| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
401 |
CVE-2013-1818 |
200 |
|
+Info |
2014-06-02 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
maintenance/mwdoc-filter.php in MediaWiki before 1.20.3 allows remote attackers to read arbitrary files via unspecified vectors. |
|
402 |
CVE-2013-1756 |
94 |
|
Exec Code |
2014-06-09 |
2018-08-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Dragonfly gem 0.7 before 0.8.6 and 0.9.x before 0.9.13 for Ruby, when used with Ruby on Rails, allows remote attackers to execute arbitrary code via a crafted request. |
|
403 |
CVE-2013-1412 |
94 |
2
|
Exec Code |
2014-06-02 |
2014-06-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
DataLife Engine (DLE) 9.7 allows remote attackers to execute arbitrary PHP code via the catlist[] parameter to engine/preview.php, which is used in a preg_replace function call with an e modifier. |
|
404 |
CVE-2013-1397 |
94 |
|
Exec Code |
2014-06-02 |
2017-08-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Symfony 2.0.x before 2.0.22, 2.1.x before 2.1.7, and 2.2.x remote attackers to execute arbitrary PHP code via a serialized PHP object to the (1) Yaml::parse or (2) Yaml\Parser::parse function, a different vulnerability than CVE-2013-1348. |
|
405 |
CVE-2013-1348 |
94 |
|
Exec Code |
2014-06-02 |
2017-08-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Yaml::parse function in Symfony 2.0.x before 2.0.22 remote attackers to execute arbitrary PHP code via a PHP file, a different vulnerability than CVE-2013-1397. |
|
406 |
CVE-2013-1068 |
264 |
|
+Priv |
2014-06-19 |
2014-06-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The OpenStack Nova (python-nova) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.2 and 1:2014.1-0 before 1:2014.1-0ubuntu1.2 and Openstack Cinder (python-cinder) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.1 and 1:2014.1-0 before 1:2014.1-0ubuntu1.1 for Ubuntu 13.10 and 14.04 LTS does not properly set the sudo configuration, which makes it easier for attackers to gain privileges by leveraging another vulnerability. |
|
407 |
CVE-2013-0733 |
|
|
Exec Code |
2014-06-05 |
2019-07-18 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Untrusted search path vulnerability in Corel PaintShop Pro X5 and X6 16.0.0.113, 15.2.0.2, and earlier allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .jpg file. |
|
408 |
CVE-2013-0304 |
264 |
|
CSRF |
2014-06-05 |
2014-06-05 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
ownCloud Server before 4.5.7 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to /apps/calendar/export.php. NOTE: this issue has been reported as a cross-site request forgery (CSRF) vulnerability, but due to lack of details, it is uncertain what the root cause is. |
|
409 |
CVE-2013-0302 |
|
|
+Info |
2014-06-05 |
2014-06-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in ownCloud Server before 4.0.12 allows remote attackers to obtain sensitive information via unspecified vectors related to "inclusion of the Amazon SDK testing suite." NOTE: due to lack of details, it is not clear whether the issue exists in ownCloud itself, or in Amazon SDK. |
|
410 |
CVE-2013-0250 |
|
|
DoS |
2014-06-06 |
2014-06-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The init_nss_hash function in exec/totemcrypto.c in Corosync 2.0 before 2.3 does not properly initialize the HMAC key, which allows remote attackers to cause a denial of service (crash) via a crafted packet. |
|
411 |
CVE-2013-0204 |
94 |
|
Exec Code |
2014-06-04 |
2014-06-04 |
4.6 |
None |
Remote |
High |
??? |
Partial |
Partial |
Partial |
|
settings/personal.php in ownCloud 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via crafted mount point settings. |
|
412 |
CVE-2013-0191 |
287 |
|
Bypass |
2014-06-03 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
libpam-pgsql (aka pam_pgsql) 0.7 does not properly handle a NULL value returned by the password search query, which allows remote attackers to bypass authentication via a crafted password. |
|
413 |
CVE-2012-6143 |
94 |
|
Exec Code |
2014-06-04 |
2017-08-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Spoon::Cookie in the Spoon module 0.24 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized. |
|
414 |
CVE-2012-6142 |
94 |
|
Exec Code |
2014-06-04 |
2017-08-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Session::Cookie in the HTML::EP module 0.2011 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized. |
|
415 |
CVE-2012-6141 |
94 |
|
Exec Code |
2014-06-04 |
