Export limit exceeded: 337951 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (337951 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-4863 | 1 Micasaverde | 2 Veralite, Veralite Firmware | 2024-11-21 | 8.8 High |
| The HomeAutomationGateway service in MiCasaVerde VeraLite with firmware 1.5.408 allows (1) remote attackers to execute arbitrary Lua code via a RunLua action in a request to upnp/control/hag on port 49451 or (2) remote authenticated users to execute arbitrary Lua code via a RunLua action in a request to port_49451/upnp/control/hag. | ||||
| CVE-2013-4862 | 1 Micasaverde | 2 Veralite, Veralite Firmware | 2024-11-21 | 8.1 High |
| MiCasaVerde VeraLite with firmware 1.5.408 does not properly restrict access, which allows remote authenticated users to (1) update the firmware via the squashfs parameter to upgrade_step2.sh or (2) obtain hashed passwords via the cgi-bin/cmh/backup.sh page. | ||||
| CVE-2013-4861 | 1 Micasaverde | 2 Veralite, Veralite Firmware | 2024-11-21 | 6.5 Medium |
| Directory traversal vulnerability in cgi-bin/cmh/get_file.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote authenticated users to read arbirary files via a .. (dot dot) in the filename parameter. | ||||
| CVE-2013-4859 | 1 Insteon | 2 Hub, Hub Firmware | 2024-11-21 | 8.1 High |
| INSTEON Hub 2242-222 lacks Web and API authentication | ||||
| CVE-2013-4857 | 1 Dlink | 2 Dir-865l, Dir-865l Firmware | 2024-11-21 | 9.8 Critical |
| D-Link DIR-865L has PHP File Inclusion in the router xml file. | ||||
| CVE-2013-4856 | 1 Dlink | 2 Dir-865l, Dir-865l Firmware | 2024-11-21 | 6.5 Medium |
| D-Link DIR-865L has Information Disclosure. | ||||
| CVE-2013-4855 | 1 Dlink | 2 Dir-865l, Dir-865l Firmware | 2024-11-21 | 8.8 High |
| D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in the SMB service allowing symbolic links to be created to locations outside of the Samba share. | ||||
| CVE-2013-4848 | 1 Tp-link | 2 Tl-wdr4300, Tl-wdr4300 Firmware | 2024-11-21 | 8.8 High |
| TP-Link TL-WDR4300 version 3.13.31 has multiple CSRF vulnerabilities. | ||||
| CVE-2013-4796 | 1 Reviewboard | 1 Reviewboard | 2024-11-21 | 8.8 High |
| ReviewBoard 1.6.17 allows code execution by attaching PHP scripts to review request | ||||
| CVE-2013-4792 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 5.5 Medium |
| PrestaShop before 1.4.11 allows logout CSRF. | ||||
| CVE-2013-4791 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 5.4 Medium |
| PrestaShop before 1.4.11 allows Logistician, translators and other low level profiles/accounts to inject a persistent XSS vector on TinyMCE. | ||||
| CVE-2013-4770 | 1 Eucalyptus | 1 Eucalyptus Management Console | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in Eucalyptus Management Console (EMC) 4.0.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2013-4764 | 1 Samsung | 4 Galaxy S3, Galaxy S3 Firmware, Galaxy S4 and 1 more | 2024-11-21 | 4.3 Medium |
| Samsung Galaxy S3/S4 exposes an unprotected component allowing an unprivileged app to send arbitrary SMS texts to arbitrary destinations without permission. | ||||
| CVE-2013-4763 | 1 Samsung | 4 Galaxy S3, Galaxy S3 Firmware, Galaxy S4 and 1 more | 2024-11-21 | 4.6 Medium |
| Samsung Galaxy S3/S4 exposes an unprotected component allowing arbitrary SMS text messages without requesting permission. | ||||
| CVE-2013-4752 | 2 Fedoraproject, Sensiolabs | 2 Fedora, Symfony | 2024-11-21 | 6.1 Medium |
| Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, and 2.3.X before 2.3.3 have an issue in the HttpFoundation component. The Host header can be manipulated by an attacker when the framework is generating an absolute URL. A remote attacker could exploit this vulnerability to inject malicious content into the Web application page and conduct various attacks. | ||||
| CVE-2013-4751 | 3 Fedoraproject, Redhat, Sensiolabs | 3 Fedora, Enterprise Linux, Symfony | 2024-11-21 | 8.1 High |
| php-symfony2-Validator has loss of information during serialization | ||||
| CVE-2013-4743 | 1 Static Http Server Project | 1 Static Http Server | 2024-11-21 | 9.8 Critical |
| Static HTTP Server 1.0 has a Local Overflow | ||||
| CVE-2013-4718 | 1 Otrs | 2 Otrs, Otrs Itsm | 2024-11-21 | 5.4 Medium |
| Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) ITSM 3.0.x before 3.0.9, 3.1.x before 3.1.10, and 3.2.x before 3.2.7 allows remote authenticated users to inject arbitrary web script or HTML via an ITSM ConfigItem search. | ||||
| CVE-2013-4717 | 1 Otrs | 2 Otrs, Otrs Itsm | 2024-11-21 | 8.8 High |
| Multiple SQL injection vulnerabilities in Open Ticket Request System (OTRS) Help Desk 3.0.x before 3.0.22, 3.1.x before 3.1.18, and 3.2.x before 3.2.9 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to Kernel/Output/HTML/PreferencesCustomQueue.pm, Kernel/System/CustomerCompany.pm, Kernel/System/Ticket/IndexAccelerator/RuntimeDB.pm, Kernel/System/Ticket/IndexAccelerator/StaticDB.pm, and Kernel/System/TicketSearch.pm. | ||||
| CVE-2013-4695 | 1 Winamp | 1 Winamp | 2024-11-21 | 7.8 High |
| Winamp 5.63: Invalid Pointer Dereference leading to Arbitrary Code Execution | ||||