Export limit exceeded: 337976 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (337976 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-6785 | 1 Supermicro | 1 Intelligent Platform Management Interface | 2024-11-21 | 4.3 Medium |
| Directory traversal vulnerability in url_redirect.cgi in Supermicro IPMI before SMT_X9_315 allows authenticated attackers to read arbitrary files via the url_name parameter. | ||||
| CVE-2013-6773 | 2 Microsoft, Splunk | 2 Windows, Splunk | 2024-11-21 | 7.8 High |
| Splunk 5.0.3 has an Unquoted Service Path in Windows for Universal Forwarder which can allow an attacker to escalate privileges | ||||
| CVE-2013-6772 | 1 Splunk | 1 Splunk | 2024-11-21 | 4.3 Medium |
| Splunk before 5.0.4 lacks X-Frame-Options which can allow Clickjacking | ||||
| CVE-2013-6739 | 1 Ibm | 1 Spss Modeler | 2024-11-21 | N/A |
| IBM SPSS Modeler before 16 on UNIX allows remote authenticated users to bypass intended access restrictions via an SSO token. IBM X-Force ID: 89855. | ||||
| CVE-2013-6681 | 1 Mapway | 1 Tube Map | 2024-11-21 | 5.9 Medium |
| Tube Map Live Underground for Android before 3.0.22 has an Information Disclosure Vulnerability | ||||
| CVE-2013-6495 | 1 Redhat | 3 Jboss Enterprise Application Platform, Jboss Enterprise Portal Platform, Jboss Portal | 2024-11-21 | 6.1 Medium |
| JBossWeb Bayeux has reflected XSS | ||||
| CVE-2013-6461 | 3 Debian, Nokogiri, Redhat | 7 Debian Linux, Nokogiri, Cloudforms Management Engine and 4 more | 2024-11-21 | 6.5 Medium |
| Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits | ||||
| CVE-2013-6460 | 3 Debian, Nokogiri, Redhat | 7 Debian Linux, Nokogiri, Cloudforms Management Engine and 4 more | 2024-11-21 | 6.5 Medium |
| Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents | ||||
| CVE-2013-6455 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 5.3 Medium |
| The CentralAuth extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain usernames via vectors related to writing the names to the DOM of a page. | ||||
| CVE-2013-6451 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in MediaWiki 1.19.9 before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via unspecified CSS values. | ||||
| CVE-2013-6430 | 2 Pivotal Software, Redhat | 3 Spring Framework, Jboss Amq, Jboss Fuse | 2024-11-21 | 5.4 Medium |
| The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escape certain characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a (1) line separator or (2) paragraph separator Unicode character or (3) left or (4) right angle bracket. | ||||
| CVE-2013-6365 | 3 Debian, Horde, Opensuse | 3 Debian Linux, Groupware, Opensuse | 2024-11-21 | 5.3 Medium |
| Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions | ||||
| CVE-2013-6364 | 2 Debian, Horde | 2 Debian Linux, Groupware | 2024-11-21 | 8.8 High |
| Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book | ||||
| CVE-2013-6362 | 1 Xerox | 24 Colorqube 9201, Colorqube 9201 Firmware, Colorqube 9202 and 21 more | 2024-11-21 | 9.8 Critical |
| Xerox ColorCube and WorkCenter devices in 2013 had hardcoded FTP and shell user accounts. | ||||
| CVE-2013-6360 | 1 Trendnet | 2 Ts-s402, Ts-s402 Firmware | 2024-11-21 | 7.5 High |
| TRENDnet TS-S402 has a backdoor to enable TELNET. | ||||
| CVE-2013-6358 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 8.8 High |
| PrestaShop 1.5.5 allows remote authenticated attackers to execute arbitrary code by uploading a crafted profile and then accessing it in the module/ directory. | ||||
| CVE-2013-6295 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 9.8 Critical |
| PrestaShop 1.5.5 vulnerable to privilege escalation via a Salesman account via upload module | ||||
| CVE-2013-6277 | 1 Qnap | 2 Viocard 300, Viocard 300 Firmware | 2024-11-21 | 7.5 High |
| QNAP VioCard 300 has hardcoded RSA private keys. | ||||
| CVE-2013-6276 | 1 Qnap | 10 Viocard-100, Viocard-100 Firmware, Viocard-30 and 7 more | 2024-11-21 | 9.8 Critical |
| QNAP F_VioCard 2312 and F_VioGate 2308 have hardcoded entries in authorized_keys files. NOTE: 1. All active models are not affected. The last affected model was EOL since 2010. 2. The legacy authorization mechanism is no longer adopted in all active models | ||||
| CVE-2013-6275 | 2 Debian, Horde | 2 Debian Linux, Groupware | 2024-11-21 | 6.5 Medium |
| Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and earlier in basic.php. | ||||