 Php 1 Php 2013-09-12 4.3
The sapi_header_op function in main/SAPI.c in PHP 5.4.0RC2 through 5.4.0 does not properly determine a pointer during checks for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting...
CVE-2009-5031 1 Modsecurity 1 Modsecurity 2013-09-12 4.3
ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks via a single quote in a...
CVE-2013-4283 1 Fedoraproject 1 389 Directory Server 2013-09-11 5.0
ns-slapd in 389 Directory Server before 1.3.0.8 allows remote attackers to cause a denial of service (server crash) via a crafted Distinguished Name (DN) in a MOD operation request.
CVE-2013-3600 1 Trivantis 1 Coursemill Learning Management System 2013-09-06 8.5
Coursemill Learning Management System (LMS) 6.6 allows remote authenticated users to gain privileges via a modified userid value to unspecified functions.
CVE-2013-2804 1 Softwaretoolbox 1 Top Server 2013-09-06 7.1
The DNP Master Driver in Software Toolbox TOP Server before 5.12.140.0 allows remote attackers to cause a denial of service (master-station infinite loop) via crafted DNP3 packets to TCP port 20000 and allows physically proximate attackers to...