| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2013-7000 | The Multimedia Messaging Centre (MMSC) in NowSMS Now SMS & MMS Gateway 2013.09.26 allows remote atta... | | |
| CVE-2013-7001 | The Multimedia Messaging Centre (MMSC) in NowSMS Now SMS & MMS Gateway before 2013.11.15 allows remo... | | |
| CVE-2013-7002 | Cross-site scripting (XSS) vulnerability in mobile/php/translation/index.php in LiveZilla before 5.1... | E | |
| CVE-2013-7003 | Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.2.0 allow remote attacke... | E | |
| CVE-2013-7004 | D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-... | E | |
| CVE-2013-7005 | D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-... | E | |
| CVE-2013-7008 | The decode_slice_header function in libavcodec/h264.c in FFmpeg before 2.1 incorrectly relies on a c... | E S | |
| CVE-2013-7009 | The rpza_decode_stream function in libavcodec/rpza.c in FFmpeg before 2.1 does not properly maintain... | E S | |
| CVE-2013-7010 | Multiple integer signedness errors in libavcodec/dsputil.c in FFmpeg before 2.1 allow remote attacke... | E S | |
| CVE-2013-7011 | The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not prevent changes to gl... | E S | |
| CVE-2013-7012 | The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not prevent attempts to u... | E S | |
| CVE-2013-7013 | The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before 2.1 uses an incorrect ordering... | E S | |
| CVE-2013-7014 | Integer signedness error in the add_bytes_l2_c function in libavcodec/pngdsp.c in FFmpeg before 2.1 ... | E S | |
| CVE-2013-7015 | The flashsv_decode_frame function in libavcodec/flashsv.c in FFmpeg before 2.1 does not properly val... | E S | |
| CVE-2013-7016 | The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not ensure the expected s... | E S | |
| CVE-2013-7017 | libavcodec/jpeg2000.c in FFmpeg before 2.1 allows remote attackers to cause a denial of service (inv... | E S | |
| CVE-2013-7018 | libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not ensure the use of valid code-block dimension ... | E S | |
| CVE-2013-7019 | The get_cox function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not properly validate the... | E S | |
| CVE-2013-7020 | The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not properly enforce cert... | S | |
| CVE-2013-7021 | The filter_frame function in libavfilter/vf_fps.c in FFmpeg before 2.1 does not properly ensure the ... | E S | |
| CVE-2013-7022 | The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before 2.1 does not properly allocate... | E S | |
| CVE-2013-7023 | The ff_combine_frame function in libavcodec/parser.c in FFmpeg before 2.1 does not properly handle c... | E S | |
| CVE-2013-7024 | The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not consider... | E S | |
| CVE-2013-7025 | Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Setting... | E | |
| CVE-2013-7026 | Multiple race conditions in ipc/shm.c in the Linux kernel before 3.12.2 allow local users to cause a... | E S | |
| CVE-2013-7027 | The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before ... | E S | |
| CVE-2013-7030 | The TFTP service in Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote atta... | E | |
| CVE-2013-7032 | Multiple cross-site scripting (XSS) vulnerabilities in the web based operator client in LiveZilla be... | S | |
| CVE-2013-7033 | LiveZilla before 5.1.2.1 includes the operator password in plaintext in Javascript code that is gene... | E | |
| CVE-2013-7034 | The setCookieValue function in _lib/functions.global.inc.php in LiveZilla before 5.1.2.1 allows remo... | | |
| CVE-2013-7038 | The MHD_http_unescape function in libmicrohttpd before 0.9.32 might allow remote attackers to obtain... | | |
| CVE-2013-7039 | Stack-based buffer overflow in the MHD_digest_auth_check function in libmicrohttpd before 0.9.32, wh... | | |
| CVE-2013-7040 | Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which ca... | | |
| CVE-2013-7041 | The pam_userdb module for Pam uses a case-insensitive method to compare hashed passwords, which make... | | |
| CVE-2013-7042 | SUSE Lifecycle Management Server (SLMS) before 1.3.7 uses world-readable permissions for the secret ... | | |
| CVE-2013-7043 | Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Scientific Atlanta DPR2320R2 rou... | E | |
| CVE-2013-7048 | OpenStack Compute (Nova) Grizzly 2013.1.4, Havana 2013.2.1, and earlier uses world-writable and worl... | E S | |
| CVE-2013-7049 | Stack-based buffer overflow in fish.cpp in the Fish plugin for ZNC, as used in ZNC for Windows (znc-... | | |
| CVE-2013-7050 | The get_main_source_dir function in scripts/uscan.pl in devscripts before 2.13.8, when using USCAN_E... | S | |
| CVE-2013-7051 | D-Link DIR-100 4.03B07: cli.cgi security bypass due to failure to check authentication parameters... | E | |
| CVE-2013-7052 | D-Link DIR-100 4.03B07: security bypass via an error in the cliget.cgi script... | E | |
| CVE-2013-7053 | D-Link DIR-100 4.03B07: cli.cgi CSRF... | E | |
| CVE-2013-7054 | D-Link DIR-100 4.03B07: cli.cgi XSS... | E | |
| CVE-2013-7055 | D-Link DIR-100 4.03B07 has PPTP and poe information disclosure... | E | |
| CVE-2013-7057 | Cross-site request forgery (CSRF) vulnerability in Axway SecureTransport 5.1 SP2 and earlier allows ... | E | |
| CVE-2013-7060 | Products/CMFPlone/FactoryTool.py in Plone 3.3 through 4.3.2 allows remote attackers to obtain the in... | | |
| CVE-2013-7061 | Products/CMFPlone/CatalogTool.py in Plone 3.3 through 4.3.2 allows remote administrators to bypass r... | | |
| CVE-2013-7062 | Multiple cross-site scripting (XSS) vulnerabilities in Zope, as used in Plone 3.3.x through 3.3.6, 4... | | |
| CVE-2013-7063 | The Invitation module 7.x-2.x for Drupal does not properly check permissions, which allows remote at... | | |
| CVE-2013-7064 | Cross-site scripting (XSS) vulnerability in the EU Cookie Compliance module 7.x-1.x before 7.x-1.12 ... | S | |
| CVE-2013-7065 | The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to bypass a... | S | |
