The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2014-0013 | Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging an application that contains templates whose context is set to a user-supplied primitive value and also contain the `{{this}}` special Handlebars variable. | LOW | Feb 15, 2018 | n/a |
| CVE-2014-0011 | Multiple heap-based buffer overflows in the ZRLE_DECODE function in common/rfb/zrleDecode.h in TigerVNC before 1.3.1, when NDEBUG is enabled, allow remote VNC servers to cause a denial of service (vncviewer crash) and possibly execute arbitrary code via vectors related to screen image rendering. | HIGH | Jan 14, 2020 | n/a |
| CVE-2013-20004 | A flaw was found in StarWind iSCSI target. StarWind service does not limit client connections and allocates memory on each connection attempt. An attacker could create a denial of service state by trying to connect a non-existent target multiple times. This affects iSCSI SAN (Windows Native) Version 6.0, build 2013-01-16. | HIGH | Feb 11, 2022 | n/a |
| CVE-2013-20003 | Z-Wave devices from Sierra Designs (circa 2013) and Silicon Labs (using S0 security) may use a known, shared network key of all zeros, allowing an attacker within radio range to spoof Z-Wave traffic. | HIGH | Feb 9, 2022 | n/a |
| CVE-2013-20002 | Elemin allows remote attackers to upload and execute arbitrary PHP code via the Themify framework (before 1.2.2) wp-content/themes/elemin/themify/themify-ajax.php file. | HIGH | Jun 17, 2021 | n/a |
| CVE-2013-20001 | An issue was discovered in OpenZFS through 2.0.3. When an NFS share is exported to IPv6 addresses via the sharenfs feature, there is a silent failure to parse the IPv6 address data, and access is allowed to everyone. IPv6 restrictions from the configuration are not applied. | MEDIUM | Feb 18, 2021 | n/a |
| CVE-2013-10030 | A vulnerability, which was classified as problematic, has been found in Exit Box Lite Plugin up to 1.06 on WordPress. Affected by this issue is some unknown functionality of the file wordpress-exit-box-lite.php. The manipulation leads to information disclosure. The attack may be launched remotely. Upgrading to version 1.10 is able to address this issue. The name of the patch is fad26701addb862c51baf85c6e3cc136aa79c309. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230672. | -- | Jun 6, 2023 | n/a |
| CVE-2013-10029 | A vulnerability classified as problematic was found in Exit Box Lite Plugin up to 1.06 on WordPress. Affected by this vulnerability is the function exitboxadmin of the file wordpress-exit-box-lite.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. Upgrading to version 1.10 is able to address this issue. The patch is named fad26701addb862c51baf85c6e3cc136aa79c309. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230671. | -- | Jun 6, 2023 | n/a |
| CVE-2013-10028 | A vulnerability was found in EELV Newsletter Plugin 2.x on WordPress. It has been rated as problematic. Affected by this issue is the function style_newsletter of the file lettreinfo.php. The manipulation of the argument email leads to cross site scripting. The attack may be launched remotely. The name of the patch is 3339b42316c5edf73e56eb209b6a3bb3e868d6ed. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230660. | -- | Jun 5, 2023 | n/a |
| CVE-2013-10027 | A vulnerability was found in Blogger Importer Plugin up to 0.5 on WordPress. It has been classified as problematic. Affected is the function start/restart of the file blogger-importer.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. Upgrading to version 0.6 is able to address this issue. The patch is identified as b83fa4f862b0f19a54cfee76060ec9c2e7f7ca70. It is recommended to upgrade the affected component. VDB-230658 is the identifier assigned to this vulnerability. | -- | Jun 5, 2023 | n/a |
| CVE-2013-10026 | A vulnerability, which was classified as problematic, has been found in Mail Subscribe List Plugin up to 2.0.10 on WordPress. This issue affects some unknown processing of the file index.php. The manipulation of the argument sml_name/sml_email leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.1 is able to address this issue. The identifier of the patch is 484970ef8285cae51d2de3bd4e4684d33c956c28. It is recommended to upgrade the affected component. The identifier VDB-227765 was assigned to this vulnerability. | -- | May 2, 2023 | n/a |
