CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2019

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1501 CVE-2013-4856 200 +Info 2019-10-25 2019-10-29
2.9
None Local Network Medium Not required Partial None None
D-Link DIR-865L has Information Disclosure.
1502 CVE-2013-4855 22 Dir. Trav. 2019-10-25 2019-10-29
7.9
None Local Network Medium Not required Complete Complete Complete
D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in the SMB service allowing symbolic links to be created to locations outside of the Samba share.
1503 CVE-2013-4848 352 CSRF 2019-10-25 2019-10-28
9.3
None Remote Medium Not required Complete Complete Complete
TP-Link TL-WDR4300 version 3.13.31 has multiple CSRF vulnerabilities.
1504 CVE-2013-4658 22 Dir. Trav. 2019-10-25 2019-10-29
10.0
None Remote Low Not required Complete Complete Complete
Linksys EA6500 has SMB Symlink Traversal allowing symbolic links to be created to locations outside of the Samba share.
1505 CVE-2013-2075 120 DoS Overflow 2019-10-31 2019-11-06
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in the (1) R5RS char-ready, (2) tcp-accept-ready, and (3) file-select procedures in Chicken through 4.8.0.3 allows attackers to cause a denial of service (crash) by opening a file descriptor with a large integer value. NOTE: this issue exists because of an incomplete fix for CVE-2012-6122.
1506 CVE-2013-2024 78 2019-10-31 2020-08-18
9.0
None Remote Low ??? Complete Complete Complete
OS command injection vulnerability in the "qs" procedure from the "utils" module in Chicken before 4.9.0.
1507 CVE-2013-2012 269 +Priv 2019-10-31 2020-08-18
4.4
None Local Medium Not required Partial Partial Partial
autojump before 21.5.8 allows local users to gain privileges via a Trojan horse custom_install directory in the current working directory.
1508 CVE-2013-1951 79 XSS 2019-10-31 2020-08-18
4.3
None Remote Medium Not required None Partial None
A cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.5 and 1.20.x before 1.20.4 and allows remote attackers to inject arbitrary web script or HTML via Lua function names.
1509 CVE-2013-1945 829 2019-10-31 2019-11-06
2.1
None Local Low Not required None Partial None
ruby193 uses an insecure LD_LIBRARY_PATH setting.
1510 CVE-2013-1934 79 XSS 2019-10-31 2019-11-01
3.5
None Remote Medium ??? None Partial None
A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.0rc1 before 1.2.14 allows remote authenticated users to inject arbitrary web script or HTML via a complex value.
1511 CVE-2013-1932 79 XSS 2019-10-31 2019-11-06
3.5
None Remote Medium ??? None Partial None
A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.13 allows remote authenticated users to inject arbitrary web script or HTML via a project name.
1512 CVE-2013-1931 79 XSS 2019-10-31 2019-11-07
4.3
None Remote Medium Not required None Partial None
A cross-site scripting (XSS) vulnerability in MantisBT 1.2.14 allows remote attackers to inject arbitrary web script or HTML via a version, related to deleting a version.
1513 CVE-2013-1930 20 2019-10-31 2019-11-07
4.0
None Remote Low ??? None Partial None
MantisBT 1.2.12 before 1.2.15 allows authenticated users to by the workflow restriction and close issues.
1514 CVE-2013-1910 20 DoS 2019-10-31 2020-08-18
7.5
None Remote Low Not required Partial Partial Partial
yum does not properly handle bad metadata, which allows an attacker to cause a denial of service and possibly have other unspecified impact via a Trojan horse file in the metadata of a remote repository.
1515 CVE-2013-1391 287 Bypass 2019-10-30 2019-11-05
5.0
None Remote Low Not required Partial None None
Authentication bypass vulnerability in the the web interface in Hunt CCTV, Capture CCTV, Hachi CCTV, NoVus CCTV, and Well-Vision Inc DVR systems allows a remote attacker to retrieve the device configuration.