2017-08-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The App::Context module 0.01 through 0.968 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request to (1) App::Session::Cookie or (2) App::Session::HTMLHidden, which is not properly handled when it is deserialized. |
|
416 |
CVE-2012-5583 |
310 |
|
|
2014-06-06 |
2019-12-30 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
phpCAS before 1.3.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. |
|
417 |
CVE-2012-5395 |
|
|
|
2014-06-02 |
2014-06-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Session fixation vulnerability in the CentralAuth extension for MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the centralauth_Session cookie. |
|
418 |
CVE-2012-5391 |
|
|
|
2014-06-02 |
2017-08-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Session fixation vulnerability in Special:UserLogin in MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the session_id. |
|
419 |
CVE-2012-5390 |
264 |
|
+Priv |
2014-06-06 |
2014-06-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The standard universe shadow (condor_shadow.std) component in Condor 7.7.3 through 7.7.6, 7.8.0 before 7.8.5, and 7.9.0 does no properly check privileges, which allows remote attackers to gain privileges via a crafted standard universe job. |
|
420 |
CVE-2012-5336 |
20 |
|
|
2014-06-04 |
2014-06-04 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
lib/base.php in ownCloud before 4.0.8 does not properly validate the user_id session variable, which allows remote authenticated users to read arbitrary files via vectors related to WebDAV. |
|
421 |
CVE-2012-5106 |
119 |
1
|
Exec Code Overflow |
2014-06-20 |
2017-08-29 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in FreeFloat FTP Server 1.0 allows remote authenticated users to execute arbitrary code via a long string in a PUT command. |
|
422 |
CVE-2012-5057 |
|
|
Http R.Spl. |
2014-06-04 |
2014-06-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
CRLF injection vulnerability in ownCloud Server before 4.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the url path parameter. |
|
423 |
CVE-2012-5056 |
79 |
|
XSS |
2014-06-04 |
2014-06-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) readyCallback parameter to apps/files_odfviewer/src/webodf/webodf/flashput/PUT.swf, the (2) root parameter to apps/gallery/templates/index.php, or a (3) malformed query to lib/db.php. |
|
424 |
CVE-2012-4728 |
|
|
DoS |
2014-06-05 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The (1) QProGetNotebookWindowHandle and (2) Ordinal132 functions in QPW160.dll in Corel Quattro Pro X6 Standard Edition 16.0.0.388 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted QPW file. |
|
425 |
CVE-2012-3522 |
79 |
|
XSS |
2014-06-13 |
2014-06-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in contrib/langwiz.php in GeSHi before 1.0.8.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
426 |
CVE-2012-3521 |
22 |
|
Dir. Trav. |
2014-06-13 |
2014-06-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Multiple directory traversal vulnerabilities in the cssgen contrib module in GeSHi before 1.0.8.11 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) geshi-path or (2) geshi-lang-path parameter. |
|
427 |
CVE-2012-2592 |
79 |
1
|
XSS |
2014-06-18 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Axigen Mail Server 8.0.1 allows remote attackers to inject arbitrary web script or HTML via the body of an email. |
|
428 |
CVE-2012-2591 |
79 |
2
|
XSS |
2014-06-20 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in EmailArchitect Email Server 10.0 and 10.0.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) From or (2) Date field in an email. |
|
429 |
CVE-2012-2580 |
79 |
1
|
XSS |
2014-06-20 |
2020-01-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Postie plugin 1.4.3, and possibly before 1.5.15, for WordPress allows remote attackers to inject arbitrary web script or HTML via the From field of an email. |
|
430 |
CVE-2012-2579 |
79 |
1
|
XSS |
2014-06-20 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in the WP SimpleMail plugin 1.0.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) To, (2) From, (3) Date, or (4) Subject field of an email. |
|
431 |
CVE-2012-2572 |
79 |
1
|
XSS |
2014-06-19 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the ThreeWP Email Reflector plugin before 1.16 for WordPress allows remote attackers to inject arbitrary web script or HTML via the Subject of an email. |
|
432 |
CVE-2012-2569 |
79 |
1
|
XSS |
2014-06-19 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Synametrics Technologies Xeams 4.4 Build 5720 allows remote attackers to inject arbitrary web script or HTML via the body of an email. |
