Search

Search Results (365171 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-6830 1 Pineapp 1 Mail-secure 5099sk 2025-04-11 N/A
admin/confnetworking.html in PineApp Mail-SeCure 3.70 and earlier on 5099SK and earlier platforms allows remote attackers to execute arbitrary commands via shell metacharacters in the nsserver parameter during an nslookup operation.
CVE-2013-6829 1 Pineapp 1 Mail-secure 2025-04-11 N/A
admin/confnetworking.html in PineApp Mail-SeCure allows remote attackers to execute arbitrary commands via shell metacharacters in the pinghost parameter during a ping operation.
CVE-2013-6828 1 Pineapp 1 Mail-secure 2025-04-11 N/A
admin/management.html in PineApp Mail-SeCure allows remote attackers to bypass authentication and perform a sys_usermng operation via the it parameter.
CVE-2013-6827 1 Pineapp 1 Mail-secure 2025-04-11 N/A
Absolute path traversal vulnerability in admin/viewmsg.php in PineApp Mail-SeCure allows remote attackers to read arbitrary files via a full pathname in the msg parameter.
CVE-2013-6826 1 Fortinet 7 Fortianalyzer-1000d, Fortianalyzer-2000b, Fortianalyzer-200d and 4 more 2025-04-11 N/A
cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrf_token parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks.
CVE-2013-6824 1 Zabbix 1 Zabbix 2025-04-11 N/A
Zabbix before 1.8.19rc1, 2.0 before 2.0.10rc1, and 2.2 before 2.2.1rc1 allows remote Zabbix servers and proxies to execute arbitrary commands via a newline in a flexible user parameter.
CVE-2013-6340 2 Redhat, Wireshark 2 Enterprise Linux, Wireshark 2025-04-11 N/A
epan/dissectors/packet-tcp.c in the TCP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 does not properly determine the amount of remaining data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
CVE-2013-6341 1 Dokeos 1 Dokeos 2025-04-11 N/A
SQL injection vulnerability in Dokeos 2.2 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the language parameter to index.php.
CVE-2013-6342 1 Tweet-blender 1 Tweet-blender 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Tweet Blender plugin before 4.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tb_tab_index parameter to wp-admin/options-general.php.
CVE-2013-6344 1 Novell 1 Zenworks Configuration Management 2025-04-11 N/A
The ZCC page in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows attackers to conduct cross-frame scripting attacks via unknown vectors.
CVE-2013-6345 1 Novell 1 Zenworks Configuration Management 2025-04-11 N/A
Unspecified vulnerability in the ZCC page in Novell ZENworks Configuration Management (ZCM) before 11.2.4 has unknown impact and attack vectors related to an "Application Exception."
CVE-2013-6346 1 Novell 1 Zenworks Configuration Management 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the ZCC page in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2013-6347 1 Novell 1 Zenworks Configuration Management 2025-04-11 N/A
Session fixation vulnerability in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows remote attackers to hijack web sessions via unspecified vectors.
CVE-2013-6348 1 Apache 1 Struts 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.3.15.3 allow remote attackers to inject arbitrary web script or HTML via the namespace parameter to (1) actionNames.action and (2) showConfig.action in config-browser/.
CVE-2013-6349 1 Mcafee 1 Email Gateway 2025-04-11 N/A
McAfee Email Gateway (MEG) 7.0 before 7.0.4 and 7.5 before 7.5.1 allows remote authenticated users to execute arbitrary commands via unspecified vectors.
CVE-2013-6359 1 Munin-monitoring 1 Munin 2025-04-11 N/A
Munin::Master::Node in Munin before 2.0.18 allows remote attackers to cause a denial of service (abort data collection for node) via a plugin that uses "multigraph" as a multigraph service name.
CVE-2013-6367 2 Linux, Redhat 4 Linux Kernel, Enterprise Linux, Rhel Eus and 1 more 2025-04-11 N/A
The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value.
CVE-2013-6368 2 Linux, Redhat 4 Linux Kernel, Enterprise Linux, Rhel Eus and 1 more 2025-04-11 N/A
The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address.
CVE-2013-6373 1 Jenkins-ci 1 Exclusion 2025-04-11 N/A
The Exclusion plugin before 0.9 for Jenkins does not properly prevent access to resource locks, which allows remote authenticated users to list and release resources via unspecified vectors.
CVE-2013-6374 1 Jenkins-ci 1 Build Failure Analyzer 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.5.1 for Jenkins allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.