Export limit exceeded: 366624 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366624 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-3089 | 1 Belkin | 2 N300, N300 Firmware | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in apply.cgi in Belkin N300 (F7D7301v1) router allows remote attackers to hijack the authentication of administrators for requests that modify configuration. | ||||
| CVE-2013-3092 | 1 Belkin | 2 N300, N300 Firmware | 2025-04-12 | N/A |
| The Belkin N300 (F7D7301v1) router allows remote attackers to bypass authentication and gain privileges via vectors related to incorrect validation of the HTTP Authorization header. | ||||
| CVE-2013-3213 | 1 Vtiger | 1 Vtiger Crm | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in vTiger CRM 5.0.0 through 5.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) picklist_name parameter in the get_picklists method to soap/customerportal.php, (2) where parameter in the get_tickets_list method to soap/customerportal.php, or (3) emailaddress parameter in the SearchContactsByEmail method to soap/vtigerolservice.php; or remote authenticated users to execute arbitrary SQL commands via the (4) emailaddress parameter in the SearchContactsByEmail method to soap/thunderbirdplugin.php. | ||||
| CVE-2013-3249 | 1 Solarwinds | 1 Dameware Remote Support | 2025-04-12 | N/A |
| Stack-based buffer overflow in the "Add from text file" feature in the DameWare Exporter tool (DWExporter.exe) in DameWare Remote Support 10.0.0.372, 9.0.1.247, and earlier allows user-assisted attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2013-3257 | 1 Zemanta | 1 Related Posts | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Related Posts plugin before 2.7.2 for WordPress allows remote attackers to hijack the authentication of users for requests that modify settings via unspecified vectors. | ||||
| CVE-2013-3258 | 1 Bufferapp | 1 Digg Digg | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in he Digg Digg plugin before 5.3.5 for WordPress allows remote attackers to hijack the authentication of users for requests that modify settings via unspecified vectors. | ||||
| CVE-2013-3259 | 1 Inmatrix | 1 Zoom Player | 2025-04-12 | N/A |
| Stack-based buffer overflow in INMATRIX Zoom Player before 8.7 beta 11 allows remote attackers to execute arbitrary code via a large biClrUsed value in a BMP file. | ||||
| CVE-2013-3252 | 1 Lesterchan | 1 Wp-postviews | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the options admin page in the WP-PostViews plugin before 1.63 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors. | ||||
| CVE-2013-3295 | 1 Exponentcms | 1 Exponent Cms | 2025-04-12 | N/A |
| Directory traversal vulnerability in install/popup.php in Exponent CMS before 2.2.0 RC1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. | ||||
| CVE-2013-3304 | 1 Dell | 1 Equallogic Ps4000 Firmware | 2025-04-12 | N/A |
| Directory traversal vulnerability in Dell EqualLogic PS4000 with firmware 6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI. | ||||
| CVE-2013-3476 | 1 Zemanta | 1 Related Posts | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the WordPress Related Posts plugin before 2.6.2 for WordPress allows remote attackers to hijack the authentication of users for requests that change settings via unspecified vectors. | ||||
| CVE-2013-3477 | 1 Zemanta | 1 Related Posts | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Related Posts by Zemanta plugin before 1.3.2 for WordPress allows remote attackers to hijack the authentication of unspecified users for requests that change settings via unknown vectors. | ||||
| CVE-2013-3478 | 1 Apptha | 1 Video Gallery Plugin | 2025-04-12 | N/A |
| SQL injection vulnerability in Apptha WordPress Video Gallery 2.0, 1.6, and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the playid parameter to index.php. | ||||
| CVE-2013-3481 | 1 B-e-soft | 2 Artweaver Free, Artweaver Plus | 2025-04-12 | N/A |
| Stack-based buffer overflow in Artweaver Plus and Free before 3.1.5 allows remote attackers to execute arbitrary code via a crafted JPG image file. | ||||
| CVE-2013-3487 | 2 Ait-pro, Wordpress | 2 Bulletproof-security, Wordpress | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the security log in the BulletProof Security plugin before .49 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified HTML header fields to (1) 400.php, (2) 403.php, or (3) 403.php. | ||||
| CVE-2013-3514 | 1 Openx | 1 Openx | 2025-04-12 | N/A |
| Multiple directory traversal vulnerabilities in OpenX before 2.8.10 revision 82710 allow remote administrators to read arbitrary files via a .. (dot dot) in the group parameter to (1) plugin-preferences.php or (2) plugin-settings.php in www/admin, a different vulnerability than CVE-2013-7376. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to read arbitrary files. | ||||
| CVE-2013-3571 | 1 Dest-unreach | 1 Socat | 2025-04-12 | N/A |
| socat 1.2.0.0 before 1.7.2.2 and 2.0.0-b1 before 2.0.0-b6, when used for a listen type address and the fork option is enabled, allows remote attackers to cause a denial of service (file descriptor consumption) via multiple request that are refused based on the (1) sourceport, (2) lowport, (3) range, or (4) tcpwrap restrictions. | ||||
| CVE-2013-3588 | 1 Zyxel | 11 P-660h-61, P-660h-63, P-660h-67 and 8 more | 2025-04-12 | N/A |
| The web management interface on Zyxel P660 devices allows remote attackers to cause a denial of service (reboot) via a flood of TCP SYN packets. | ||||
| CVE-2013-3632 | 1 Openmediavault | 1 Openmediavault | 2025-04-12 | 8.8 High |
| The Cron service in rpc.php in OpenMediaVault allows remote authenticated users to execute cron jobs as arbitrary users and execute arbitrary commands via the username parameter. | ||||
| CVE-2013-3662 | 1 Google | 1 Sketchup | 2025-04-12 | N/A |
| Timbre SketchUp (formerly Google SketchUp) before 8 Maintenance 2 allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers a stack-based buffer overflow. | ||||