Export limit exceeded: 363327 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363327 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-3590 | 1 Searchblox | 1 Searchblox | 2025-04-11 | N/A |
| Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 7.5 build 1 allows remote attackers to execute arbitrary code by uploading an executable file with the image/jpeg content type, and then accessing this file via unspecified vectors, as demonstrated by access to a JSP file. | ||||
| CVE-2013-3593 | 1 Baramundi | 1 Management Suite | 2025-04-11 | N/A |
| Baramundi Management Suite 7.5 through 8.9 uses cleartext for (1) client-server communication and (2) data storage, which allows remote attackers to obtain sensitive information by sniffing the network, and allows context-dependent attackers to obtain sensitive information by reading a file. | ||||
| CVE-2013-3594 | 1 Dell | 3 Powerconnect 3348, Powerconnect 3524p, Powerconnect 5324 | 2025-04-11 | N/A |
| The SSH service on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote attackers to cause a denial of service (device reset) or possibly execute arbitrary code by sending many packets to TCP port 22. | ||||
| CVE-2013-3595 | 1 Dell | 3 Powerconnect 3348, Powerconnect 3524p, Powerconnect 5324 | 2025-04-11 | N/A |
| The OpenManage web application 2.5 build 1.19 on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote authenticated users to cause a denial of service (device reset) via a direct request to an unspecified OSPF URL. | ||||
| CVE-2013-3596 | 1 Advanceprotech | 1 Advanceware | 2025-04-11 | N/A |
| AdvancePro Advanceware allows remote authenticated users to obtain sensitive information about arbitrary customers' orders via a modified id parameter. | ||||
| CVE-2013-3597 | 1 Searchblox | 1 Searchblox | 2025-04-11 | N/A |
| servlet/CollectionListServlet in SearchBlox before 7.5 build 1 allows remote attackers to read usernames and passwords via a getList action. | ||||
| CVE-2013-3599 | 1 Trivantis | 1 Coursemill Learning Management System | 2025-04-11 | N/A |
| userlogin.jsp in Coursemill Learning Management System (LMS) 6.6 and 6.8 allows remote attackers to gain privileges via a modified user-role value to home.html. | ||||
| CVE-2013-3600 | 1 Trivantis | 1 Coursemill Learning Management System | 2025-04-11 | N/A |
| Coursemill Learning Management System (LMS) 6.6 allows remote authenticated users to gain privileges via a modified userid value to unspecified functions. | ||||
| CVE-2013-3601 | 1 Trivantis | 1 Coursemill Learning Management System | 2025-04-11 | N/A |
| Coursemill Learning Management System (LMS) 6.6 does not properly restrict JSP function calls, which allows remote authenticated users to perform arbitrary JSP operations by leveraging the Student role and providing an op parameter. | ||||
| CVE-2013-3602 | 1 Trivantis | 1 Coursemill Learning Management System | 2025-04-11 | N/A |
| SQL injection vulnerability in admindocumentworker.jsp in Coursemill Learning Management System (LMS) 6.6 allows remote authenticated users to execute arbitrary SQL commands via the docID parameter. | ||||
| CVE-2013-3603 | 1 Trivantis | 1 Coursemill Learning Management System | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in Coursemill Learning Management System (LMS) 6.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages. | ||||
| CVE-2013-3604 | 1 Trivantis | 1 Coursemill Learning Management System | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Coursemill Learning Management System (LMS) 6.6 allow remote attackers to inject arbitrary web script or HTML via crafted input. | ||||
| CVE-2013-3605 | 1 Trivantis | 1 Coursemill Learning Management System | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Coursemill Learning Management System (LMS) 6.6 allows remote attackers to hijack the authentication of arbitrary users via vectors related to cookies. | ||||
| CVE-2013-3606 | 1 Dell | 3 Powerconnect 3348, Powerconnect 3524p, Powerconnect 5324 | 2025-04-11 | N/A |
| The login page in the GoAhead web server on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote attackers to cause a denial of service (device outage) via a long username. | ||||
| CVE-2013-3626 | 1 Attachmate | 1 Verastream Host Integrator | 2025-04-11 | N/A |
| Directory traversal vulnerability in the Session Server in Attachmate Verastream Host Integrator (VHI) 6.0 through 7.5 SP 1 HF 1 allows remote attackers to upload and execute arbitrary files via a crafted message. | ||||
| CVE-2013-3607 | 1 Supermicro | 133 H8dcl-6f, H8dcl-if, H8dct-hibqf and 130 more | 2025-04-11 | N/A |
| Multiple stack-based buffer overflows in the web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allow remote attackers to execute arbitrary code on the Baseboard Management Controller (BMC), as demonstrated by the (1) username or (2) password field in login.cgi. | ||||
| CVE-2013-3608 | 1 Supermicro | 133 H8dcl-6f, H8dcl-if, H8dct-hibqf and 130 more | 2025-04-11 | N/A |
| The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allows remote authenticated users to execute arbitrary commands via shell metacharacters, as demonstrated by the IP address field in config_date_time.cgi. | ||||
| CVE-2013-3609 | 1 Supermicro | 133 H8dcl-6f, H8dcl-if, H8dct-hibqf and 130 more | 2025-04-11 | N/A |
| The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices relies on JavaScript code on the client for authorization checks, which allows remote authenticated users to bypass intended access restrictions via a crafted request, related to the PrivilegeCallBack function. | ||||
| CVE-2013-3610 | 1 Asus | 2 Rt-n10e, Rt-n10e Firmware | 2025-04-11 | N/A |
| qis/QIS_finish.htm on the ASUS RT-N10E router with firmware before 2.0.0.25 does not require authentication, which allows remote attackers to discover the administrator password via a direct request. | ||||
| CVE-2013-3612 | 1 Dahuasecurity | 65 Dvr0404hd-a, Dvr0404hd-l, Dvr0404hd-s and 62 more | 2025-04-11 | N/A |
| Dahua DVR appliances have a hardcoded password for (1) the root account and (2) an unspecified "backdoor" account, which makes it easier for remote attackers to obtain administrative access via authorization requests involving (a) ActiveX, (b) a standalone client, or (c) unknown other vectors. | ||||