1516 CVE-2012-6125 20 2019-10-31 2019-11-05
7.5
None Remote Low Not required Partial Partial Partial
Chicken before 4.8.0 is susceptible to algorithmic complexity attacks related to hash table collisions.
1517 CVE-2012-6124 338 2019-10-31 2019-11-06
5.0
None Remote Low Not required None Partial None
A casting error in Chicken before 4.8.0 on 64-bit platform caused the random number generator to return a constant value. NOTE: the vendor states "This function wasn't used for security purposes (and is advertised as being unsuitable)."
1518 CVE-2012-6123 20 2019-10-31 2019-11-08
5.0
None Remote Low Not required None Partial None
Chicken before 4.8.0 does not properly handle NUL bytes in certain strings, which allows an attacker to conduct "poisoned NUL byte attack."
1519 CVE-2012-6122 120 DoS Overflow 2019-10-31 2019-11-05
5.0
None Remote Low Not required None None Partial
Buffer overflow in the thread scheduler in Chicken before 4.8.0.1 allows attackers to cause a denial of service (crash) by opening a file descriptor with a large integer value.
1520 CVE-2012-5577 276 2019-10-28 2019-10-31
5.0
None Remote Low Not required Partial None None
Python keyring lib before 0.10 created keyring files with world-readable permissions.
1521 CVE-2012-2945 59 2019-10-29 2019-10-31
5.0
None Remote Low Not required None Partial None
Hadoop 1.0.3 contains a symlink vulnerability.
1522 CVE-2012-1187 273 2019-10-29 2019-10-31
7.5
None Remote Low Not required Partial Partial Partial
Bitlbee does not drop extra group privileges correctly in unix.c
1523 CVE-2012-0694 20 Exec Code 2019-10-29 2019-11-01
7.5
None Remote Low Not required Partial Partial Partial
SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which allows remote attackers to execute arbitrary PHP code.
1524 CVE-2012-0046 200 +Info 2019-10-29 2019-10-31
5.0
None Remote Low Not required Partial None None
mediawiki allows deleted text to be exposed
1525 CVE-2011-4931 521 2019-10-29 2019-11-01
5.0
None Remote Low Not required None Partial None
gpw generates shorter passwords than required
1526 CVE-2011-2538 74 Exec Code 2019-10-29 2019-11-01
9.0
None Remote Low ??? Complete Complete Complete
Cisco Video Communications Server (VCS) before X7.0.3 contains a command injection vulnerability which allows remote, authenticated attackers to execute arbitrary commands.
1527 CVE-2011-1408 59 2019-10-29 2020-08-18
6.4
None Remote Low Not required Partial Partial None
ikiwiki before 3.20110608 allows remote attackers to hijack root's tty and run symlink attacks.
1528 CVE-2011-0428 79 XSS 2019-10-29 2019-11-01
4.3
None Remote Medium Not required None Partial None
Cross Site Scripting (XSS) in ikiwiki before 3.20110122 could allow remote attackers to insert arbitrary JavaScript due to insufficient checking in comments.
1529 CVE-2010-5340 79 XSS 2019-10-11 2019-10-15
4.3
None Remote Medium Not required None Partial None
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/ with the parameter password is non-persistent in 10.2.0.
1530 CVE-2010-5339 79 XSS 2019-10-11 2019-10-15
4.3
None Remote Medium Not required None Partial None
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][uid] is non-persistent in 10.1.3 and 10.2.0.
1531 CVE-2010-5338 79 XSS 2019-10-11 2019-10-15
4.3
None Remote Medium Not required None Partial None
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][action] is non-persistent in 10.1.3 and 10.2.0.
1532 CVE-2010-5337 79 XSS 2019-10-11 2019-10-15
4.3
None Remote Medium Not required None Partial None
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][controller] is non-persistent in 10.1.3 and 10.2.0.
1533 CVE-2010-5336 79 XSS 2019-10-11 2019-10-15
4.3
None Remote Medium Not required None Partial None
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: admin/login.html with the parameter username is persistent in 10.2.0.
