Total
3717 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-1867 | 1 Suphp | 1 Suphp | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
| suPHP before 0.7.2 source-highlighting feature allows security bypass which could lead to arbitrary code execution | |||||
| CVE-2014-125060 | 1 Collabcal Project | 1 Collabcal | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, was found in holdennb CollabCal. Affected is the function handleGet of the file calenderServer.cpp. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The patch is identified as b80f6d1893607c99e5113967592417d0fe310ce6. It is recommended to apply a patch to fix this issue. VDB-217614 is the identifier assigned to this vulnerability. | |||||
| CVE-2014-10389 | 1 Wpsupportplus | 1 Wp Support Plus Responsive Ticket System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has incorrect authentication. | |||||
| CVE-2014-10067 | 1 Paypal-ipn Project | 1 Paypal-ipn | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| paypal-ipn before 3.0.0 uses the `test_ipn` parameter (which is set by the PayPal IPN simulator) to determine if it should use the production PayPal site or the sandbox. With a bit of time, an attacker could craft a request using the simulator that would fool any application which does not explicitly check for test_ipn in production. | |||||
| CVE-2014-0927 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2024-11-21 | 4.3 MEDIUM | 8.1 HIGH |
| The ActiveMQ admin user interface in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote attackers to bypass authentication by leveraging knowledge of the port number and webapp path. IBM X-Force ID: 92259. | |||||
| CVE-2013-7465 | 1 Icecoldapps | 1 Servers Ultimate | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Ice Cold Apps Servers Ultimate 6.0.2(12) does not require authentication for TELNET, SSH, or FTP, which allows remote attackers to execute arbitrary code by uploading PHP scripts. | |||||
| CVE-2013-7051 | 1 Dlink | 2 Dir-100, Dir-100 Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| D-Link DIR-100 4.03B07: cli.cgi security bypass due to failure to check authentication parameters | |||||
| CVE-2013-6360 | 1 Trendnet | 2 Ts-s402, Ts-s402 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| TRENDnet TS-S402 has a backdoor to enable TELNET. | |||||
| CVE-2013-5582 | 1 Ammyy | 1 Ammyy Admin | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Ammyy Admin 3.2 and earlier stores the client ID at a fixed memory location, which might make it easier for user-assisted remote attackers to bypass authentication by running a local program that extracts a field from the AA_v3.2.exe file. | |||||
| CVE-2013-5123 | 5 Debian, Fedoraproject, Pypa and 2 more | 6 Debian Linux, Fedora, Pip and 3 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks. | |||||
| CVE-2013-5122 | 1 Cisco | 8 Linksys E4200, Linksys E4200 Firmware, Linksys Ea2700 and 5 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Cisco Linksys Routers EA2700, EA3500, E4200, EA4500: A bug can cause an unsafe TCP port to open which leads to unauthenticated access | |||||
| CVE-2013-5116 | 1 Evernote | 1 Evernote | 2024-11-21 | 6.6 MEDIUM | 7.1 HIGH |
| Evernote prior to 5.5.1 has insecure password change | |||||
| CVE-2013-5114 | 1 Logmein | 1 Lastpass | 2024-11-21 | 6.6 MEDIUM | 6.1 MEDIUM |
| LastPass prior to 2.5.1 allows secure wipe bypass. | |||||
| CVE-2013-5112 | 1 Evernote | 1 Evernote | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
| Evernote before 5.5.1 has insecure PIN storage | |||||
| CVE-2013-4982 | 1 Avtech | 2 Avn801 Dvr, Avn801 Dvr Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| AVTECH AVN801 DVR has a security bypass via the administration login captcha | |||||
| CVE-2013-4976 | 1 Hikvision | 2 Ds-2cd7153-e, Ds-2cd7153-e Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Hikvision DS-2CD7153-E IP Camera has security bypass via hardcoded credentials | |||||
| CVE-2013-4863 | 1 Micasaverde | 2 Veralite, Veralite Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| The HomeAutomationGateway service in MiCasaVerde VeraLite with firmware 1.5.408 allows (1) remote attackers to execute arbitrary Lua code via a RunLua action in a request to upnp/control/hag on port 49451 or (2) remote authenticated users to execute arbitrary Lua code via a RunLua action in a request to port_49451/upnp/control/hag. | |||||
| CVE-2013-4621 | 1 Magdevgroup | 1 Magnolia Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Magnolia CMS before 4.5.9 has multiple access bypass vulnerabilities | |||||
| CVE-2013-4593 | 1 Omniauth-facebook Project | 1 Omniauth-facebook | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| RubyGem omniauth-facebook has an access token security vulnerability | |||||
| CVE-2013-4462 | 1 Portable Phpmyadmin Project | 1 Portable Phpmyadmin | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| WordPress Portable phpMyAdmin Plugin has an authentication bypass vulnerability | |||||