Export limit exceeded: 363290 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363290 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-4650 1 Mongodb 1 Mongodb 2025-04-11 N/A
MongoDB 2.4.x before 2.4.5 and 2.5.x before 2.5.1 allows remote authenticated users to obtain internal system privileges by leveraging a username of __system in an arbitrary database.
CVE-2013-4651 1 Siemens 17 Scalance W700 Series Firmware, Scalance W744-1, Scalance W744-1pro and 14 more 2025-04-11 N/A
Siemens Scalance W7xx devices with firmware before 4.5.4 use the same hardcoded X.509 certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust relationship.
CVE-2013-4652 1 Siemens 17 Scalance W700 Series Firmware, Scalance W744-1, Scalance W744-1pro and 14 more 2025-04-11 N/A
Unspecified vulnerability in the command-line management interface on Siemens Scalance W7xx devices with firmware before 4.5.4 allows remote attackers to bypass authentication and execute arbitrary code via a (1) SSH or (2) TELNET connection.
CVE-2013-4661 1 Civicrm 1 Civicrm 2025-04-11 N/A
CiviCRM 2.0.0 through 4.2.9 and 4.3.0 through 4.3.3 does not properly enforce role-based access control (RBAC) restrictions for default custom searches, which allows remote authenticated users with the "access CiviCRM" permission to bypass intended access restrictions, as demonstrated by accessing custom contribution data without having the "access CiviContribute" permission.
CVE-2013-4653 1 Alcatel-lucent 4 Omnitouch 8400 Instant Communications Suite, Omnitouch 8460 Advanced Communication Server, Omnitouch 8660 My Teamwork and 1 more 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the signin functionality of ics in MyTeamwork services in Alcatel-Lucent Omnitouch 8660 My Teamwork before 6.7, Omnitouch 8670 Automated Message Delivery System (AMDS) before 6.7, Omnitouch 8460 Advanced Communication Server before 9.1, and OmniTouch 8400 Instant Communications Suite before 6.7.3 (1) allow remote attackers to inject arbitrary web script or HTML via a crafted URL that results in a reflected XSS or (2) allow user-assisted remote attackers to inject arbitrary web script or HTML via a user's personal bookmark entry that results in a stored XSS via unspecified vectors.
CVE-2013-4662 1 Civicrm 1 Civicrm 2025-04-11 N/A
The Quick Search API in CiviCRM 4.2.0 through 4.2.9 and 4.3.0 through 4.3.3 allows remote authenticated users to bypass the validation layer and conduct SQL injection attacks via a direct request to the "second layer" of the API, related to contact.getquick.
CVE-2013-4668 2 Canonical, File Roller Project 2 Ubuntu Linux, File Roller 2025-04-11 N/A
Directory traversal vulnerability in File Roller 3.6.x before 3.6.4, 3.8.x before 3.8.3, and 3.9.x before 3.9.3, when libarchive is used, allows remote attackers to create arbitrary files via a crafted archive that is not properly handled in a "Keep directory structure" action, related to fr-archive-libarchive.c and fr-window.c.
CVE-2013-4669 5 Apple, Fortinet, Google and 2 more 7 Mac Os X, Forticlient, Forticlient Lite and 4 more 2025-04-11 N/A
FortiClient before 4.3.5.472 on Windows, before 4.0.3.134 on Mac OS X, and before 4.0 on Android; FortiClient Lite before 4.3.4.461 on Windows; FortiClient Lite 2.0 through 2.0.0223 on Android; and FortiClient SSL VPN before 4.0.2258 on Linux proceed with an SSL session after determining that the server's X.509 certificate is invalid, which allows man-in-the-middle attackers to obtain sensitive information by leveraging a password transmission that occurs before the user warning about the certificate problem.
CVE-2013-4670 1 Symantec 3 Web Gateway, Web Gateway Appliance 8450, Web Gateway Appliance 8490 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-4671 1 Symantec 3 Web Gateway, Web Gateway Appliance 8450, Web Gateway Appliance 8490 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.
CVE-2013-4672 1 Symantec 3 Web Gateway, Web Gateway Appliance 8450, Web Gateway Appliance 8490 2025-04-11 N/A
The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 has an incorrect sudoers file, which allows local users to bypass intended access restrictions via a command.
CVE-2013-4673 1 Symantec 3 Web Gateway, Web Gateway Appliance 8450, Web Gateway Appliance 8490 2025-04-11 N/A
The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 does not properly implement RADIUS authentication, which allows remote attackers to execute arbitrary code by leveraging access to the login prompt.
CVE-2013-4674 1 Symantec 2 Encryption Management Server, Pgp Universal Server 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Web Email Protection component in Symantec Encryption Management Server (formerly Symantec PGP Universal Server) before 3.3.0 MP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted encrypted e-mail attachment.
CVE-2013-4676 1 Symantec 1 Backup Exec 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a (1) custom-reports generation page, (2) Storage Devices creation page, or (3) jobs creation page in the management console; or (4) a Backup Exec server-management page in the beutility console.
CVE-2013-4677 1 Symantec 1 Backup Exec 2025-04-11 N/A
Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 uses weak permissions (Everyone: Read and Everyone: Change) for backup data files, which allows local users to obtain sensitive information or modify the outcome of a restore via direct access to these files.
CVE-2013-4678 1 Symantec 1 Backup Exec 2025-04-11 N/A
The NDMP protocol implementation in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allows remote authenticated users to obtain sensitive host-version information via unspecified vectors.
CVE-2013-4679 1 Symantec 1 Workspace Virtualization 2025-04-11 N/A
Symantec Workspace Virtualization before 6.x before 6.4.1953.0, when a virtual application layer is configured, allows local users to gain privileges via an application that performs crafted interaction with the operating system.
CVE-2013-4680 2 Typo3, Urs Maag 2 Typo3, Maag Form Captcha 2025-04-11 N/A
Open redirect vulnerability in Maag Form Captcha extension 2.0.0 and earlier for TYPO3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2013-4681 2 Michael Staatz, Typo3 2 Sofortueberweisung2commerce, Typo3 2025-04-11 N/A
SQL injection vulnerability in the sofortueberweisung2commerce extension before 2.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-4682 2 Bas Van Beek, Typo3 2 Multishop, Typo3 2025-04-11 N/A
SQL injection vulnerability in the Multishop extension before 2.0.39 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.