| CVE-2013-7066 | The Entity reference module 7.x-1.x before 7.x-1.1-rc1 for Drupal allows remote attackers to read pr... | S | |
| CVE-2013-7067 | The OG Features module 6.x-1.x before 6.x-1.4 for Drupal does not properly override pages that have ... | S | |
| CVE-2013-7068 | The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users t... | S | |
| CVE-2013-7069 | ack 2.00 through 2.11_02 allows remote attackers to execute arbitrary code via a (1) --pager, (2) --... | | |
| CVE-2013-7070 | The handle_request function in lib/HTTPServer.pm in Monitorix before 3.3.1 allows remote attackers t... | E S | |
| CVE-2013-7071 | Cross-site scripting (XSS) vulnerability in the handle_request function in lib/HTTPServer.pm in Moni... | E S | |
| CVE-2013-7072 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2013-7073 | The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 thr... | | |
| CVE-2013-7074 | Multiple cross-site scripting (XSS) vulnerabilities in Content Editing Wizards in TYPO3 4.5.x before... | | |
| CVE-2013-7075 | The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 thr... | | |
| CVE-2013-7076 | Cross-site scripting (XSS) vulnerability in Extension Manager in TYPO3 4.5.x before 4.5.32 and 4.7.x... | | |
| CVE-2013-7077 | Cross-site scripting (XSS) vulnerability in the Backend User Administration Module in TYPO3 6.0.x be... | | |
| CVE-2013-7078 | Cross-site scripting (XSS) vulnerability in the errorAction method in the ActionController base clas... | | |
| CVE-2013-7079 | Open redirect vulnerability in the OpenID extension in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7... | | |
| CVE-2013-7080 | The creating record functionality in Extension table administration library (feuser_adminLib.inc) in... | | |
| CVE-2013-7081 | The (old) Form Content Element component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 ... | | |
| CVE-2013-7082 | Cross-site scripting (XSS) vulnerability in the errorAction method in the ActionController base clas... | | |
| CVE-2013-7085 | Uscan in devscripts 2.13.5, when USCAN_EXCLUSION is enabled, allows remote attackers to delete arbit... | E | |
| CVE-2013-7086 | The message function in lib/webbynode/notify.rb in the Webbynode gem 1.0.5.3 and earlier for Ruby al... | E | |
| CVE-2013-7087 | ClamAV before 0.97.7 has WWPack corrupt heap memory... | | |
| CVE-2013-7088 | ClamAV before 0.97.7 has buffer overflow in the libclamav component... | | |
| CVE-2013-7089 | ClamAV before 0.97.7: dbg_printhex possible information leak... | | |
| CVE-2013-7091 | Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20Templ... | E | |
| CVE-2013-7092 | Multiple SQL injection vulnerabilities in /admin/cgi-bin/rpc/doReport/18 in McAfee Email Gateway 7.6... | E | |
| CVE-2013-7093 | SAP Network Interface Router (SAProuter) 39.3 SP4 allows remote attackers to bypass authentication a... | | |
| CVE-2013-7094 | SQL injection vulnerability in the RSDDCVER_COUNT_TAB_COLS function in SAP NetWeaver 7.30 allows rem... | | |
| CVE-2013-7095 | The XML parser (crm_flex_data) in SAP Customer Relationship Management (CRM) 7.02 EHP 2 has unknown ... | | |
| CVE-2013-7096 | Multiple SQL injection vulnerabilities in SAP EMR Unwired allow remote attackers to execute arbitrar... | | |
| CVE-2013-7097 | Directory traversal vulnerability in 7 Media Web Solutions eduTrac before 1.1.2 allows remote attack... | E | |
| CVE-2013-7098 | OpenConnect VPN client with GnuTLS before 5.02 contains a heap overflow if MTU is increased on recon... | | |
| CVE-2013-7100 | Buffer overflow in the unpacksms16 function in apps/app_sms.c in Asterisk Open Source 1.8.x before 1... | E S | |
| CVE-2013-7102 | Multiple unrestricted file upload vulnerabilities in (1) media-upload.php, (2) media-upload-lncthumb... | E | |
| CVE-2013-7103 | McAfee Email Gateway 7.6 allows remote authenticated administrators to execute arbitrary commands vi... | E | |
| CVE-2013-7104 | McAfee Email Gateway 7.6 allows remote authenticated administrators to execute arbitrary commands by... | E | |
| CVE-2013-7105 | Buffer overflow in the Interstage HTTP Server log functionality, as used in Fujitsu Interstage Appli... | | |
| CVE-2013-7106 | Multiple stack-based buffer overflows in Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10... | | |
| CVE-2013-7107 | Cross-site request forgery (CSRF) vulnerability in cmd.cgi in Icinga 1.8.5, 1.9.4, 1.10.2, and earli... | | |
| CVE-2013-7108 | Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 be... | | |
| CVE-2013-7109 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2013-7110 | Transifex command-line client before 0.10 does not validate X.509 certificates for data transfer con... | | |
| CVE-2013-7111 | The put_call function in the API client (api/api_client.rb) in the BaseSpace Ruby SDK (aka bio-bases... | E | |
| CVE-2013-7112 | The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.... | E S | |
| CVE-2013-7113 | epan/dissectors/packet-bssgp.c in the BSSGP dissector in Wireshark 1.10.x before 1.10.4 incorrectly ... | E S | |
| CVE-2013-7114 | Multiple buffer overflows in the create_ntlmssp_v2_key function in epan/dissectors/packet-ntlmssp.c ... | S | |
| CVE-2013-7115 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2013-7116 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2013-7117 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2013-7118 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2013-7119 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2013-7120 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2013-7121 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2013-7122 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2013-7123 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2013-7124 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2013-7125 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2013-7126 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2013-7127 | Apple Safari 6.0.5 on Mac OS X 10.7.5 and 10.8.5 stores cleartext credentials in LastSession.plist, ... | | |
| CVE-2013-7128 | Valve Bug Reporter in the valve-bugreporter package 2.10+bsos1 in Valve SteamOS Beta stores cleartex... | | |