| CVE-2013-10025 | A vulnerability was found in Exit Strategy Plugin 1.55 on WordPress and classified as problematic. Affected by this issue is the function exitpageadmin of the file exitpage.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 1.59 is able to address this issue. The patch is identified as d964b8e961b2634158719f3328f16eda16ce93ac. It is recommended to upgrade the affected component. VDB-225266 is the identifier assigned to this vulnerability. | -- | Apr 10, 2023 | n/a |
| CVE-2013-10024 | A vulnerability has been found in Exit Strategy Plugin 1.55 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality of the file exitpage.php. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 1.59 is able to address this issue. The identifier of the patch is d964b8e961b2634158719f3328f16eda16ce93ac. It is recommended to upgrade the affected component. The identifier VDB-225265 was assigned to this vulnerability. | -- | Apr 10, 2023 | n/a |
| CVE-2013-10023 | A vulnerability was found in Editorial Calendar Plugin up to 2.6 on WordPress. It has been declared as critical. Affected by this vulnerability is the function edcal_filter_where of the file edcal.php. The manipulation of the argument edcal_startDate/edcal_endDate leads to sql injection. The attack can be launched remotely. Upgrading to version 2.7 is able to address this issue. The patch is named a9277f13781187daee760b4dfd052b1b68e101cc. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-225151. | -- | Apr 10, 2023 | n/a |
| CVE-2013-10022 | A vulnerability, which was classified as problematic, has been found in BestWebSoft Contact Form Plugin 3.51 on WordPress. Affected by this issue is the function cntctfrm_display_form/cntctfrm_check_form of the file contact_form.php. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 3.52 is able to address this issue. The patch is identified as 642ef1dc1751ab6642ce981fe126325bb574f898. It is recommended to upgrade the affected component. VDB-225002 is the identifier assigned to this vulnerability. | -- | Apr 5, 2023 | n/a |
| CVE-2013-10021 | A vulnerability was found in dd32 Debug Bar Plugin up to 0.8 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function render of the file panels/class-debug-bar-queries.php. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 0.8.1 is able to address this issue. The patch is named 0842af8f8a556bc3e39b9ef758173b0a8a9ccbfc. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222739. | -- | Mar 11, 2023 | n/a |
| CVE-2013-10020 | A vulnerability, which was classified as problematic, was found in MMDeveloper A Forms Plugin up to 1.4.2 on WordPress. This affects an unknown part of the file a-forms.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.4.3 is able to address this issue. The identifier of the patch is 3e693197bd69b7173cc16d8d2e0a7d501a2a0b06. It is recommended to upgrade the affected component. The identifier VDB-222609 was assigned to this vulnerability. | -- | Mar 10, 2023 | n/a |
| CVE-2013-10019 | A vulnerability was found in OCLC-Research OAICat 1.5.61. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The attack may be initiated remotely. Upgrading to version 1.5.62 is able to address this issue. The identifier of the patch is 6cc65501869fa663bcd24a70b63f41f5cfe6b3e1. It is recommended to upgrade the affected component. The identifier VDB-221489 was assigned to this vulnerability. | -- | Feb 21, 2023 | n/a |
| CVE-2013-10018 | A vulnerability was found in fanzila WebFinance 0.5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file htdocs/prospection/save_contact.php. The manipulation of the argument nom/prenom/email/tel/mobile/client/fonction/note leads to sql injection. The identifier of the patch is 165dfcaa0520ee0179b7c1282efb84f5a03df114. It is recommended to apply a patch to fix this issue. The identifier VDB-220057 was assigned to this vulnerability. | -- | Feb 4, 2023 | n/a |
| CVE-2013-10017 | A vulnerability was found in fanzila WebFinance 0.5. It has been classified as critical. Affected is an unknown function of the file htdocs/admin/save_roles.php. The manipulation of the argument id leads to sql injection. The name of the patch is 6cfeb2f6b35c1b3a7320add07cd0493e4f752af3. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-220056. | -- | Feb 4, 2023 | n/a |
| CVE-2013-10016 | A vulnerability was found in fanzila WebFinance 0.5 and classified as critical. This issue affects some unknown processing of the file htdocs/admin/save_taxes.php. The manipulation of the argument id leads to sql injection. The patch is named 306f170ca2a8203ae3d8f51fb219ba9e05b945e1. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-220055. | -- | Feb 3, 2023 | n/a |
