Export limit exceeded: 364243 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364243 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-6942 | 1 Citrix | 1 Netscaler Application Delivery Controller Firmware | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2013-6943 | 1 Citrix | 1 Netscaler Application Delivery Controller Firmware | 2025-04-12 | N/A |
| Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows remote attackers to conduct an LDAP injection attack via vectors related to SSH and Web management usernames. | ||||
| CVE-2013-6944 | 1 Citrix | 1 Netscaler Application Delivery Controller Firmware | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the user interface in the AAA TM vServer in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2013-6975 | 1 Cisco | 1 Nx-os | 2025-04-12 | N/A |
| Directory traversal vulnerability in the command-line interface in Cisco NX-OS 6.2(2a) and earlier allows local users to read arbitrary files via unspecified input, aka Bug ID CSCul05217. | ||||
| CVE-2013-6994 | 1 Opentext | 1 Exceed Ondemand | 2025-04-12 | N/A |
| OpenText Exceed OnDemand (EoD) 8 transmits the session ID in cleartext, which allows remote attackers to perform session fixation attacks by sniffing the network. | ||||
| CVE-2013-7003 | 1 Livezilla | 1 Livezilla | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) full name field, (2) company field, or (3) filename to chat.php. | ||||
| CVE-2013-7033 | 1 Livezilla | 1 Livezilla | 2025-04-12 | N/A |
| LiveZilla before 5.1.2.1 includes the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which might allow remote attackers to obtain sensitive information and gain privileges by accessing the loginName and loginPassword variables using an independent cross-site scripting (XSS) attack. | ||||
| CVE-2013-7034 | 1 Livezilla | 1 Livezilla | 2025-04-12 | N/A |
| The setCookieValue function in _lib/functions.global.inc.php in LiveZilla before 5.1.2.1 allows remote attackers to execute arbitrary PHP code via a serialized PHP object in a cookie. | ||||
| CVE-2013-7040 | 2 Apple, Python | 2 Mac Os X, Python | 2025-04-12 | N/A |
| Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150. | ||||
| CVE-2013-7041 | 1 Cristian Gafton | 1 Pam Userdb | 2025-04-12 | N/A |
| The pam_userdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the password via a brute force attack. | ||||
| CVE-2013-7057 | 1 Axway | 1 Securetransport | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Axway SecureTransport 5.1 SP2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that upload arbitrary files via a crafted request to api/v1.0/files/. | ||||
| CVE-2013-7060 | 1 Plone | 1 Plone | 2025-04-12 | N/A |
| Products/CMFPlone/FactoryTool.py in Plone 3.3 through 4.3.2 allows remote attackers to obtain the installation path via vectors related to a file object for unspecified documentation which is initialized in class scope. | ||||
| CVE-2013-7061 | 1 Plone | 1 Plone | 2025-04-12 | N/A |
| Products/CMFPlone/CatalogTool.py in Plone 3.3 through 4.3.2 allows remote administrators to bypass restrictions and obtain sensitive information via an unspecified search API. | ||||
| CVE-2013-7063 | 1 Invitation Project | 1 Invitation | 2025-04-12 | N/A |
| The Invitation module 7.x-2.x for Drupal does not properly check permissions, which allows remote attackers to obtain sensitive information via unspecified default views. | ||||
| CVE-2013-7064 | 1 Freelance-it-consultant | 1 Eu Cookie Compliance | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the EU Cookie Compliance module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated administrators with the "Administer EU Cookie Compliance popup" permission to inject arbitrary web script or HTML via unspecified configuration values. | ||||
| CVE-2013-7065 | 1 Organic Groups Project | 1 Organic Groups | 2025-04-12 | N/A |
| The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to bypass access restrictions and post to arbitrary groups via a group audience field, as demonstrated by the og_group_ref field. | ||||
| CVE-2013-7066 | 1 Entity Reference Project | 1 Entityreference | 2025-04-12 | N/A |
| The Entity reference module 7.x-1.x before 7.x-1.1-rc1 for Drupal allows remote attackers to read private nodes titles by leveraging edit permissions to a node that references a private node. | ||||
| CVE-2013-7068 | 1 Organic Groups Project | 1 Organic Groups | 2025-04-12 | N/A |
| The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users to bypass group restrictions on nodes with all groups set to optional input via an empty group field. | ||||
| CVE-2013-7110 | 1 Transifex | 1 Transifex | 2025-04-12 | N/A |
| Transifex command-line client before 0.10 does not validate X.509 certificates for data transfer connections, which allows man-in-the-middle attackers to spoof a Transifex server via an arbitrary certificate. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-2073. | ||||
| CVE-2013-7111 | 1 Basespace Ruby Sdk Project | 1 Basespace Ruby Sdk | 2025-04-12 | N/A |
| The put_call function in the API client (api/api_client.rb) in the BaseSpace Ruby SDK (aka bio-basespace-sdk) gem 0.1.7 for Ruby uses the API_KEY on the command line, which allows remote attackers to obtain sensitive information by listing the processes. | ||||