1534 CVE-2010-5335 22 Dir. Trav. 2019-10-11 2019-10-16
7.8
None Remote Low Not required Complete None None
IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (script to basic/minimizer/index.php) is not properly sanitised and can therefore be exploited to browse the partition where IceWarp is installed (or the whole system) and read arbitrary files.
1535 CVE-2010-5334 22 Dir. Trav. 2019-10-11 2019-10-17
7.8
None Remote Low Not required Complete None None
IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (_c to basic/index.html) is not properly sanitised and can therefore be exploited to browse the partition where IceWarp is installed (or the whole system) and read arbitrary files.
1536 CVE-2010-4245 79 XSS 2019-10-28 2019-11-01
4.3
None Remote Medium Not required None Partial None
pootle 2.0.5 has XSS via 'match_names' parameter
1537 CVE-2010-4241 352 CSRF 2019-10-28 2019-10-29
6.8
None Remote Medium Not required Partial Partial Partial
Tiki Wiki CMS Groupware 5.2 has CSRF
1538 CVE-2010-4240 79 XSS 2019-10-28 2019-10-29
4.3
None Remote Medium Not required None Partial None
Tiki Wiki CMS Groupware 5.2 has XSS
1539 CVE-2010-4239 20 File Inclusion 2019-10-28 2019-10-29
7.5
None Remote Low Not required Partial Partial Partial
Tiki Wiki CMS Groupware 5.2 has Local File Inclusion
1540 CVE-2010-4237 295 2019-10-29 2019-10-31
4.3
None Remote Medium Not required None Partial None
Mercurial before 1.6.4 fails to verify the Common Name field of SSL certificates which allows remote attackers who acquire a certificate signed by a Certificate Authority to perform a man-in-the-middle attack.
1541 CVE-2010-3375 20 Exec Code 2019-10-29 2019-11-01
7.5
None Remote Low Not required Partial Partial Partial
qtparted has insecure library loading which may allow arbitrary code execution
1542 CVE-2010-3373 20 2019-10-29 2019-11-01
2.1
None Local Low Not required None Partial None
paxtest handles temporary files insecurely
1543 CVE-2010-3293 20 2019-10-28 2019-10-30
2.1
None Local Low Not required None Partial None
mailscanner can allow local users to prevent virus signatures from being updated
1544 CVE-2010-2783 200 +Info 2019-10-31 2019-11-04
6.4
None Remote Low Not required Partial Partial None
IcedTea6 before 1.7.4 allow unsigned apps to read and write arbitrary files, related to Extended JNLP Services.
1545 CVE-2010-2548 863 2019-10-31 2019-11-04
6.4
None Remote Low Not required Partial Partial None
IcedTea6 before 1.7.4 does not properly check property access, which allows unsigned apps to read and write arbitrary files.
1546 CVE-2010-2490 20 2019-10-31 2019-11-06
4.0
None Remote Low ??? None None Partial
Mumble: murmur-server has DoS due to malformed client query
1547 CVE-2010-2064 59 +Priv 2019-10-29 2019-11-05
3.6
None Local Low Not required Partial Partial None
rpcbind 0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr.
1548 CVE-2010-2061 20 2019-10-29 2019-11-05
7.2
None Local Low Not required Complete Complete Complete
rpcbind 0.2.0 does not properly validate (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr, which can be created by an attacker before the daemon is started.
1549 CVE-2010-1678 20 2019-10-29 2021-06-01
5.0
None Remote Low Not required None None Partial
Mapserver 5.2, 5.4 and 5.6 before 5.6.5-2 improperly validates symbol index values during Mapfile parsing.
1550 CVE-2010-1673 79 XSS 2019-10-30 2019-10-31
4.3
None Remote Medium Not required None Partial None
A cross-site scripting (XSS) vulnerability in ikiwiki before 3.20101112 allows remote attackers to inject arbitrary web script or HTML via a comment.
Total number of vulnerabilities : 1567   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 (This Page)32
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.