Export limit exceeded: 363282 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363282 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-3248 1 Corel 1 Pdf Fusion 2025-04-11 N/A
Untrusted search path vulnerability in Corel PDF Fusion 1.11 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .pdf or .xps file.
CVE-2013-3250 1 Wordpress 1 Wp Maintenance Mode Plugin 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the WP Maintenance Mode plugin before 1.8.8 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that modify this plugin's settings.
CVE-2013-3253 2 Wordpress, Xhanch 2 Wordpress, My Twitter 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in admin/setting.php in the Xhanch - My Twitter plugin before 2.7.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change unspecified settings.
CVE-2013-3254 2 Wordpress, Wppa.opajaap 2 Wordpress, Wp-photo-album-plus 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in the WP Photo Album Plus plugin before 5.0.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the commentid parameter in a wppa_manage_comments edit action.
CVE-2013-3256 2 Shareaholic, Wordpress 2 Sexybookmarks, Wordpress 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the Shareaholic SexyBookmarks plugin 6.1.4.0 for WordPress allows remote attackers to hijack the authentication of users for requests that "manipulate plugin settings."
CVE-2013-3261 2 Photogallerycreator, Wordpress 2 Flash-album-gallery, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in the GRAND FlAGallery plugin before 2.72 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter in a flag-manage-gallery action.
CVE-2013-3262 2 Mikejolley, Wordpress 2 Download Monitor, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in admin/admin.php in the Download Monitor plugin before 3.3.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the p parameter.
CVE-2013-3263 1 Smackcoders 1 Wp Ultimate Email Marketer Plugin 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the WP Ultimate Email Marketer plugin 1.1.0 and possibly earlier for Wordpress allow remote attackers to inject arbitrary web script or HTML via the (1) siteurl parameter to campaign/campaignone.php; the (2) action, (3) campaignname, (4) campaignformat, or (5) emailtemplate parameter to campaign/campaigntwo.php; the (6) listid parameter to list/edit.php; the (7) campaignid or (8) siteurl parameter to campaign/editcampaign.php; the (9) campaignid parameter to campaign/selectlistb4send.php; the (10) campaignid, (11) campaignname, (12) campaignsubject, or (13) selectedcampaigns parameter to campaign/sendCampaign.php; or the (14) campaignid, (15) campaignname, (16) campaignformat, or (17) action parameter to campaign/updatecampaign.php.
CVE-2013-3264 1 Smackcoders 1 Wp Ultimate Email Marketer Plugin 2025-04-11 N/A
The WP Ultimate Email Marketer plugin 1.1.0 and possibly earlier for Wordpress does not properly restrict access to (1) list/edit.php and (2) campaign/editCampaign.php, which allows remote attackers to modify list or campaign data.
CVE-2013-3266 1 Freebsd 1 Freebsd 2025-04-11 N/A
The nfsrvd_readdir function in sys/fs/nfsserver/nfs_nfsdport.c in the new NFS server in FreeBSD 8.0 through 9.1-RELEASE-p3 does not verify that a READDIR request is for a directory node, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by specifying a plain file instead of a directory.
CVE-2013-3267 1 Joomla 1 Joomla\! 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the highlighter plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-3268 1 Novell 1 Imanager 2025-04-11 N/A
Novell iManager 2.7 before SP6 Patch 1 does not refresh a token after a logout action, which has unspecified impact and remote attack vectors.
CVE-2013-3269 1 Cybozu 1 Cybozu Office 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in Cybozu Office before 8.1.6 and 9.x before 9.3.0 allows remote attackers to hijack the authentication of arbitrary users for requests that change mobile passwords, a different vulnerability than CVE-2013-2305.
CVE-2013-3270 1 Emc 3 Celerra Control Station, Vnx, Vnx Control Station 2025-04-11 N/A
EMC VNX Control Station before 7.1.70.2 and Celerra Control Station before 6.0.70.1 have an incorrect group ownership for unspecified script files, which allows local users to gain privileges by leveraging nasadmin group membership.
CVE-2013-3271 1 Emc 1 Rsa Authentication Agent 2025-04-11 N/A
EMC RSA Authentication Agent for PAM 7.0 before 7.0.2.1 enforces the maximum number of login attempts within the PAM-enabled application codebase, instead of within the Agent codebase, which makes it easier for remote attackers to discover correct login credentials via a brute-force attack.
CVE-2013-3272 1 Emc 1 Replication Manager 2025-04-11 N/A
EMC Replication Manager (RM) before 5.4.4 places encoded passwords in application log files, which makes it easier for local users to obtain sensitive information by reading a file and conducting an unspecified decoding attack.
CVE-2013-3273 2 Emc, Rsa 2 Rsa Authentication Manager, Authentication Manager 2025-04-11 N/A
EMC RSA Authentication Manager 8.0 before P2 and 7.1 before SP4 P26, as used in Appliance 3.0, does not omit the cleartext administrative password from trace logging in custom SDK applications, which allows local users to obtain sensitive information by reading the trace log file.
CVE-2013-3274 1 Emc 2 Avamar Server, Avamar Server Virtual Edition 2025-04-11 N/A
EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly determine authorization for calls to Java RMI methods, which allows remote authenticated users to execute arbitrary code via unspecified vectors.
CVE-2013-3275 1 Emc 2 Avamar Server, Avamar Server Virtual Edition 2025-04-11 N/A
EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly restrict use of FRAME elements, which makes it easier for remote attackers to obtain sensitive information via a crafted web site, related to "cross frame scripting vulnerabilities."
CVE-2013-3276 1 Emc 1 Rsa Archer Egrc 2025-04-11 N/A
EMC RSA Archer GRC 5.x before 5.4 allows remote authenticated users to bypass intended access restrictions and complete a login by leveraging a deactivated account.