Export limit exceeded: 363677 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363677 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363677 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-6077 1 Citrix 1 Xendesktop 2025-04-11 N/A
Citrix XenDesktop 7.0, when upgraded from XenDesktop 5.x, does not properly enforce policy rule permissions, which allows remote attackers to bypass intended restrictions.
CVE-2013-6079 1 Mostgear 1 Easy Lan Folder Share 2025-04-11 N/A
Buffer overflow in MostGear Soft Easy LAN Folder Share 3.2.0.100 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string in the (1) registration code field in the activate license window or the (2) HKLM\SOFTWARE\MostGear\EasyLanFolderShare_V1\License registry key. NOTE: it is not clear from the original report whether this issue crosses privilege boundaries. If not, then it should not be included in CVE.
CVE-2013-6111 1 Modpagespeed 1 Mod Pagespeed 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.x, 1.0.22.7, 1.1.x, 1.24.1, 1.3.25.1 through 1.3.25.4, 1.4.26.1 through 1.4.26.4, 1.5.27.1 through 1.5.27.3, and 1.6.29.1 through 1.6.29.6 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-6114 1 Apple 1 Motion 2025-04-11 N/A
Integer overflow in the OZDocument::parseElement function in Apple Motion 5.0.7 allows remote attackers to cause a denial of service (application crash) via a (1) large or (2) small value in the subview attribute of a viewer element in a .motn file.
CVE-2013-6122 1 Qualcomm 1 Quic Mobile Station Modem Kernel 2025-04-11 N/A
goodix_tool.c in the Goodix gt915 touchscreen driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly synchronize updates to a global variable, which allows local users to bypass intended access restrictions or cause a denial of service (memory corruption) via crafted arguments to the procfs write handler.
CVE-2013-6123 2 Codeaurora, Qualcomm 2 Android-msm, Quic Mobile Station Modem Kernel 2025-04-11 N/A
Multiple array index errors in drivers/media/video/msm/server/msm_cam_server.c in the MSM camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to gain privileges by leveraging camera device-node access, related to the (1) msm_ctrl_cmd_done, (2) msm_ioctl_server, and (3) msm_server_send_ctrl functions.
CVE-2013-6127 1 Wellintech 1 Kingview 2025-04-11 N/A
The SUPERGRIDLib.SuperGrid ActiveX control in SuperGrid.ocx before 65.30.30000.10002 in WellinTech KingView before 6.53 does not properly restrict ReplaceDBFile method calls, which allows remote attackers to create or overwrite arbitrary files, and subsequently execute arbitrary programs, via the two pathname arguments, as demonstrated by a directory traversal attack.
CVE-2013-6128 1 Wellintech 1 Kingview 2025-04-11 N/A
The KCHARTXYLib.KChartXY ActiveX control in KChartXY.ocx before 65.30.30000.10002 in WellinTech KingView before 6.53 does not properly restrict SaveToFile method calls, which allows remote attackers to create or overwrite arbitrary files, and subsequently execute arbitrary programs, via the single pathname argument, as demonstrated by a directory traversal attack.
CVE-2013-6129 1 Vbulletin 1 Vbulletin 2025-04-11 N/A
The install/upgrade.php scripts in vBulletin 4.1 and 5 allow remote attackers to create administrative accounts via the customerid, htmldata[password], htmldata[confirmpassword], and htmldata[email] parameters, as exploited in the wild in October 2013.
CVE-2013-6141 1 Op5 1 Monitor 2025-04-11 N/A
Unspecified vulnerability in op5 Monitor before 6.1.3 allows attackers to read arbitrary files via unknown vectors related to lack of authorization.
CVE-2013-6142 1 Aveva 1 Clearscada 2025-04-11 N/A
DNP3Driver.exe in the DNP3 driver in Schneider Electric ClearSCADA 2010 R2 through 2010 R3.1 and SCADA Expert ClearSCADA 2013 R1 through 2013 R1.2 allows remote attackers to cause a denial of service (resource consumption) via IP packets containing errors that trigger event-journal messages.
CVE-2013-6143 1 Schneider-electric 1 Telvent Sage 3030 Firmware 2025-04-11 N/A
The Schneider Electric Telvent SAGE 3030 RTU with firmware C3413-500-001D3_P4 and C3413-500-001F0_PB allows remote attackers to cause a denial of service (temporary outage and CPU consumption) via malformed DNP3 traffic.
CVE-2013-6162 1 Code-crafters 1 Ability Mail Server 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Code-Crafters Ability Mail Server 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the body of an email.
CVE-2013-6163 1 Projeqtor 1 Projeqtor 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in ProjeQtOr (formerly Project'Or RIA) before 4.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) type parameter to view/parameter.php, (2) p1value parameter to view/main.php, or (3) objectClass parameter to view/objectDetail.php.
CVE-2013-6164 1 Projeqtor 1 Projeqtor 2025-04-11 N/A
SQL injection vulnerability in view/objectDetail.php in Project'Or RIA 3.4.0 allows remote attackers to execute arbitrary SQL commands via the objectId parameter.
CVE-2013-6166 1 Google 1 Chrome 2025-04-11 N/A
Google Chrome before 29 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed cookie within an HTTP response.
CVE-2013-6167 1 Mozilla 1 Firefox 2025-04-11 N/A
Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed cookie within an HTTP response.
CVE-2013-6168 1 Zikula 1 Zikula Application Framework 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Zikula Application Framework before 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the returnpage parameter to index.php.
CVE-2013-6169 1 Process-one 1 Ejabberd 2025-04-11 N/A
The TLS driver in ejabberd before 2.1.12 supports (1) SSLv2 and (2) weak SSL ciphers, which makes it easier for remote attackers to obtain sensitive information via a brute-force attack.
CVE-2013-6170 1 Juniper 1 Junos 2025-04-11 N/A
Juniper Junos 10.0 before 10.0S28, 10.4 before 10.4R7, 11.1 before 11.1R5, 11.2 before 11.2R2, and 11.4 before 11.4R1, when in a Next-Generation Multicast VPN (NGEN MVPN) environment, allows remote attackers to cause a denial of service (RPD routing daemon crash) via a large number of crafted PIM (S,G) join requests.