Export limit exceeded: 364234 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364234 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-7385 | 1 Livezilla | 1 Livezilla | 2025-04-12 | N/A |
| LiveZilla 5.1.2.1 and earlier includes the MD5 hash of the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which allows remote attackers to obtain sensitive information and gain privileges by accessing the loginName and loginPassword variables using an independent cross-site scripting (XSS) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7033. | ||||
| CVE-2013-7387 | 1 Dleviet | 1 Datalife Engine | 2025-04-12 | N/A |
| Session fixation vulnerability in DataLife Engine (DLE) 9.7 and earlier allows remote attackers to hijack web sessions via the PHPSESSID cookie. | ||||
| CVE-2013-7388 | 2 Google, Trimble | 2 Sketchup, Sketchup | 2025-04-12 | N/A |
| Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689), allows remote attackers to execute arbitrary code via a crafted RLE4-compressed bitmap (BMP). NOTE: this issue was SPLIT from CVE-2013-3664 due to different affected products and codebases (ADT1). | ||||
| CVE-2013-7389 | 1 Dlink | 2 Dir-645, Dir-645 Firmware | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. A1) with firmware before 1.04B11 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceid parameter to parentalcontrols/bind.php, (2) RESULT parameter to info.php, or (3) receiver parameter to bsc_sms_send.php. | ||||
| CVE-2013-7391 | 1 Entity Api Project | 1 Entity Api | 2025-04-12 | N/A |
| The Entity API module 7.x-1.x before 7.x-1.2 for Drupal, when using the (a) Views field or (b) area plugins, allows remote attackers to read restricted entities via the (1) field, (2) header, or (3) footer of a View. NOTE: this identifier was SPLIT from CVE-2013-4273 per ADT5 due to different researcher organizations. | ||||
| CVE-2013-7392 | 1 Gitlist | 1 Gitlist | 2025-04-12 | N/A |
| Gitlist allows remote attackers to execute arbitrary commands via shell metacharacters in a file name to Source/. | ||||
| CVE-2013-7393 | 1 Apache | 1 Subversion | 2025-04-12 | N/A |
| The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the --pidfile option is used. NOTE: this issue was SPLIT from CVE-2013-4262 based on different affected versions (ADT3). | ||||
| CVE-2013-7394 | 1 Splunk | 1 Splunk | 2025-04-12 | N/A |
| The "runshellscript echo.sh" script in Splunk before 5.0.5 allows remote authenticated users to execute arbitrary commands via a crafted string. NOTE: this issue was SPLIT from CVE-2013-6771 per ADT2 due to different vulnerability types. | ||||
| CVE-2013-7395 | 1 Zoll | 1 Monitor\/defibrillator | 2025-04-12 | N/A |
| ZOLL Defibrillator / Monitor X Series has a default (1) supervisor password and (2) service password, which allows physically proximate attackers to modify device configuration and cause a denial of service (adverse human health effects). | ||||
| CVE-2013-7397 | 2 Async-http-client Project, Redhat | 5 Async-http-client, Jboss Bpms, Jboss Brms and 2 more | 2025-04-12 | N/A |
| Async Http Client (aka AHC or async-http-client) before 1.9.0 skips X.509 certificate verification unless both a keyStore location and a trustStore location are explicitly set, which allows man-in-the-middle attackers to spoof HTTPS servers by presenting an arbitrary certificate during use of a typical AHC configuration, as demonstrated by a configuration that does not send client certificates. | ||||
| CVE-2013-7398 | 2 Async-http-client Project, Redhat | 5 Async-http-client, Jboss Bpms, Jboss Brms and 2 more | 2025-04-12 | N/A |
| main/java/com/ning/http/client/AsyncHttpClientConfig.java in Async Http Client (aka AHC or async-http-client) before 1.9.0 does not require a hostname match during verification of X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate. | ||||
| CVE-2013-7401 | 1 C-icap Project | 1 C-icap | 2025-04-12 | N/A |
| The parse_request function in request.c in c-icap 0.2.x allows remote attackers to cause a denial of service (crash) via a URI without a " " or "?" character in an ICAP request, as demonstrated by use of the OPTIONS method. | ||||
| CVE-2013-7402 | 1 C-icap Project | 1 C-icap | 2025-04-12 | N/A |
| Multiple unspecified vulnerabilities in request.c in c-icap 0.2.x allow remote attackers to cause a denial of service (crash) via a crafted ICAP request. | ||||
| CVE-2013-7404 | 1 Gehealthcare | 1 Discovery Nm 750b | 2025-04-12 | N/A |
| GE Healthcare Discovery NM 750b has a password of 2getin for the insite account for (1) Telnet and (2) FTP, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. | ||||
| CVE-2013-7405 | 1 Gehealthcare | 1 Centricity Dms | 2025-04-12 | N/A |
| The Ad Hoc Reporting feature in GE Healthcare Centricity DMS 4.2 has a password of Never!Mind for the Administrator user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. | ||||
| CVE-2013-7406 | 1 Mrbs Project | 1 Mrbs | 2025-04-12 | N/A |
| SQL injection vulnerability in the MRBS module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2013-7407 | 1 Drupal | 1 Mrbs Module | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the MRBS module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2013-7408 | 1 F5 | 1 Big-ip Analytics | 2025-04-12 | N/A |
| F5 BIG-IP Analytics 11.x before 11.4.0 uses a predictable session cookie, which makes it easier for remote attackers to have unspecified impact by guessing the value. | ||||
| CVE-2013-7409 | 1 Allplayer | 1 Allplayer | 2025-04-12 | N/A |
| Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a .m3u (playlist) file. | ||||
| CVE-2013-7416 | 1 Canto | 1 Canto Curses | 2025-04-12 | N/A |
| canto_curses/guibase.py in Canto Curses before 0.9.0 allows remote feed servers to execute arbitrary commands via shell metacharacters in a URL in a feed. | ||||