| CVE-2013-7129 | Cross-site scripting (XSS) vulnerability in ThemeBeans Blooog theme 1.1 for WordPress allows remote ... | E | |
| CVE-2013-7130 | The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStac... | S | |
| CVE-2013-7134 | Juvia uses the same secret key for all installations, which allows remote attackers to have unspecif... | | |
| CVE-2013-7135 | The Proc::Daemon module 0.14 for Perl uses world-writable permissions for a file that stores a proce... | | |
| CVE-2013-7136 | The UPC Ireland Cisco EPC 2425 router (aka Horizon Box) does not have a sufficiently large number of... | E | |
| CVE-2013-7137 | The "remember me" functionality in login.php in Burden before 1.8.1 allows remote attackers to bypas... | E S | |
| CVE-2013-7138 | Directory traversal vulnerability in lib/functions/d-load.php in Horizon Quick Content Management Sy... | E | |
| CVE-2013-7139 | SQL injection vulnerability in download.php in Horizon Quick Content Management System (QCMS) 4.0 an... | E | |
| CVE-2013-7140 | XML External Entity (XXE) vulnerability in the CalDAV interface in Open-Xchange (OX) AppSuite 7.4.1 ... | | |
| CVE-2013-7141 | Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remo... | | |
| CVE-2013-7142 | Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remo... | | |
| CVE-2013-7143 | Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 allows remote attackers... | | |
| CVE-2013-7144 | LINE 3.2.1.83 and earlier on Windows and 3.2.1 and earlier on OS X does not verify X.509 certificate... | E | |
| CVE-2013-7145 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2013-7146 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2013-7147 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2013-7148 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2013-7149 | SQL injection vulnerability in www/delivery/axmlrpc.php (aka the XML-RPC delivery invocation script)... | | |
| CVE-2013-7164 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2013-7165 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2013-7166 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2013-7167 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2013-7168 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2013-7169 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2013-7171 | Slackware 14.0 and 14.1, and Slackware LLVM 3.0-i486-2 and 3.3-i486-2, contain world-writable permis... | | |
| CVE-2013-7172 | Slackware 13.1, 13.37, 14.0 and 14.1 contain world-writable permissions on the iodbctest and iodbcte... | | |
| CVE-2013-7173 | Belkin n750 routers have a buffer overflow.... | E | |
| CVE-2013-7174 | Absolute path traversal vulnerability in cgi-bin/jc.cgi in QNAP QTS before 4.1.0 allows remote attac... | | |
| CVE-2013-7175 | Multiple SQL injection vulnerabilities in Avanset Visual CertExam Manager 3.3 and earlier allow remo... | | |
| CVE-2013-7176 | config/filter.d/postfix.conf in the postfix filter in Fail2ban before 0.8.11 allows remote attackers... | E S | |
| CVE-2013-7177 | config/filter.d/cyrus-imap.conf in the cyrus-imap filter in Fail2ban before 0.8.11 allows remote att... | E S | |
| CVE-2013-7179 | The ping functionality in cgi-bin/diagnostic.cgi on Seowon Intech SWC-9100 routers allows remote att... | | |
| CVE-2013-7180 | Cobham SAILOR 900 VSAT; SAILOR FleetBroadBand 150, 250, and 500; EXPLORER BGAN; and AVIATOR 200, 300... | | |
| CVE-2013-7181 | Cross-site scripting (XSS) vulnerability in user/ldap_user/add in Fortinet FortiOS 5.0.3 allows remo... | | |
| CVE-2013-7182 | Cross-site scripting (XSS) vulnerability in firewall/schedule/recurrdlg in Fortinet FortiOS 5.0.5 al... | | |
| CVE-2013-7183 | cgi-bin/reboot.cgi on Seowon Intech SWC-9100 routers allows remote attackers to (1) cause a denial o... | | |
| CVE-2013-7184 | Gretech GOM Media Player 2.2.56.5158 and earlier allows remote attackers to cause a denial of servic... | E | |
| CVE-2013-7185 | PotPlayer 1.5.40688: .avi File Memory Corruption... | E | |
| CVE-2013-7186 | Buffer overflow in Steinberg MyMp3PRO 5.0 (Build 5.1.0.21) allows remote attackers to execute arbitr... | E | |
| CVE-2013-7187 | SQL injection vulnerability in form.php in the FormCraft plugin 1.3.7 and earlier for WordPress allo... | E | |
| CVE-2013-7188 | Cross-site scripting (XSS) vulnerability in KBKP Software HostBill before 2013-12-14 allows remote a... | | |
| CVE-2013-7189 | Multiple SQL injection vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers ... | | |
| CVE-2013-7190 | Multiple directory traversal vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote atta... | | |
| CVE-2013-7191 | Cross-site scripting (XSS) vulnerability in Tenmiles Helpdesk Pilot allows remote attackers to injec... | E | |
| CVE-2013-7192 | Multiple SQL injection vulnerabilities in Dynamic Biz Website Builder (QuickWeb) allow remote attack... | E | |
| CVE-2013-7193 | Multiple SQL injection vulnerabilities in C2C Forward Auction Creator 2.0 allow remote attackers to ... | E | |
| CVE-2013-7194 | Multiple cross-site scripting (XSS) vulnerabilities in www/administrator.php in eFront 3.6.14 (build... | E | |
| CVE-2013-7195 | PHPFox 3.7.3 and 3.7.4 allows remote authenticated users to bypass intended "Only Me" restrictions a... | | |
| CVE-2013-7196 | static/ajax.php in PHPFox 3.7.3, 3.7.4, and 3.7.5 allows remote authenticated users to bypass intend... | | |
| CVE-2013-7201 | WebHybridClient.java in PayPal 5.3 and earlier for Android ignores SSL errors, which allows man-in-t... | | |
| CVE-2013-7202 | The WebHybridClient class in PayPal 5.3 and earlier for Android allows remote attackers to execute a... | | |
| CVE-2013-7203 | gitolite before commit fa06a34 might allow local users to read arbitrary files in repositories via v... | | |
| CVE-2013-7204 | Cross-site request forgery (CSRF) vulnerability in set_users.cgi in Conceptronic CIPCAMPTIWL Camera ... | E | |
| CVE-2013-7205 | Off-by-one error in the process_cgivars function in contrib/daemonchk.c in Nagios Core 3.5.1, 4.0.2,... | | |
