Search

Search Results (363299 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-5706 1 Trivantis 1 Coursemill Learning Management System 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Coursemill Learning Management System (LMS) 6.8 allow remote attackers to inject arbitrary web script or HTML via vectors related to error messages and (1) crafted event attributes or (2) > (greater than) characters that are optional within a browser's HTML implementation, a different issue than CVE-2013-3603.
CVE-2013-5707 1 Trivantis 1 Coursemill Learning Management System 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Coursemill Learning Management System (LMS) 6.8 allow remote attackers to inject arbitrary web script or HTML via crafted input containing a %22 sequence, a different issue than CVE-2013-3604.
CVE-2013-5708 1 Trivantis 1 Coursemill Learning Management System 2025-04-11 N/A
Coursemill Learning Management System (LMS) 6.8 constructs secret tokens based on time values, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via vectors related to cookies, a different vulnerability than CVE-2013-3605.
CVE-2013-5709 1 Siemens 9 Scalance X-200, Scalance X-200 Series Firmware, Scalance X-200rna and 6 more 2025-04-11 N/A
The authentication implementation in the web server on Siemens SCALANCE X-200 switches with firmware before 5.0.0 does not use a sufficient source of entropy for generating values of random numbers, which makes it easier for remote attackers to hijack sessions by predicting a value.
CVE-2013-5710 1 Freebsd 1 Freebsd 2025-04-11 N/A
The nullfs implementation in sys/fs/nullfs/null_vnops.c in the kernel in FreeBSD 8.3 through 9.2 allows local users with certain permissions to bypass access restrictions via a hardlink in a nullfs instance to a file in a different instance.
CVE-2013-5711 1 Slickremix 1 Design Approval System Plugin 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in admin/walkthrough/walkthrough.php in the Design Approval System plugin before 3.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the step parameter.
CVE-2013-5715 1 Gomlab 1 Gom Player 2025-04-11 N/A
Buffer overflow in Gretech GOM Media Player before 2.2.53.5169 has unspecified impact and attack vectors.
CVE-2013-5716 1 Gomlab 1 Gom Player 2025-04-11 N/A
Gretech GOM Media Player 2.2.53.5169 and possibly earlier allows remote attackers to cause a denial of service (application crash) via a crafted WAV file.
CVE-2013-5717 1 Wireshark 1 Wireshark 2025-04-11 N/A
The Bluetooth HCI ACL dissector in Wireshark 1.10.x before 1.10.2 does not properly maintain a certain free list, which allows remote attackers to cause a denial of service (application crash) via a crafted packet that is not properly handled by the wmem_block_alloc function in epan/wmem/wmem_allocator_block.c.
CVE-2013-5718 1 Wireshark 1 Wireshark 2025-04-11 N/A
The dissect_nbap_T_dCH_ID function in epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not restrict the dch_id value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
CVE-2013-5719 1 Wireshark 1 Wireshark 2025-04-11 N/A
epan/dissectors/packet-assa_r3.c in the ASSA R3 dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
CVE-2013-5720 1 Wireshark 1 Wireshark 2025-04-11 N/A
Buffer overflow in the RTPS dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet.
CVE-2013-5721 2 Redhat, Wireshark 2 Enterprise Linux, Wireshark 2025-04-11 N/A
The dissect_mq_rr function in epan/dissectors/packet-mq.c in the MQ dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not properly determine when to enter a certain loop, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
CVE-2013-5722 1 Wireshark 1 Wireshark 2025-04-11 N/A
Unspecified vulnerability in the LDAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet.
CVE-2013-5723 1 Sap 1 Netweaver 2025-04-11 N/A
SQL injection vulnerability in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "ABAD0_DELETE_DERIVATION_TABLE."
CVE-2013-5724 1 Debian 1 Phpbb3 2025-04-11 N/A
Phpbb3 before 3.0.11-4 for Debian GNU/Linux uses world-writable permissions for cache files, which allows local users to modify the file contents via standard filesystem write operations.
CVE-2013-5725 1 Metaclassy 1 Byword 2025-04-11 N/A
The Metaclassy Byword app 2.x before 2.1 for iOS does not require confirmation of Replace file actions, which allows remote attackers to overwrite arbitrary files via the name and text parameters in a byword://replace URL.
CVE-2013-5726 1 Tapbots 1 Tweetbot 2025-04-11 N/A
Tweetbot 1.3.3 for Mac, and 2.8.5 for iPad and iPhone, does not require confirmation of (1) follow or (2) favorite actions, which allows remote attackers to automatically force the user to perform undesired actions, as demonstrated via the tweetbot:///follow/ URL.
CVE-2013-5730 1 Dlink 2 Dsl-2740b, Dsl-2740b Firmware 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DSL-2740B Gateway with firmware EU_1.00 allow remote attackers to hijack the authentication of administrators for requests that (1) enable or disable Wireless MAC Address Filters via a wlFltMode action to wlmacflt.cmd, (2) enable or disable firewall protections via a request to scdmz.cmd, or (3) enable or disable remote management via a save action to scsrvcntr.cmd.
CVE-2013-5738 1 Wordpress 1 Wordpress 2025-04-11 N/A
The get_allowed_mime_types function in wp-includes/functions.php in WordPress before 3.6.1 does not require the unfiltered_html capability for uploads of .htm and .html files, which might make it easier for remote authenticated users to conduct cross-site scripting (XSS) attacks via a crafted file.