Search Results (363449 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-6796 1 Deeproot Linux 1 Deepofix 2025-04-12 N/A
The SMTP server in DeepOfix 3.3 and earlier allows remote attackers to bypass authentication via an empty password, which triggers an LDAP anonymous bind.
CVE-2013-6887 1 Uclouvain 1 Openjpeg 2025-04-12 N/A
OpenJPEG 1.5.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger NULL pointer dereferences, division-by-zero, and other errors.
CVE-2013-6889 1 Gnu 1 Rush 2025-04-12 N/A
GNU Rush 1.7 does not properly drop privileges, which allows local users to read arbitrary files via the --lint option.
CVE-2014-4220 2 Oracle, Redhat 4 Jdk, Jre, Rhel Extras and 1 more 2025-04-12 N/A
Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4208.
CVE-2013-6938 1 Citrix 1 Netscaler Application Delivery Controller Firmware 2025-04-12 N/A
Unspecified vulnerability in the Service VM in Citrix NetScaler SDX 9.3 before 9.3-64.4 and 10.0 before 10.0-77.5 and Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows attackers to cause a denial of service via unknown vectors, related to the "Virtual Machine Daemon."
CVE-2013-6939 1 Citrix 1 Netscaler Application Delivery Controller Firmware 2025-04-12 N/A
Unspecified vulnerability in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows attackers to cause a denial of service via unknown vectors, related to "RADIUS authentication."
CVE-2013-6944 1 Citrix 1 Netscaler Application Delivery Controller Firmware 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the user interface in the AAA TM vServer in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-6141 1 Stephen Adkins 1 App\ 2025-04-12 N/A
The App::Context module 0.01 through 0.968 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request to (1) App::Session::Cookie or (2) App::Session::HTMLHidden, which is not properly handled when it is deserialized.
CVE-2013-6990 1 Fortinet 1 Fortiauthenticator 2025-04-12 N/A
FortiGuard FortiAuthenticator before 3.0 allows remote administrators to gain privileges via the command line interface.
CVE-2013-6994 1 Opentext 1 Exceed Ondemand 2025-04-12 N/A
OpenText Exceed OnDemand (EoD) 8 transmits the session ID in cleartext, which allows remote attackers to perform session fixation attacks by sniffing the network.
CVE-2013-7003 1 Livezilla 1 Livezilla 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) full name field, (2) company field, or (3) filename to chat.php.
CVE-2013-7034 1 Livezilla 1 Livezilla 2025-04-12 N/A
The setCookieValue function in _lib/functions.global.inc.php in LiveZilla before 5.1.2.1 allows remote attackers to execute arbitrary PHP code via a serialized PHP object in a cookie.
CVE-2013-7057 1 Axway 1 Securetransport 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in Axway SecureTransport 5.1 SP2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that upload arbitrary files via a crafted request to api/v1.0/files/.
CVE-2013-7060 1 Plone 1 Plone 2025-04-12 N/A
Products/CMFPlone/FactoryTool.py in Plone 3.3 through 4.3.2 allows remote attackers to obtain the installation path via vectors related to a file object for unspecified documentation which is initialized in class scope.
CVE-2013-7065 1 Organic Groups Project 1 Organic Groups 2025-04-12 N/A
The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to bypass access restrictions and post to arbitrary groups via a group audience field, as demonstrated by the og_group_ref field.
CVE-2012-4226 1 Qpw.famvanakkeren 1 Quick Post Widget 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Quick Post Widget plugin 1.9.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) Title, (2) Content, or (3) New category field to wordpress/ or (4) query string to wordpress/.
CVE-2012-4230 1 Tinymce 1 Tinymce 2025-04-12 N/A
The bbcode plugin in TinyMCE 3.5.8 does not properly enforce the TinyMCE security policy for the (1) encoding directive and (2) valid_elements attribute, which allows attackers to conduct cross-site scripting (XSS) attacks via application-specific vectors, as demonstrated using a textarea element.
CVE-2013-7111 1 Basespace Ruby Sdk Project 1 Basespace Ruby Sdk 2025-04-12 N/A
The put_call function in the API client (api/api_client.rb) in the BaseSpace Ruby SDK (aka bio-basespace-sdk) gem 0.1.7 for Ruby uses the API_KEY on the command line, which allows remote attackers to obtain sensitive information by listing the processes.
CVE-2015-1194 1 Pax Project 1 Pax 2025-04-12 N/A
pax 1:20140703 allows remote attackers to write to arbitrary files via a symlink attack in an archive.
CVE-2013-7134 1 Phusion 1 Juvia 2025-04-12 N/A
Juvia uses the same secret key for all installations, which allows remote attackers to have unspecified impact by leveraging the secret key in app/config/initializers/secret_token.rb, related to cookies.