Total
5442 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2013-7247 | 1 Franklinfueling | 2 Ts-550 Evo, Ts-550 Evo Firmware | 2024-08-06 | N/A |
cgi-bin/tsaws.cgi in Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 allows remote attackers to discover sensitive information (user names and password hashes) via the cmdWebGetConfiguration action in a TSA_REQUEST. | ||||
CVE-2013-7202 | 1 Paypal | 1 Paypal | 2024-08-06 | N/A |
The WebHybridClient class in PayPal 5.3 and earlier for Android allows remote attackers to execute arbitrary JavaScript on the system. | ||||
CVE-2013-7195 | 1 Phpfox | 1 Phpfox | 2024-08-06 | N/A |
PHPFox 3.7.3 and 3.7.4 allows remote authenticated users to bypass intended "Only Me" restrictions and "like" a publication via a request that specifies the ID for the publication. | ||||
CVE-2013-7221 | 1 Gnome | 1 Gnome-shell | 2024-08-06 | N/A |
The automatic screen lock functionality in GNOME Shell (aka gnome-shell) before 3.10 does not prevent access to the "Enter a Command" dialog, which allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation. | ||||
CVE-2013-7135 | 1 Detlef Pilzecker | 1 Proc\ | 2024-08-06 | N/A |
The Proc::Daemon module 0.14 for Perl uses world-writable permissions for a file that stores a process ID, which allows local users to have an unspecified impact by modifying this file. | ||||
CVE-2013-7068 | 1 Organic Groups Project | 1 Organic Groups | 2024-08-06 | N/A |
The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users to bypass group restrictions on nodes with all groups set to optional input via an empty group field. | ||||
CVE-2013-7081 | 1 Typo3 | 1 Typo3 | 2024-08-06 | N/A |
The (old) Form Content Element component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated editors to generate arbitrary HMAC signatures and bypass intended access restrictions via unspecified vectors. | ||||
CVE-2013-7061 | 1 Plone | 1 Plone | 2024-08-06 | N/A |
Products/CMFPlone/CatalogTool.py in Plone 3.3 through 4.3.2 allows remote administrators to bypass restrictions and obtain sensitive information via an unspecified search API. | ||||
CVE-2013-7065 | 1 Organic Groups Project | 1 Organic Groups | 2024-08-06 | N/A |
The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to bypass access restrictions and post to arbitrary groups via a group audience field, as demonstrated by the og_group_ref field. | ||||
CVE-2013-7073 | 1 Typo3 | 1 Typo3 | 2024-08-06 | N/A |
The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters. | ||||
CVE-2013-6965 | 1 Cisco | 1 Webex Training Center | 2024-08-06 | N/A |
The registration component in Cisco WebEx Training Center provides the training-session URL before e-mail confirmation is completed, which allows remote attackers to bypass intended access restrictions and join an audio conference by entering credential fields from this URL, aka Bug ID CSCul36183. | ||||
CVE-2013-7042 | 1 Novell | 1 Suse Lifecycle Management Server | 2024-08-06 | N/A |
SUSE Lifecycle Management Server (SLMS) before 1.3.7 uses world-readable permissions for the secret keys, which allows local users to gain privileges via unspecified vectors. | ||||
CVE-2013-7067 | 2 Drupal, Mike Stefanello | 2 Drupal, Og Features | 2024-08-06 | N/A |
The OG Features module 6.x-1.x before 6.x-1.4 for Drupal does not properly override pages that have an access callback set to false, which allows remote attackers to bypass intended access restrictions via a request. | ||||
CVE-2013-7063 | 1 Invitation Project | 1 Invitation | 2024-08-06 | N/A |
The Invitation module 7.x-2.x for Drupal does not properly check permissions, which allows remote attackers to obtain sensitive information via unspecified default views. | ||||
CVE-2013-7048 | 2 Openstack, Redhat | 2 Nova, Openstack | 2024-08-06 | N/A |
OpenStack Compute (Nova) Grizzly 2013.1.4, Havana 2013.2.1, and earlier uses world-writable and world-readable permissions for the temporary directory used to store live snapshots, which allows local users to read and modify live snapshots. | ||||
CVE-2013-6990 | 1 Fortinet | 1 Fortiauthenticator | 2024-08-06 | N/A |
FortiGuard FortiAuthenticator before 3.0 allows remote administrators to gain privileges via the command line interface. | ||||
CVE-2013-7066 | 1 Entity Reference Project | 1 Entityreference | 2024-08-06 | N/A |
The Entity reference module 7.x-1.x before 7.x-1.1-rc1 for Drupal allows remote attackers to read private nodes titles by leveraging edit permissions to a node that references a private node. | ||||
CVE-2013-6964 | 1 Cisco | 1 Webex Meeting Center | 2024-08-06 | N/A |
Cisco WebEx Meeting Center allows remote authenticated users to bypass access control and inject content from a different WebEx site via unspecified vectors, aka Bug ID CSCul36197. | ||||
CVE-2013-6955 | 1 Synology | 1 Diskstation Manager | 2024-08-06 | N/A |
webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header. | ||||
CVE-2013-6949 | 1 Belkin | 1 Wemo Home Automation Firmware | 2024-08-06 | N/A |
The Belkin WeMo Home Automation firmware before 3949 does not properly use the STUN and TURN protocols, which allows remote attackers to hijack connections and possibly have unspecified other impact by leveraging access to a single WeMo device. |