Search

Search Results (364785 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-6805 1 Opentext 1 Exceed Ondemand 2025-04-12 N/A
OpenText Exceed OnDemand (EoD) 8 uses weak encryption for passwords, which makes it easier for (1) remote attackers to discover credentials by sniffing the network or (2) local users to discover credentials by reading a .eod8 file.
CVE-2013-6806 1 Opentext 1 Exceed Ondemand 2025-04-12 N/A
OpenText Exceed OnDemand (EoD) 8 allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information via a crafted string in a response, which triggers a downgrade to simple authentication that sends credentials in plaintext.
CVE-2013-6807 1 Opentext 1 Exceed Ondemand 2025-04-12 N/A
The client in OpenText Exceed OnDemand (EoD) 8 supports anonymous ciphers by default, which allows man-in-the-middle attackers to bypass server certificate validation, redirect a connection, and obtain sensitive information via crafted responses.
CVE-2013-6825 1 Offis 1 Dcmtk 2025-04-12 N/A
(1) movescu.cc and (2) storescp.cc in dcmnet/apps/, (3) dcmnet/libsrc/scp.cc, (4) dcmwlm/libsrc/wlmactmg.cc, (5) dcmprscp.cc and (6) dcmpsrcv.cc in dcmpstat/apps/, (7) dcmpstat/tests/msgserv.cc, and (8) dcmqrdb/apps/dcmqrscp.cc in DCMTK 3.6.1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by creating a large number of processes.
CVE-2013-6835 1 Apple 2 Iphone Os, Safari 2025-04-12 N/A
TelephonyUI Framework in Apple iOS 7 before 7.1, when Safari is used, does not require user confirmation for FaceTime audio calls, which allows remote attackers to obtain telephone number or e-mail address information via a facetime-audio: URL.
CVE-2013-6892 2 Debian, Websvn 2 Debian Linux, Websvn 2025-04-12 N/A
WebSVN 2.3.3 allows remote authenticated users to read arbitrary files via a symlink attack in a commit.
CVE-2013-6919 1 Phpthumb Project 1 Phpthumb 2025-04-12 N/A
The default configuration of phpThumb before 1.7.12 has a false value for the disable_debug option, which allows remote attackers to conduct Server-Side Request Forgery (SSRF) attacks via the src parameter.
CVE-2013-6990 1 Fortinet 1 Fortiauthenticator 2025-04-12 N/A
FortiGuard FortiAuthenticator before 3.0 allows remote administrators to gain privileges via the command line interface.
CVE-2013-6939 1 Citrix 1 Netscaler Application Delivery Controller Firmware 2025-04-12 N/A
Unspecified vulnerability in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows attackers to cause a denial of service via unknown vectors, related to "RADIUS authentication."
CVE-2013-6941 1 Citrix 1 Netscaler Application Delivery Controller Firmware 2025-04-12 N/A
Unspecified vulnerability in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows users to "breakout" of the shell via unknown vectors.
CVE-2013-6942 1 Citrix 1 Netscaler Application Delivery Controller Firmware 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2013-6943 1 Citrix 1 Netscaler Application Delivery Controller Firmware 2025-04-12 N/A
Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows remote attackers to conduct an LDAP injection attack via vectors related to SSH and Web management usernames.
CVE-2013-6944 1 Citrix 1 Netscaler Application Delivery Controller Firmware 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the user interface in the AAA TM vServer in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-6975 1 Cisco 1 Nx-os 2025-04-12 N/A
Directory traversal vulnerability in the command-line interface in Cisco NX-OS 6.2(2a) and earlier allows local users to read arbitrary files via unspecified input, aka Bug ID CSCul05217.
CVE-2013-6994 1 Opentext 1 Exceed Ondemand 2025-04-12 N/A
OpenText Exceed OnDemand (EoD) 8 transmits the session ID in cleartext, which allows remote attackers to perform session fixation attacks by sniffing the network.
CVE-2013-7003 1 Livezilla 1 Livezilla 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) full name field, (2) company field, or (3) filename to chat.php.
CVE-2013-7033 1 Livezilla 1 Livezilla 2025-04-12 N/A
LiveZilla before 5.1.2.1 includes the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which might allow remote attackers to obtain sensitive information and gain privileges by accessing the loginName and loginPassword variables using an independent cross-site scripting (XSS) attack.
CVE-2013-7034 1 Livezilla 1 Livezilla 2025-04-12 N/A
The setCookieValue function in _lib/functions.global.inc.php in LiveZilla before 5.1.2.1 allows remote attackers to execute arbitrary PHP code via a serialized PHP object in a cookie.
CVE-2013-7040 2 Apple, Python 2 Mac Os X, Python 2025-04-12 N/A
Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.
CVE-2013-7041 1 Cristian Gafton 1 Pam Userdb 2025-04-12 N/A
The pam_userdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the password via a brute force attack.