|
285451
|
6.1 |
MEDIUM
Network
|
videolan
opensuse
|
vlc_media_player
opensuse
|
Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) command p…
|
CWE-79
Cross-site Scripting
|
CVE-2013-3565
|
2024-11-21 10:53 |
2020-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285452
|
7.8 |
HIGH
Local
|
mpc-hc
|
mpc-hc
|
Buffer overflow in Media Player Classic - Home Cinema (MPC-HC) before 1.7.0 allows remote attackers to execute arbitrary code via a crafted RealMedia .rm file
|
CWE-120
Classic Buffer Overflow
|
CVE-2013-3489
|
2024-11-21 10:53 |
2020-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285453
|
7.8 |
HIGH
Local
|
mpc-hc
|
mpc-hc
|
Stack-based buffer overflow in Media Player Classic - Home Cinema (MPC-HC) before 1.7.0.7858 allows remote attackers to execute arbitrary code via a crafted MPEG-2 Transport Stream (M2TS) file.
|
CWE-120
Classic Buffer Overflow
|
CVE-2013-3488
|
2024-11-21 10:53 |
2020-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285454
|
7.2 |
HIGH
Network
|
netapp
|
oncommand_system_manager
|
NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to inject arbitrary commands in the Halt/Reboot interface.
|
CWE-78
OS Command
|
CVE-2013-3322
|
2024-11-21 10:53 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285455
|
7.5 |
HIGH
Network
|
netapp
|
oncommand_system_manager
|
NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to include arbitrary files through specially crafted requests to the "diagnostic" page using the SnapMirror log path parameter.
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2013-3321
|
2024-11-21 10:53 |
2020-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285456
|
6.1 |
MEDIUM
Network
|
netapp
|
oncommand_system_manager
|
Cross-site Scripting (XSS) vulnerability in NetApp OnCommand System Manager before 2.2 allows remote attackers to inject arbitrary web script or HTML via the 'full-name' and 'comment' fields.
|
CWE-79
Cross-site Scripting
|
CVE-2013-3320
|
2024-11-21 10:53 |
2020-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285457
|
9.8 |
CRITICAL
Network
|
netgear
|
wnr1000_firmware
|
Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass via the NtgrBak key.
|
CWE-287
Improper Authentication
|
CVE-2013-3317
|
2024-11-21 10:53 |
2020-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285458
|
9.8 |
CRITICAL
Network
|
netgear
|
wnr1000_firmware
|
Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass due to the server skipping checks for URLs containing a ".jpg".
|
CWE-287
Improper Authentication
|
CVE-2013-3316
|
2024-11-21 10:53 |
2020-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285459
|
9.8 |
CRITICAL
Network
|
vtiger
|
vtiger_crm
|
vtiger CRM 5.4.0 and earlier contain an Authentication Bypass Vulnerability due to improper authentication validation in the validateSession function.
|
CWE-287
Improper Authentication
|
CVE-2013-3215
|
2024-11-21 10:53 |
2020-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285460
|
9.8 |
CRITICAL
Network
|
vtiger
|
vtiger_crm
|
vtiger CRM 5.4.0 and earlier contain a PHP Code Injection Vulnerability in 'vtigerolservice.php'.
|
CWE-74
Injection
|
CVE-2013-3214
|
2024-11-21 10:53 |
2020-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
