|
287871
|
8.8 |
HIGH
Network
|
user_photo_project
|
user_photo
|
In WordPress Plugin User Photo 0.9.4, when a photo is uploaded, it is only partially validated and it is possible to upload a backdoor on the server hosting WordPress. This backdoor can be called (ex…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2013-1916
|
2024-11-21 10:50 |
2022-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287872
|
6.5 |
MEDIUM
Network
|
opencart
|
opencart
|
In OpenCart 1.4.7 to 1.5.5.1, implemented anti-traversal code in filemanager.php is ineffective and can be bypassed.
|
CWE-22
Path Traversal
|
CVE-2013-1891
|
2024-11-21 10:50 |
2022-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287873
|
9.8 |
CRITICAL
Network
|
starwindsoftware
|
iscsi_san
|
A flaw was found in StarWind iSCSI target. StarWind service does not limit client connections and allocates memory on each connection attempt. An attacker could create a denial of service state by tr…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2013-20004
|
2024-11-21 10:50 |
2022-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287874
|
8.3 |
HIGH
Adjacent
|
silabs
|
zgm130s037hgn_firmware
zm5202_firmware
zm5101_firmware
zgm2305a27hgn_firmware
zgm230sb27hgn_firmware
|
Z-Wave devices from Sierra Designs (circa 2013) and Silicon Labs (using S0 security) may use a known, shared network key of all zeros, allowing an attacker within radio range to spoof Z-Wave traffic.
|
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2013-20003
|
2024-11-21 10:50 |
2022-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287875
|
9.8 |
CRITICAL
Network
|
themify
|
framework
|
Elemin allows remote attackers to upload and execute arbitrary PHP code via the Themify framework (before 1.2.2) wp-content/themes/elemin/themify/themify-ajax.php file.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2013-20002
|
2024-11-21 10:50 |
2021-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287876
|
7.5 |
HIGH
Network
|
openzfs
|
openzfs
|
An issue was discovered in OpenZFS through 2.0.3. When an NFS share is exported to IPv6 addresses via the sharenfs feature, there is a silent failure to parse the IPv6 address data, and access is all…
|
NVD-CWE-noinfo
|
CVE-2013-20001
|
2024-11-21 10:50 |
2021-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287877
|
7.5 |
HIGH
Network
|
python
|
python
|
The gzip_decode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP request.
|
NVD-CWE-noinfo
|
CVE-2013-1753
|
2024-11-21 10:50 |
2020-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287878
|
9.8 |
CRITICAL
Network
|
berkeley
|
boinc
|
Multiple SQL injection vulnerabilities in BOINC allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2013-2018
|
2024-11-21 10:50 |
2020-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287879
|
7.5 |
HIGH
Network
|
intel
|
82574l_controller_firmware
|
A denial of service vulnerability exists in some motherboard implementations of Intel e1000e/82574L network controller devices through 2013-02-06 where the device can be brought into a non-processing…
|
CWE-665
Improper Initialization
|
CVE-2013-1634
|
2024-11-21 10:50 |
2020-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287880
|
6.1 |
MEDIUM
Network
|
zimbra
|
zimbra
|
Zimbra 2013 has XSS in aspell.php
|
CWE-79
Cross-site Scripting
|
CVE-2013-1938
|
2024-11-21 10:50 |
2020-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