| CVE-2013-7209 | Cross-site request forgery (CSRF) vulnerability in admBase/login.page in the Admin module in JForum ... | E | |
| CVE-2013-7216 | Multiple SQL injection vulnerabilities in Classifieds Creator 2.0 allow remote attackers to execute ... | E | |
| CVE-2013-7217 | Unspecified vulnerability in Zimbra Collaboration Server 7.2.5 and earlier, and 8.0.x through 8.0.5,... | | |
| CVE-2013-7219 | SQL injection vulnerability in vote.php in the 2Glux Sexy Polling (com_sexypolling) component before... | E | |
| CVE-2013-7220 | js/ui/screenShield.js in GNOME Shell (aka gnome-shell) before 3.8 allows physically proximate attack... | | |
| CVE-2013-7221 | The automatic screen lock functionality in GNOME Shell (aka gnome-shell) before 3.10 does not preven... | | |
| CVE-2013-7222 | config/initializers/secret_token.rb in Fat Free CRM before 0.12.1 has a fixed FatFreeCRM::Applicatio... | E S | |
| CVE-2013-7223 | Multiple cross-site request forgery (CSRF) vulnerabilities in Fat Free CRM before 0.12.1 allow remot... | E S | |
| CVE-2013-7224 | Fat Free CRM before 0.12.1 does not restrict JSON serialization, which allows remote attackers to ob... | E | |
| CVE-2013-7225 | Multiple SQL injection vulnerabilities in app/controllers/home_controller.rb in Fat Free CRM before ... | E S | |
| CVE-2013-7226 | Integer overflow in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allows remote ... | | |
| CVE-2013-7231 | Cross-site scripting (XSS) vulnerability in the Mobile Content Server in ESRI ArcGIS for Server 10.1... | | |
| CVE-2013-7232 | SQL injection vulnerability in ESRI ArcGIS for Server through 10.2 allows remote attackers to execut... | | |
| CVE-2013-7233 | Cross-site request forgery (CSRF) vulnerability in the retrospam component in wp-admin/options-discu... | | |
| CVE-2013-7234 | Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows remote attackers to conduct cl... | | |
| CVE-2013-7235 | Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows remote attackers to impersonat... | | |
| CVE-2013-7236 | Simple Machines Forum (SMF) 2.0.6, 1.1.19, and earlier allows remote attackers to impersonate arbitr... | | |
| CVE-2013-7239 | memcached before 1.4.17 allows remote attackers to bypass authentication by sending an invalid reque... | S | |
| CVE-2013-7240 | Directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for Word... | E | |
| CVE-2013-7241 | Cross-site scripting (XSS) vulnerability in the export function in zp-core/zp-extensions/mergedRSS.p... | E | |
| CVE-2013-7242 | SQL injection vulnerability in zp-core/zp-extensions/wordpress_import.php in Zenphoto before 1.4.5.4... | E | |
| CVE-2013-7243 | Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.1.2 and 3.2.3 allow remote at... | E | |
| CVE-2013-7245 | The Backup Server component in SAP Sybase ASE 15.7 before SP51 allows remote attackers to bypass acc... | | |
| CVE-2013-7246 | Buffer overflow in the IconCreate method in an ActiveX control in the DaumGame ActiveX plugin 1.1.0.... | E | |
| CVE-2013-7247 | cgi-bin/tsaws.cgi in Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions... | E | |
| CVE-2013-7248 | Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 has a h... | E | |
| CVE-2013-7249 | Fat Free CRM before 0.12.1 does not restrict XML serialization, which allows remote attackers to obt... | E S | |
| CVE-2013-7250 | Cross-site scripting (XSS) vulnerability in the JsonBuilder implementation in ProjectForge before 5.... | E S | |
| CVE-2013-7251 | Multiple cross-site request forgery (CSRF) vulnerabilities in ProjectForge before 5.3 allow remote a... | E S | |
| CVE-2013-7252 | kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB mode instead of CBC mode ... | E S | |
| CVE-2013-7253 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2013-7254 | Cross-site scripting (XSS) vulnerability in Opsview before 4.4.2 allows remote attackers to inject a... | | |
| CVE-2013-7255 | Open redirect vulnerability in Opsview before 4.4.2 allows remote attackers to redirect users to arb... | | |
| CVE-2013-7256 | Cross-site request forgery (CSRF) vulnerability in Opsview before 4.4.2 allows remote attackers to h... | | |
| CVE-2013-7257 | Cross-site scripting (XSS) vulnerability in Codiad 2.0.7 allows remote attackers to inject arbitrary... | | |
| CVE-2013-7258 | Cross-site scripting (XSS) vulnerability in web2ldap 1.1.x before 1.1.49 allows remote attackers to ... | | |
| CVE-2013-7259 | Multiple cross-site request forgery (CSRF) vulnerabilities in Neo4J 1.9.2 allow remote attackers to ... | | |
| CVE-2013-7260 | Multiple stack-based buffer overflows in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Ma... | E | |
| CVE-2013-7262 | SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis.c in MapServer... | | |
| CVE-2013-7263 | The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data st... | | |
| CVE-2013-7264 | The l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c in the Linux kernel before 3.12.4 updates a certa... | | |
| CVE-2013-7265 | The pn_recvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain... | | |
| CVE-2013-7266 | The mISDN_sock_recvmsg function in drivers/isdn/mISDN/socket.c in the Linux kernel before 3.12.4 doe... | | |
| CVE-2013-7267 | The atalk_recvmsg function in net/appletalk/ddp.c in the Linux kernel before 3.12.4 updates a certai... | | |
| CVE-2013-7268 | The ipx_recvmsg function in net/ipx/af_ipx.c in the Linux kernel before 3.12.4 updates a certain len... | | |
| CVE-2013-7269 | The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.12.4 updates a certai... | | |
| CVE-2013-7270 | The packet_recvmsg function in net/packet/af_packet.c in the Linux kernel before 3.12.4 updates a ce... | | |
| CVE-2013-7271 | The x25_recvmsg function in net/x25/af_x25.c in the Linux kernel before 3.12.4 updates a certain len... | | |
| CVE-2013-7273 | GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list is set to true, allows local u... | | |
| CVE-2013-7274 | Cross-site scripting (XSS) vulnerability in Wallpaper Script 3.5.0082 allows remote authenticated us... | E | |
| CVE-2013-7275 | Cross-site scripting (XSS) vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.6.12 all... | E S | |