|
433 |
CVE-2012-2052 |
119 |
|
Exec Code Overflow |
2014-06-19 |
2014-06-20 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in the U3D.8BI library plugin in Adobe Photoshop CS5 12.x before 12.0.5 and CS5.1 12.1.x before 12.1.1 allows remote attackers to execute arbitrary code via a long Collada asset element in a DAE file, as demonstrated by the cameraYFov value in the contributor comments element. |
|
434 |
CVE-2012-1621 |
79 |
|
XSS |
2014-06-19 |
2018-05-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.02 allow remote attackers to inject arbitrary web script or HTML via (1) a parameter array in freemarker templates, the (2) contentId or (3) mapKey parameter in a cms event request, which are not properly handled in an error message, or unspecified input in (4) an ajax request to the getServerError function in checkoutProcess.js or (5) a Webslinger component request. NOTE: some of these details are obtained from third party information. |
|
435 |
CVE-2012-0273 |
119 |
|
Exec Code Overflow |
2014-06-20 |
2017-08-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple stack-based buffer overflows in MinaliC 2.0.0 allow remote attackers to execute arbitrary code via a (1) session_id cookie in a request to the get_cookie_value function in response.c, (2) directory name in a request to the add_default_file function in response.c, or (3) file name in a request to the retrieve_physical_file_name_or_brows function in response.c. |
|
436 |
CVE-2011-5280 |
119 |
|
DoS Overflow |
2014-06-02 |
2014-06-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Multiple stack-based buffer overflows in BOINC 6.13.x allow remote attackers to cause a denial of service (crash) via a long trickle-up to (1) client/cs_trickle.cpp or (2) db/db_base.cpp. |
|
437 |
CVE-2011-4821 |
22 |
|
Dir. Trav. |
2014-06-20 |
2014-06-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in the TFTP server in D-Link DIR-601 Wireless N150 Home Router with firmware 1.02NA allows remote attackers to read arbitrary files via unspecified vectors. |
|
438 |
CVE-2011-4367 |
22 |
|
Dir. Trav. |
2014-06-19 |
2020-08-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Multiple directory traversal vulnerabilities in MyFaces JavaServer Faces (JSF) in Apache MyFaces Core 2.0.x before 2.0.12 and 2.1.x before 2.1.6 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) ln parameter to faces/javax.faces.resource/web.xml or (2) the PATH_INFO to faces/javax.faces.resource/. |
|
439 |
CVE-2011-3625 |
119 |
|
DoS Exec Code Overflow |
2014-06-11 |
2014-06-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in the sub_read_line_sami function in subreader.c in MPlayer, as used in SMPlayer 0.6.9, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a SAMI subtitle file. |
|
440 |
CVE-2011-2592 |
119 |
|
Exec Code Overflow |
2014-06-18 |
2017-08-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in the StartEpa method in the nsepacom ActiveX control (nsepa.exe) in Citrix Access Gateway Enterprise Edition Plug-in for Windows 9.x before 9.3-57.5 and 10.0 before 10.0-69.4 allows remote attackers to execute arbitrary code via a long CSEC HTTP response header. |
|
441 |
CVE-2011-1381 |
264 |
|
Bypass |
2014-06-27 |
2014-06-30 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
Unspecified vulnerability in IBM OpenPages GRC Platform 6.1.0.1 before IF4 allows remote attackers to bypass intended access restrictions via unknown vectors. |
|
442 |
CVE-2010-5301 |
119 |
1
|
Exec Code Overflow |
2014-06-13 |
2016-12-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a HEAD request. |
|
443 |
CVE-2010-5300 |
119 |
1
|
DoS Exec Code Overflow |
2014-06-11 |
2014-06-12 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in Jzip 1.3 through 2.0.0.132900 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long file name in a zip archive. |
|
444 |
CVE-2010-5111 |
119 |
|
DoS Exec Code Overflow |
2014-06-16 |
2014-06-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple buffer overflows in readline.c in Echoping 6.0.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted reply in the (1) TLS_readline or (2) SSL_readline function, related to the EchoPingHttps Smokeping probe. |
|
445 |
CVE-2009-5023 |
59 |
|
|
2014-06-10 |
2014-06-24 |
4.7 |
None |
Local |
Medium |
Not required |
None |
Complete |
None |
|
The (1) dshield.conf, (2) mail-buffered.conf, (3) mynetwatchman.conf, and (4) mynetwatchman.conf actions in action.d/ in Fail2ban before 0.8.5 allows local users to write to arbitrary files via a symlink attack on temporary files with predictable names, as demonstrated by /tmp/fail2ban-mail.txt. |
