CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In February 2020

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1251 CVE-2013-3629 1 Exec Code 2020-02-07 2020-02-10
6.5
None Remote Low ??? Partial Partial Partial
ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution
1252 CVE-2013-3628 74 1 Exec Code 2020-02-07 2020-02-10
6.5
None Remote Low ??? Partial Partial Partial
Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability
1253 CVE-2013-3591 434 1 Exec Code 2020-02-07 2020-02-11
6.5
None Remote Low ??? Partial Partial Partial
vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability
1254 CVE-2013-3587 200 +Info 2020-02-21 2022-01-01
4.3
None Remote Medium Not required Partial None None
The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929.
1255 CVE-2013-3568 352 1 CSRF 2020-02-06 2020-02-12
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Cisco Linksys WRT110 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors.
1256 CVE-2013-3564 200 +Info 2020-02-06 2020-02-12
5.0
None Remote Low Not required Partial None None
The web interface in VideoLAN VLC media player before 2.0.7 has no access control which allows remote attackers to view directory listings via the 'dir' command or issue other commands without authenticating.
1257 CVE-2013-3551 200 +Info 2020-02-21 2020-02-26
4.0
None Remote Low ??? Partial None None
Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.20, 3.1.x before 3.1.16, and 3.2.x before 3.2.7, and OTRS ITSM 3.0.x before 3.0.8, 3.1.x before 3.1.9, and 3.2.x before 3.2.5 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism.
1258 CVE-2013-3494 426 Exec Code 2020-02-12 2020-02-18
9.3
None Remote Medium Not required Complete Complete Complete
A Code Execution Vulnerability exists in UMPlayer 0.98 in wintab32.dll due to insufficient path restrictions when loading external libraries. which could let a malicious user execute arbitrary code.
1259 CVE-2013-3323 269 2020-02-18 2020-02-21
6.8
None Remote Medium Not required Partial Partial Partial
A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access.
1260 CVE-2013-3096 287 2020-02-07 2020-02-10
4.3
None Remote Medium Not required None Partial None
D-Link DIR865L v1.03 suffers from an "Unauthenticated Hardware Linking" vulnerability.
1261 CVE-2013-3091 287 Bypass 2020-02-07 2020-02-10
10.0
None Remote Low Not required Complete Complete Complete
An Authentication Bypass vulnerability in Belkin N300 (F7D7301v1) router allows remote attackers to bypass authentication using "Javascript debugging."
1262 CVE-2013-3067 79 XSS 2020-02-07 2020-02-10
3.5
None Remote Medium ??? None Partial None
Linksys WRT310Nv2 2.0.0.1 is vulnerable to XSS.
1263 CVE-2013-2684 79 XSS 2020-02-06 2020-02-07
4.3
None Remote Medium Not required None Partial None
Cross-site Scripting (XSS) in Cisco Linksys E4200 1.0.05 Build 7 devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
1264 CVE-2013-2683 200 +Info 2020-02-06 2020-02-07
5.0
None Remote Low Not required Partial None None
Cisco Linksys E4200 1.0.05 Build 7 devices contain an Information Disclosure Vulnerability which allows remote attackers to obtain private IP addresses and other sensitive information.
1265 CVE-2013-2682 1021 +Info 2020-02-05 2020-02-07
4.3
None Remote Medium Not required Partial None None
Cisco Linksys E4200 1.0.05 Build 7 devices contain a Clickjacking Vulnerability which allows remote attackers to obtain sensitive information.
1266 CVE-2013-2681 287 Bypass 2020-02-05 2020-02-07
4.3
None Remote Medium Not required Partial None None
Cisco Linksys E4200 1.0.05 Build 7 devices contain a Security Bypass Vulnerability which could allow remote attackers to gain unauthorized access.
1267 CVE-2013-2680 312 +Info 2020-02-05 2020-02-07
5.0
None Remote Low Not required Partial None None
Cisco Linksys E4200 1.0.05 Build 7 devices store passwords in cleartext allowing remote attackers to obtain sensitive information.
1268 CVE-2013-2679 79 XSS 2020-02-18 2020-02-27
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Linksys E4200 router with firmware 1.0.05 build 7 allow remote attackers to inject arbitrary web script or HTML via the (1) log_type, (2) ping_ip, (3) ping_size, (4) submit_type, or (5) traceroute_ip parameter to apply.cgi or (6) new_workgroup or (7) submit_button parameter to storage/apply.cgi.
