Export limit exceeded: 363504 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363504 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-7175 | 1 Avanset | 1 Visual Certexam Manager | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in Avanset Visual CertExam Manager 3.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) Title, (2) File name, or (3) Candidate Name field. | ||||
| CVE-2013-7176 | 1 Fail2ban | 1 Fail2ban | 2025-04-11 | N/A |
| config/filter.d/postfix.conf in the postfix filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression. | ||||
| CVE-2013-7177 | 1 Fail2ban | 1 Fail2ban | 2025-04-11 | N/A |
| config/filter.d/cyrus-imap.conf in the cyrus-imap filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression. | ||||
| CVE-2013-7179 | 1 Seowonintech | 1 Swc-9100 | 2025-04-11 | N/A |
| The ping functionality in cgi-bin/diagnostic.cgi on Seowon Intech SWC-9100 routers allows remote attackers to execute arbitrary commands via shell metacharacters in the ping_ipaddr parameter. | ||||
| CVE-2013-7181 | 1 Fortinet | 1 Fortiweb | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in user/ldap_user/add in Fortinet FortiOS 5.0.3 allows remote attackers to inject arbitrary web script or HTML via the filter parameter. | ||||
| CVE-2013-7182 | 1 Fortinet | 1 Fortios | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in firewall/schedule/recurrdlg in Fortinet FortiOS 5.0.5 allows remote attackers to inject arbitrary web script or HTML via the mkey parameter. | ||||
| CVE-2013-7183 | 1 Seowonintech | 1 Swc-9100 | 2025-04-11 | N/A |
| cgi-bin/reboot.cgi on Seowon Intech SWC-9100 routers allows remote attackers to (1) cause a denial of service (reboot) via a default_reboot action or (2) reset all configuration values via a factory_default action. | ||||
| CVE-2013-7184 | 1 Gomlab | 1 Gom Player | 2025-04-11 | N/A |
| Gretech GOM Media Player 2.2.56.5158 and earlier allows remote attackers to cause a denial of service (memory corruption) via a crafted AVI file. | ||||
| CVE-2013-7186 | 1 Steinberg | 1 Mymp3pro | 2025-04-11 | N/A |
| Buffer overflow in Steinberg MyMp3PRO 5.0 (Build 5.1.0.21) allows remote attackers to execute arbitrary code via a long string in a .m3u file. | ||||
| CVE-2013-7187 | 1 Ncrafts | 1 Formcraft | 2025-04-11 | N/A |
| SQL injection vulnerability in form.php in the FormCraft plugin 1.3.7 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2013-7188 | 1 Hostbillapp | 1 Hostbill | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in KBKP Software HostBill before 2013-12-14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2013-7189 | 1 Iscripts | 1 Autohoster | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to execute arbitrary SQL commands via the cmbdomain parameter to (1) checktransferstatus.php, (2) checktransferstatusbck.php, or (3) additionalsettings.php; or (4) invno parameter to payinvoiceothers.php. | ||||
| CVE-2013-7190 | 1 Iscripts | 1 Autohoster | 2025-04-11 | N/A |
| Multiple directory traversal vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to read arbitrary files via the (1) tmpid parameter to websitebuilder/showtemplateimage.php, (2) fname parameter to admin/downloadfile.php, or (3) id parameter to support/admin/csvdownload.php; or (4) have an unspecified impact via unspecified vectors in support/parser/main_smtp.php. | ||||
| CVE-2013-7191 | 1 Tenmiles | 1 Helpdesk Pilot | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in Tenmiles Helpdesk Pilot allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI for a ticket. | ||||
| CVE-2013-7192 | 1 Etoshop | 1 Dynamic Biz Website Builder Quickweb | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in Dynamic Biz Website Builder (QuickWeb) allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to apps/news-events/newdetail.asp, or the (2) UserID or (3) Password to login.asp. | ||||
| CVE-2013-7193 | 1 Etoshop | 1 C2c Forward Auction Creator | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in C2C Forward Auction Creator 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) pa parameter to auction/asp/list.asp, or the (2) UserID or (3) Password to auction/casp/admin.asp. | ||||
| CVE-2013-7194 | 1 Efrontlearning | 1 Efront | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in www/administrator.php in eFront 3.6.14 (build 18012) allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) Last name, (2) Lesson name, or (3) Course name field. | ||||
| CVE-2013-7204 | 1 Conceptronic | 2 Cipcamptiwl, Cipcamptiwl 1.0 Firmware | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in set_users.cgi in Conceptronic CIPCAMPTIWL Camera 1.0 with firmware 21.37.2.49 allows remote attackers to hijack the authentication of administrators for requests that add arbitrary users. | ||||
| CVE-2013-7205 | 1 Nagios | 1 Nagios | 2025-04-11 | N/A |
| Off-by-one error in the process_cgivars function in contrib/daemonchk.c in Nagios Core 3.5.1, 4.0.2, and earlier allows remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list, which triggers a heap-based buffer over-read. | ||||
| CVE-2013-7209 | 1 Jforum | 1 Jforum | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in admBase/login.page in the Admin module in JForum allows remote attackers to hijack the authentication of administrators for requests that change the user group permissions of arbitrary users via a groupsSave action. | ||||