| CVE-2013-7276 | Cross-site scripting (XSS) vulnerability in inc/raf_form.php in the Recommend to a friend plugin 2.0... | E | |
| CVE-2013-7277 | Multiple cross-site scripting (XSS) vulnerabilities in Andy's PHP Knowledgebase (Aphpkb) before 0.95... | E S | |
| CVE-2013-7278 | SQL injection vulnerability in Naxtech CMS Afroditi 1.0 allows remote attackers to execute arbitrary... | E | |
| CVE-2013-7279 | Cross-site scripting (XSS) vulnerability in views/video-management/preview_video.php in the S3 Video... | | |
| CVE-2013-7280 | Buffer overflow in HansoTools Hanso Player 2.1.0, 2.5.0, and earlier allows remote attackers to caus... | E | |
| CVE-2013-7281 | The dgram_recvmsg function in net/ieee802154/dgram.c in the Linux kernel before 3.12.4 updates a cer... | | |
| CVE-2013-7282 | The management web interface on the Nisuta NS-WIR150NE router with firmware 5.07.41 and Nisuta NS-WI... | E | |
| CVE-2013-7283 | Race condition in the libreswan.spec files for Red Hat Enterprise Linux (RHEL) and Fedora packages i... | E S | |
| CVE-2013-7284 | The PlRPC module, possibly 0.2020 and earlier, for Perl uses the Storable module, which allows remot... | S | |
| CVE-2013-7285 | Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initiali... | E | |
| CVE-2013-7286 | MobileIron VSP < 5.9.1 and Sentry < 5.0 has a weak password obfuscation algorithm... | | |
| CVE-2013-7287 | MobileIron VSP < 5.9.1 and Sentry < 5.0 has an insecure encryption scheme.... | E | |
| CVE-2013-7288 | Cross-site scripting (XSS) vulnerability in the mycode_parse_video function in inc/class_parser.php ... | | |
| CVE-2013-7289 | Multiple cross-site scripting (XSS) vulnerabilities in register.php in Andy's PHP Knowledgebase (Aph... | S | |
| CVE-2013-7290 | The do_item_get function in items.c in memcached 1.4.4 and other versions before 1.4.17, when runnin... | E S | |
| CVE-2013-7291 | memcached before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of ... | E S | |
| CVE-2013-7292 | VASCO IDENTIKEY Authentication Server (IAS) 3.4.x allows remote authenticated users to bypass Active... | | |
| CVE-2013-7293 | The ASUS WL-330NUL router has a configuration process that relies on accessing the 192.168.1.1 IP ad... | | |
| CVE-2013-7294 | The ikev2parent_inI1outR1 function in pluto/ikev2_parent.c in libreswan before 3.7 allows remote att... | E S | |
| CVE-2013-7295 | Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a certain HardwareAccel setting on... | | |
| CVE-2013-7296 | The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler before 0.24.5 does not use the cor... | | |
| CVE-2013-7298 | query_params.cpp in cxxtools before 2.2.1 allows remote attackers to cause a denial of service (infi... | | |
| CVE-2013-7299 | framework/common/messageheaderparser.cpp in Tntnet before 2.2.1 allows remote attackers to obtain se... | S | |
| CVE-2013-7300 | Absolute path traversal vulnerability in cantata before 1.2.2 allows local users to read arbitrary f... | E | |
| CVE-2013-7301 | Cantata before 1.2.2 does not restrict access to files in the play queue, which allows remote attack... | E | |
| CVE-2013-7302 | Session fixation vulnerability in the Ubercart module 6.x-2.x before 6.x-2.13 and 7.x-3.x before 7.x... | S | |
| CVE-2013-7303 | Multiple cross-site scripting (XSS) vulnerabilities in (1) squelettes-dist/formulaires/inscription.p... | | |
| CVE-2013-7304 | Check Point Endpoint Security MI Server through R73 3.0.0 HFA2.5 does not configure X.509 certificat... | S | |
| CVE-2013-7305 | fpw.php in e107 through 1.0.4 does not check the user_ban field, which makes it easier for remote at... | | |
| CVE-2013-7306 | The OSPF implementation on Brocade routers does not consider the possibility of duplicate Link State... | | |
| CVE-2013-7307 | The OSPF implementation on the Brocade Vyatta vRouter with software before 6.6R1 does not consider t... | | |
| CVE-2013-7308 | The OSPF implementation on the D-Link DES-3810-28 switch with firmware R2.20.B017 does not consider ... | | |
| CVE-2013-7309 | The OSPF implementation in Extreme Networks EXOS does not consider the possibility of duplicate Link... | | |
| CVE-2013-7310 | The OSPF implementation on Yamaha routers does not consider the possibility of duplicate Link State ... | | |
| CVE-2013-7311 | The OSPF implementation in Check Point Gaia OS R75.X and R76 and IPSO OS 6.2 R75.X and R76 does not ... | | |
| CVE-2013-7312 | The OSPF implementation on Enterasys switches and routers does not consider the possibility of dupli... | | |
| CVE-2013-7313 | The OSPF implementation in Juniper Junos through 13.x, JunosE, and ScreenOS through 6.3.x does not c... | | |
| CVE-2013-7314 | The OSPF implementation on NEC IP38X, IX1000, IX2000, and IX3000 routers does not consider the possi... | | |
| CVE-2013-7315 | The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable exter... | E S | |
| CVE-2013-7316 | Cross-site scripting (XSS) vulnerability in GitLab 6.0 and other versions before 6.5.0 allows remote... | E | |
| CVE-2013-7317 | Multiple cross-site scripting (XSS) vulnerabilities in CS-Cart before 4.1.1 allow remote attackers t... | | |
| CVE-2013-7318 | Cross-site scripting (XSS) vulnerability in BusinessFlow/login in AlgoSec Firewall Analyzer 6.4 allo... | E | |
| CVE-2013-7319 | Cross-site scripting (XSS) vulnerability in the Download Manager plugin before 2.5.9 for WordPress a... | E | |
| CVE-2013-7320 | Cross-site request forgery (CSRF) vulnerability in D-Link DAP-2253 Access Point (Rev. A1) with firmw... | | |
| CVE-2013-7321 | Cross-site scripting (XSS) vulnerability in D-Link DAP-2253 Access Point (Rev. A1) with firmware bef... | | |
| CVE-2013-7322 | usersfile.c in liboath in OATH Toolkit before 2.4.1 does not properly handle lines containing an inv... | | |
| CVE-2013-7323 | python-gnupg before 0.3.5 allows context-dependent attackers to execute arbitrary commands via shell... | E | |
| CVE-2013-7324 | Webkit-GTK 2.x (any version with HTML5 audio/video support based on GStreamer) allows remote attacke... | | |