1269 CVE-2013-2678 74 1 Exec Code +Info 2020-02-04 2020-02-07
6.8
None Remote Medium Not required Partial Partial Partial
Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Include Vulnerability which could allow remote attackers to obtain sensitive information or execute arbitrary code by sending a crafted URL request to the apply.cgi script using the submit_type parameter.
1270 CVE-2013-2676 200 +Info 2020-02-04 2020-02-12
5.0
None Remote Low Not required Partial None None
Brother MFC-9970CDW 1.10 firmware L devices contain an information disclosure vulnerability which allows remote attackers to view private IP addresses and other sensitive information.
1271 CVE-2013-2675 1021 +Info 2020-02-05 2020-02-11
4.3
None Remote Medium Not required Partial None None
Brother MFC-9970CDW 1.10 devices with Firmware L contain a Frameable response (Clickjacking) vulnerability which could allow remote attackers to obtain sensitive information.
1272 CVE-2013-2674 200 +Info 2020-02-03 2020-02-05
5.0
None Remote Low Not required Partial None None
Brother MFC-9970CDW 1.10 firmware L devices contain an information disclosure vulnerability which allows remote attackers to view sensitive information from referrer logs due to inadequate handling of HTTP referrer headers.
1273 CVE-2013-2673 863 Bypass 2020-02-03 2020-02-05
4.6
None Local Low Not required Partial Partial Partial
Brother MFC-9970CDW 1.10 firmware L devices contain a security bypass vulnerability which allows physically proximate attackers to gain unauthorized access.
1274 CVE-2013-2672 522 2020-02-03 2020-02-05
5.0
None Remote Low Not required Partial None None
Brother MFC-9970CDW devices with firmware 0D allow cleartext submission of passwords.
1275 CVE-2013-2646 DoS 2020-02-03 2020-02-06
5.0
None Remote Low Not required None None Partial
TP-LINK TL-WR1043ND V1_120405 devices contain an unspecified denial of service vulnerability.
1276 CVE-2013-2637 79 1 Exec Code XSS 2020-02-12 2020-02-18
4.3
None Remote Medium Not required None Partial None
A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user execute arbitrary code.
1277 CVE-2013-2631 200 +Info 2020-02-03 2020-02-05
5.0
None Remote Low Not required Partial None None
TinyWebGallery (TWG) 1.8.9 and earlier contains a full path disclosure vulnerability which allows remote attackers to obtain sensitive information through the parameters "twg_browserx" and "twg_browsery" in the page image.php.
1278 CVE-2013-2624 200 +Info 2020-02-03 2020-02-04
5.0
None Remote Low Not required Partial None None
Telean before 1.3.1 contains a full path disclosure vulnerability which could allow remote attackers to obtain sensitive information through a specially crafted URL request.
1279 CVE-2013-2623 79 XSS 2020-02-03 2020-02-04
4.3
None Remote Medium Not required None Partial None
Cross-site Scripting (XSS) in Telaen before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the "f_email" parameter in index.php.
1280 CVE-2013-2622 79 XSS 2020-02-03 2020-02-04
4.3
None Remote Medium Not required None Partial None
Cross-site Scripting (XSS) in UebiMiau 2.7.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the "selected_theme" parameter in error.php.
1281 CVE-2013-2621 601 2020-02-03 2020-02-04
5.8
None Remote Medium Not required Partial Partial None
Open Redirection Vulnerability in the redir.php script in Telaen before 1.3.1 allows remote attackers to redirect victims to arbitrary websites via a crafted URL.
1282 CVE-2013-2213 327 2020-02-11 2020-02-24
2.1
None Local Low Not required None Partial None
The KRandom::random function in KDE Paste Applet after 4.10.5 in kdeplasma-addons uses the GNU C Library rand function's linear congruential generator, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by predicting the generator output.
1283 CVE-2013-2120 287 Bypass 2020-02-11 2020-02-21
2.1
None Local Low Not required Partial None None
The %{password(...)} macro in pastemacroexpander.cpp in the KDE Paste Applet before 4.10.5 in kdeplasma-addons does not properly generate passwords, which allows context-dependent attackers to bypass authentication via a brute-force attack.
