Search Results (26986 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-4409 3 Fedoraproject, Redhat, Reviewboard 4 Fedora, Enterprise Linux, Djblets and 1 more 2024-11-21 9.8 Critical
An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests.
CVE-2013-4335 1 Openpne 1 Opopensocialplugin 2024-11-21 9.8 Critical
opOpenSocialPlugin 0.8.2.1, > 0.9.9.2, 0.9.13, 1.2.6: Multiple XML External Entity Injection Vulnerabilities
CVE-2013-4334 1 Tejimaya 1 Opwebapiplugin 2024-11-21 9.8 Critical
opWebAPIPlugin 0.5.1, 0.4.0, and 0.1.0: XXE Vulnerabilities
CVE-2013-4333 1 Tejimaya 1 Openpne 2024-11-21 9.1 Critical
OpenPNE 3 versions 3.8.7, 3.6.11, 3.4.21.1, 3.2.7.6, 3.0.8.5 has an External Entity Injection Vulnerability
CVE-2013-4267 1 Pydio 1 Pydio 2024-11-21 9.8 Critical
Ajaxeplorer before 5.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) archive_name parameter to the Power FS module (plugins/action.powerfs/class.PowerFSController.php), a (2) file name to the getTrustSizeOnFileSystem function in the File System (Standard) module (plugins/access.fs/class.fsAccessWrapper.php), or the (3) revision parameter to the Subversion Repository module (plugins/meta.svn/class.SvnManager.php).
CVE-2013-4211 1 Openx 1 Openx 2024-11-21 9.8 Critical
A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, which could let a remote malicious user execute arbitrary PHP code
CVE-2013-4144 1 Swfupload Project 1 Swfupload 2024-11-21 9.8 Critical
There is an object injection vulnerability in swfupload plugin for wordpress.
CVE-2013-4108 1 Cryptocat Project 1 Cryptocat 2024-11-21 9.8 Critical
Multiple unspecified vulnerabilities in Cryptocat Project Cryptocat 2.0.18 have unknown impact and attack vectors.
CVE-2013-4103 1 Cryptocat Project 1 Cryptocat 2024-11-21 9.8 Critical
Cryptocat before 2.0.22 has Remote Script Injection due to improperly sanitizing user input
CVE-2013-4102 1 Cryptocat Project 1 Cryptocat 2024-11-21 9.1 Critical
Cryptocat before 2.0.22 strophe.js Math.random() Random Number Generator Weakness
CVE-2013-3960 1 Easytimestudio 1 Easy File Manager 2024-11-21 9.9 Critical
Easytime Studio Easy File Manager 1.1 has a HTTP request security bypass
CVE-2013-3941 1 Xnview 1 Xnview 2024-11-21 9.8 Critical
Xjp2.dll in XnView before 2.13 allows remote attackers to execute arbitrary code via (1) the Csiz parameter in a SIZ marker, which triggers an incorrect memory allocation, or (2) the lqcd field in a QCD marker in a crafted JPEG2000 file, which leads to a heap-based buffer overflow.
CVE-2013-3738 1 Zabbix 1 Zabbix 2024-11-21 9.8 Critical
A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequate sanitization of request strings in CGI scripts, which could let a remote malicious user execute arbitrary code.
CVE-2013-3725 1 Invisioncommunity 1 Invision Power Board 2024-11-21 9.8 Critical
Invision Power Board (IPB) through 3.x allows admin account takeover leading to code execution.
CVE-2013-3684 1 Imagely 1 Nextgen Gallery 2024-11-21 9.8 Critical
NextGEN Gallery plugin before 1.9.13 for WordPress: ngggallery.php file upload
CVE-2013-3542 1 Grandstream 26 Gxv3500, Gxv3500 Firmware, Gxv3501 and 23 more 2024-11-21 10.0 Critical
Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models with firmware 1.0.4.11, have a hardcoded account "!#/" with the same password, which makes it easier for remote attackers to obtain access via a TELNET session.
CVE-2013-3493 1 Xnview 1 Xnview 2024-11-21 9.8 Critical
XnView 2.03 has an integer overflow vulnerability
CVE-2013-3492 1 Xnview 1 Xnview 2024-11-21 9.8 Critical
XnView 2.03 has a stack-based buffer overflow vulnerability
CVE-2013-3486 1 Irfanview 1 Flashpix Plugin 2024-11-21 9.6 Critical
IrfanView FlashPix Plugin 4.3.4 0 has an Integer Overflow Vulnerability
CVE-2013-3367 1 Trendnet 4 Tew-691gr, Tew-691gr Firmware, Tew-692gr and 1 more 2024-11-21 9.8 Critical
Undocumented TELNET service in TRENDnet TEW-691GR and TEW-692GR when a web page named backdoor contains an HTML parameter of password and a value of j78G¬DFdg_24Mhw3.