Export limit exceeded: 363638 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363638 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-4399 | 1 Redhat | 1 Libvirt | 2025-04-12 | N/A |
| The remoteClientFreeFunc function in daemon/remote.c in libvirt before 1.1.3, when ACLs are used, does not set an identity, which causes event handler removal to be denied and remote attackers to cause a denial of service (use-after-free and crash) by registering an event handler and then closing the connection. | ||||
| CVE-2013-4406 | 1 Quick Tabs Module Project | 1 Quicktabs | 2025-04-12 | N/A |
| The Quick Tabs module 6.x-2.x before 6.x-2.2, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.6 for Drupal does not properly check block permissions, which allows remote attackers to obtain sensitive information by reading a Quick Tab. | ||||
| CVE-2013-1759 | 1 Opensource Technologies | 1 Responsive Logo Slideshow | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Responsive Logo Slideshow plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the "URL and Image" field. | ||||
| CVE-2013-1770 | 1 Ganglia | 1 Ganglia-web | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in views_view.php in Ganglia Web 3.5.7 allows remote attackers to inject arbitrary web script or HTML via the view_name parameter. | ||||
| CVE-2013-1764 | 1 Packagekit Project | 1 Packagekit | 2025-04-12 | N/A |
| The Zypper (aka zypp) backend in PackageKit before 0.8.8 allows local users to downgrade packages via the "install updates" method. | ||||
| CVE-2013-1758 | 1 Marekkis | 1 Watermark | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Marekkis Watermark plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pfad parameter to wp-admin/options-general.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2013-1756 | 2 Mark Evans, Ruby On Rails | 2 Dragonfly Gem, Ruby On Rails | 2025-04-12 | N/A |
| The Dragonfly gem 0.7 before 0.8.6 and 0.9.x before 0.9.13 for Ruby, when used with Ruby on Rails, allows remote attackers to execute arbitrary code via a crafted request. | ||||
| CVE-2013-1668 | 1 Coscms | 1 Coscms | 2025-04-12 | N/A |
| The uploadFile function in upload/index.php in CosCMS before 1.822 allows remote administrators to execute arbitrary commands via shell metacharacters in the name of an uploaded file. | ||||
| CVE-2013-1641 | 1 Quixplorer | 1 Quixplorer | 2025-04-12 | N/A |
| Directory traversal vulnerability in the zip download functionality in QuiXplorer before 2.5.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the selitems[] parameter in a download_selected action to index.php. | ||||
| CVE-2013-1636 | 3 Caseproof, Civicrm, Joobi | 3 Prettylinks, Civicrm, Com Jnews | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in open-flash-chart.swf in Open Flash Chart (aka Open-Flash Chart), as used in the Pretty Link Lite plugin before 1.6.3 for WordPress, JNews (com_jnews) component 8.0.1 for Joomla!, and CiviCRM 3.1.0 through 4.2.9 and 4.3.0 through 4.3.3, allows remote attackers to inject arbitrary web script or HTML via the get-data parameter. | ||||
| CVE-2013-1436 | 1 Xmonad | 1 Xmonad-contrab | 2025-04-12 | N/A |
| The XMonad.Hooks.DynamicLog module in xmonad-contrib before 0.11.2 allows remote attackers to execute arbitrary commands via a web page title, which activates the commands when the user clicks on the xmobar window title, as demonstrated using an action tag. | ||||
| CVE-2013-1430 | 2 Debian, Neutrinolabs | 2 Debian Linux, Xrdp | 2025-04-12 | N/A |
| An issue was discovered in xrdp before 0.9.1. When successfully logging in using RDP into an xrdp session, the file ~/.vnc/sesman_${username}_passwd is created. Its content is the equivalent of the user's cleartext password, DES encrypted with a known key. | ||||
| CVE-2013-1421 | 1 Webcalendar Project | 1 Webcalendar | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar before 1.2.5, 1.2.6, and other versions before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via the Category Name field to category.php. | ||||
| CVE-2013-1412 | 1 Dleviet | 1 Datalife Engine | 2025-04-12 | N/A |
| DataLife Engine (DLE) 9.7 allows remote attackers to execute arbitrary PHP code via the catlist[] parameter to engine/preview.php, which is used in a preg_replace function call with an e modifier. | ||||
| CVE-2013-1409 | 2 Commentluv, Wordpress | 2 Commentluv, Wordpress | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the CommentLuv plugin before 2.92.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the _ajax_nonce parameter to wp-admin/admin-ajax.php. | ||||
| CVE-2013-1408 | 1 Wysija Newsletters Project | 1 Wysija Newsletters | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in the Wysija Newsletters plugin before 2.2.1 for WordPress allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search or (2) orderby parameter to wp-admin/admin.php. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands. | ||||
| CVE-2013-1407 | 1 Netweblogic | 2 Events Manager, Events Manager Pro | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Events Manager plugin before 5.3.5 and Events Manager Pro plugin before 2.2.9 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) scope parameter to index.php; (2) user_name, (3) dbem_phone, (4) user_email, or (5) booking_comment parameter to an event with registration enabled; or the (6) _wpnonce parameter to wp-admin/edit.php. | ||||
| CVE-2012-2808 | 1 Google | 1 Bionic | 2025-04-12 | N/A |
| The PRNG implementation in the DNS resolver in Bionic in Android before 4.1.1 incorrectly uses time and PID information during the generation of random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to spoof DNS responses by guessing these numbers, a related issue to CVE-2015-0800. | ||||
| CVE-2012-2930 | 1 Tinywebgallery | 1 Tinywebgallery | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user via an adduser action to admin/index.php or (2) conduct static PHP code injection attacks in .htusers.php via the user parameter to admin/index.php. | ||||
| CVE-2012-2932 | 1 Tinywebgallery | 1 Tinywebgallery | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to inject arbitrary web script or HTML via the selitems[] parameter in a (1) copy, (2) chmod, or (3) arch action to admin/index.php or (4) searchitem parameter in a search action to admin/index.php. | ||||