| CVE-2013-7325 | An issue exists in uscan in devscripts before 2.13.19, which could let a remote malicious user execu... | | |
| CVE-2013-7326 | Cross-site scripting (XSS) vulnerability in vTiger CRM 5.4.0 allows remote attackers to inject arbit... | | |
| CVE-2013-7327 | The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check return values, whic... | | |
| CVE-2013-7328 | Multiple integer signedness errors in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.... | | |
| CVE-2013-7329 | The CGI::Application module before 4.50_50 and 4.50_51 for Perl, when run modes are not specified, a... | | |
| CVE-2013-7330 | Jenkins before 1.502 allows remote authenticated users to configure an otherwise restricted project ... | S | |
| CVE-2013-7331 | The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to... | KEV E S | |
| CVE-2013-7332 | The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier does not properly detect r... | E | |
| CVE-2013-7333 | A vulnerability in version 0.90 of the Open Floodlight SDN controller software could allow an attack... | E | |
| CVE-2013-7334 | Cross-site request forgery (CSRF) vulnerability in ImageCMS before 4.2 allows remote attackers to hi... | E | |
| CVE-2013-7335 | Open redirect vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote atta... | S | |
| CVE-2013-7336 | The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in libvirt before 1.1.3 does not pro... | S | |
| CVE-2013-7338 | Python before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU ... | E S | |
| CVE-2013-7339 | The rds_ib_laddr_check function in net/rds/ib.c in the Linux kernel before 3.12.8 allows local users... | E S | |
| CVE-2013-7340 | VideoLAN VLC Media Player before 2.0.7 allows remote attackers to cause a denial of service (memory ... | | |
| CVE-2013-7341 | Multiple cross-site scripting (XSS) vulnerabilities in Flowplayer Flash before 3.2.17, as used in Mo... | | |
| CVE-2013-7342 | Cross-site scripting (XSS) vulnerability in flowplayer.swf in the Flash fallback feature in Flowplay... | E S | |
| CVE-2013-7343 | Cross-site scripting (XSS) vulnerability in flowplayer.swf in the Flash fallback feature in Flowplay... | E S | |
| CVE-2013-7344 | Unspecified vulnerability in core/settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allo... | | |
| CVE-2013-7345 | The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15... | E S | |
| CVE-2013-7346 | Cross-site request forgery (CSRF) vulnerability in Symphony CMS before 2.3.2 allows remote attackers... | E | |
| CVE-2013-7347 | Luci in Red Hat Conga does not properly enforce the user session timeout, which might allow attacker... | | |
| CVE-2013-7348 | Double free vulnerability in the ioctx_alloc function in fs/aio.c in the Linux kernel before 3.12.4 ... | | |
| CVE-2013-7349 | Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQ... | E | |
| CVE-2013-7350 | Multiple unspecified vulnerabilities in Check Point Security Gateway 80 R71.x before R71.45 (7301591... | | |
| CVE-2013-7351 | Multiple cross-site scripting (XSS) vulnerabilities in index.php in Shaarli allow remote attackers t... | E S | |
| CVE-2013-7352 | Cross-site request forgery (CSRF) vulnerability in blogs/admin.php in b2evolution before 4.1.7 allow... | E S | |
| CVE-2013-7353 | Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng before 1.5.14be... | | |
| CVE-2013-7354 | Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of s... | | |
| CVE-2013-7355 | SQL injection vulnerability in SAP BI Universal Data Integration allows remote attackers to execute ... | | |
| CVE-2013-7356 | Unspecified vulnerability in the SAP CCMS / Database Monitors for Oracle allows attackers to obtain ... | | |
| CVE-2013-7357 | Unspecified vulnerability in the configuration service in SAP J2EE Engine allows remote attackers to... | | |
| CVE-2013-7358 | Unspecified vulnerability in SAP Guided Procedures Archive Monitor allows remote attackers to obtain... | | |
| CVE-2013-7359 | Unspecified vulnerability in SAP Mobile Infrastructure allows remote attackers to obtain sensitive p... | | |
| CVE-2013-7360 | Unspecified vulnerability in SAP adminadapter allows remote attackers to read or write to arbitrary ... | | |
| CVE-2013-7361 | Directory traversal vulnerability in SAP CMS and CM Services allows attackers to upload arbitrary fi... | | |
| CVE-2013-7362 | An unspecified RFC function in SAP CCMS Agent allows remote attackers to execute arbitrary commands ... | | |
| CVE-2013-7363 | Unspecified vulnerability in the Diagnostics (SMD) agent in SAP Solution Manager allows remote attac... | | |
| CVE-2013-7364 | An unspecified J2EE core service in the J2EE Engine in SAP NetWeaver does not properly restrict acce... | | |
| CVE-2013-7365 | Cross-site scripting (XSS) vulnerability in SAP Enterprise Portal allows remote attackers to inject ... | | |
| CVE-2013-7366 | The SAP Software Deployment Manager (SDM), in certain unspecified conditions, allows remote attacker... | | |
| CVE-2013-7367 | SAP Enterprise Portal does not properly restrict access to the Federation configuration pages, which... | | |
| CVE-2013-7368 | Multiple cross-site scripting (XSS) vulnerabilities in Gnew 2013.1 allow remote attackers to inject ... | E | |
| CVE-2013-7369 | SQL injection vulnerability in an unspecified DLL in the FSDBCom ActiveX control in F-Secure Anti-Vi... | | |
| CVE-2013-7370 | node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware... | S | |
| CVE-2013-7371 | node-connects before 2.8.2 has cross site scripting in Sencha Labs Connect middleware (vulnerability... | S | |
| CVE-2013-7372 | The engineNextBytes function in classlib/modules/security/src/main/java/common/org/apache/harmony/se... | E S | |
| CVE-2013-7373 | Android before 4.4 does not properly arrange for seeding of the OpenSSL PRNG, which makes it easier ... | | |
| CVE-2013-7374 | The Ubuntu Date and Time Indicator (aka indicator-datetime) 13.10.0+13.10.x before 13.10.0+13.10.201... | | |
| CVE-2013-7375 | SQL injection vulnerability in includes/classes/Authenticate.class.php in PHP-Fusion 7.02.01 through... | | |
