Vulnerabilities (CVE)

Filtered by CWE-20
Total 10666 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-3277 1 Emc 1 Rsa Archer Egrc 2013-09-19 5.8 MEDIUM N/A
Open redirect vulnerability in EMC RSA Archer GRC 5.x before 5.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2013-2788 1 Subnet 1 Substation Server 2013-09-18 4.3 MEDIUM N/A
The DNP3 Slave service in SUBNET Solutions SubSTATION Server 2.7.0033 and 2.8.0106 allows remote attackers to cause a denial of service (unhandled exception and process crash) via unspecified vectors.
CVE-2013-1029 1 Apple 1 Mac Os X 2013-09-18 4.9 MEDIUM N/A
The kernel in Apple Mac OS X before 10.8.5 allows remote attackers to cause a denial of service (panic) via crafted IGMP packets that leverage incorrect, extraneous code in the IGMP parser.
CVE-2013-3446 1 Cisco 1 Digital Media Manager 2013-09-13 5.8 MEDIUM N/A
Open redirect vulnerability in the login page in Cisco Digital Media Manager (DMM) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCub23849.
CVE-2007-4925 1 Ewire 1 Payment Client 2013-09-13 7.5 HIGH N/A
The ewirePC_Decrypt function in ewirepcfunctions.php in eWire Payment Client (ePC) 1.60 and 1.70 allows remote attackers to execute arbitrary commands via shell metacharacters in the paymentinfo parameter to simplePHPLinux/3payment_receive.php.
CVE-2013-5642 1 Digium 3 Asterisk, Asterisk Digiumphones, Certified Asterisk 2013-09-12 5.0 MEDIUM N/A
The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.x before 1.8.23.1, 10.x before 10.12.3, and 11.x before 11.5.1; Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.3-digiumphones allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an invalid SDP that defines a media description before the connection description in a SIP request.
CVE-2013-4283 1 Fedoraproject 1 389 Directory Server 2013-09-11 5.0 MEDIUM N/A
ns-slapd in 389 Directory Server before 1.3.0.8 allows remote attackers to cause a denial of service (server crash) via a crafted Distinguished Name (DN) in a MOD operation request.
CVE-2013-3600 1 Trivantis 1 Coursemill Learning Management System 2013-09-06 8.5 HIGH N/A
Coursemill Learning Management System (LMS) 6.6 allows remote authenticated users to gain privileges via a modified userid value to unspecified functions.
CVE-2013-2804 1 Softwaretoolbox 1 Top Server 2013-09-06 7.1 HIGH N/A
The DNP Master Driver in Software Toolbox TOP Server before 5.12.140.0 allows remote attackers to cause a denial of service (master-station infinite loop) via crafted DNP3 packets to TCP port 20000 and allows physically proximate attackers to cause a denial of service (master-station infinite loop) via crafted input over a serial line.
CVE-2013-1648 1 Open-xchange 1 Open-xchange Server 2013-09-06 3.5 LOW N/A
The Subscriptions feature in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not properly validate the publication-source URL, which allows remote authenticated users to trigger arbitrary outbound TCP traffic via a crafted Source field, as demonstrated by (1) an ftp: URL, (2) a gopher: URL, or (3) an http://127.0.0.1/ URL, related to a "Server-side request forging (SSRF)" issue.
CVE-2013-3599 1 Trivantis 1 Coursemill Learning Management System 2013-09-06 9.3 HIGH N/A
userlogin.jsp in Coursemill Learning Management System (LMS) 6.6 and 6.8 allows remote attackers to gain privileges via a modified user-role value to home.html.
CVE-2013-3393 1 Cisco 2 Jabber, Virtualization Experience Media Engine 2013-08-31 5.0 MEDIUM N/A
The Precision Video Engine component in Cisco Jabber for Windows and Cisco Virtualization Experience Media Engine allows remote attackers to cause a denial of service (process crash and call disconnection) via crafted RTP packets, aka Bug IDs CSCuh60706 and CSCue21117.
CVE-2012-4922 1 Torproject 1 Tor 2013-08-22 5.0 MEDIUM N/A
The tor_timegm function in common/util.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.22-rc, does not properly validate time values, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed directory object, a different vulnerability than CVE-2012-4419.
CVE-2013-3400 1 Cisco 2 Nexus 1000v, Nx-os 2013-08-20 6.8 MEDIUM N/A
The license-installation module in Cisco NX-OS on Nexus 1000V devices allows local users to execute arbitrary commands via crafted "install license" arguments, aka Bug ID CSCuh30824.
CVE-2013-2790 1 Ioserver 1 Ioserver 2013-08-13 7.8 HIGH N/A
The master-station DNP3 driver before driver19.exe, and Beta2041.exe, in IOServer allows remote attackers to cause a denial of service (infinite loop) via crafted DNP3 packets to TCP port 20000.
CVE-2013-2204 2 Tinymce, Wordpress 2 Media, Wordpress 2013-08-13 4.3 MEDIUM N/A
moxieplayer.as in Moxiecode moxieplayer, as used in the TinyMCE Media plugin in WordPress before 3.5.2 and other products, does not consider the presence of a # (pound sign) character during extraction of the QUERY_STRING, which allows remote attackers to pass arbitrary parameters to a Flash application, and conduct content-spoofing attacks, via a crafted string after a ? (question mark) character.
CVE-2013-2798 1 Selinc 4 Sel-2241, Sel-3505, Sel-3530 and 1 more 2013-08-12 4.7 MEDIUM N/A
Schweitzer Engineering Laboratories (SEL) SEL-2241, SEL-3505, and SEL-3530 RTAC master devices allow physically proximate attackers to cause a denial of service (infinite loop) via crafted input over a serial line.
CVE-2013-2792 1 Selinc 4 Sel-2241, Sel-3505, Sel-3530 and 1 more 2013-08-12 7.1 HIGH N/A
Schweitzer Engineering Laboratories (SEL) SEL-2241, SEL-3505, and SEL-3530 RTAC master devices allow remote attackers to cause a denial of service (infinite loop) via a crafted DNP3 TCP packet.
CVE-2013-3580 1 Trustgo 1 Antivirus \& Mobile Security 2013-07-29 4.3 MEDIUM N/A
The TrustGo Antivirus & Mobile Security application before 1.3.6 for Android allows attackers to cause a denial of service (application crash) via a crafted application that sends an intent to com.trustgo.mobile.security.USSDScannerActivity with zero arguments.
CVE-2013-3275 1 Emc 2 Avamar Server, Avamar Server Virtual Edition 2013-07-29 4.3 MEDIUM N/A
EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly restrict use of FRAME elements, which makes it easier for remote attackers to obtain sensitive information via a crafted web site, related to "cross frame scripting vulnerabilities."