Search

Search Results (363296 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-6026 3 Alphanetworks, Dlink, Planex 13 Vdsl Asl-55052, Vdsl Asl-56552, Di-524up and 10 more 2025-04-11 N/A
The web interface on D-Link DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240 routers; Planex BRL-04R, BRL-04UR, and BRL-04CW routers; and Alpha Networks routers allows remote attackers to bypass authentication and modify settings via an xmlset_roodkcableoj28840ybtide User-Agent HTTP header, as exploited in the wild in October 2013.
CVE-2013-6027 1 Dlink 1 Dir-100 2025-04-11 N/A
Stack-based buffer overflow in the RuntimeDiagnosticPing function in /bin/webs on D-Link DIR-100 routers might allow remote authenticated administrators to execute arbitrary commands via a long set/runtime/diagnostic/pingIp parameter to Tools/tools_misc.xgi.
CVE-2013-6028 1 Atmail 1 Atmail 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Atmail Webmail Server before 7.2 allow remote attackers to hijack the authentication of administrators for requests that (1) add user accounts, (2) modify user accounts, (3) delete user accounts, or (4) stop the product's service.
CVE-2013-6029 1 Att 1 Connect Participant Application 2025-04-11 N/A
Stack-based buffer overflow in the AT&T Connect Participant Application before 9.5.51 on Windows allows remote attackers to execute arbitrary code via a malformed .SVT file.
CVE-2013-6030 1 Emerson 1 Network Power Avocent Mergepoint Unity 2016 Firmware 2025-04-11 N/A
Directory traversal vulnerability on the Emerson Network Power Avocent MergePoint Unity 2016 (aka MPU2016) KVM switch with firmware 1.9.16473 allows remote attackers to read arbitrary files via unspecified vectors, as demonstrated by reading the /etc/passwd file.
CVE-2013-6032 1 Lexmark 23 25xxn, C52x, C53x and 20 more 2025-04-11 N/A
cgi-bin/postpf/cgi-bin/dynamic/config/config.html on Lexmark X94x before LC.BR.P142, X85x through LC4.BE.P487, X644 and X646 before LC2.MC.P374, X642 through LC2.MB.P318, W840 through LS.HA.P252, T64x before LS.ST.P344, X64xef through LC2.TI.P325, C935dn through LC.JO.P091, C920 through LS.TA.P152, C78x through LC.IO.P187, X78x through LC2.IO.P335, C77x through LC.CM.P052, X772 through LC2.TR.P291, C53x through LS.SW.P069, C52x through LS.FA.P150, 25xxN through LCL.CU.P114, N4000 through LC.MD.P119, N4050e through GO.GO.N206, N70xxe through LC.CO.N309, E450 through LM.SZ.P124, E350 through LE.PH.P129, and E250 through LE.PM.P126 printers allows remote attackers to remove the Password Protect administrative password via the vac.255.GENPASSWORD parameter.
CVE-2013-6033 1 Lexmark 9 C52x, C53x, C920 and 6 more 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities on Lexmark W840 through LS.HA.P252, T64x before LS.ST.P344, C935dn through LC.JO.P091, C920 through LS.TA.P152, C53x through LS.SW.P069, C52x through LS.FA.P150, E450 through LM.SZ.P124, E350 through LE.PH.P129, and E250 through LE.PM.P126 printers allow remote authenticated users to inject arbitrary web script or HTML by using (1) SNMP or (2) the Embedded Web Server (EWS) to set the (a) Contact or (b) Location field.
CVE-2013-6034 6 Gatehouse, Harris, Hughes Network Systems and 3 more 9 Gatehouse, Bgan, 9201 and 6 more 2025-04-11 N/A
The firmware on GateHouse; Harris BGAN RF-7800B-VU204 and BGAN RF-7800B-DU204; Hughes Network Systems 9201, 9450, and 9502; Inmarsat; Japan Radio JUE-250 and JUE-500; and Thuraya IP satellite terminals has hardcoded credentials, which makes it easier for attackers to obtain unspecified login access via unknown vectors.
