Search

Search Results (363290 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-6920 1 Siemens 14 Sinamics G110, Sinamics G110d, Sinamics G120 and 11 more 2025-04-11 N/A
Siemens SINAMICS S/G controllers with firmware before 4.6.11 do not require authentication for FTP and TELNET sessions, which allows remote attackers to bypass intended access restrictions via TCP traffic to port (1) 21 or (2) 23.
CVE-2013-6922 1 Seagate 2 Blackarmor Nas 220, Blackarmor Nas 220 Firmware 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the Seagate BlackArmor NAS 220 devices with firmware sg2000-2000.1331 allow remote attackers to hijack the authentication of administrators for requests that (1) add user accounts via a crafted request to admin/access_control_user_add.php; (2) modify or (3) delete user accounts; (4) perform a factory reset; (5) perform a device reboot; or (6) add, (7) modify, or (8) delete shares and volumes.
CVE-2013-6923 1 Seagate 2 Blackarmor Nas 220, Blackarmor Nas 220 Firmware 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Seagate BlackArmor NAS 220 devices with firmware sg2000-2000.1331 allow remote attackers to inject arbitrary web script or HTML via the (1) fullname parameter to admin/access_control_user_edit.php or (2) workname parameter to admin/network_workgroup_domain.php.
CVE-2013-6925 1 Siemens 1 Ruggedcom Rugged Operating System 2025-04-11 N/A
The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 allows remote attackers to hijack web sessions by predicting a session id value.
CVE-2013-6926 1 Siemens 1 Ruggedcom Rugged Operating System 2025-04-11 N/A
The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 allows remote authenticated users to bypass intended restrictions on administrative actions by leveraging access to a (1) guest or (2) operator account.
CVE-2013-6929 1 Cybozu 1 Garoon 2025-04-11 N/A
SQL injection vulnerability in Cybozu Garoon 3.7 SP2 and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted API input.
CVE-2013-6930 1 Cybozu 1 Garoon 2025-04-11 N/A
SQL injection vulnerability in the page-navigation implementation in Cybozu Garoon 2.0.0 through 2.0.6, 2.1.0 through 2.1.3, 2.5.0 through 2.5.4, 3.0.0 through 3.0.3, 3.5.0 through 3.5.5, and 3.7.x before 3.7.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6929.
CVE-2013-6931 1 Cybozu 1 Garoon 2025-04-11 N/A
SQL injection vulnerability in the API in Cybozu Garoon 3.7.x before 3.7.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6929.
CVE-2013-6932 1 Irfanview 1 Irfanview 2025-04-11 N/A
Buffer overflow in IrfanView before 4.37, when a multibyte-character directory name is used, allows user-assisted remote attackers to execute arbitrary code via a crafted file that is incorrectly handled by the Thumbnail tooltips feature in the Thumbnails window.
CVE-2013-6933 1 Live555 1 Streaming Media 2025-04-11 N/A
The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) space or (2) tab character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow.
CVE-2013-6934 2 Live555, Videolan 2 Streaming Media, Vlc Media Player 2025-04-11 N/A
The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a space character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6933.
CVE-2013-6935 1 Videocharge 1 Watermark Master 2025-04-11 N/A
Buffer overflow in VideoCharge Software Watermark Master 2.2.23 allows remote attackers to execute arbitrary code via a long string in the SourcePath value in a .wcf file.
CVE-2013-6936 1 Mybb 1 Ajax Forum Stat 2025-04-11 N/A
Multiple SQL injection vulnerabilities in ajaxfs.php in the Ajax forum stat (Ajaxfs) Plugin 2.0 for MyBB (aka MyBulletinBoard) allow remote attackers to execute arbitrary SQL commands via the (1) tooltip or (2) usertooltip parameter.
CVE-2013-6937 1 Videocharge 1 Watermark Master 2025-04-11 N/A
Buffer overflow in VideoCharge Software Watermark Master 2.2.23 allows remote attackers to execute arbitrary code via a long string in the name attribute of the cols element in a .wstyle file.
CVE-2013-6945 1 Osehra 1 Vista 2025-04-11 N/A
The M2M Broker in OSEHRA VistA, as distributed before September 30, 2013, allows attackers to bypass authentication and authorization to perform doctor-only actions and read or modify patient records via unspecified vectors related to a "logic flaw."
CVE-2013-6948 1 Belkin 1 Wemo Home Automation Firmware 2025-04-11 N/A
The peerAddresses API in the Belkin WeMo Home Automation firmware before 3949 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2013-6949 1 Belkin 1 Wemo Home Automation Firmware 2025-04-11 N/A
The Belkin WeMo Home Automation firmware before 3949 does not properly use the STUN and TURN protocols, which allows remote attackers to hijack connections and possibly have unspecified other impact by leveraging access to a single WeMo device.
CVE-2013-6951 1 Belkin 1 Wemo Home Automation Firmware 2025-04-11 N/A
The Belkin WeMo Home Automation firmware before 3949 does not maintain a set of Certification Authority public keys, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary X.509 certificate.
CVE-2013-6952 1 Belkin 1 Wemo Home Automation Firmware 2025-04-11 N/A
The Belkin WeMo Home Automation firmware before 3949 has a hardcoded GPG key, which makes it easier for remote attackers to spoof firmware updates and execute arbitrary code via crafted signed data.
CVE-2013-6953 1 Dotnetblogengine 1 Blogengine.net 2025-04-11 N/A
BlogEngine.NET 2.8.0.0 and earlier allows remote attackers to read usernames and password hashes via a request for the sioc.axd file.