Export limit exceeded: 363281 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363281 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363281 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-3519 1 Vmware 5 Esx, Esxi, Fusion and 2 more 2025-04-11 N/A
lgtosync.sys in VMware Workstation 9.x before 9.0.3, VMware Player 5.x before 5.0.3, VMware Fusion 5.x before 5.0.4, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1, when a 32-bit Windows guest OS is used, allows guest OS users to gain guest OS privileges via an application that performs a crafted memory allocation.
CVE-2013-3520 1 Vmware 1 Vcenter Chargeback Manager 2025-04-11 N/A
VMware vCenter Chargeback Manager (aka CBM) before 2.5.1 does not proper handle uploads, which allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2013-3522 1 Vbulletin 1 Vbulletin 2025-04-11 N/A
SQL injection vulnerability in index.php/ajax/api/reputation/vote in vBulletin 5.0.0 Beta 11, 5.0.0 Beta 28, and earlier allows remote authenticated users to execute arbitrary SQL commands via the nodeid parameter.
CVE-2013-3523 1 Gajennings 1 This 2025-04-11 N/A
SQL injection vulnerability in This HTML Is Simple (THIS) before 1.2.4 allows remote to execute arbitrary SQL commands via vectors related to op=page&id= in the URL.
CVE-2013-3524 1 Simpilotgroup 1 Pop Up News 2025-04-11 N/A
SQL injection vulnerability in popupnewsitem/ in the Pop Up News module 2.0 and possibly earlier for phpVMS allows remote attackers to execute arbitrary SQL commands via the itemid parameter. NOTE: this was originally reported as a problem in phpVMS.
CVE-2013-3525 1 Bestpractical 1 Request Tracker 2025-04-11 N/A
SQL injection vulnerability in Approvals/ in Request Tracker (RT) 4.0.10 and earlier allows remote attackers to execute arbitrary SQL commands via the ShowPending parameter. NOTE: the vendor disputes this issue, stating "We were unable to replicate it, and the individual that reported it retracted their report," and "we had verified that the claimed exploit did not function according to the author's claims.
CVE-2013-3526 2 Wordpress, Wptrafficanalyzer 2 Wordpress, Trafficanalyzer 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in js/ta_loaded.js.php in the Traffic Analyzer plugin, possibly 3.3.2 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the aoid parameter.
CVE-2013-3527 1 Vanillaforums 1 Vanilla 2025-04-11 N/A
Multiple SQL injection vulnerabilities in Vanilla Forums before 2.0.18.8 allow remote attackers to execute arbitrary SQL commands via the parameter name in the Form/Email array to (1) entry/signin or (2) entry/passwordrequest.
CVE-2013-3528 1 Vanillaforums 1 Vanilla 2025-04-11 N/A
Unspecified vulnerability in the update check in Vanilla Forums before 2.0.18.8 has unspecified impact and remote attack vectors, related to "object injection."
CVE-2013-3529 2 Smartypantsplugins, Wordpress 2 Wp-funeral-press, Wordpress 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in user/obits.php in the WP FuneralPress plugin before 1.1.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) message, (2) photo-message, or (3) youtube-message parameter.
CVE-2013-3530 2 Fabricio Zuardi, Wordpress 2 Xspf Player Plugin, Wordpress 2025-04-11 N/A
SQL injection vulnerability in playlist.php in the Spiffy XSPF Player plugin 0.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the playlist_id parameter.
CVE-2013-3531 1 Radiocms 1 Radiocms 2025-04-11 N/A
SQL injection vulnerability in meneger.php in RadioCMS 2.2 allows remote attackers to execute arbitrary SQL commands via the playlist_id parameter.
CVE-2013-3532 2 Webdorado, Wordpress 2 Spider Video Player, Wordpress 2025-04-11 N/A
SQL injection vulnerability in settings.php in the Web Dorado Spider Video Player plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the theme parameter.
CVE-2013-3533 1 Virtualaccess 1 Virtual Access Monitor 2025-04-11 N/A
Multiple SQL injection vulnerabilities in Virtual Access Monitor 3.10.17 and earlier allow attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-3534 2 Algisinfo, Joomla 2 Aicontactsafe, Joomla\! 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the aiContactSafe component before 2.0.21 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-3572 1 Ui 1 Unifi Controller 2025-04-11 6.1 Medium
Cross-site scripting (XSS) vulnerability in the administer interface in the UniFi Controller in Ubiquiti Networks UniFi 2.3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted client hostname.
CVE-2013-3535 1 Themelogik 1 Cmslogik 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in CMSLogik 1.2.0 and 1.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_email, (2) header_title, (3) site_title parameter to admin/settings; (4) recaptcha_private or (5) recaptcha_public parameter to admin/captcha_settings; (6) fb_appid, (7) fp_secret, (8) tw_consumer_key, or (9) tw_consumer_secret parameter to admin/social_settings; (10) slug parameter to admin/gallery/save_item_settings; or (11) item_link parameter to admin/edit_menu_item_ajax. NOTE: this issue might be resultant from CSRF.
CVE-2013-3536 1 Whmcs 2 Group Pay, Whmcs 2025-04-11 N/A
SQL injection vulnerability in the gp_LoadUserFromHash function in functions_hash.php in the Group Pay module 1.5 and earlier for WHMCS allows remote attackers to execute arbitrary SQL commands via the hash parameter.
CVE-2013-3537 1 Wesley Destailleur 1 Todoo Forum 2025-04-11 N/A
Multiple SQL injection vulnerabilities in todooforum.php in Todoo Forum 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) id_post or (2) pg parameter.
CVE-2013-3538 1 Wesley Destailleur 1 Todoo Forum 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in todooforum.php in Todoo Forum 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id_post or (2) pg parameter.