CVE-2013-6035 6 Gatehouse, Harris, Hughes Network Systems and 3 more 9 Gatehouse, Bgan, 9201 and 6 more 2025-04-11 N/A
The firmware on GateHouse; Harris BGAN RF-7800B-VU204 and BGAN RF-7800B-DU204; Hughes Network Systems 9201, 9450, and 9502; Inmarsat; Japan Radio JUE-250 and JUE-500; and Thuraya IP satellite terminals does not require authentication for sessions on TCP port 1827, which allows remote attackers to execute arbitrary code via unspecified protocol operations.
CVE-2013-6038 1 Trimble 1 Sketchup Viewer 2025-04-11 N/A
Stack-based buffer overflow in Trimble SketchUp Viewer 13.0.4124 allows remote attackers to execute arbitrary code via a crafted .SKP file.
CVE-2013-6039 1 Nagiosql 1 Nagiosql 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in NagiosQL 3.2 SP2 allow remote attackers to inject arbitrary web script or HTML via the txtSearch parameter to (1) admin/hostdependencies.php, (2) admin/hosts.php, or other unspecified pages that allow search input, related to the search functionality in functions/content_class.php.
CVE-2013-6040 1 Mw6tech 3 Aztec Activex Control, Datamatrix Activex Control, Maxicode Activex Control 2025-04-11 8.1 High
MW6 Aztec, DataMatrix, and MaxiCode ActiveX controls before version 4.0 vulnerable to arbitrary code via a crafted HTML document. Latest versions (4.0) of MW6 Aztec, DataMatrix, and MaxiCode ActiveX controls have resolved the issue
CVE-2013-6042 1 Softaculous 1 Webuzo 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in filemanager/login.php in the File Manager module in Softaculous Webuzo before 2.1.4 allows remote attackers to inject arbitrary web script or HTML via the user parameter.
CVE-2013-6044 2 Djangoproject, Redhat 2 Django, Openstack 2025-04-11 N/A
The is_safe_url function in utils/http.py in Django 1.4.x before 1.4.6, 1.5.x before 1.5.2, and 1.6 before beta 2 treats a URL's scheme as safe even if it is not HTTP or HTTPS, which might introduce cross-site scripting (XSS) or other vulnerabilities into Django applications that use this function, as demonstrated by "the login view in django.contrib.auth.views" and the javascript: scheme.
CVE-2013-6045 2 Redhat, Uclouvain 2 Enterprise Linux, Openjpeg 2025-04-11 N/A
Multiple heap-based buffer overflows in OpenJPEG 1.3 and earlier might allow remote attackers to execute arbitrary code via unspecified vectors.
CVE-2013-6047 1 Ikiwiki Hosting Project 1 Ikiwiki Hosting 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the site creation interface in ikiwiki-hosting before 0.20131025 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-6048 1 Munin-monitoring 1 Munin 2025-04-11 N/A
The get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin before 2.0.18 allows remote nodes to cause a denial of service (infinite loop and memory consumption in the munin-html process) via crafted multigraph data.
CVE-2013-6050 1 Twibright 1 Links 2025-04-11 N/A
Integer overflow in Links before 2.8 allows remote attackers to cause a denial of service (crash) via crafted HTML tables.
CVE-2013-6051 1 Quagga 1 Quagga 2025-04-11 N/A
The bgp_attr_unknown function in bgp_attr.c in Quagga 0.99.21 does not properly initialize the total variable, which allows remote attackers to cause a denial of service (bgpd crash) via a crafted BGP update.
CVE-2013-6052 2 Redhat, Uclouvain 2 Enterprise Linux, Openjpeg 2025-04-11 N/A
OpenJPEG 1.3 and earlier allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based out-of-bounds read.