1284 CVE-2013-2109 352 Exec Code 2020-02-10 2020-02-24
6.8
None Remote Medium Not required Partial Partial Partial
WordPress plugin wp-cleanfix has Remote Code Execution
1285 CVE-2013-2108 352 CSRF 2020-02-10 2020-02-18
4.3
None Remote Medium Not required None Partial None
WordPress WP Cleanfix Plugin 2.4.4 has CSRF
1286 CVE-2013-2097 1 Exec Code 2020-02-12 2020-02-24
9.3
None Remote Medium Not required Complete Complete Complete
ZPanel through 10.1.0 has Remote Command Execution
1287 CVE-2013-2057 434 2020-02-11 2020-02-14
7.5
None Remote Low Not required Partial Partial Partial
YaBB through 2.5.2: 'guestlanguage' Cookie Parameter Local File Include Vulnerability
1288 CVE-2013-2018 89 Exec Code Sql 2020-02-20 2020-02-21
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in BOINC allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
1289 CVE-2013-2010 74 1 Exec Code 2020-02-12 2020-02-14
7.5
None Remote Low Not required Partial Partial Partial
WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability
1290 CVE-2013-2009 Exec Code 2020-02-07 2020-02-10
6.8
None Remote Medium Not required Partial Partial Partial
WordPress WP Super Cache Plugin 1.2 has Remote PHP Code Execution
1291 CVE-2013-2008 79 XSS 2020-02-07 2020-02-10
4.3
None Remote Medium Not required None Partial None
WordPress Super Cache Plugin 1.3 has XSS.
1292 CVE-2013-1938 79 XSS 2020-02-12 2020-02-25
4.3
None Remote Medium Not required None Partial None
Zimbra 2013 has XSS in aspell.php
1293 CVE-2013-1924 Bypass 2020-02-12 2020-02-19
5.0
None Remote Low Not required None Partial None
Commerce Skrill (Formerly Moneybookers) has an Access bypass vulnerability in all versions prior to 7.x-1.2
1294 CVE-2013-1760 79 XSS 2020-02-11 2020-02-12
4.3
None Remote Medium Not required None Partial None
The Bug Genie before 3.2.6 has Multiple XSS and HTML Injection Vulnerabilities
1295 CVE-2013-1634 665 DoS 2020-02-13 2020-02-27
7.8
None Remote Low Not required None None Complete
A denial of service vulnerability exists in some motherboard implementations of Intel e1000e/82574L network controller devices through 2013-02-06 where the device can be brought into a non-processing state when parsing 32 hex, 33 hex, or 34 hex byte values at the 0x47f offset. NOTE: A followup statement from Intel suggests that the root cause of this issue was an incorrectly configured EEPROM image.
1296 CVE-2013-1607 20 Exec Code 2020-02-11 2020-02-14
7.5
None Remote Low Not required Partial Partial Partial
Ruby PDFKit gem prior to 0.5.3 has a Code Execution Vulnerability
1297 CVE-2013-1422 203 2020-02-04 2020-02-11
5.0
None Remote Low Not required Partial None None
webcalendar before 1.2.7 shows the reason for a failed login (e.g., "no such user").
1298 CVE-2013-1410 79 XSS 2020-02-12 2020-02-14
4.3
None Remote Medium Not required None Partial None
Perforce P4web 2011.1 and 2012.1 has multiple XSS vulnerabilities
1299 CVE-2013-1401 89 Sql Bypass 2020-02-13 2020-02-19
7.5
None Remote Low Not required Partial Partial Partial
Multiple security bypass vulnerabilities in the editAnswer, deleteAnswer, addAnswer, and deletePoll functions in WordPress Poll Plugin 34.5 for WordPress allow a remote attacker to add, edit, and delete an answer and delete a poll.
1300 CVE-2013-1400 89 Exec Code Sql 2020-02-13 2020-02-19
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in CWPPoll.js in WordPress Poll Plugin 34.5 for WordPress allow attackers to execute arbitrary SQL commands via the pollid or poll_id parameter in a viewPollResults or userlogs action.
Total number of vulnerabilities : 1395   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 (This Page)27 28
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.