Search

Search Results (363335 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-7137 1 Burden Project 1 Burden 2025-04-11 9.8 Critical
The "remember me" functionality in login.php in Burden before 1.8.1 allows remote attackers to bypass authentication and gain privileges by setting the burden_user_rememberme cookie to 1.
CVE-2013-7138 1 Horizon Quick Content Management System Project 1 Horizon Quick Content Management System 2025-04-11 N/A
Directory traversal vulnerability in lib/functions/d-load.php in Horizon Quick Content Management System (QCMS) 4.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the start parameter.
CVE-2013-7139 1 Cynthia Fridsma 1 Horizon Quick Content Management System 2025-04-11 N/A
SQL injection vulnerability in download.php in Horizon Quick Content Management System (QCMS) 4.0 and earlier allows remote to execute arbitrary SQL commands via the category parameter.
CVE-2013-7140 1 Open-xchange 1 Open-xchange Appsuite 2025-04-11 N/A
XML External Entity (XXE) vulnerability in the CalDAV interface in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote authenticated users to read portions of arbitrary files via vectors related to the SAX builder and the WebDAV interface. NOTE: this issue has been labeled as both absolute path traversal and XXE, but the root cause may be XXE, since XXE can be exploited to conduct absolute path traversal and other attacks.
CVE-2013-7141 1 Open-xchange 1 Open-xchange Appsuite 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to crafted "<%" tags.
CVE-2013-7142 1 Open-xchange 1 Open-xchange Appsuite 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified oAuth API functions.
CVE-2013-7143 1 Open-xchange 1 Open-xchange Appsuite 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 allows remote attackers to inject arbitrary web script or HTML via the title in a mail filter rule.
CVE-2013-7149 2 Openx, Revive-adserver 2 Openx, Revive Adserver 2025-04-11 N/A
SQL injection vulnerability in www/delivery/axmlrpc.php (aka the XML-RPC delivery invocation script) in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to execute arbitrary SQL commands via the what parameter to an XML-RPC method.
CVE-2013-7174 1 Qnap 1 Qts 2025-04-11 N/A
Absolute path traversal vulnerability in cgi-bin/jc.cgi in QNAP QTS before 4.1.0 allows remote attackers to read arbitrary files via a full pathname in the f parameter.
CVE-2013-7175 1 Avanset 1 Visual Certexam Manager 2025-04-11 N/A
Multiple SQL injection vulnerabilities in Avanset Visual CertExam Manager 3.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) Title, (2) File name, or (3) Candidate Name field.
CVE-2013-7176 1 Fail2ban 1 Fail2ban 2025-04-11 N/A
config/filter.d/postfix.conf in the postfix filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression.
CVE-2013-7177 1 Fail2ban 1 Fail2ban 2025-04-11 N/A
config/filter.d/cyrus-imap.conf in the cyrus-imap filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression.
CVE-2013-7179 1 Seowonintech 1 Swc-9100 2025-04-11 N/A
The ping functionality in cgi-bin/diagnostic.cgi on Seowon Intech SWC-9100 routers allows remote attackers to execute arbitrary commands via shell metacharacters in the ping_ipaddr parameter.
CVE-2013-7181 1 Fortinet 1 Fortiweb 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in user/ldap_user/add in Fortinet FortiOS 5.0.3 allows remote attackers to inject arbitrary web script or HTML via the filter parameter.
CVE-2013-7182 1 Fortinet 1 Fortios 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in firewall/schedule/recurrdlg in Fortinet FortiOS 5.0.5 allows remote attackers to inject arbitrary web script or HTML via the mkey parameter.
CVE-2013-7183 1 Seowonintech 1 Swc-9100 2025-04-11 N/A
cgi-bin/reboot.cgi on Seowon Intech SWC-9100 routers allows remote attackers to (1) cause a denial of service (reboot) via a default_reboot action or (2) reset all configuration values via a factory_default action.
CVE-2013-7184 1 Gomlab 1 Gom Player 2025-04-11 N/A
Gretech GOM Media Player 2.2.56.5158 and earlier allows remote attackers to cause a denial of service (memory corruption) via a crafted AVI file.
CVE-2013-7186 1 Steinberg 1 Mymp3pro 2025-04-11 N/A
Buffer overflow in Steinberg MyMp3PRO 5.0 (Build 5.1.0.21) allows remote attackers to execute arbitrary code via a long string in a .m3u file.
CVE-2013-7187 1 Ncrafts 1 Formcraft 2025-04-11 N/A
SQL injection vulnerability in form.php in the FormCraft plugin 1.3.7 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2013-7188 1 Hostbillapp 1 Hostbill 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in KBKP Software HostBill before 2013-12-14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.