Export limit exceeded: 364232 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364232 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-7357 1 Sap 1 J2ee Engine 2025-04-12 N/A
Unspecified vulnerability in the configuration service in SAP J2EE Engine allows remote attackers to obtain credential information via unknown vectors.
CVE-2013-7358 1 Sap 1 Guided Procedures Archive Monitor 2025-04-12 N/A
Unspecified vulnerability in SAP Guided Procedures Archive Monitor allows remote attackers to obtain usernames, roles, profiles, and possibly other identity information via unknown vectors.
CVE-2013-7361 1 Sap 2 Cm Services, Cms Services 2025-04-12 N/A
Directory traversal vulnerability in SAP CMS and CM Services allows attackers to upload arbitrary files via unspecified vectors.
CVE-2013-7362 1 Sap 1 Ccms Agent 2025-04-12 N/A
An unspecified RFC function in SAP CCMS Agent allows remote attackers to execute arbitrary commands via unknown vectors.
CVE-2013-7363 1 Sap 1 Solution Manager 2025-04-12 N/A
Unspecified vulnerability in the Diagnostics (SMD) agent in SAP Solution Manager allows remote attackers to obtain sensitive information, modify the configuration of applications, and install or remove applications via vectors involving the P4 protocol.
CVE-2013-7364 1 Sap 1 Netweaver 2025-04-12 N/A
An unspecified J2EE core service in the J2EE Engine in SAP NetWeaver does not properly restrict access, which allows remote attackers to read and write to arbitrary files via unknown vectors.
CVE-2013-7365 1 Sap 1 Enterprise Portal 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in SAP Enterprise Portal allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
CVE-2013-7366 1 Sap 1 Software Deployment Manager 2025-04-12 N/A
The SAP Software Deployment Manager (SDM), in certain unspecified conditions, allows remote attackers to cause a denial of service via vectors related to failed authentications.
CVE-2013-7367 1 Sap 1 Enterprise Portal 2025-04-12 N/A
SAP Enterprise Portal does not properly restrict access to the Federation configuration pages, which allows remote attackers to gain privileges via unspecified vectors.
CVE-2013-7372 2 Apache, Google 2 Harmony, Android 2025-04-12 N/A
The engineNextBytes function in classlib/modules/security/src/main/java/common/org/apache/harmony/security/provider/crypto/SHA1PRNG_SecureRandomImpl.java in the SecureRandom implementation in Apache Harmony through 6.0M3, as used in the Java Cryptography Architecture (JCA) in Android before 4.4 and other products, when no seed is provided by the user, uses an incorrect offset value, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging the resulting PRNG predictability, as exploited in the wild against Bitcoin wallet applications in August 2013.
CVE-2013-7374 1 Canonical 1 Ubuntu Linux 2025-04-12 N/A
The Ubuntu Date and Time Indicator (aka indicator-datetime) 13.10.0+13.10.x before 13.10.0+13.10.20131023.2-0ubuntu1.1 does not properly restrict access to Evolution, which allows local users to bypass the greeter screen restrictions by clicking the date.
CVE-2013-7375 1 Php-fusion 1 Php-fusion 2025-04-12 N/A
SQL injection vulnerability in includes/classes/Authenticate.class.php in PHP-Fusion 7.02.01 through 7.02.05 allows remote attackers to execute arbitrary SQL commands via the user ID in a user cookie, a different vulnerability than CVE-2013-1803.
CVE-2013-7376 1 Openx 1 Openx 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.10, possibly before revision 82710, allow remote attackers to hijack the authentication of administrators, as demonstrated by requests that conduct directory traversal attacks via the group parameter to (1) plugin-preferences.php or (2) plugin-settings.php in www/admin, a different vulnerability than CVE-2013-3514.
CVE-2013-7373 1 Google 1 Android 2025-04-12 N/A
Android before 4.4 does not properly arrange for seeding of the OpenSSL PRNG, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging use of the PRNG within multiple applications.
CVE-2013-7379 1 Ucdok 1 Tomato 2025-04-12 N/A
The admin API in the tomato module before 0.0.6 for Node.js does not properly check the access key when it is set to a string, which allows remote attackers to bypass authentication via a string in the access-key header that partially matches config.master.api.access_key.
CVE-2013-7382 1 Vicidial 1 Vicidial 2025-04-12 N/A
VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier has a hardcoded password of donotedit for the (1) VDAD and (2) VDCL users, which makes it easier for remote attackers to obtain access.
CVE-2013-7383 1 X2go 1 X2go Server 2025-04-12 N/A
x2gocleansessions in X2Go Server before 4.0.0.8 and 4.0.1.x before 4.0.1.10 allows remote authenticated users to gain privileges via unspecified vectors, possibly related to backticks.
CVE-2013-7384 1 Unrealircd 1 Unrealircd 2025-04-12 N/A
UnrealIRCd 3.2.10 before 3.2.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors, related to SSL. NOTE: this issue was SPLIT from CVE-2013-6413 per ADT2 due to different vulnerability types.
CVE-2013-7385 1 Livezilla 1 Livezilla 2025-04-12 N/A
LiveZilla 5.1.2.1 and earlier includes the MD5 hash of the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which allows remote attackers to obtain sensitive information and gain privileges by accessing the loginName and loginPassword variables using an independent cross-site scripting (XSS) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7033.
CVE-2013-7387 1 Dleviet 1 Datalife Engine 2025-04-12 N/A
Session fixation vulnerability in DataLife Engine (DLE) 9.7 and earlier allows remote attackers to hijack web sessions via the PHPSESSID cookie.