Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-05-05 | CVE-2013-7003 | Cross-Site Scripting vulnerability in Livezilla Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) full name field, (2) company field, or (3) filename to chat.php. | 4.3 |
2014-05-05 | CVE-2013-6444 | Improper Input Validation vulnerability in Pywbem Project Pywbem PyWBEM 0.7 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 5.8 |
2014-05-05 | CVE-2013-6418 | Improper Input Validation vulnerability in Pywbem Project Pywbem PyWBEM 0.7 and earlier uses a separate connection to validate X.509 certificates, which allows man-in-the-middle attackers to spoof a peer via an arbitrary certificate. | 5.8 |
2014-05-05 | CVE-2013-4215 | Link Following vulnerability in Nagios Plugins 1.4.16 The IPXPING_COMMAND in contrib/check_ipxping.c in Nagios Plugins 1.4.16 allows local users to gain privileges via a symlink attack on /tmp/ipxping/ipxping. | 4.4 |
2014-05-05 | CVE-2013-3736 | Cross-Site Scripting vulnerability in Bestpractical Request Tracker and Rt-Extension-Mobileui Cross-site scripting (XSS) vulnerability in the MobileUI (aka RT-Extension-MobileUI) extension before 1.04 in Request Tracker (RT) 4.0.0 before 4.0.13 allows remote attackers to inject arbitrary web script or HTML via the name of an attached file. | 4.3 |
2014-05-05 | CVE-2013-1803 | SQL Injection vulnerability in PHP-Fusion Multiple SQL injection vulnerabilities in PHP-Fusion before 7.02.06 allow remote attackers to execute arbitrary SQL commands via the (1) orderby parameter to downloads.php; or remote authenticated users with certain permissions to execute arbitrary SQL commands via a (2) parameter name starting with "delete_attach_" in an edit action to forum/postedit.php; the (3) poll_opts[] parameter in a newthread action to forum/postnewthread.php; the (4) pm_email_notify, (5) pm_save_sent, (6) pm_inbox, (7) pm_sentbox, or (8) pm_savebox parameter to administration/settings_messages.php; the (9) thumb_compression, (10) photo_watermark_text_color1, (11) photo_watermark_text_color2, or (12) photo_watermark_text_color3 parameter to administration/settings_photo.php; the (13) enable parameter to administration/bbcodes.php; the (14) news_image, (15) news_image_t1, or (16) news_image_t2 parameter to administration/news.php; the (17) news_id parameter in an edit action to administration/news.php; or the (18) article_id parameter in an edit action to administration/articles.php. | 7.5 |
2014-05-05 | CVE-2013-0350 | Link Following vulnerability in David Leonard Pkstat 1.8.5 tmp_smtp.c in pktstat 1.8.5 allows local users to overwrite arbitrary files via a symlink attack on /tmp/smtp.log. | 6.3 |
2014-05-05 | CVE-2010-5109 | Numeric Errors vulnerability in multiple products Off-by-one error in the DecompressRTF function in ytnef.c in Yerase's TNEF Stream Reader allows remote attackers to cause a denial of service (crash) via a crafted TNEF file, which triggers a buffer overflow. | 4.3 |
2014-05-05 | CVE-2014-2916 | Cross-Site Request Forgery (CSRF) vulnerability in PHPlist Cross-site request forgery (CSRF) vulnerability in the subscription page editor (spageedit) in phpList before 3.0.6 allows remote attackers to hijack the authentication of administrators via a request to admin/. | 6.8 |
2014-05-05 | CVE-2014-0469 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Debian Xbuffy Stack-based buffer overflow in a certain Debian patch for xbuffy before 3.3.bl.3.dfsg-9 allows remote attackers to execute arbitrary code via the subject of an email, possibly related to indent subject lines. | 6.8 |