Export limit exceeded: 363163 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363163 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-4724 | 1 Ddsn | 1 Cm3 Acora Content Management System | 2025-04-12 | N/A |
| DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | ||||
| CVE-2013-4725 | 1 Ddsn | 1 Cm3 Acora Content Management System | 2025-04-12 | N/A |
| DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | ||||
| CVE-2013-4726 | 1 Ddsn | 1 Cm3 Acora Content Management System | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2013-4727 | 1 Ddsn | 1 Cm3 Acora Content Management System | 2025-04-12 | N/A |
| DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a request to Admin/top.aspx. | ||||
| CVE-2013-4728 | 1 Ddsn | 1 Cm3 Acora Content Management System | 2025-04-12 | N/A |
| DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a .. (dot dot) in the "l" parameter, which reveals the installation path in an error message. | ||||
| CVE-2013-4730 | 1 Pcman\'s Ftp Server Project | 1 Pcman\'s Ftp Server | 2025-04-12 | N/A |
| Buffer overflow in PCMan's FTP Server 2.0.7 allows remote attackers to execute arbitrary code via a long string in a USER command. | ||||
| CVE-2013-4753 | 1 Claroline | 1 Claroline | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.11.9 and earlier allow remote authenticated users to inject arbitrary web script or HTML via (1) the Search field in an inbox action to messaging/messagebox.php, (2) the "First name" field to auth/profile.php, or (3) the Speakers field in an rqAdd action to calendar/agenda.php. | ||||
| CVE-2013-4754 | 1 Owl | 1 Intranet Knowledgebase | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Owl Intranet Knowledgebase 1.10 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Search field to browse.php or (2) the Title field to prefs.php. | ||||
| CVE-2013-4768 | 1 Eucalyptus | 1 Eucalyptus | 2025-04-12 | N/A |
| The web services APIs in Eucalyptus 2.0 through 3.4.1 allow remote attackers to cause a denial of service via vectors related to the "network connection clean up code" and (1) Cloud Controller (CLC), (2) Walrus, (3) Storage Controller (SC), and (4) VMware Broker (VB). | ||||
| CVE-2013-4769 | 1 Eucalyptus | 1 Eucalyptus | 2025-04-12 | N/A |
| The cloud controller (aka CLC) component in Eucalyptus 3.3.x and 3.4.x before 3.4.2, when the dns.recursive.enabled setting is used, allows remote attackers to cause a denial of service (traffic amplification) via spoofed DNS queries. | ||||
| CVE-2013-4772 | 1 Dlink | 4 Dir-505l Shareport Mobile Companion, Dir-505l Shareport Mobile Companion Firmware, Dir-826l Wireless N600 Cloud Router and 1 more | 2025-04-12 | N/A |
| D-Link DIR-505L SharePort Mobile Companion 1.01 and DIR-826L Wireless N600 Cloud Router 1.02 allows remote attackers to bypass authentication via a direct request when an authorized session is active. | ||||
| CVE-2013-4793 | 1 Umbraco | 1 Umbraco Cms | 2025-04-12 | N/A |
| The update function in umbraco.webservices/templates/templateService.cs in the TemplateService component in Umbraco CMS before 6.0.4 does not require authentication, which allows remote attackers to execute arbitrary ASP.NET code via a crafted SOAP request. | ||||
| CVE-2013-4795 | 1 Reviewboard | 1 Review Board | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Submitters list in Review Board 1.6.x before 1.6.18 and 1.7.x before 1.7.12 allows remote attackers to inject arbitrary web script or HTML via a user full name. | ||||
| CVE-2013-4840 | 2 H3c, Hp | 17 F1000-e Vpn Firewall, S5820 Secblade Vpn Firewall Module, S7500e Secblade Vpn Firewall Module and 14 more | 2025-04-12 | N/A |
| Unspecified vulnerability in HP and H3C VPN Firewall Module products SECPATH1000FE before 5.20.R3177 and SECBLADEFW before 5.20.R3177 allows remote attackers to cause a denial of service via unknown vectors. | ||||
| CVE-2013-4860 | 1 Radiothermostat | 4 Ct50, Ct50 Firmware, Ct80 and 1 more | 2025-04-12 | N/A |
| Radio Thermostat CT80 And CT50 with firmware 1.4.64 and earlier does not restrict access to the API, which allows remote attackers to change the operation mode, wifi connection settings, temperature thresholds, and other settings via unspecified vectors. | ||||
| CVE-2013-4866 | 1 Lixil | 1 My Satis Genius Toilet | 2025-04-12 | N/A |
| The LIXIL Corporation My SATIS Genius Toilet application for Android has a hardcoded Bluetooth PIN, which allows physically proximate attackers to trigger physical resource consumption (water or heat) or user discomfort. | ||||
| CVE-2013-4977 | 1 Hikvision | 2 Ds-2cd7153-e, Ds-2cd7153-e Firmware | 2025-04-12 | N/A |
| Buffer overflow in the RTSP Packet Handler in Hikvision DS-2CD7153-E IP camera with firmware 4.1.0 b130111 (Jan 2013), and possibly other devices, allows remote attackers to cause a denial of service (device crash and reboot) and possibly execute arbitrary code via a long string in the Range header field in an RTSP transaction. | ||||
| CVE-2013-4980 | 1 Avtech | 2 Avn801 Dvr, Avn801 Dvr Firmware | 2025-04-12 | N/A |
| Buffer overflow in the RTSP Packet Handler in AVTECH AVN801 DVR with firmware 1017-1003-1009-1003 and earlier, and possibly other devices, allows remote attackers to cause a denial of service (device crash) and possibly execute arbitrary code via a long string in the URI in an RTSP SETUP request. | ||||
| CVE-2013-4981 | 1 Avtech | 2 Avn801 Dvr, Avn801 Dvr Firmware | 2025-04-12 | N/A |
| Buffer overflow in cgi-bin/user/Config.cgi in AVTECH AVN801 DVR with firmware 1017-1003-1009-1003 and earlier, and possibly other devices, allows remote attackers to cause a denial of service (device crash) and possibly execute arbitrary code via a long string in the Network.SMTP.Receivers parameter. | ||||
| CVE-2013-5016 | 2 Broadcom, Microsoft | 2 Symantec Critical System Protection, Windows 2003 Server | 2025-04-12 | N/A |
| Symantec Critical System Protection (SCSP) before 5.2.9, when installed on an unpatched Windows Server 2003 R2 platform, allows remote attackers to bypass policy settings via unspecified vectors. | ||||