Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-06-02 | CVE-2013-3258 | Cross-Site Request Forgery (CSRF) vulnerability in Bufferapp Digg Cross-site request forgery (CSRF) vulnerability in he Digg Digg plugin before 5.3.5 for WordPress allows remote attackers to hijack the authentication of users for requests that modify settings via unspecified vectors. | 6.8 |
2014-06-02 | CVE-2013-3257 | Cross-Site Request Forgery (CSRF) vulnerability in Zemanta Related Posts Cross-site request forgery (CSRF) vulnerability in the Related Posts plugin before 2.7.2 for WordPress allows remote attackers to hijack the authentication of users for requests that modify settings via unspecified vectors. | 6.8 |
2014-06-02 | CVE-2013-2710 | Cross-Site Request Forgery (CSRF) vulnerability in Ajaydsouza Contextual Related Posts Cross-site request forgery (CSRF) vulnerability in the Contextual Related Posts plugin before 1.8.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via unspecified vectors. | 6.8 |
2014-06-02 | CVE-2013-2019 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in ROM Walton Boinc 6.10.58/6.12.34 Stack-based buffer overflow in BOINC 6.10.58 and 6.12.34 allows remote attackers to have unspecified impact via multiple file_signature elements. | 9.3 |
2014-06-02 | CVE-2013-2014 | Improper Input Validation vulnerability in multiple products OpenStack Identity (Keystone) before 2013.1 allows remote attackers to cause a denial of service (memory consumption and crash) via multiple long requests. | 5.0 |
2014-06-02 | CVE-2013-1818 | Information Exposure vulnerability in Mediawiki maintenance/mwdoc-filter.php in MediaWiki before 1.20.3 allows remote attackers to read arbitrary files via unspecified vectors. | 5.0 |
2014-06-02 | CVE-2013-1412 | Code Injection vulnerability in Dleviet Datalife Engine 9.7 DataLife Engine (DLE) 9.7 allows remote attackers to execute arbitrary PHP code via the catlist[] parameter to engine/preview.php, which is used in a preg_replace function call with an e modifier. | 7.5 |
2014-06-02 | CVE-2013-1397 | Code Injection vulnerability in Sensiolabs Symfony Symfony 2.0.x before 2.0.22, 2.1.x before 2.1.7, and 2.2.x remote attackers to execute arbitrary PHP code via a serialized PHP object to the (1) Yaml::parse or (2) Yaml\Parser::parse function, a different vulnerability than CVE-2013-1348. | 7.5 |
2014-06-02 | CVE-2013-1348 | Code Injection vulnerability in Sensiolabs Symfony The Yaml::parse function in Symfony 2.0.x before 2.0.22 remote attackers to execute arbitrary PHP code via a PHP file, a different vulnerability than CVE-2013-1397. | 7.5 |
2014-06-02 | CVE-2012-5395 | Session Fixation vulnerability in MediaWiki CentralAuth Extension Session fixation vulnerability in the CentralAuth extension for MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the centralauth_Session cookie. network mediawiki | 6.8 |