| CVE-2013-10015 | A vulnerability has been found in fanzila WebFinance 0.5 and classified as critical. This vulnerability affects unknown code of the file htdocs/admin/save_Contract_Signer_Role.php. The manipulation of the argument n/v leads to sql injection. The patch is identified as abad81af614a9ceef3f29ab22ca6bae517619e06. It is recommended to apply a patch to fix this issue. VDB-220054 is the identifier assigned to this vulnerability. | -- | Feb 3, 2023 | n/a |
| CVE-2013-10014 | A vulnerability classified as critical has been found in oktora24 2moons. Affected is an unknown function. The manipulation leads to sql injection. The patch is identified as 1b09cf7672eb85b5b0c8a4de321f7a4ad87b09a7. It is recommended to apply a patch to fix this issue. VDB-218898 is the identifier assigned to this vulnerability. | -- | Jan 27, 2023 | n/a |
| CVE-2013-10013 | A vulnerability was found in Bricco Authenticator Plugin. It has been declared as critical. This vulnerability affects the function authenticate/compare of the file src/java/talentum/escenic/plugins/authenticator/authenticators/DBAuthenticator.java. The manipulation leads to sql injection. Upgrading to version 1.39 is able to address this issue. The name of the patch is a5456633ff75e8f13705974c7ed1ce77f3f142d5. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218428. | -- | Jan 24, 2023 | n/a |
| CVE-2013-10012 | A vulnerability, which was classified as critical, was found in antonbolling clan7ups. Affected is an unknown function of the component Login/Session. The manipulation leads to sql injection. The name of the patch is 25afad571c488291033958d845830ba0a1710764. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218388. | -- | Jan 24, 2023 | n/a |
| CVE-2013-10011 | A vulnerability was found in aeharding classroom-engagement-system and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to sql injection. The attack may be launched remotely. The name of the patch is 096de5815c7b414e7339f3439522a446098fb73a. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218156. | -- | Jan 12, 2023 | n/a |
| CVE-2013-10010 | A vulnerability classified as problematic has been found in zerochplus. This affects the function PrintResList of the file test/mordor/thread.res.pl. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The patch is named 9ddf9ecca8565341d8d26a3b2f64540bde4fa273. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218007. | -- | Jan 11, 2023 | n/a |
| CVE-2013-10009 | A vulnerability was found in DrAzraelTod pyChao and classified as critical. Affected by this issue is the function klauen/lesen of the file mod_fun/__init__.py. The manipulation leads to sql injection. The patch is identified as 9d8adbc07c384ba51c2583ce0819c9abb77dc648. It is recommended to apply a patch to fix this issue. VDB-217634 is the identifier assigned to this vulnerability. | -- | Jan 8, 2023 | n/a |
| CVE-2013-10008 | A vulnerability was found in sheilazpy eShop. It has been classified as critical. Affected is an unknown function. The manipulation leads to sql injection. The name of the patch is e096c5849c4dc09e1074104531014a62a5413884. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217572. | -- | Jan 8, 2023 | n/a |
| CVE-2013-10007 | A vulnerability classified as problematic has been found in ethitter WP-Print-Friendly up to 0.5.2. This affects an unknown part of the file wp-print-friendly.php. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. Upgrading to version 0.5.3 is able to address this issue. The identifier of the patch is 437787292670c20b4abe20160ebbe8428187f2b4. It is recommended to upgrade the affected component. The identifier VDB-217269 was assigned to this vulnerability. | -- | Jan 3, 2023 | n/a |
| CVE-2013-10006 | A vulnerability classified as problematic was found in Ziftr primecoin up to 0.8.4rc1. Affected by this vulnerability is the function HTTPAuthorized of the file src/bitcoinrpc.cpp. The manipulation of the argument strUserPass/strRPCUserColonPass leads to observable timing discrepancy. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 0.8.4rc2 is able to address this issue. The patch is named cdb3441b5cd2c1bae49fae671dc4a496f7c96322. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217171. | -- | Jan 2, 2023 | n/a |
