Search

Search Results (363303 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-5666 1 Freebsd 1 Freebsd 2025-04-11 N/A
The sendfile system-call implementation in sys/kern/uipc_syscalls.c in the kernel in FreeBSD 9.2-RC1 and 9.2-RC2 does not properly pad transmissions, which allows local users to obtain sensitive information (kernel memory) via a length greater than the length of the file.
CVE-2013-5667 1 Thecus 2 N8800 Nas Server, N8800 Nas Server Firmware 2025-04-11 N/A
The Thecus NAS server N8800 with firmware 5.03.01 allows remote attackers to execute arbitrary commands via a get_userid action with shell metacharacters in the username parameter.
CVE-2013-5668 1 Thecus 2 N8800 Nas Server, N8800 Nas Server Firmware 2025-04-11 N/A
The ADS/NT Support page on the Thecus NAS server N8800 with firmware 5.03.01 allows remote attackers to discover the administrator credentials by reading this page's cleartext content.
CVE-2013-5669 1 Thecus 2 N8800 Nas Server, N8800 Nas Server Firmware 2025-04-11 N/A
The Thecus NAS server N8800 with firmware 5.03.01 uses cleartext credentials for administrative authentication, which allows remote attackers to obtain sensitive information by sniffing the network.
CVE-2013-5670 1 S9y 1 Serendipity 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in spell-check-savedicts.php in the htmlarea SpellChecker module, as used in Serendipity before 1.7.3 and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the to_r_list parameter.
CVE-2013-5672 2 Indianic, Wordpress 2 Testimonial Plugin, Wordpress 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the IndiaNIC Testimonial plugin 2.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add a testimonial via an iNIC_testimonial_save action; (2) add a listing template via an iNIC_testimonial_save_listing_template action; (3) add a widget template via an iNIC_testimonial_save_widget action; insert cross-site scripting (XSS) sequences via the (4) project_name, (5) project_url, (6) client_name, (7) client_city, (8) client_state, (9) description, (10) tags, (11) video_url, or (12) is_featured, (13) title, (14) widget_title, (15) no_of_testimonials, (16) filter_by_country, (17) filter_by_tags, or (18) widget_template parameter to wp-admin/admin-ajax.php.
CVE-2013-5673 2 Indianic, Wordpress 2 Testimonial Plugin, Wordpress 2025-04-11 N/A
SQL injection vulnerability in testimonial.php in the IndiaNIC Testimonial plugin 2.2 for WordPress allows remote attackers to execute arbitrary SQL commands via the custom_query parameter in a testimonial_add action to wp-admin/admin-ajax.php.
CVE-2013-5674 1 Moodle 1 Moodle 2025-04-11 N/A
badges/external.php in Moodle 2.5.x before 2.5.2 does not properly handle an object obtained by unserializing a description of an external badge, which allows remote attackers to conduct PHP object injection attacks via unspecified vectors, as demonstrated by overwriting the value of the userid parameter.
CVE-2013-5676 1 Sonarsource 2 Jenkins Plugin, Sonarqube 2025-04-11 N/A
The Jenkins Plugin for SonarQube 3.7 and earlier allows remote authenticated users to obtain sensitive information (cleartext passwords) by reading the value in the sonar.sonarPassword parameter from jenkins/configure.
CVE-2013-5679 1 Owasp 1 Enterprise Security Api 2025-04-11 N/A
The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API (ESAPI) for Java 2.x before 2.1.0 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryptographic protection mechanisms via an attack against authenticity in the default configuration, involving a null MAC and a zero MAC length.
CVE-2013-5688 1 Ajaxplorer 1 Ajaxplorer 2025-04-11 N/A
Multiple directory traversal vulnerabilities in index.php in AjaXplorer 5.0.2 and earlier allow remote authenticated users to read arbitrary files via a ../%00 (dot dot backslash encoded null byte) in the file parameter in a (1) download or (2) get_content action, or (3) upload arbitrary files via a ../%00 (dot dot backslash encoded null byte) in the dir parameter in an upload action.
CVE-2013-5690 1 Open-xchange 1 Open-xchange Appsuite 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite before 7.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) content with the text/xml MIME type or (2) the Status comment field of an appointment.
CVE-2013-5691 1 Freebsd 1 Freebsd 2025-04-11 N/A
The (1) IPv6 and (2) ATM ioctl request handlers in the kernel in FreeBSD 8.3 through 9.2-STABLE do not validate SIOCSIFADDR, SIOCSIFBRDADDR, SIOCSIFDSTADDR, and SIOCSIFNETMASK requests, which allows local users to perform link-layer actions, cause a denial of service (panic), or possibly gain privileges via a crafted application.
CVE-2013-5692 1 X2engine 1 X2crm 2025-04-11 N/A
Directory traversal vulnerability in X2Engine X2CRM before 3.5 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the file parameter to index.php/admin/translationManager.
CVE-2013-5693 1 X2engine 1 X2crm 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in X2Engine X2CRM before 3.5 allows remote attackers to inject arbitrary web script or HTML via the model parameter to index.php/admin/editor.
CVE-2013-5694 1 Opsview 1 Opsview 2025-04-11 N/A
SQL injection vulnerability in status/service/acknowledge in Opsview before 4.4.1 allows remote attackers to execute arbitrary SQL commands via the service_selection parameter.
CVE-2013-5695 1 Opsview 1 Opsview 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Opsview before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/auditlog/, (2) PATH_INFO to info/host/ or (3) viewport/, (4) back parameter to login, or (5) "from" parameter to status/service/recheck.
CVE-2013-5696 1 Glpi-project 1 Glpi 2025-04-11 N/A
inc/central.class.php in GLPI before 0.84.2 does not attempt to make install/install.php unavailable after an installation is completed, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and (1) perform a SQL injection via an Etape_4 action or (2) execute arbitrary PHP code via an update_1 action.
CVE-2013-5697 2 Apache, Simone Tellini 2 Http Server, Mod Accounting 2025-04-11 N/A
SQL injection vulnerability in mod_accounting.c in the mod_accounting module 0.5 and earlier for Apache allows remote attackers to execute arbitrary SQL commands via a Host header.
CVE-2013-5698 1 Open-xchange 2 Open-xchange Appsuite, Open-xchange Server 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite and Server before 6.22.0 rev16, 6.22.1 before rev19, 7.0.1 before rev7, 7.0.2 before rev11, and 7.2.0 before rev8 allows remote authenticated users to inject arbitrary web script or HTML via a delivery=view action, aka Bug ID 26373, a different vulnerability than CVE-2013-3106.