Total
307973 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-7485 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev26 and 7.4.x before 7.4.0-rev16 allows remote attackers to inject arbitrary web script or HTML via the publication name, which is not properly handled in an error message. NOTE: this vulnerability was SPLIT from CVE-2013-6242 because it affects different sets of versions. | |||||
| CVE-2013-7484 | 1 Zabbix | 1 Zabbix | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Zabbix before 5.0 represents passwords in the users table with unsalted MD5. | |||||
| CVE-2013-7483 | 1 Hbwsl | 1 Slidedeck 2 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The slidedeck2 plugin before 2.3.5 for WordPress has file inclusion. | |||||
| CVE-2013-7482 | 1 Reflex Gallery Project | 1 Reflex Gallery | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The reflex-gallery plugin before 1.4.3 for WordPress has XSS. | |||||
| CVE-2013-7481 | 1 Bestwebsoft | 1 Contact Form | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The contact-form-plugin plugin before 3.3.5 for WordPress has XSS. | |||||
| CVE-2013-7480 | 1 Pixelite | 1 Events Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The events-manager plugin before 5.3.6.1 for WordPress has XSS via the booking form and admin areas. | |||||
| CVE-2013-7479 | 1 Pixelite | 1 Events Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The events-manager plugin before 5.3.9 for WordPress has XSS in the search form field. | |||||
| CVE-2013-7478 | 1 Pixelite | 1 Events Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The events-manager plugin before 5.5 for WordPress has XSS via EM_Ticket::get_post. | |||||
| CVE-2013-7477 | 1 Pixelite | 1 Events Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The events-manager plugin before 5.5.2 for WordPress has XSS in the booking form. | |||||
| CVE-2013-7476 | 1 Simple Fields Project | 1 Simple Fields | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The simple-fields plugin before 1.2 for WordPress has CSRF in the admin interface. | |||||
| CVE-2013-7475 | 1 Bestwebsoft | 1 Contact Form | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The contact-form-plugin plugin before 3.52 for WordPress has XSS. | |||||
| CVE-2013-7474 | 1 Windu | 1 Windu Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Windu CMS 2.2 allows XSS via the name parameter to admin/content/edit or admin/content/add, or the username parameter to admin/users. | |||||
| CVE-2013-7473 | 1 Windu | 1 Windu Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Windu CMS 2.2 allows CSRF via admin/users/?mn=admin.message.error to add an admin account. | |||||
| CVE-2013-7472 | 1 Count Per Day Project | 1 Count Per Day | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The "Count per Day" plugin before 3.2.6 for WordPress allows XSS via the wp-admin/?page=cpd_metaboxes daytoshow parameter. | |||||
| CVE-2013-7471 | 1 Dlink | 10 Dir-300, Dir-300 Firmware, Dir-600 and 7 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request. | |||||
| CVE-2013-7470 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.1 HIGH | 5.9 MEDIUM |
| cipso_v4_validate in include/net/cipso_ipv4.h in the Linux kernel before 3.11.7, when CONFIG_NETLABEL is disabled, allows attackers to cause a denial of service (infinite loop and crash), as demonstrated by icmpsic, a different vulnerability than CVE-2013-0310. | |||||
| CVE-2013-7469 | 1 Seafile | 1 Seafile | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Seafile through 6.2.11 always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks. | |||||
| CVE-2013-7468 | 1 Simplemachines | 1 Simple Machines Forum | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| Simple Machines Forum (SMF) 2.0.4 allows PHP Code Injection via the index.php?action=admin;area=languages;sa=editlang dictionary parameter. | |||||
| CVE-2013-7467 | 1 Simplemachines | 1 Simple Machines Forum | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Simple Machines Forum (SMF) 2.0.4 allows XSS via the index.php?action=pm;sa=settings;save sa parameter. | |||||
| CVE-2013-7466 | 1 Simplemachines | 1 Simple Machines Forum | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Simple Machines Forum (SMF) 2.0.4 allows local file inclusion, with resultant remote code execution, in install.php via ../ directory traversal in the db_type parameter if install.php remains present after installation. | |||||