Latest CVE Feed
-
5.4
MEDIUMCVE-2013-3931
Cross-site scripting (XSS) vulnerability in the Jomres (com_jomres) component before 7.3.1 for Joomla! allows remote authenticated users with the "Business Manager" permission to inject arbitrary web script or HTML via the property_name parameter, related... Read more
Affected Products : jomres- EPSS Score: %0.26
- Published: Jan. 02, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2013-3738
A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequate sanitization of request strings in CGI scripts, which could let a remote malicious user execute arbitrary code.... Read more
Affected Products : zabbix- EPSS Score: %2.86
- Published: Feb. 17, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2013-3725
Invision Power Board (IPB) through 3.x allows admin account takeover leading to code execution.... Read more
Affected Products : invision_power_board- EPSS Score: %0.88
- Published: Feb. 12, 2020
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2013-3722
A Denial of Service (infinite loop) exists in OpenSIPS before 1.10 in lookup.c.... Read more
Affected Products : opensips- EPSS Score: %0.33
- Published: Feb. 17, 2020
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2013-3718
evince is missing a check on number of pages which can lead to a segmentation fault... Read more
- EPSS Score: %0.52
- Published: Nov. 01, 2019
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2013-3703
The controller of the Open Build Service API prior to version 2.4.4 is missing a write permission check, allowing an authenticated attacker to add or remove user roles from packages and/or project meta data.... Read more
Affected Products : open_build_service- EPSS Score: %0.30
- Published: Jun. 08, 2018
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2013-3691
AirLive POE-2600HD allows remote attackers to cause a denial of service (device reset) via a long URL.... Read more
- EPSS Score: %6.73
- Published: Dec. 11, 2019
- Modified: Nov. 21, 2024
-
7.0
HIGHCVE-2013-3685
A Privilege Escalation Vulnerability exists in Sprite Software Spritebud 1.3.24 and 1.3.28 and Backup 2.5.4105 and 2.5.4108 on LG Android smartphones due to a race condition in the spritebud daemon, which could let a local malicious user obtain root privi... Read more
- EPSS Score: %0.08
- Published: Feb. 12, 2020
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2013-3684
NextGEN Gallery plugin before 1.9.13 for WordPress: ngggallery.php file upload... Read more
Affected Products : nextgen_gallery- EPSS Score: %44.66
- Published: Feb. 11, 2020
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2013-3638
SQL injection vulnerability in Boonex Dolphin before 7.1.3 allows remote authenticated users to execute arbitrary SQL commands via the 'pathes' parameter in 'categories.php'.... Read more
Affected Products : dolphin- EPSS Score: %0.39
- Published: Feb. 06, 2020
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2013-3637
ProjectPier 0.8.8 does not use the Secure flag for cookies... Read more
Affected Products : projectpier- EPSS Score: %0.18
- Published: Feb. 07, 2020
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2013-3636
ProjectPier 0.8.8 has a Remote Information Disclosure Weakness because of the lack of the HttpOnly cookie flag... Read more
Affected Products : projectpier- EPSS Score: %0.24
- Published: Feb. 07, 2020
- Modified: Nov. 21, 2024
-
5.4
MEDIUM- EPSS Score: %0.18
- Published: Feb. 07, 2020
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2013-3629
ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution... Read more
Affected Products : ispconfig- EPSS Score: %77.05
- Published: Feb. 07, 2020
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2013-3628
Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability... Read more
Affected Products : zabbix- EPSS Score: %89.78
- Published: Feb. 07, 2020
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2013-3620
Hardcoded WSMan credentials in Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before 3.15 (SMT_X9_315) and firmware for Supermicro X8 generation motherboards before SMT X8 312.... Read more
- EPSS Score: %1.71
- Published: Jan. 02, 2020
- Modified: Nov. 21, 2024
-
8.1
HIGHCVE-2013-3619
Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before SMT_X9_317 and firmware for Supermicro X8 generation motherboards before SMT X8 312 contain harcoded private encryption keys for the (1) Lightt... Read more
- EPSS Score: %9.46
- Published: Jan. 02, 2020
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2013-3591
vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability... Read more
Affected Products : vtiger_crm- EPSS Score: %79.90
- Published: Feb. 07, 2020
- Modified: Nov. 21, 2024
-
5.9
MEDIUMCVE-2013-3587
The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing ... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_link_controller big-ip_local_traffic_manager big-ip_policy_enforcement_manager big-ip_edge_gateway big-ip_webaccelerator +4 more products- EPSS Score: %16.07
- Published: Feb. 21, 2020
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2013-3568
Cross-site request forgery (CSRF) vulnerability in Cisco Linksys WRT110 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors.... Read more
- EPSS Score: %41.06
- Published: Feb. 06, 2020
- Modified: Nov. 21, 2024