CVE-2013-3841

Unspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Web Services...

CVE-2013-1189

Cisco Universal Broadband aka uBR 10000 series routers, when an IPv4/IPv6 dual-stack modem is used, allow remote attackers to cause a denial of service routing-engine reload via unspecified changes to IP address assignments, aka Bug ID CSCue15313...

CVE-2013-1203

Cisco ASA CX Context-Aware Security Software allows remote attackers to cause a denial of service device reload via crafted TCP packets that appear to have been forwarded by a Cisco Adaptive Security Appliances ASA device, aka Bug ID CSCue88386...

CVE-2013-4746

Cross-site scripting XSS vulnerability in the My quiz and poll myquizpoll extension before 2.0.6 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2013-4626

Cross-site scripting XSS vulnerability in the BackWPup plugin before 3.0.13 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tab parameter to wp-admin/admin.php...

CVE-2013-0209

lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for requests to database-migration functions, which allows remote attackers to conduct eval injection and SQL injection attacks via crafted parameters, as demonstrated by an eval injecti...

CVE-2013-0332

Multiple directory traversal vulnerabilities in ZoneMinder 1.24.x before 1.24.4 allow remote attackers to read arbitrary files via a .. dot dot in the 1 view, 2 request, or 3 action parameter...

CVE-2019-5985

Cross-site scripting vulnerability in Hikari Denwa router/Home GateWay Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005...

CVE-2019-19085

A persistent cross-site scripting XSS vulnerability in Octopus Server 3.4.0 through 2019.10.5 allows remote authenticated attackers to inject arbitrary web script or HTML...

CVE-2019-13529

An attacker could send a malicious link to an authenticated operator, which may allow remote attackers to perform actions with the permissions of the user on the Sunny WebBox Firmware Version 1.6 and prior. This device uses IP addresses to maintain communication after a successful login, which...

CVE-2011-4768

The Site Editor aka SiteBuilder feature in Parallels Plesk Small Business Panel 10.2.0 omits the Content-Type header's charset parameter for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving...

CVE-2011-4364

Buffer overflow in the Sierra VMD decoder in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9 and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of service crash and possibly...

CVE-2011-4699

The Ubermedia Twidroyd Legacy com.twidroydlegacy application 4.3.11 for Android does not properly protect data, which allows remote attackers to read or modify Twitter information via a crafted application...

CVE-2013-4708

The PPP Access Concentrator PPPAC in Internet Initiative Japan Inc. SEIL/x86 1.00 through 2.80, SEIL/X1 1.00 through 4.30, SEIL/X2 1.00 through 4.30, SEIL/B1 1.00 through 4.30, SEIL/Turbo 1.80 through 2.15, and SEIL/neu 2FE Plus 1.80 through 2.15 generates predictable random numbers, which allows...

CVE-2018-20380

Ambit DDW2600 5.100.1009, DDW2602 5.105.1003, T60C926 4.64.1012, and U10C019 5.66.1026 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests...

CVE-2019-13488

A cross-site scripting XSS vulnerability in static/js/trape.js in Trape through 2019-05-08 allows remote attackers to inject arbitrary web script or HTML via the country, query, or refer parameter to the /register URI, because the jQuery prepend method is used...

CVE-2019-3985

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the ssid parameter...

CVE-2018-20389

D-Link DCM-604 DCM604C1ViaCabo1.0420130606 and DCM-704 EUDCM-7041.10 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests...

CVE-2018-13448

SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the countryid parameter...

CVE-2018-17022

Stack-based buffer overflow on the ASUS GT-AC5300 router through 3.0.0.4.38432738 allows remote attackers to cause a denial of service device crash or possibly have unspecified other impact by setting a long shpath0 value and then sending an appGet.cgi?hook=selectlist"StoragexSharedPath" request,...