Total
299222 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-4848 | 1 Tp-link | 2 Tl-wdr4300, Tl-wdr4300 Firmware | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| TP-Link TL-WDR4300 version 3.13.31 has multiple CSRF vulnerabilities. | |||||
| CVE-2013-4796 | 1 Reviewboard | 1 Reviewboard | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| ReviewBoard 1.6.17 allows code execution by attaching PHP scripts to review request | |||||
| CVE-2013-4792 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 3.5 LOW | 5.5 MEDIUM |
| PrestaShop before 1.4.11 allows logout CSRF. | |||||
| CVE-2013-4791 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| PrestaShop before 1.4.11 allows Logistician, translators and other low level profiles/accounts to inject a persistent XSS vector on TinyMCE. | |||||
| CVE-2013-4770 | 1 Eucalyptus | 1 Eucalyptus Management Console | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Eucalyptus Management Console (EMC) 4.0.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-4764 | 1 Samsung | 4 Galaxy S3, Galaxy S3 Firmware, Galaxy S4 and 1 more | 2024-11-21 | 2.1 LOW | 4.3 MEDIUM |
| Samsung Galaxy S3/S4 exposes an unprotected component allowing an unprivileged app to send arbitrary SMS texts to arbitrary destinations without permission. | |||||
| CVE-2013-4763 | 1 Samsung | 4 Galaxy S3, Galaxy S3 Firmware, Galaxy S4 and 1 more | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
| Samsung Galaxy S3/S4 exposes an unprotected component allowing arbitrary SMS text messages without requesting permission. | |||||
| CVE-2013-4752 | 2 Fedoraproject, Sensiolabs | 2 Fedora, Symfony | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, and 2.3.X before 2.3.3 have an issue in the HttpFoundation component. The Host header can be manipulated by an attacker when the framework is generating an absolute URL. A remote attacker could exploit this vulnerability to inject malicious content into the Web application page and conduct various attacks. | |||||
| CVE-2013-4751 | 3 Fedoraproject, Redhat, Sensiolabs | 3 Fedora, Enterprise Linux, Symfony | 2024-11-21 | 4.9 MEDIUM | 8.1 HIGH |
| php-symfony2-Validator has loss of information during serialization | |||||
| CVE-2013-4743 | 1 Static Http Server Project | 1 Static Http Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Static HTTP Server 1.0 has a Local Overflow | |||||
| CVE-2013-4718 | 1 Otrs | 2 Otrs, Otrs Itsm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) ITSM 3.0.x before 3.0.9, 3.1.x before 3.1.10, and 3.2.x before 3.2.7 allows remote authenticated users to inject arbitrary web script or HTML via an ITSM ConfigItem search. | |||||
| CVE-2013-4717 | 1 Otrs | 2 Otrs, Otrs Itsm | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple SQL injection vulnerabilities in Open Ticket Request System (OTRS) Help Desk 3.0.x before 3.0.22, 3.1.x before 3.1.18, and 3.2.x before 3.2.9 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to Kernel/Output/HTML/PreferencesCustomQueue.pm, Kernel/System/CustomerCompany.pm, Kernel/System/Ticket/IndexAccelerator/RuntimeDB.pm, Kernel/System/Ticket/IndexAccelerator/StaticDB.pm, and Kernel/System/TicketSearch.pm. | |||||
| CVE-2013-4695 | 1 Winamp | 1 Winamp | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Winamp 5.63: Invalid Pointer Dereference leading to Arbitrary Code Execution | |||||
| CVE-2013-4693 | 1 Xorbin | 1 Digital Flash Clock | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| WordPress Xorbin Digital Flash Clock 1.0 has XSS | |||||
| CVE-2013-4692 | 1 Xorbin | 1 Analog Flash Clock | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Xorbin Analog Flash Clock 1.0 extension for Joomia has XSS | |||||
| CVE-2013-4691 | 1 Sencha | 1 Connect | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Sencha Labs Connect has XSS with connect.methodOverride() | |||||
| CVE-2013-4665 | 1 Spbas | 1 Business Automation Software | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| SPBAS Business Automation Software 2012 has CSRF. | |||||
| CVE-2013-4664 | 1 Spbas | 1 Business Automation Software | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| SPBAS Business Automation Software 2012 has XSS. | |||||
| CVE-2013-4658 | 1 Linksys | 2 Ea6500, Ea6500 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Linksys EA6500 has SMB Symlink Traversal allowing symbolic links to be created to locations outside of the Samba share. | |||||
| CVE-2013-4657 | 1 Netgear | 4 Wnr3500l, Wnr3500l Firmware, Wnr3500u and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Symlink Traversal vulnerability in NETGEAR WNR3500U and WNR3500L due to misconfiguration in the SMB service. | |||||