CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In February 2020

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1201 CVE-2013-7098 787 Overflow 2020-02-13 2020-02-20
7.5
None Remote Low Not required Partial Partial Partial
OpenConnect VPN client with GnuTLS before 5.02 contains a heap overflow if MTU is increased on reconnection.
1202 CVE-2013-7055 522 2020-02-04 2020-02-04
5.0
None Remote Low Not required Partial None None
D-Link DIR-100 4.03B07 has PPTP and poe information disclosure
1203 CVE-2013-7054 79 XSS 2020-02-04 2020-02-04
4.3
None Remote Medium Not required None Partial None
D-Link DIR-100 4.03B07: cli.cgi XSS
1204 CVE-2013-7053 352 CSRF 2020-02-04 2020-02-04
6.8
None Remote Medium Not required Partial Partial Partial
D-Link DIR-100 4.03B07: cli.cgi CSRF
1205 CVE-2013-7052 522 Bypass 2020-02-04 2020-02-04
5.0
None Remote Low Not required Partial None None
D-Link DIR-100 4.03B07: security bypass via an error in the cliget.cgi script
1206 CVE-2013-7051 287 1 Bypass 2020-02-04 2020-02-04
6.8
None Remote Medium Not required Partial Partial Partial
D-Link DIR-100 4.03B07: cli.cgi security bypass due to failure to check authentication parameters
1207 CVE-2013-6927 Bypass 2020-02-13 2020-02-20
2.1
None Local Low Not required None Partial None
Internet TRiLOGI Server (unknown versions) could allow a local user to bypass security and create a local user account.
1208 CVE-2013-6681 200 +Info 2020-02-12 2020-02-24
4.3
None Remote Medium Not required Partial None None
Tube Map Live Underground for Android before 3.0.22 has an Information Disclosure Vulnerability
1209 CVE-2013-6362 798 2020-02-13 2020-02-24
5.0
None Remote Low Not required Partial None None
Xerox ColorCube and WorkCenter devices in 2013 had hardcoded FTP and shell user accounts.
1210 CVE-2013-6360 287 2020-02-13 2020-02-26
5.0
None Remote Low Not required None Partial None
TRENDnet TS-S402 has a backdoor to enable TELNET.
1211 CVE-2013-6295 269 2020-02-18 2020-02-21
7.5
None Remote Low Not required Partial Partial Partial
PrestaShop 1.5.5 vulnerable to privilege escalation via a Salesman account via upload module
1212 CVE-2013-6277 798 2020-02-13 2020-02-28
5.0
None Remote Low Not required Partial None None
QNAP VioCard 300 has hardcoded RSA private keys.
1213 CVE-2013-6236 798 2020-02-12 2020-02-25
10.0
None Remote Low Not required Complete Complete Complete
IZON IP 2.0.2: hard-coded password vulnerability
1214 CVE-2013-6022 79 Exec Code XSS 2020-02-12 2020-02-18
4.3
None Remote Medium Not required None Partial None
A Cross-Site Scripting (XSS) vulnerability exists in Tiki Wiki CMG Groupware 11.0 via the id paraZeroClipboard.swf, which could let a remote malicious user execute arbitrary code.
1215 CVE-2013-5988 79 XSS 2020-02-11 2020-02-12
4.3
None Remote Medium Not required None Partial None
A Cross-site Scripting (XSS) vulnerability exists in the All in One SEO Pack plugin before 2.0.3.1 for WordPress via the Search parameter.
1216 CVE-2013-5945 89 1 Exec Code Sql 2020-02-11 2021-04-23
10.0
None Remote Low Not required Complete Complete Complete
Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allow remote attackers to execute arbitrary SQL commands via the password to (1) the login.authenticate function in share/lua/5.1/teamf1lualib/login.lua or (2) captivePortal.lua.
1217 CVE-2013-5687 200 +Info 2020-02-14 2020-02-20
5.0
None Remote Low Not required Partial None None
RiskNet Acquirer before hotfix 6.0 b7+ADHOC-443 ApplicationServiceBean contains a service information disclosure.
