Export limit exceeded: 363163 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363163 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363163 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-5557 | 1 Cisco | 1 Adaptive Security Appliance Software | 2025-04-12 | N/A |
| The Proxy Bypass Content Rewriter feature in the WebVPN subsystem in Cisco Adaptive Security Appliance (ASA) Software 9.1(.2) and earlier allows remote authenticated users to cause a denial of service (device crash or error-recovery event) via an HTTP request that triggers a rewrite, aka Bug ID CSCug91577. | ||||
| CVE-2013-5567 | 1 Cisco | 1 Adaptive Security Appliance Software | 2025-04-12 | N/A |
| Cisco Adaptive Security Appliance (ASA) Software 8.4(.6) and earlier, when using an unsupported configuration with overlapping criteria for filtering and inspection, allows remote attackers to cause a denial of service (traffic loop and device crash) via a packet that triggers multiple matches, aka Bug ID CSCui45606. | ||||
| CVE-2013-5655 | 1 Xiaowen Huang | 1 Yingzhi Python Programming Language | 2025-04-12 | N/A |
| Directory traversal vulnerability in the FTP server in YingZhi Python Programming Language for iOS 1.9 allows remote attackers to read and possibly write arbitrary files via a .. (dot dot) in the default URI. | ||||
| CVE-2013-5660 | 1 Powersoftware | 1 Winarchiver | 2025-04-12 | N/A |
| Buffer overflow in Power Software WinArchiver 3.2 allows remote attackers to execute arbitrary code via a crafted .zip file. | ||||
| CVE-2013-5671 | 1 Mark Evans | 1 Fog-dragonfly | 2025-04-12 | N/A |
| lib/dragonfly/imagemagickutils.rb in the fog-dragonfly gem 0.8.2 for Ruby allows remote attackers to execute arbitrary commands via unspecified vectors. | ||||
| CVE-2013-5704 | 5 Apache, Apple, Canonical and 2 more | 17 Http Server, Mac Os X, Mac Os X Server and 14 more | 2025-04-12 | N/A |
| The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such." | ||||
| CVE-2013-5705 | 2 Debian, Trustwave | 2 Debian Linux, Modsecurity | 2025-04-12 | N/A |
| apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header. | ||||
| CVE-2013-5748 | 1 Simplerisk | 1 Simplerisk | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in management/prioritize_planning.php in SimpleRisk before 20130916-001 allows remote attackers to hijack the authentication of users for requests that add projects via an add_project action. | ||||
| CVE-2013-5749 | 1 Simplerisk | 1 Simplerisk | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in management/prioritize_planning.php in SimpleRisk before 20130916-001 allows remote attackers to inject arbitrary web script or HTML via the new_project parameter. | ||||
| CVE-2013-5755 | 1 Yealink | 1 Sip-t38g | 2025-04-12 | N/A |
| config/.htpasswd in Yealink IP Phone SIP-T38G has a hardcoded password of (1) user (s7C9Cx.rLsWFA) for the user account, (2) admin (uoCbM.VEiKQto) for the admin account, and (3) var (jhl3iZAe./qXM) for the var account, which makes it easier for remote attackers to obtain access via unspecified vectors. | ||||
| CVE-2013-5756 | 1 Yealink | 1 Sip-t38g | 2025-04-12 | N/A |
| Directory traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a .. (dot dot) in the page parameter to cgi-bin/cgiServer.exx. | ||||
| CVE-2013-5757 | 1 Yealink | 1 Sip-t38g | 2025-04-12 | N/A |
| Absolute path traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a full pathname in the dumpConfigFile function in the command parameter to cgi-bin/cgiServer.exx. | ||||
| CVE-2013-5758 | 1 Yealink | 1 Sip-t38g | 2025-04-12 | N/A |
| cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote authenticated users to execute arbitrary commands by calling the system method in the body of a request, as demonstrated by running unauthorized services, changing directory permissions, and modifying files. | ||||
| CVE-2013-5760 | 1 Qnap | 2 Photo Station, Photo Station Firmware | 2025-04-12 | N/A |
| QNAP Photo Station before firmware 4.0.3 build0912 allows remote attackers to list OS user accounts via a request to photo/p/api/list.php. | ||||
| CVE-2013-5855 | 2 Oracle, Redhat | 8 Mojarra, Jboss Bpms, Jboss Brms and 5 more | 2025-04-12 | N/A |
| Oracle Mojarra 2.2.x before 2.2.6 and 2.1.x before 2.1.28 does not perform appropriate encoding when a (1) <h:outputText> tag or (2) EL expression is used after a scriptor style block, which allows remote attackers to conduct cross-site scripting (XSS) attacks via application-specific vectors. | ||||
| CVE-2013-5916 | 1 Bradesco Gateway Plugin Project | 1 Bradesco Gateway | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in falha.php in the Bradesco Gateway plugin 2.0 for Wordpress, as used in the WP e-Commerce plugin, allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING. | ||||
| CVE-2013-5919 | 2 Oisf, Openinfosecfoundation | 2 Suricata, Suricata | 2025-04-12 | N/A |
| Suricata before 1.4.6 allows remote attackers to cause a denial of service (crash) via a malformed SSL record. | ||||
| CVE-2013-5939 | 1 Phpcms | 1 Guesbook Module | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Guestbook module for PHPCMS allow remote attackers to inject arbitrary web script or HTML via the (1) list or (2) introduce parameter to index.php. | ||||
| CVE-2013-5948 | 2 Asus, T-mobile | 3 Rt-ac68u, Rt-ac68u Firmware, Tm-ac1900 | 2025-04-12 | N/A |
| The Network Analysis tab (Main_Analysis_Content.asp) in the ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the Target field (destIP parameter). | ||||
| CVE-2013-5952 | 2 Codologic, Joomla | 2 Com Freichat, Joomla\! | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Freichat (com_freichat) component, possibly 9.4 and earlier, for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) xhash parameter to client/chat.php or (3) toname parameter to client/plugins/upload/upload.php. | ||||