Export limit exceeded: 363303 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363303 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-5968 | 2 Broadcom, Ca | 2 Siteminder, Web Agents | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in CA SiteMinder 12.0 through 12.51, and SiteMinder 6 Web Agents, allows remote attackers to inject arbitrary web script or HTML via vectors involving a " (double quote) character. | ||||
| CVE-2013-5960 | 1 Owasp | 1 Enterprise Security Api | 2025-04-11 | N/A |
| The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API (ESAPI) for Java 2.x before 2.1.0.1 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryptographic protection mechanisms via an attack against the intended cipher mode in a non-default configuration, a different vulnerability than CVE-2013-5679. | ||||
| CVE-2013-5961 | 2 Danny Morris, Wordpress | 2 Lazy Seo, Wordpress | 2025-04-11 | N/A |
| Unrestricted file upload vulnerability in lazyseo.php in the Lazy SEO plugin 1.1.9 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in lazy-seo/. | ||||
| CVE-2013-5962 | 1 Envato | 1 Complete Gallery Manager Plugin | 2025-04-11 | N/A |
| Unrestricted file upload vulnerability in frames/upload-images.php in the Complete Gallery Manager plugin before 3.3.4 rev40279 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/[year]/[month]/. | ||||
| CVE-2013-5963 | 2 Cdsincdesign, Wordpress | 2 Simple Dropbox Upload Form, Wordpress | 2025-04-11 | N/A |
| Unrestricted file upload vulnerability in multi.php in Simple Dropbox Upload plugin before 1.8.8.1 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/wpdb/. | ||||
| CVE-2013-5964 | 2 Drupal, Joachim Noreiko | 2 Drupal, Flag Module | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the administration page in the Flag module 7.x-3.x before 7.x-3.1 for Drupal allows remote authenticated users with the "Administer flags" permission to inject arbitrary web script or HTML via the flag title. | ||||
| CVE-2013-5965 | 2 Adcisolutions, Drupal | 2 Node View Permissions, Drupal | 2025-04-11 | N/A |
| The Node View Permissions module 7.x-1.x before 7.x-1.2 for Drupal does not properly implement the hook_query_alter function, which might allow remote attackers to obtain sensitive information by reading a node listing. | ||||
| CVE-2013-5966 | 1 Zkoss | 1 Zk Framework | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in ZK Framework before 5.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2013-5967 | 1 Alienvault | 1 Open Source Security Information Management | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.3 and earlier allow remote attackers to execute arbitrary SQL commands via the date_from parameter to (1) radar-iso27001-potential.php, (2) radar-iso27001-A12IS_acquisition-pot.php, (3) radar-iso27001-A11AccessControl-pot.php, (4) radar-iso27001-A10Com_OP_Mgnt-pot.php, or (5) radar-pci-potential.php in RadarReport/. | ||||
| CVE-2013-5971 | 1 Vmware | 1 Vcenter Server | 2025-04-11 | N/A |
| Session fixation vulnerability in the vSphere Web Client Server in VMware vCenter Server 5.0 before Update 3 allows remote attackers to hijack web sessions and gain privileges via unspecified vectors. | ||||
| CVE-2013-5972 | 1 Vmware | 2 Player, Workstation | 2025-04-11 | N/A |
| VMware Workstation 9.x before 9.0.3 and VMware Player 5.x before 5.0.3 on Linux do not properly handle shared libraries, which allows host OS users to gain host OS privileges via unspecified vectors. | ||||
| CVE-2013-5973 | 1 Vmware | 2 Esx, Esxi | 2025-04-11 | N/A |
| VMware ESXi 4.0 through 5.5 and ESX 4.0 and 4.1 allow local users to read or modify arbitrary files by leveraging the Virtual Machine Power User or Resource Pool Administrator role for a vCenter Server Add Existing Disk action with a (1) -flat, (2) -rdm, or (3) -rdmp filename. | ||||
| CVE-2013-5975 | 1 F5 | 1 Big-ip Access Policy Manager | 2025-04-11 | N/A |
| The access policy logon page (logon.inc) in F5 BIG-IP APM 11.1.0 through 11.2.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | ||||
| CVE-2013-5976 | 1 F5 | 1 Big-ip Access Policy Manager | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the access policy logout page (logout.inc) in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.1.0 through 11.3.0 allows remote attackers to inject arbitrary web script or HTML via the LastMRH_Session cookie. | ||||
| CVE-2013-5977 | 1 Cart66 | 1 Cart66 Lite Plugin | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Cart66Product.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allows remote attackers to hijack the authentication of administrators for requests that (1) create or modify products or conduct cross-site scripting (XSS) attacks via the (2) Product name or (3) Price description field in a product save action via a request to wp-admin/admin.php. | ||||
| CVE-2013-6002 | 1 Cybozu | 1 Garoon | 2025-04-11 | N/A |
| The server in Cybozu Garoon before 3.7 SP1 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. | ||||
| CVE-2013-5983 | 1 Guppy | 1 Guppy | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in GuppY before 4.6.28 allow remote attackers to inject arbitrary web script or HTML via the (1) "an" parameter to agenda.php or (2) cat parameter to mobile/thread.php. | ||||
| CVE-2013-5986 | 1 Nvidia | 1 Gpu Driver | 2025-04-11 | N/A |
| Unspecified vulnerability in NVIDIA graphics driver Release 331, 325, 319, 310, and 304 has unknown impact and attack vectors, a different vulnerability than CVE-2013-5987. | ||||
| CVE-2013-5987 | 2 Apple, Nvidia | 2 Mac Os X, Gpu Driver | 2025-04-11 | N/A |
| Unspecified vulnerability in NVIDIA graphics driver Release 331, 325, 319, 310, and 304 allows local users to bypass intended access restrictions for the GPU and gain privileges via unknown vectors. | ||||
| CVE-2013-5990 | 1 Justsystems | 4 Ichitaro, Ichitaro Portable With Oreplug, Ichitaro Pro and 1 more | 2025-04-11 | N/A |
| Unspecified vulnerability in JustSystems Ichitaro 2006 through 2011; Ichitaro Government 6, 7, and 2006 through 2010; Ichitaro 2011 Sou; Ichitaro 2012 Shou; Ichitaro 2013 Gen and Gen Trial Edition; Ichitaro Pro; Ichitaro Pro 2 and Pro 2 Trial Edition; Ichitaro Viewer; and Ichitaro Portable with oreplug allows remote attackers to execute arbitrary code via a crafted document. | ||||