Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-10-05 | CVE-2012-4075 | OS Command Injection vulnerability in Cisco Nx-Os Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in unspecified command parameters, aka Bug IDs CSCtf19827 and CSCtf27788. | 7.2 |
2013-10-04 | CVE-2013-3689 | Permissions, Privileges, and Access Controls vulnerability in Brickom products Brickcom FB-100Ap, WCB-100Ap, MD-100Ap, WFB-100Ap, OB-100Ae, OSD-040E, and possibly other camera models with firmware 3.0.6.16C1 and earlier, do not properly restrict access to configfile.dump, which allow remote attackers to obtain sensitive information (user names, passwords, and configurations) via a get action. | 7.8 |
2013-10-04 | CVE-2013-3543 | Permissions, Privileges, and Access Controls vulnerability in Axis Media Control Activex Control 6.2.10.11 The AXIS Media Control (AMC) ActiveX control (AxisMediaControlEmb.dll) 6.2.10.11 for AXIS network cameras allows remote attackers to create or overwrite arbitrary files via a file path to the (1) StartRecord, (2) SaveCurrentImage, or (3) StartRecordMedia methods. | 8.8 |
2013-10-04 | CVE-2013-3541 | Path Traversal vulnerability in Ovislink Airlive Wl2600Cam Directory traversal vulnerability in cgi-bin/admin/fileread in AirLive WL2600CAM and possibly other camera models allows remote attackers to read arbitrary files via a .. | 7.8 |
2013-10-04 | CVE-2013-3540 | Cross-Site Request Forgery (CSRF) vulnerability in Ovislink products Cross-site request forgery (CSRF) vulnerability in cgi-bin/admin/usrgrp.cgi in AirLive POE2600HD, POE250HD, POE200HD, OD-325HD, OD-2025HD, OD-2060HD, POE100HD, and possibly other camera models allows remote attackers to hijack the authentication of administrators for requests that add users. | 6.8 |
2013-10-04 | CVE-2013-5091 | SQL Injection vulnerability in Vtiger CRM SQL injection vulnerability in CalendarCommon.php in vTiger CRM 5.4.0 and possibly earlier allows remote authenticated users to execute arbitrary SQL commands via the onlyforuser parameter in an index action to index.php. | 6.5 |
2013-10-04 | CVE-2013-4986 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Iconcool Pdfcool Studio Stack-based buffer overflow in PDFAX0722_IconCool.dll 7.22.1125.2121 in IconCool PDFCool Studio 3.32 Build 130330 and earlier allows remote attackers to execute arbitrary code via a crafted PDF file. | 6.8 |
2013-10-04 | CVE-2013-6044 | Cross-Site Scripting vulnerability in Djangoproject Django The is_safe_url function in utils/http.py in Django 1.4.x before 1.4.6, 1.5.x before 1.5.2, and 1.6 before beta 2 treats a URL's scheme as safe even if it is not HTTP or HTTPS, which might introduce cross-site scripting (XSS) or other vulnerabilities into Django applications that use this function, as demonstrated by "the login view in django.contrib.auth.views" and the javascript: scheme. | 4.3 |
2013-10-04 | CVE-2013-6011 | Improper Input Validation vulnerability in Citrix products Citrix NetScaler Application Delivery Controller (ADC) 10.0 before 10.0-76.7 allows remote attackers to cause a denial of service (nsconfigd crash and appliance reboot) via a crafted request. | 7.8 |
2013-10-04 | CVE-2013-5915 | Cryptographic Issues vulnerability in Polarssl The RSA-CRT implementation in PolarSSL before 1.2.9 does not properly perform Montgomery multiplication, which might allow remote attackers to conduct a timing side-channel attack and retrieve RSA private keys. | 4.3 |