Export limit exceeded: 363163 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363163 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363163 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-5557 1 Cisco 1 Adaptive Security Appliance Software 2025-04-12 N/A
The Proxy Bypass Content Rewriter feature in the WebVPN subsystem in Cisco Adaptive Security Appliance (ASA) Software 9.1(.2) and earlier allows remote authenticated users to cause a denial of service (device crash or error-recovery event) via an HTTP request that triggers a rewrite, aka Bug ID CSCug91577.
CVE-2013-5567 1 Cisco 1 Adaptive Security Appliance Software 2025-04-12 N/A
Cisco Adaptive Security Appliance (ASA) Software 8.4(.6) and earlier, when using an unsupported configuration with overlapping criteria for filtering and inspection, allows remote attackers to cause a denial of service (traffic loop and device crash) via a packet that triggers multiple matches, aka Bug ID CSCui45606.
CVE-2013-5655 1 Xiaowen Huang 1 Yingzhi Python Programming Language 2025-04-12 N/A
Directory traversal vulnerability in the FTP server in YingZhi Python Programming Language for iOS 1.9 allows remote attackers to read and possibly write arbitrary files via a .. (dot dot) in the default URI.
CVE-2013-5660 1 Powersoftware 1 Winarchiver 2025-04-12 N/A
Buffer overflow in Power Software WinArchiver 3.2 allows remote attackers to execute arbitrary code via a crafted .zip file.
CVE-2013-5671 1 Mark Evans 1 Fog-dragonfly 2025-04-12 N/A
lib/dragonfly/imagemagickutils.rb in the fog-dragonfly gem 0.8.2 for Ruby allows remote attackers to execute arbitrary commands via unspecified vectors.
CVE-2013-5704 5 Apache, Apple, Canonical and 2 more 17 Http Server, Mac Os X, Mac Os X Server and 14 more 2025-04-12 N/A
The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such."
CVE-2013-5705 2 Debian, Trustwave 2 Debian Linux, Modsecurity 2025-04-12 N/A
apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header.
CVE-2013-5748 1 Simplerisk 1 Simplerisk 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in management/prioritize_planning.php in SimpleRisk before 20130916-001 allows remote attackers to hijack the authentication of users for requests that add projects via an add_project action.
CVE-2013-5749 1 Simplerisk 1 Simplerisk 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in management/prioritize_planning.php in SimpleRisk before 20130916-001 allows remote attackers to inject arbitrary web script or HTML via the new_project parameter.
CVE-2013-5755 1 Yealink 1 Sip-t38g 2025-04-12 N/A
config/.htpasswd in Yealink IP Phone SIP-T38G has a hardcoded password of (1) user (s7C9Cx.rLsWFA) for the user account, (2) admin (uoCbM.VEiKQto) for the admin account, and (3) var (jhl3iZAe./qXM) for the var account, which makes it easier for remote attackers to obtain access via unspecified vectors.
CVE-2013-5756 1 Yealink 1 Sip-t38g 2025-04-12 N/A
Directory traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a .. (dot dot) in the page parameter to cgi-bin/cgiServer.exx.
CVE-2013-5757 1 Yealink 1 Sip-t38g 2025-04-12 N/A
Absolute path traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a full pathname in the dumpConfigFile function in the command parameter to cgi-bin/cgiServer.exx.
CVE-2013-5758 1 Yealink 1 Sip-t38g 2025-04-12 N/A
cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote authenticated users to execute arbitrary commands by calling the system method in the body of a request, as demonstrated by running unauthorized services, changing directory permissions, and modifying files.
CVE-2013-5760 1 Qnap 2 Photo Station, Photo Station Firmware 2025-04-12 N/A
QNAP Photo Station before firmware 4.0.3 build0912 allows remote attackers to list OS user accounts via a request to photo/p/api/list.php.
CVE-2013-5855 2 Oracle, Redhat 8 Mojarra, Jboss Bpms, Jboss Brms and 5 more 2025-04-12 N/A
Oracle Mojarra 2.2.x before 2.2.6 and 2.1.x before 2.1.28 does not perform appropriate encoding when a (1) <h:outputText> tag or (2) EL expression is used after a scriptor style block, which allows remote attackers to conduct cross-site scripting (XSS) attacks via application-specific vectors.
CVE-2013-5916 1 Bradesco Gateway Plugin Project 1 Bradesco Gateway 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in falha.php in the Bradesco Gateway plugin 2.0 for Wordpress, as used in the WP e-Commerce plugin, allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING.
CVE-2013-5919 2 Oisf, Openinfosecfoundation 2 Suricata, Suricata 2025-04-12 N/A
Suricata before 1.4.6 allows remote attackers to cause a denial of service (crash) via a malformed SSL record.
CVE-2013-5939 1 Phpcms 1 Guesbook Module 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Guestbook module for PHPCMS allow remote attackers to inject arbitrary web script or HTML via the (1) list or (2) introduce parameter to index.php.
CVE-2013-5948 2 Asus, T-mobile 3 Rt-ac68u, Rt-ac68u Firmware, Tm-ac1900 2025-04-12 N/A
The Network Analysis tab (Main_Analysis_Content.asp) in the ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the Target field (destIP parameter).
CVE-2013-5952 2 Codologic, Joomla 2 Com Freichat, Joomla\! 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Freichat (com_freichat) component, possibly 9.4 and earlier, for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) xhash parameter to client/chat.php or (3) toname parameter to client/plugins/upload/upload.php.