Total
299295 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-4968 | 1 Puppet | 1 Puppet Enterprise | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Puppet Enterprise before 3.0.1 allows remote attackers to (1) conduct clickjacking attacks via unspecified vectors related to the console, and (2) conduct cross-site scripting (XSS) attacks via unspecified vectors related to "live management." | |||||
| CVE-2013-4891 | 1 Codeigniter | 1 Codeigniter | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The xss_clean function in CodeIgniter before 2.1.4 might allow remote attackers to bypass an intended protection mechanism and conduct cross-site scripting (XSS) attacks via an unclosed HTML tag. | |||||
| CVE-2013-4868 | 1 Karotz | 1 Api | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Karotz API 12.07.19.00: Session Token Information Disclosure | |||||
| CVE-2013-4867 | 1 Ea | 2 Karotz Smart Rabbit, Karotz Smart Rabbit Firmware | 2024-11-21 | 6.2 MEDIUM | 6.3 MEDIUM |
| Electronic Arts Karotz Smart Rabbit 12.07.19.00 allows Python module hijacking | |||||
| CVE-2013-4865 | 1 Micasaverde | 2 Veralite, Veralite Firmware | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Cross-site request forgery (CSRF) vulnerability in upgrade_step2.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to hijack the authentication of users for requests that install arbitrary firmware via the squashfs parameter. | |||||
| CVE-2013-4864 | 1 Micasaverde | 2 Veralite, Veralite Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to send HTTP requests to intranet servers via the url parameter to cgi-bin/cmh/proxy.sh, related to a Server-Side Request Forgery (SSRF) issue. | |||||
| CVE-2013-4863 | 1 Micasaverde | 2 Veralite, Veralite Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| The HomeAutomationGateway service in MiCasaVerde VeraLite with firmware 1.5.408 allows (1) remote attackers to execute arbitrary Lua code via a RunLua action in a request to upnp/control/hag on port 49451 or (2) remote authenticated users to execute arbitrary Lua code via a RunLua action in a request to port_49451/upnp/control/hag. | |||||
| CVE-2013-4862 | 1 Micasaverde | 2 Veralite, Veralite Firmware | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| MiCasaVerde VeraLite with firmware 1.5.408 does not properly restrict access, which allows remote authenticated users to (1) update the firmware via the squashfs parameter to upgrade_step2.sh or (2) obtain hashed passwords via the cgi-bin/cmh/backup.sh page. | |||||
| CVE-2013-4861 | 1 Micasaverde | 2 Veralite, Veralite Firmware | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in cgi-bin/cmh/get_file.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote authenticated users to read arbirary files via a .. (dot dot) in the filename parameter. | |||||
| CVE-2013-4859 | 1 Insteon | 2 Hub, Hub Firmware | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| INSTEON Hub 2242-222 lacks Web and API authentication | |||||
| CVE-2013-4857 | 1 Dlink | 2 Dir-865l, Dir-865l Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link DIR-865L has PHP File Inclusion in the router xml file. | |||||
| CVE-2013-4856 | 1 Dlink | 2 Dir-865l, Dir-865l Firmware | 2024-11-21 | 2.9 LOW | 6.5 MEDIUM |
| D-Link DIR-865L has Information Disclosure. | |||||
| CVE-2013-4855 | 1 Dlink | 2 Dir-865l, Dir-865l Firmware | 2024-11-21 | 7.9 HIGH | 8.8 HIGH |
| D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in the SMB service allowing symbolic links to be created to locations outside of the Samba share. | |||||
| CVE-2013-4848 | 1 Tp-link | 2 Tl-wdr4300, Tl-wdr4300 Firmware | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| TP-Link TL-WDR4300 version 3.13.31 has multiple CSRF vulnerabilities. | |||||
| CVE-2013-4796 | 1 Reviewboard | 1 Reviewboard | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| ReviewBoard 1.6.17 allows code execution by attaching PHP scripts to review request | |||||
| CVE-2013-4792 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 3.5 LOW | 5.5 MEDIUM |
| PrestaShop before 1.4.11 allows logout CSRF. | |||||
| CVE-2013-4791 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| PrestaShop before 1.4.11 allows Logistician, translators and other low level profiles/accounts to inject a persistent XSS vector on TinyMCE. | |||||
| CVE-2013-4770 | 1 Eucalyptus | 1 Eucalyptus Management Console | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Eucalyptus Management Console (EMC) 4.0.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-4764 | 1 Samsung | 4 Galaxy S3, Galaxy S3 Firmware, Galaxy S4 and 1 more | 2024-11-21 | 2.1 LOW | 4.3 MEDIUM |
| Samsung Galaxy S3/S4 exposes an unprotected component allowing an unprivileged app to send arbitrary SMS texts to arbitrary destinations without permission. | |||||
| CVE-2013-4763 | 1 Samsung | 4 Galaxy S3, Galaxy S3 Firmware, Galaxy S4 and 1 more | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
| Samsung Galaxy S3/S4 exposes an unprotected component allowing arbitrary SMS text messages without requesting permission. | |||||