Export limit exceeded: 343814 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (343814 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-6451 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in MediaWiki 1.19.9 before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via unspecified CSS values. | ||||
| CVE-2013-6430 | 2 Pivotal Software, Redhat | 3 Spring Framework, Jboss Amq, Jboss Fuse | 2024-11-21 | 5.4 Medium |
| The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escape certain characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a (1) line separator or (2) paragraph separator Unicode character or (3) left or (4) right angle bracket. | ||||
| CVE-2013-6365 | 3 Debian, Horde, Opensuse | 3 Debian Linux, Groupware, Opensuse | 2024-11-21 | 5.3 Medium |
| Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions | ||||
| CVE-2013-6364 | 2 Debian, Horde | 2 Debian Linux, Groupware | 2024-11-21 | 8.8 High |
| Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book | ||||
| CVE-2013-6362 | 1 Xerox | 24 Colorqube 9201, Colorqube 9201 Firmware, Colorqube 9202 and 21 more | 2024-11-21 | 9.8 Critical |
| Xerox ColorCube and WorkCenter devices in 2013 had hardcoded FTP and shell user accounts. | ||||
| CVE-2013-6360 | 1 Trendnet | 2 Ts-s402, Ts-s402 Firmware | 2024-11-21 | 7.5 High |
| TRENDnet TS-S402 has a backdoor to enable TELNET. | ||||
| CVE-2013-6358 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 8.8 High |
| PrestaShop 1.5.5 allows remote authenticated attackers to execute arbitrary code by uploading a crafted profile and then accessing it in the module/ directory. | ||||
| CVE-2013-6295 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 9.8 Critical |
| PrestaShop 1.5.5 vulnerable to privilege escalation via a Salesman account via upload module | ||||
| CVE-2013-6277 | 1 Qnap | 2 Viocard 300, Viocard 300 Firmware | 2024-11-21 | 7.5 High |
| QNAP VioCard 300 has hardcoded RSA private keys. | ||||
| CVE-2013-6276 | 1 Qnap | 10 Viocard-100, Viocard-100 Firmware, Viocard-30 and 7 more | 2024-11-21 | 9.8 Critical |
| QNAP F_VioCard 2312 and F_VioGate 2308 have hardcoded entries in authorized_keys files. NOTE: 1. All active models are not affected. The last affected model was EOL since 2010. 2. The legacy authorization mechanism is no longer adopted in all active models | ||||
| CVE-2013-6275 | 2 Debian, Horde | 2 Debian Linux, Groupware | 2024-11-21 | 6.5 Medium |
| Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and earlier in basic.php. | ||||
| CVE-2013-6272 | 1 Google | 1 Android | 2024-11-21 | N/A |
| The NotificationBroadcastReceiver class in the com.android.phone process in Google Android 4.1.1 through 4.4.2 allows attackers to bypass intended access restrictions and consequently make phone calls to arbitrary numbers, send mmi or ussd codes, or hangup ongoing calls via a crafted application. | ||||
| CVE-2013-6242 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 6.22.3 before 6.22.3-rev5 and 6.22.4 before 6.22.4-rev12 allows remote attackers to inject arbitrary web script or HTML via the subject of an email. NOTE: the vulnerabilities related to the body of the email and the publication name were SPLIT from this CVE ID because they affect different sets of versions. | ||||
| CVE-2013-6239 | 1 Exis-ti | 1 Exis Contexis | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in the photo gallery model in Exis Contexis before 2.0 allows remote attackers to inject arbitrary web script or HTML via the image parameter in a detail action. | ||||
| CVE-2013-6236 | 1 Izoncam | 2 Izon Ip, Izon Ip Firmware | 2024-11-21 | 9.8 Critical |
| IZON IP 2.0.2: hard-coded password vulnerability | ||||
| CVE-2013-6234 | 1 Eng | 1 Spagobi | 2024-11-21 | 8.0 High |
| Unrestricted file upload vulnerability in the Worksheet designer in SpagoBI before 4.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, aka "XSS File Upload." | ||||
| CVE-2013-6231 | 1 Eng | 1 Spagobi | 2024-11-21 | 8.8 High |
| SpagoBI before 4.1 has Privilege Escalation via an error in the AdapterHTTP script | ||||
| CVE-2013-6225 | 1 Livezilla | 1 Livezilla | 2024-11-21 | 9.8 Critical |
| LiveZilla 5.0.1.4 has a Remote Code Execution vulnerability | ||||
| CVE-2013-6056 | 1 Alienvault | 1 Open Source Security Information Management | 2024-11-21 | 7.5 High |
| OSSIM before 4.3.3.1 has tele_compress.php path traversal vulnerability | ||||
| CVE-2013-6022 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-11-21 | 6.1 Medium |
| A Cross-Site Scripting (XSS) vulnerability exists in Tiki Wiki CMG Groupware 11.0 via the id paraZeroClipboard.swf, which could let a remote malicious user execute arbitrary code. | ||||