Search

Search Results (363303 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-4620 1 Open-emr 1 Openemr 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in interface/main/onotes/office_comments_full.php in OpenEMR 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the note parameter.
CVE-2013-4622 1 Htc 1 Droid Incredible 2025-04-11 N/A
The 3G Mobile Hotspot feature on the HTC Droid Incredible has a default WPA2 PSK passphrase of 1234567890, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area.
CVE-2013-4623 1 Polarssl 1 Polarssl 2025-04-11 N/A
The x509parse_crt function in x509.h in PolarSSL 1.1.x before 1.1.7 and 1.2.x before 1.2.8 does not properly parse certificate messages during the SSL/TLS handshake, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certificate message that contains a PEM encoded certificate.
CVE-2013-4624 1 Jahia 1 Jahia Xcm 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Jahia xCM 6.6.1.0 before hotfix 7 allow remote attackers to inject arbitrary web script or HTML via (1) the site parameter to engines/manager.jsp, (2) the searchString parameter to administration/ in a search action, or the (3) username, (4) firstName, (5) lastName, (6) email, or (7) organization field to administration/ in a users action.
CVE-2013-4625 2 Cory Lamle, Wordpress 2 Duplicator, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in files/installer.cleanup.php in the Duplicator plugin before 0.4.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the package parameter.
CVE-2013-4626 2 Marketpress, Wordpress 2 Backwpup Plugin, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the BackWPup plugin before 3.0.13 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tab parameter to wp-admin/admin.php.
CVE-2013-4627 1 Bitcoin 1 Bitcoin Core 2025-04-11 N/A
Unspecified vulnerability in bitcoind and Bitcoin-Qt 0.8.x allows remote attackers to cause a denial of service (memory consumption) via a large amount of tx message data.
CVE-2013-4628 1 Huawei 3 Quidway Service Process Unit Board S7700, Quidway Service Process Unit Board S9300, Quidway Service Process Unit Board S9700 2025-04-11 N/A
The firewall module on the Huawei Quidway Service Process Unit (SPU) board S7700, S9300, and S9700 on Huawei Campus Switch devices allows remote authenticated users to obtain sensitive information from the high-priority security zone by leveraging access to the low-priority security zone.
CVE-2013-4629 1 Huawei 2 Vp 9610, Vp 9620 2025-04-11 N/A
The Huawei viewpoint VP9610 and VP9620 units for the Huawei Video Conference system do not update the Session ID upon successful establishment of a login session, which allows remote authenticated users to hijack sessions via an unspecified interception method.
CVE-2013-4630 1 Huawei 5 Ar 1200, Ar 150, Ar 200 and 2 more 2025-04-11 N/A
Stack-based buffer overflow on Huawei AR 150, 200, 1200, 2200, and 3200 routers, when SNMPv3 debugging is enabled, allows remote attackers to execute arbitrary code via malformed SNMPv3 requests.
CVE-2013-4631 1 Huawei 5 Ar 1200, Ar 150, Ar 200 and 2 more 2025-04-11 N/A
Huawei AR 150, 200, 1200, 2200, and 3200 routers, when SNMPv3 is enabled, allow remote attackers to cause a denial of service (device crash) via malformed SNMPv3 requests that leverage unspecified overflow issues.
CVE-2013-4632 1 Huawei 1 Access Router 2025-04-11 N/A
The Huawei Access Router (AR) before V200R002SPC003 allows remote attackers to cause a denial of service (device reset) via a crafted field in a DHCP request, as demonstrated by a request from an IP phone.
CVE-2013-4633 1 Huawei 1 Seco Versatile Security Manager 2025-04-11 N/A
Huawei Seco Versatile Security Manager (VSM) before V200R002C00SPC300 allows remote authenticated users to gain privileges via a certain change to a group configuration setting.
CVE-2013-4634 2 Raphael Zschorsch, Typo3 2 Rzautocomplete, Typo3 2025-04-11 N/A
SQL injection vulnerability in the jQuery autocomplete for indexed_search (rzautocomplete) extension before 0.0.9 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-4635 1 Php 1 Php 2025-04-11 N/A
Integer overflow in the SdnToJewish function in jewish.c in the Calendar component in PHP before 5.3.26 and 5.4.x before 5.4.16 allows context-dependent attackers to cause a denial of service (application hang) via a large argument to the jdtojewish function.
CVE-2013-4636 1 Php 1 Php 2025-04-11 N/A
The mget function in libmagic/softmagic.c in the Fileinfo component in PHP 5.4.x before 5.4.16 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via an MP3 file that triggers incorrect MIME type detection during access to an finfo object.
CVE-2013-4650 1 Mongodb 1 Mongodb 2025-04-11 N/A
MongoDB 2.4.x before 2.4.5 and 2.5.x before 2.5.1 allows remote authenticated users to obtain internal system privileges by leveraging a username of __system in an arbitrary database.
CVE-2013-4651 1 Siemens 17 Scalance W700 Series Firmware, Scalance W744-1, Scalance W744-1pro and 14 more 2025-04-11 N/A
Siemens Scalance W7xx devices with firmware before 4.5.4 use the same hardcoded X.509 certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust relationship.
CVE-2013-4652 1 Siemens 17 Scalance W700 Series Firmware, Scalance W744-1, Scalance W744-1pro and 14 more 2025-04-11 N/A
Unspecified vulnerability in the command-line management interface on Siemens Scalance W7xx devices with firmware before 4.5.4 allows remote attackers to bypass authentication and execute arbitrary code via a (1) SSH or (2) TELNET connection.
CVE-2013-4661 1 Civicrm 1 Civicrm 2025-04-11 N/A
CiviCRM 2.0.0 through 4.2.9 and 4.3.0 through 4.3.3 does not properly enforce role-based access control (RBAC) restrictions for default custom searches, which allows remote authenticated users with the "access CiviCRM" permission to bypass intended access restrictions, as demonstrated by accessing custom contribution data without having the "access CiviContribute" permission.