| CVE-2013-7376 | Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.10, possibly before revision... | E | |
| CVE-2013-7377 | The codem-transcode module before 0.5.0 for Node.js, when ffprobe is enabled, allows remote attacker... | | |
| CVE-2013-7378 | scripts/email.coffee in the Hubot Scripts module before 2.4.4 for Node.js allows remote attackers to... | S | |
| CVE-2013-7379 | The admin API in the tomato module before 0.0.6 for Node.js does not properly check the access key w... | E S | |
| CVE-2013-7380 | The Etherpad Lite ep_imageconvert Plugin has a Remote Command Injection Vulnerability... | | |
| CVE-2013-7381 | libnotify before 1.0.4 for Node.js allows remote attackers to execute arbitrary commands via unspeci... | S | |
| CVE-2013-7382 | VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier has a hardcoded passwor... | E | |
| CVE-2013-7383 | x2gocleansessions in X2Go Server before 4.0.0.8 and 4.0.1.x before 4.0.1.10 allows remote authentica... | | |
| CVE-2013-7384 | UnrealIRCd 3.2.10 before 3.2.10.2 allows remote attackers to cause a denial of service (NULL pointer... | | |
| CVE-2013-7385 | LiveZilla 5.1.2.1 and earlier includes the MD5 hash of the operator password in plaintext in Javascr... | E | |
| CVE-2013-7386 | Format string vulnerability in the PROJECT::write_account_file function in client/cs_account.cpp in ... | | |
| CVE-2013-7387 | Session fixation vulnerability in DataLife Engine (DLE) 9.7 and earlier allows remote attackers to h... | E S | |
| CVE-2013-7388 | Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) befor... | E | |
| CVE-2013-7389 | Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. A1) with firmware... | E S | |
| CVE-2013-7390 | Unrestricted file upload vulnerability in AgentLogUploadServlet in ManageEngine DesktopCentral 7.x a... | E | |
| CVE-2013-7391 | The Entity API module 7.x-1.x before 7.x-1.2 for Drupal, when using the (a) Views field or (b) area ... | S | |
| CVE-2013-7392 | Gitlist allows remote attackers to execute arbitrary commands via shell metacharacters in a file nam... | E | |
| CVE-2013-7393 | The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a... | | |
| CVE-2013-7394 | The "runshellscript echo.sh" script in Splunk before 5.0.5 allows remote authenticated users to exec... | | |
| CVE-2013-7395 | ZOLL Defibrillator / Monitor X Series has a default (1) supervisor password and (2) service password... | | |
| CVE-2013-7397 | Async Http Client (aka AHC or async-http-client) before 1.9.0 skips X.509 certificate verification u... | | |
| CVE-2013-7398 | main/java/com/ning/http/client/AsyncHttpClientConfig.java in Async Http Client (aka AHC or async-htt... | | |
| CVE-2013-7400 | The Direct Mail (direct_mail) extension before 3.1.2 for TYPO3 allows remote attackers to obtain sen... | | |
| CVE-2013-7401 | The parse_request function in request.c in c-icap 0.2.x allows remote attackers to cause a denial of... | E | |
| CVE-2013-7402 | Multiple unspecified vulnerabilities in request.c in c-icap 0.2.x allow remote attackers to cause a ... | | |
| CVE-2013-7404 | GE Healthcare Discovery NM 750b has a password of 2getin for the insite account for (1) Telnet and (... | | |
| CVE-2013-7405 | The Ad Hoc Reporting feature in GE Healthcare Centricity DMS 4.2 has a password of Never!Mind for th... | | |
| CVE-2013-7406 | SQL injection vulnerability in the MRBS module for Drupal allows remote attackers to execute arbitra... | | |
| CVE-2013-7407 | Cross-site request forgery (CSRF) vulnerability in the MRBS module for Drupal allows remote attacker... | | |
| CVE-2013-7408 | F5 BIG-IP Analytics 11.x before 11.4.0 uses a predictable session cookie, which makes it easier for ... | E | |
| CVE-2013-7409 | Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote attackers to cause a denial of servic... | E | |
| CVE-2013-7416 | canto_curses/guibase.py in Canto Curses before 0.9.0 allows remote feed servers to execute arbitrary... | E | |
| CVE-2013-7417 | Cross-site scripting (XSS) vulnerability in cgi-bin/ipinfo.cgi in IPCop (aka IPCop Firewall) before ... | E | |
| CVE-2013-7418 | cgi-bin/iptablesgui.cgi in IPCop (aka IPCop Firewall) before 2.1.5 allows remote authenticated users... | E | |
| CVE-2013-7419 | Cross-site scripting (XSS) vulnerability in includes/refreshDate.php in the Joomlaskin JS Multi Hote... | E | |
| CVE-2013-7420 | Buffer overflow in Hancom Office 2010 SE allows remote attackers to execute arbitrary via a long str... | | |
| CVE-2013-7421 | The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules... | E S | |
| CVE-2013-7422 | Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other p... | | |
| CVE-2013-7423 | The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not... | | |
| CVE-2013-7424 | The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AI_IDN flag is used... | | |
| CVE-2013-7426 | Insecure Temporary file vulnerability in /tmp/kamailio_fifo in kamailio 4.0.1.... | S | |
| CVE-2013-7428 | The Googlemaps plugin before 3.1 for Joomla! allows remote attackers to cause a denial of service vi... | | |
| CVE-2013-7429 | The Googlemaps plugin before 3.1 for Joomla! allows remote attackers to conduct XML injection attack... | E S | |
| CVE-2013-7430 | Cross-site scripting (XSS) vulnerability in the Googlemaps plugin before 3.1 for Joomla! allows remo... | | |
| CVE-2013-7431 | Full path disclosure in the Googlemaps plugin before 3.1 for Joomla!.... | | |
| CVE-2013-7432 | The Googlemaps plugin before 3.1 for Joomla! allows remote attackers to bypass an intended protectio... | | |
| CVE-2013-7433 | Cross-site scripting (XSS) vulnerability in the Googlemaps plugin before 3.1 for Joomla!.... | | |
| CVE-2013-7435 | The open-ils.pcrud endpoint in Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 al... | S | |
| CVE-2013-7436 | noVNC before 0.5 does not set the secure flag for a cookie in an https session, which makes it easie... | | |
| CVE-2013-7437 | Multiple integer overflows in potrace 1.11 allow remote attackers to cause a denial of service (cras... | E | |
| CVE-2013-7438 | Multiple buffer overflows in pbm212030 allow remote attackers to cause a denial of service (crash) o... | | |
