Export limit exceeded: 338959 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (338959 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-7481 | 1 Bestwebsoft | 1 Contact Form | 2024-11-21 | N/A |
| The contact-form-plugin plugin before 3.3.5 for WordPress has XSS. | ||||
| CVE-2013-7480 | 1 Pixelite | 1 Events Manager | 2024-11-21 | N/A |
| The events-manager plugin before 5.3.6.1 for WordPress has XSS via the booking form and admin areas. | ||||
| CVE-2013-7479 | 1 Pixelite | 1 Events Manager | 2024-11-21 | N/A |
| The events-manager plugin before 5.3.9 for WordPress has XSS in the search form field. | ||||
| CVE-2013-7478 | 1 Pixelite | 1 Events Manager | 2024-11-21 | N/A |
| The events-manager plugin before 5.5 for WordPress has XSS via EM_Ticket::get_post. | ||||
| CVE-2013-7477 | 1 Pixelite | 1 Events Manager | 2024-11-21 | N/A |
| The events-manager plugin before 5.5.2 for WordPress has XSS in the booking form. | ||||
| CVE-2013-7476 | 1 Simple Fields Project | 1 Simple Fields | 2024-11-21 | N/A |
| The simple-fields plugin before 1.2 for WordPress has CSRF in the admin interface. | ||||
| CVE-2013-7475 | 1 Bestwebsoft | 1 Contact Form | 2024-11-21 | N/A |
| The contact-form-plugin plugin before 3.52 for WordPress has XSS. | ||||
| CVE-2013-7474 | 1 Windu | 1 Windu Cms | 2024-11-21 | N/A |
| Windu CMS 2.2 allows XSS via the name parameter to admin/content/edit or admin/content/add, or the username parameter to admin/users. | ||||
| CVE-2013-7473 | 1 Windu | 1 Windu Cms | 2024-11-21 | N/A |
| Windu CMS 2.2 allows CSRF via admin/users/?mn=admin.message.error to add an admin account. | ||||
| CVE-2013-7472 | 1 Count Per Day Project | 1 Count Per Day | 2024-11-21 | N/A |
| The "Count per Day" plugin before 3.2.6 for WordPress allows XSS via the wp-admin/?page=cpd_metaboxes daytoshow parameter. | ||||
| CVE-2013-7471 | 1 Dlink | 10 Dir-300, Dir-300 Firmware, Dir-600 and 7 more | 2024-11-21 | 9.8 Critical |
| An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request. | ||||
| CVE-2013-7470 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A |
| cipso_v4_validate in include/net/cipso_ipv4.h in the Linux kernel before 3.11.7, when CONFIG_NETLABEL is disabled, allows attackers to cause a denial of service (infinite loop and crash), as demonstrated by icmpsic, a different vulnerability than CVE-2013-0310. | ||||
| CVE-2013-7469 | 1 Seafile | 1 Seafile | 2024-11-21 | N/A |
| Seafile through 6.2.11 always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks. | ||||
| CVE-2013-7468 | 1 Simplemachines | 1 Simple Machines Forum | 2024-11-21 | N/A |
| Simple Machines Forum (SMF) 2.0.4 allows PHP Code Injection via the index.php?action=admin;area=languages;sa=editlang dictionary parameter. | ||||
| CVE-2013-7467 | 1 Simplemachines | 1 Simple Machines Forum | 2024-11-21 | N/A |
| Simple Machines Forum (SMF) 2.0.4 allows XSS via the index.php?action=pm;sa=settings;save sa parameter. | ||||
| CVE-2013-7466 | 1 Simplemachines | 1 Simple Machines Forum | 2024-11-21 | N/A |
| Simple Machines Forum (SMF) 2.0.4 allows local file inclusion, with resultant remote code execution, in install.php via ../ directory traversal in the db_type parameter if install.php remains present after installation. | ||||
| CVE-2013-7465 | 1 Icecoldapps | 1 Servers Ultimate | 2024-11-21 | N/A |
| Ice Cold Apps Servers Ultimate 6.0.2(12) does not require authentication for TELNET, SSH, or FTP, which allows remote attackers to execute arbitrary code by uploading PHP scripts. | ||||
| CVE-2013-7464 | 1 Csrf-magic Project | 1 Csrf-magic | 2024-11-21 | N/A |
| In csrf-magic before 1.0.4, if $GLOBALS['csrf']['secret'] is not configured, the Anti-CSRF Token used is predictable and would permit an attacker to bypass the CSRF protections, because an automatically generated secret is not used. | ||||
| CVE-2013-7435 | 1 Evergreen-ils | 1 Evergreen | 2024-11-21 | N/A |
| The open-ils.pcrud endpoint in Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to obtain sensitive settings history information by leveraging lack of user permission for retrieval in fm_IDL.xml. | ||||
| CVE-2013-7390 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | 9.8 Critical |
| Unrestricted file upload vulnerability in AgentLogUploadServlet in ManageEngine DesktopCentral 7.x and 8.0.0 before build 80293 allows remote attackers to execute arbitrary code by uploading a file with a jsp extension, then accessing it via a direct request to the file in the webroot. | ||||