Export limit exceeded: 363281 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363281 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-3633 1 Siemens 7 Scalance X200-4p Irt, Scalance X200irt Firmware, Scalance X201-3p Irt and 4 more 2025-04-11 N/A
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (Versions < V5.0.0 for CVE-2013-3633 and versions < V4.5.0 for CVE-2013-3634), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.1.0). The user privileges for the web interface are only enforced on client side and not properly verified on server side. Therefore, an attacker is able to execute privileged commands using an unprivileged account.
CVE-2013-3634 1 Siemens 7 Scalance X200-4p Irt, Scalance X200irt Firmware, Scalance X201-3p Irt and 4 more 2025-04-11 N/A
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (Versions < V5.0.0 for CVE-2013-3633 and versions < V4.5.0 for CVE-2013-3634), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.1.0). The implementation of SNMPv3 does not check the user credentials sufficiently. Therefore, an attacker is able to execute SNMP commands without correct credentials.
CVE-2013-3639 1 Xaraya 1 Xaraya 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Xaraya 2.4.0-b1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) interface, (3) name, or (4) tabmodule parameter to index.php.
CVE-2013-3640 1 Filemaker 2 Filemaker Pro, Filemaker Pro Advanced 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Instant Web Publish function in FileMaker Pro before 12 and Pro Advanced before 12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-3641 1 Pizzahut 1 Pizza Hut Japan Official Order Application 2025-04-11 N/A
The Pizza Hut Japan Official Order application before 1.1.1.a for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2013-3642 2 Adgjm, Google 2 Angel Browser, Android 2025-04-11 N/A
The Angel Browser application 1.47b and earlier for Android 1.6 through 2.1, 1.62b and earlier for Android 2.2 through 2.3.4, 1.68b and earlier for Android 3.0 through 4.0.3, and 1.76b and earlier for Android 4.1 through 4.2 does not properly implement the WebView class, which allows attackers to obtain sensitive information via a crafted application.
CVE-2013-3643 1 Adgjm 1 Galapagos Browser 2025-04-11 N/A
The Galapagos Browser application for Android does not properly implement the WebView class, which allows attackers to obtain sensitive information via a crafted application.
CVE-2013-3644 1 Justsystems 4 Ichitaro, Ichitaro Just School, Ichitaro Portable and 1 more 2025-04-11 N/A
Unspecified vulnerability in JustSystems Ichitaro 2006 through 2013; Ichitaro Pro through 2; Ichitaro Government 6, 7, and 2006 through 2010; Ichitaro Portable with oreplug; Ichitaro Viewer; and Ichitaro JUST School through 2010 allows remote attackers to execute arbitrary code via a crafted document.
CVE-2013-3645 1 Orchardproject 1 Orchard 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Orchard.Comments module in Orchard before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-3646 1 Cybozu 1 Cybozu Live 2025-04-11 N/A
The Cybozu Live application before 2.0.1 for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site. NOTE: this vulnerability exists because of a CVE-2012-4008 regression.
CVE-2013-3647 1 Cybozu 1 Cybozu Live 2025-04-11 N/A
The WebView class in the Cybozu Live application before 2.0.1 for Android allows attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL. NOTE: this vulnerability exists because of a CVE-2012-4009 regression.
CVE-2013-3648 2 Kent-web, Microsoft 2 Post-mail, Internet Explorer 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in KENT-WEB POST-MAIL before 6.7, when Internet Explorer 7 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an unspecified form field.
CVE-2013-3649 2 Kent-web, Microsoft 2 Clip-mail, Internet Explorer 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in KENT-WEB CLIP-MAIL before 3.4, when Internet Explorer 7 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an unspecified form field.
CVE-2013-3650 1 Lockon 1 Ec-cube 2025-04-11 N/A
Directory traversal vulnerability in the lfCheckFileName function in data/class/pages/LC_Page_ResizeImage.php in LOCKON EC-CUBE before 2.12.5 allows remote attackers to read arbitrary image files via vectors involving the image parameter to resize_image.php, a different vulnerability than CVE-2013-3654.
CVE-2013-3651 1 Lockon 1 Ec-cube 2025-04-11 N/A
LOCKON EC-CUBE 2.11.2 through 2.12.4 allows remote attackers to conduct unspecified PHP code-injection attacks via a crafted string, related to data/class/SC_CheckError.php and data/class/SC_FormParam.php.
CVE-2013-3652 1 Lockon 1 Ec-cube 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in data/class/pages/products/LC_Page_Products_List.php in LOCKON EC-CUBE 2.11.0 through 2.12.4 allows remote attackers to inject arbitrary web script or HTML via vectors involving the classcategory_id2 field, a different vulnerability than CVE-2013-3653.
CVE-2013-3653 1 Lockon 1 Ec-cube 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the RecommendSearch feature in the management screen in LOCKON EC-CUBE before 2.12.5 allow remote attackers to inject arbitrary web script or HTML via vectors involving the rank parameter, a different vulnerability than CVE-2013-3652.
CVE-2013-3654 1 Lockon 1 Ec-cube 2025-04-11 N/A
Directory traversal vulnerability in LOCKON EC-CUBE 2.12.0 through 2.12.4 allows remote attackers to read arbitrary image files via vectors related to data/class/SC_CheckError.php and data/class/SC_FormParam.php, a different vulnerability than CVE-2013-3650.
CVE-2013-3655 1 Sharp 2 Aquos Hn-pp150, Aquos Hn-pp150 Firmware 2025-04-11 N/A
The Sharp AQUOS PhotoPlayer HN-PP150 with firmware before 1.04.00.04 allows remote attackers to cause a denial of service (networking outage) via crafted packet data.
CVE-2013-3656 1 Cybozu 1 Cybozu Office 2025-04-11 N/A
Cybozu Office 9.1.0 and earlier does not properly manage sessions, which allows remote attackers to bypass authentication by leveraging knowledge of a login URL.