Export limit exceeded: 363345 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363345 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-4951 | 1 Mintboard | 1 Mintboard | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Mintboard 0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) pass parameter in views/login.php or (3) name or (4) pass parameter in views/signup.php. | ||||
| CVE-2013-4952 | 1 Elemata | 1 Elemata Cms | 2025-04-11 | N/A |
| SQL injection vulnerability in functions/global.php in Elemata CMS RC 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2013-4953 | 1 Topgames | 1 Top Games Script | 2025-04-11 | N/A |
| SQL injection vulnerability in play.php in Top Games Script 1.2 allows remote attackers to execute arbitrary SQL commands via the gid parameter. | ||||
| CVE-2013-4954 | 2 Genetechsolutions, Wordpress | 2 Pie-register, Wordpress | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in the Genetech Solutions Pie-Register plugin before 1.31 for WordPress, when "Allow New Registrations to set their own Password" is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) pass1 or (2) pass2 parameter in a register action. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2013-4955 | 1 Puppet | 1 Puppet Enterprise | 2025-04-11 | N/A |
| Open redirect vulnerability in the login page in Puppet Enterprise before 3.0.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the service parameter. | ||||
| CVE-2013-4956 | 3 Puppet, Puppetlabs, Redhat | 4 Puppet, Puppet Enterprise, Puppet and 1 more | 2025-04-11 | N/A |
| Puppet Module Tool (PMT), as used in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, installs modules with weak permissions if those permissions were used when the modules were originally built, which might allow local users to read or modify those modules depending on the original permissions. | ||||
| CVE-2013-4959 | 1 Puppet | 1 Puppet Enterprise | 2025-04-11 | N/A |
| Puppet Enterprise before 3.0.1 uses HTTP responses that contain sensitive information without the "no-cache" setting, which might allow local users to obtain sensitive information such as (1) host name, (2) MAC address, and (3) SSH keys via the web browser cache. | ||||
| CVE-2013-4961 | 1 Puppet | 1 Puppet Enterprise | 2025-04-11 | N/A |
| Puppet Enterprise before 3.0.1 includes version information for the Apache and Phusion Passenger products in its HTTP response headers, which allows remote attackers to obtain sensitive information. | ||||
| CVE-2013-4962 | 1 Puppet | 1 Puppet Enterprise | 2025-04-11 | N/A |
| The reset password page in Puppet Enterprise before 3.0.1 does not force entry of the current password, which allows attackers to modify user passwords by leveraging session hijacking, an unattended workstation, or other vectors. | ||||
| CVE-2013-4964 | 1 Puppet | 1 Puppet Enterprise | 2025-04-11 | N/A |
| Puppet Enterprise before 3.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | ||||
| CVE-2013-4965 | 1 Puppet | 1 Puppet Enterprise | 2025-04-11 | N/A |
| Puppet Enterprise before 3.1.0 does not properly restrict the number of authentication attempts by a console account, which makes it easier for remote attackers to bypass intended access restrictions via a brute-force attack. | ||||
| CVE-2013-4967 | 1 Puppet | 1 Puppet Enterprise | 2025-04-11 | N/A |
| Puppet Enterprise before 3.0.1 allows remote attackers to obtain the database password via vectors related to how the password is "seeded as a console parameter," External Node Classifiers, and the lack of access control for /nodes. | ||||
| CVE-2013-4978 | 1 Aloaha | 2 Aloaha Pdf Suite Free, Aloahapdfviewer | 2025-04-11 | N/A |
| Stack-based buffer overflow in AloahaPDFViewer 5.0.0.7 and earlier in Aloaha PDF Suite FREE allows remote attackers to execute arbitrary code via a crafted PDF file. | ||||
| CVE-2013-4969 | 4 Canonical, Debian, Puppet and 1 more | 4 Ubuntu Linux, Debian Linux, Puppet Enterprise and 1 more | 2025-04-11 | N/A |
| Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files. | ||||
| CVE-2013-4973 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2025-04-11 | N/A |
| Stack-based buffer overflow in RealNetworks RealPlayer before 16.0.3.51, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted .rmp file. | ||||
| CVE-2013-4974 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2025-04-11 | N/A |
| RealNetworks RealPlayer before 16.0.3.51, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed RealMedia file. | ||||
| CVE-2013-4979 | 1 Ideamk | 1 Eps Viewer | 2025-04-11 | N/A |
| Buffer overflow in the gldll32.dll module in EPS Viewer 3.2 and earlier allows remote attackers to execute arbitrary code via a crafted EPS file. | ||||
| CVE-2013-4983 | 1 Sophos | 2 Web Appliance, Web Appliance Firmware | 2025-04-11 | N/A |
| The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to end-user/index.php. | ||||
| CVE-2013-4984 | 1 Sophos | 1 Web Appliance | 2025-04-11 | N/A |
| The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows local users to gain privileges via shell metacharacters in the second argument. | ||||
| CVE-2013-4986 | 1 Iconcool | 1 Pdfcool Studio | 2025-04-11 | N/A |
| Stack-based buffer overflow in PDFAX0722_IconCool.dll 7.22.1125.2121 in IconCool PDFCool Studio 3.32 Build 130330 and earlier allows remote attackers to execute arbitrary code via a crafted PDF file. | ||||