| CVE-2013-10005 | The RemoteAddr and LocalAddr methods on the returned net.Conn may call themselves, leading to an infinite loop which will crash the program due to a stack overflow. | -- | Dec 28, 2022 | n/a |
| CVE-2013-10004 | A vulnerability classified as critical was found in Telecommunication Software SAMwin Contact Center Suite 5.1. This vulnerability affects the function passwordScramble in the library SAMwinLIBVB.dll of the component Password Handler. Incorrect implementation of a hashing function leads to predictable authentication possibilities. Upgrading to version 6.2 is able to address this issue. It is recommended to upgrade the affected component. | MEDIUM | May 24, 2022 | n/a |
| CVE-2013-10003 | A vulnerability classified as critical has been found in Telecommunication Software SAMwin Contact Center Suite 5.1. This affects the function getCurrentDBVersion in the library SAMwinLIBVB.dll of the database handler. The manipulation leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 6.2 is able to address this issue. It is recommended to upgrade the affected component. | HIGH | May 24, 2022 | n/a |
| CVE-2013-10002 | A vulnerability was found in Telecommunication Software SAMwin Contact Center Suite 5.1. It has been rated as critical. Affected by this issue is the function getCurrentDBVersion in the library SAMwinLIBVB.dll of the credential handler. Authentication is possible with hard-coded credentials. Upgrading to version 6.2 is able to address this issue. It is recommended to upgrade the affected component. | MEDIUM | May 24, 2022 | n/a |
| CVE-2013-10001 | A vulnerability was found in HTC One/Sense 4.x. It has been rated as problematic. Affected by this issue is the certification validation of the mail client. An exploit has been disclosed to the public and may be used. | MEDIUM | May 17, 2022 | n/a |
| CVE-2013-7491 | An issue was discovered in the DBI module before 1.628 for Perl. Stack corruption occurs when a user-defined function requires a non-trivial amount of memory and the Perl stack gets reallocated. | MEDIUM | Sep 11, 2020 | n/a |
| CVE-2013-7490 | An issue was discovered in the DBI module before 1.632 for Perl. Using many arguments to methods for Callbacks may lead to memory corruption. | MEDIUM | Sep 11, 2020 | n/a |
| CVE-2013-7489 | The Beaker library through 1.11.0 for Python is affected by deserialization of untrusted data, which could lead to arbitrary code execution. | MEDIUM | Jun 26, 2020 | n/a |
| CVE-2013-7488 | perl-Convert-ASN1 (aka the Convert::ASN1 module for Perl) through 0.27 allows remote attackers to cause an infinite loop via unexpected input. | MEDIUM | Apr 9, 2020 | n/a |
| CVE-2013-7487 | On Swann DVR04B, DVR08B, DVR-16CIF, and DVR16B devices, raysharpdvr application has a vulnerable call to “system”, which allows remote attackers to execute arbitrary code via TCP port 9000. | MEDIUM | Mar 25, 2020 | n/a |
| CVE-2013-7486 | Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev27 and 7.4.x before 7.4.0-rev20 allows remote attackers to inject arbitrary web script or HTML via the body of an email. NOTE: this vulnerability was SPLIT from CVE-2013-6242 because it affects different sets of versions. | MEDIUM | Jan 9, 2020 | n/a |
| CVE-2013-7485 | Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev26 and 7.4.x before 7.4.0-rev16 allows remote attackers to inject arbitrary web script or HTML via the publication name, which is not properly handled in an error message. NOTE: this vulnerability was SPLIT from CVE-2013-6242 because it affects different sets of versions. | MEDIUM | Jan 9, 2020 | n/a |
| CVE-2013-7484 | Zabbix before 5.0 represents passwords in the users table with unsalted MD5. | MEDIUM | Dec 11, 2019 | n/a |
| CVE-2013-7483 | The slidedeck2 plugin before 2.3.5 for WordPress has file inclusion. | HIGH | Aug 29, 2019 | n/a |
| CVE-2013-7482 | The reflex-gallery plugin before 1.4.3 for WordPress has XSS. | MEDIUM | Aug 26, 2019 | n/a |
| CVE-2013-7481 | The contact-form-plugin plugin before 3.3.5 for WordPress has XSS. | MEDIUM | Aug 26, 2019 | n/a |
| CVE-2013-7480 | The events-manager plugin before 5.3.6.1 for WordPress has XSS via the booking form and admin areas. | MEDIUM | Aug 26, 2019 | n/a |
| CVE-2013-7479 | The events-manager plugin before 5.3.9 for WordPress has XSS in the search form field. | MEDIUM | Aug 26, 2019 | n/a |
| CVE-2013-7478 | The events-manager plugin before 5.5 for WordPress has XSS via EM_Ticket::get_post. | MEDIUM | Aug 26, 2019 | n/a |