1218 CVE-2013-5594 1021 2020-02-18 2020-02-28
4.3
None Remote Medium Not required None Partial None
Mozilla Firefox before 25 allows modification of anonymous content of pluginProblem.xml binding
1219 CVE-2013-5582 287 Bypass 2020-02-11 2020-02-18
6.8
None Remote Medium Not required Partial Partial Partial
Ammyy Admin 3.2 and earlier stores the client ID at a fixed memory location, which might make it easier for user-assisted remote attackers to bypass authentication by running a local program that extracts a field from the AA_v3.2.exe file.
1220 CVE-2013-5212 79 XSS 2020-02-14 2020-02-24
4.3
None Remote Medium Not required None Partial None
Cross-site Scripting (XSS) in EasyXDM before 2.4.18 allows remote attackers to inject arbitrary web script or html via the easyxdm.swf file.
1221 CVE-2013-5106 20 Exec Code 2020-02-12 2020-02-19
6.8
None Remote Medium Not required Partial Partial Partial
A Code Execution vulnerability exists in select.py when using python-mode 2012-12-19.
1222 CVE-2013-4792 352 CSRF 2020-02-14 2020-02-18
3.5
None Remote Medium ??? None None Partial
PrestaShop before 1.4.11 allows logout CSRF.
1223 CVE-2013-4791 79 XSS 2020-02-14 2020-02-18
3.5
None Remote Medium ??? None Partial None
PrestaShop before 1.4.11 allows Logistician, translators and other low level profiles/accounts to inject a persistent XSS vector on TinyMCE.
1224 CVE-2013-4602 400 DoS 2020-02-12 2020-02-18
7.1
None Remote Medium Not required None None Complete
A Denial of Service (infinite loop) vulnerability exists in Avira AntiVir Engine before 8.2.12.58 via an unspecified function in the PDF Scanner Engine.
1225 CVE-2013-4572 384 2020-02-06 2020-02-10
5.0
None Remote Low Not required None Partial None
The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user.
1226 CVE-2013-4535 20 2020-02-11 2020-02-13
7.2
None Local Low Not required Complete Complete Complete
The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read.
1227 CVE-2013-4521 502 Exec Code 2020-02-06 2020-02-13
7.5
None Remote Low Not required Partial Partial Partial
RichFaces implementation in Nuxeo Platform 5.6.0 before HF27 and 5.8.0 before HF-01 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data. NOTE: this vulnerability may overlap CVE-2013-2165.
1228 CVE-2013-4454 287 Bypass 2020-02-18 2020-02-21
6.4
None Remote Low Not required Partial Partial None
WordPress Portable phpMyAdmin Plugin 1.4.1 has Multiple Security Bypass Vulnerabilities
1229 CVE-2013-4395 79 XSS 2020-02-12 2020-02-21
4.3
None Remote Medium Not required None Partial None
Simple Machines Forum (SMF) through 2.0.5 has XSS
1230 CVE-2013-4335 776 2020-02-07 2020-02-11
7.5
None Remote Low Not required Partial Partial Partial
opOpenSocialPlugin 0.8.2.1, > 0.9.9.2, 0.9.13, 1.2.6: Multiple XML External Entity Injection Vulnerabilities
1231 CVE-2013-4334 611 2020-02-07 2020-02-11
7.5
None Remote Low Not required Partial Partial Partial
opWebAPIPlugin 0.5.1, 0.4.0, and 0.1.0: XXE Vulnerabilities
1232 CVE-2013-4267 78 Exec Code 2020-02-11 2020-02-12
10.0
None Remote Low Not required Complete Complete Complete
Ajaxeplorer before 5.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) archive_name parameter to the Power FS module (plugins/action.powerfs/class.PowerFSController.php), a (2) file name to the getTrustSizeOnFileSystem function in the File System (Standard) module (plugins/access.fs/class.fsAccessWrapper.php), or the (3) revision parameter to the Subversion Repository module (plugins/meta.svn/class.SvnManager.php).
1233 CVE-2013-4228 863 2020-02-18 2020-02-26
4.0
None Remote Low ??? Partial None None
The OG access fields (visibility fields) implementation in Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to private groups, which allows remote authenticated users to guess node IDs, subscribe to, and read the content of arbitrary private groups via unspecified vectors.
1234 CVE-2013-4227 352 CSRF 2020-02-18 2020-02-27
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the persona_xsrf_token function in persona.module in the Mozilla Persona module 7.x-1.x before 7.x-1.11 for Drupal allows remote attackers to hijack the authentication of aribitrary users via a security token that is not a string data type.
