Search

Search Results (364661 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-7064 1 Freelance-it-consultant 1 Eu Cookie Compliance 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the EU Cookie Compliance module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated administrators with the "Administer EU Cookie Compliance popup" permission to inject arbitrary web script or HTML via unspecified configuration values.
CVE-2013-7065 1 Organic Groups Project 1 Organic Groups 2025-04-12 N/A
The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to bypass access restrictions and post to arbitrary groups via a group audience field, as demonstrated by the og_group_ref field.
CVE-2013-7066 1 Entity Reference Project 1 Entityreference 2025-04-12 N/A
The Entity reference module 7.x-1.x before 7.x-1.1-rc1 for Drupal allows remote attackers to read private nodes titles by leveraging edit permissions to a node that references a private node.
CVE-2013-7068 1 Organic Groups Project 1 Organic Groups 2025-04-12 N/A
The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users to bypass group restrictions on nodes with all groups set to optional input via an empty group field.
CVE-2013-7110 1 Transifex 1 Transifex 2025-04-12 N/A
Transifex command-line client before 0.10 does not validate X.509 certificates for data transfer connections, which allows man-in-the-middle attackers to spoof a Transifex server via an arbitrary certificate. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-2073.
CVE-2013-7111 1 Basespace Ruby Sdk Project 1 Basespace Ruby Sdk 2025-04-12 N/A
The put_call function in the API client (api/api_client.rb) in the BaseSpace Ruby SDK (aka bio-basespace-sdk) gem 0.1.7 for Ruby uses the API_KEY on the command line, which allows remote attackers to obtain sensitive information by listing the processes.
CVE-2013-7134 1 Phusion 1 Juvia 2025-04-12 N/A
Juvia uses the same secret key for all installations, which allows remote attackers to have unspecified impact by leveraging the secret key in app/config/initializers/secret_token.rb, related to cookies.
CVE-2013-7144 3 Apple, Linecorp, Microsoft 3 Mac Os X, Line, Windows 2025-04-12 N/A
LINE 3.2.1.83 and earlier on Windows and 3.2.1 and earlier on OS X does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2013-7180 1 Cobham 9 Aviator 200, Aviator 300, Aviator 350 and 6 more 2025-04-12 N/A
Cobham SAILOR 900 VSAT; SAILOR FleetBroadBand 150, 250, and 500; EXPLORER BGAN; and AVIATOR 200, 300, 350, and 700D devices do not properly restrict password recovery, which allows attackers to obtain administrative privileges by leveraging physical access or terminal access to spoof a reset code.
CVE-2013-7234 1 Simplemachines 1 Simple Machines Forum 2025-04-12 N/A
Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows remote attackers to conduct clickjacking attacks via an X-Frame-Options header.
CVE-2013-7195 1 Phpfox 1 Phpfox 2025-04-12 N/A
PHPFox 3.7.3 and 3.7.4 allows remote authenticated users to bypass intended "Only Me" restrictions and "like" a publication via a request that specifies the ID for the publication.
CVE-2013-7220 1 Gnome 1 Gnome-shell 2025-04-12 N/A
js/ui/screenShield.js in GNOME Shell (aka gnome-shell) before 3.8 allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation with the keyboard focus on the Activities search.
CVE-2013-7221 1 Gnome 1 Gnome-shell 2025-04-12 N/A
The automatic screen lock functionality in GNOME Shell (aka gnome-shell) before 3.10 does not prevent access to the "Enter a Command" dialog, which allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation.
CVE-2013-7235 1 Simplemachines 1 Simple Machines Forum 2025-04-12 N/A
Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows remote attackers to impersonate arbitrary users via multiple space characters characters.
CVE-2013-7236 1 Simplemachines 1 Simple Machines Forum 2025-04-12 N/A
Simple Machines Forum (SMF) 2.0.6, 1.1.19, and earlier allows remote attackers to impersonate arbitrary users via a Unicode homoglyph character in a username.
CVE-2013-7252 1 Kde 1 Kde Applications 2025-04-12 N/A
kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB mode instead of CBC mode when encrypting the password store, which makes it easier for attackers to guess passwords via a codebook attack.
CVE-2013-7259 1 Neo4j 1 Neo4j 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Neo4J 1.9.2 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary code, as demonstrated by a request to (1) db/data/ext/GremlinPlugin/graphdb/execute_script or (2) db/manage/server/console/.
CVE-2013-7273 1 Gnome 1 Gnome Display Manager 2025-04-12 N/A
GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list is set to true, allows local users to cause a denial of service (unable to login) by pressing the cancel button after entering a user name.
CVE-2013-7323 1 Vinay Sajip 1 Python-gnupg 2025-04-12 N/A
python-gnupg before 0.3.5 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in unspecified vectors.
CVE-2013-7329 1 Perl 1 Cgi Application Module 2025-04-12 N/A
The CGI::Application module before 4.50_50 and 4.50_51 for Perl, when run modes are not specified, allows remote attackers to obtain sensitive information (web queries and environment details) via vectors related to the dump_html function.