| CVE-2013-7439 | Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h i... | S | |
| CVE-2013-7440 | The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not p... | | |
| CVE-2013-7441 | The modern style negotiation in Network Block Device (nbd-server) 2.9.22 through 3.3 allows remote a... | | |
| CVE-2013-7442 | GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of (1) CANal1 for the Adminis... | | |
| CVE-2013-7443 | Buffer overflow in the skip-scan optimization in SQLite 3.8.2 allows remote attackers to cause a den... | E | |
| CVE-2013-7444 | The Special:Contributions page in MediaWiki before 1.22.0 allows remote attackers to determine if an... | | |
| CVE-2013-7445 | The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for... | | |
| CVE-2013-7446 | Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local use... | E | |
| CVE-2013-7447 | Integer overflow in the gdk_cairo_set_source_pixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8,... | S | |
| CVE-2013-7448 | Directory traversal vulnerability in wiki.c in didiwiki allows remote attackers to read arbitrary fi... | | |
| CVE-2013-7449 | The ssl_do_connect function in common/server.c in HexChat before 2.10.2, XChat, and XChat-GNOME does... | | |
| CVE-2013-7450 | Pulp before 2.3.0 uses the same the same certificate authority key and certificate for all installat... | S | |
| CVE-2013-7451 | The validator module before 1.1.0 for Node.js allows remote attackers to bypass the XSS filter via a... | | |
| CVE-2013-7452 | The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scrip... | | |
| CVE-2013-7453 | The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scrip... | M | |
| CVE-2013-7454 | The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scrip... | M | |
| CVE-2013-7455 | Double free vulnerability in the DefaultICCintents function in cmscnvrt.c in liblcms2 in Little CMS ... | | |
| CVE-2013-7456 | gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.1.1, as used in PHP before 5.5.36... | E | |
| CVE-2013-7457 | Unspecified vulnerability in the Qualcomm components in Android before 2016-07-05 allows attackers t... | | |
| CVE-2013-7458 | linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, whi... | S | |
| CVE-2013-7459 | Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit... | E S | |
| CVE-2013-7460 | A write protection and execution bypass vulnerability in McAfee (now Intel Security) Application Con... | S | |
| CVE-2013-7461 | A write protection and execution bypass vulnerability in McAfee (now Intel Security) Change Control ... | S | |
| CVE-2013-7462 | A directory traversal vulnerability in the web application in McAfee (now Intel Security) SaaS Contr... | | |
| CVE-2013-7463 | The aescrypt gem 1.0.0 for Ruby does not randomize the CBC IV for use with the AESCrypt.encrypt and ... | | |
| CVE-2013-7464 | In csrf-magic before 1.0.4, if $GLOBALS['csrf']['secret'] is not configured, the Anti-CSRF Token use... | S | |
| CVE-2013-7465 | Ice Cold Apps Servers Ultimate 6.0.2(12) does not require authentication for TELNET, SSH, or FTP, wh... | E | |
| CVE-2013-7466 | Simple Machines Forum (SMF) 2.0.4 allows local file inclusion, with resultant remote code execution,... | E | |
| CVE-2013-7467 | Simple Machines Forum (SMF) 2.0.4 allows XSS via the index.php?action=pm;sa=settings;save sa paramet... | E | |
| CVE-2013-7468 | Simple Machines Forum (SMF) 2.0.4 allows PHP Code Injection via the index.php?action=admin;area=lang... | E | |
| CVE-2013-7469 | Seafile through 6.2.11 always uses the same Initialization Vector (IV) with Cipher Block Chaining (C... | | |
| CVE-2013-7470 | cipso_v4_validate in include/net/cipso_ipv4.h in the Linux kernel before 3.11.7, when CONFIG_NETLABE... | S | |
| CVE-2013-7471 | An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 be... | E | |
| CVE-2013-7472 | The "Count per Day" plugin before 3.2.6 for WordPress allows XSS via the wp-admin/?page=cpd_metaboxe... | E | |
| CVE-2013-7473 | Windu CMS 2.2 allows CSRF via admin/users/?mn=admin.message.error to add an admin account.... | E | |
| CVE-2013-7474 | Windu CMS 2.2 allows XSS via the name parameter to admin/content/edit or admin/content/add, or the u... | E | |
| CVE-2013-7475 | The contact-form-plugin plugin before 3.52 for WordPress has XSS.... | | |
| CVE-2013-7476 | The simple-fields plugin before 1.2 for WordPress has CSRF in the admin interface.... | | |
| CVE-2013-7477 | The events-manager plugin before 5.5.2 for WordPress has XSS in the booking form.... | | |
| CVE-2013-7478 | The events-manager plugin before 5.5 for WordPress has XSS via EM_Ticket::get_post.... | | |
| CVE-2013-7479 | The events-manager plugin before 5.3.9 for WordPress has XSS in the search form field.... | | |
| CVE-2013-7480 | The events-manager plugin before 5.3.6.1 for WordPress has XSS via the booking form and admin areas.... | | |
| CVE-2013-7481 | The contact-form-plugin plugin before 3.3.5 for WordPress has XSS.... | | |
| CVE-2013-7482 | The reflex-gallery plugin before 1.4.3 for WordPress has XSS.... | | |
| CVE-2013-7483 | The slidedeck2 plugin before 2.3.5 for WordPress has file inclusion.... | | |
| CVE-2013-7484 | Zabbix before 5.0 represents passwords in the users table with unsalted MD5.... | | |
| CVE-2013-7485 | Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7... | | |
| CVE-2013-7486 | Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7... | | |
| CVE-2013-7487 | On Swann DVR04B, DVR08B, DVR-16CIF, and DVR16B devices, raysharpdvr application has a vulnerable cal... | E | |
| CVE-2013-7488 | perl-Convert-ASN1 (aka the Convert::ASN1 module for Perl) through 0.27 allows remote attackers to ca... | E | |
| CVE-2013-7489 | The Beaker library through 1.11.0 for Python is affected by deserialization of untrusted data, which... | | |
| CVE-2013-7490 | An issue was discovered in the DBI module before 1.632 for Perl. Using many arguments to methods for... | S | |
| CVE-2013-7491 | An issue was discovered in the DBI module before 1.628 for Perl. Stack corruption occurs when a user... | S |