1235 CVE-2013-4226 862 +Info 2020-02-18 2020-02-26
4.0
None Remote Low ??? Partial None None
The Authenticated User Page Caching (Authcache) module 7.x-1.x before 7.x-1.5 for Drupal does not properly restrict access to cached pages, which allows remote attackers with the same role-combination as the superuser to obtain sensitive information via the cached pages of the superuser.
1236 CVE-2013-4225 79 Exec Code XSS 2020-02-11 2020-02-27
6.8
None Remote Medium Not required Partial Partial Partial
The RESTful Web Services (restws) module 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.1 for Drupal does not properly restrict access to entity write operations, which makes it easier for remote authenticated users with the "access resource node" and "create page content" permissions (or equivalents) to conduct cross-site scripting (XSS) or execute arbitrary PHP code via a crafted text field.
1237 CVE-2013-4211 94 1 Exec Code 2020-02-14 2020-02-19
7.5
None Remote Low Not required Partial Partial Partial
A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, which could let a remote malicious user execute arbitrary PHP code
1238 CVE-2013-4166 200 +Info 2020-02-06 2020-02-10
5.0
None Remote Low Not required Partial None None
The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information.
1239 CVE-2013-4090 2020-02-12 2022-06-21
5.0
None Remote Low Not required None Partial None
Varnish HTTP cache before 3.0.4: ACL bug
1240 CVE-2013-4088 200 +Info 2020-02-21 2020-02-26
4.0
None Remote Low ??? Partial None None
Kernel/Modules/AgentTicketWatcher.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.21, 3.1.x before 3.1.17, and 3.2.x before 3.2.8 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism.
1241 CVE-2013-3942 426 Exec Code 2020-02-11 2020-02-14
6.8
None Remote Medium Not required Partial Partial Partial
Potplayer prior to 1.5.39659: DLL Loading Arbitrary Code Execution Vulnerability
1242 CVE-2013-3738 20 Exec Code File Inclusion 2020-02-17 2020-02-20
7.5
None Remote Low Not required Partial Partial Partial
A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequate sanitization of request strings in CGI scripts, which could let a remote malicious user execute arbitrary code.
1243 CVE-2013-3725 Exec Code 2020-02-12 2020-02-25
7.5
None Remote Low Not required Partial Partial Partial
Invision Power Board (IPB) through 3.x allows admin account takeover leading to code execution.
1244 CVE-2013-3722 835 DoS 2020-02-17 2020-02-20
5.0
None Remote Low Not required None None Partial
A Denial of Service (infinite loop) exists in OpenSIPS before 1.10 in lookup.c.
1245 CVE-2013-3685 362 2020-02-12 2020-02-19
6.9
None Local Medium Not required Complete Complete Complete
A Privilege Escalation Vulnerability exists in Sprite Software Spritebud 1.3.24 and 1.3.28 and Backup 2.5.4105 and 2.5.4108 on LG Android smartphones due to a race condition in the spritebud daemon, which could let a local malicious user obtain root privileges.
1246 CVE-2013-3684 434 2020-02-11 2020-02-13
10.0
None Remote Low Not required Complete Complete Complete
NextGEN Gallery plugin before 1.9.13 for WordPress: ngggallery.php file upload
1247 CVE-2013-3638 89 Exec Code Sql 2020-02-06 2020-02-12
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in Boonex Dolphin before 7.1.3 allows remote authenticated users to execute arbitrary SQL commands via the 'pathes' parameter in 'categories.php'.
1248 CVE-2013-3637 79 XSS 2020-02-07 2020-02-10
3.5
None Remote Medium ??? None Partial None
ProjectPier 0.8.8 does not use the Secure flag for cookies
1249 CVE-2013-3636 79 XSS 2020-02-07 2020-02-10
3.5
None Remote Medium ??? None Partial None
ProjectPier 0.8.8 has a Remote Information Disclosure Weakness because of the lack of the HttpOnly cookie flag
1250 CVE-2013-3635 79 XSS 2020-02-07 2020-02-10
3.5
None Remote Medium ??? None Partial None
ProjectPier 0.8.8 has stored XSS
Total number of vulnerabilities : 1395   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 (This Page)26 27 28
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.