CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
8651 CVE-2013-1408 89 Exec Code Sql CSRF 2014-03-24 2017-08-28
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in the Wysija Newsletters plugin before 2.2.1 for WordPress allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search or (2) orderby parameter to wp-admin/admin.php. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.
8652 CVE-2013-1399 352 CSRF 2014-03-14 2014-03-25
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) node request management, (2) live management, and (3) user administration components in the console in Puppet Enterprise (PE) before 2.7.1 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.
8653 CVE-2013-1293 DoS +Priv 2013-04-09 2018-10-12
6.9
None Local Medium Not required Complete Complete Complete
The NTFS kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application that leverages improper handling of objects in memory, aka "NTFS NULL Pointer Dereference Vulnerability."
8654 CVE-2013-1292 362 +Priv 2013-04-09 2018-10-12
6.9
None Local Medium Not required Complete Complete Complete
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability."
8655 CVE-2013-1283 362 +Priv 2013-04-09 2018-10-12
6.9
None Local Medium Not required Complete Complete Complete
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability."
8656 CVE-2013-1246 399 DoS 2013-05-31 2013-06-03
6.8
None Remote Low Single system None None Complete
Cisco TelePresence System Software does not properly handle inactive t-shell sessions, which allows remote authenticated users to cause a denial of service (memory consumption and service outage) by establishing multiple SSH connections, aka Bug ID CSCug77610.
8657 CVE-2013-1241 287 DoS 2013-05-08 2013-05-08
6.3
None Remote Medium Single system None None Complete
The ISM module in Cisco IOS on ISR G2 routers does not properly handle authentication-header packets, which allows remote authenticated users to cause a denial of service (module reload) via a series of malformed packets, aka Bug ID CSCub92025.
8658 CVE-2013-1226 119 DoS Overflow 2013-04-29 2013-04-29
6.1
None Local Network Low Not required None None Complete
The Ethernet frame-forwarding implementation in Cisco NX-OS on Nexus 7000 devices allows remote attackers to cause a denial of service (forwarding loop and service outage) via a crafted frame, aka Bug ID CSCug47098.
8659 CVE-2013-1217 119 DoS Overflow 2013-04-24 2013-04-24
6.8
None Remote Low Single system None None Complete
The generic input/output control implementation in Cisco IOS does not properly manage buffers, which allows remote authenticated users to cause a denial of service (device reload) by sending many SNMP requests at the same time, aka Bug ID CSCub41105.
8660 CVE-2013-1215 264 +Priv 2013-04-25 2013-04-26
6.8
None Local Low Single system Complete Complete Complete
The vpnclient program in the Easy VPN component on Cisco Adaptive Security Appliances (ASA) 5505 devices allows local users to gain privileges via unspecified vectors, aka Bug ID CSCuf85295.
8661 CVE-2013-1200 287 2013-05-15 2013-05-16
6.8
None Remote Medium Not required Partial Partial Partial
Session fixation vulnerability in Cisco Secure Access Control System (ACS) allows remote attackers to hijack web sessions via unspecified vectors, aka Bug ID CSCud95787.
8662 CVE-2013-1197 20 DoS 2013-04-16 2013-04-16
6.8
None Remote Low Single system None None Complete
The XML parser in the server in Cisco Unified Presence (CUP) allows remote authenticated users to cause a denial of service (jabberd daemon crash) via crafted XML content in an XMPP message, aka Bug ID CSCue13912.
8663 CVE-2013-1196 20 2013-04-29 2013-04-30
6.8
None Local Low Single system Complete Complete Complete
The command-line interface in Cisco Secure Access Control System (ACS), Identity Services Engine Software, Context Directory Agent, Application Networking Manager (ANM), Prime Network Control System, Prime LAN Management Solution (LMS), Prime Collaboration, Unified Provisioning Manager, Network Services Manager, Prime Data Center Network Manager (DCNM), and Quad does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs CSCug29384, CSCug13866, CSCug29400, CSCug29406, CSCug29411, CSCug29413, CSCug29416, CSCug29418, CSCug29422, CSCug29425, and CSCug29426, a different issue than CVE-2013-1125.
8664 CVE-2013-1173 119 Overflow +Priv 2013-04-11 2013-04-11
6.6
None Local Medium Single system Complete Complete Complete
Heap-based buffer overflow in ciscod.exe in the Cisco Security Service in Cisco AnyConnect Secure Mobility Client (aka AnyConnect VPN Client) allows local users to gain privileges via unspecified vectors, aka Bug ID CSCud14143.
8665 CVE-2013-1172 20 +Priv 2013-04-11 2013-04-11
6.6
None Local Medium Single system Complete Complete Complete
The Cisco Security Service in Cisco AnyConnect Secure Mobility Client (aka AnyConnect VPN Client) does not properly verify files, which allows local users to gain privileges via unspecified vectors, aka Bug ID CSCud14153.
8666 CVE-2013-1161 20 DoS 2013-03-25 2013-03-26
6.3
None Remote Medium Single system None None Complete
The XML parser in the Cisco Jabber IM application for Android allows remote authenticated users to cause a denial of service (blocked connection) by leveraging an entry on a Buddy list and sending a crafted XMPP presence update message, aka Bug ID CSCue38383.
8667 CVE-2013-1141 119 DoS Overflow 2013-02-28 2013-03-07
6.1
None Local Network Low Not required None None Complete
The mDNS snooping functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.4.1.54 and earlier does not properly manage buffers, which allows remote authenticated users to cause a denial of service (device reload) via crafted mDNS packets, aka Bug ID CSCue04153.
8668 CVE-2013-1131 DoS 2013-02-13 2013-02-14
6.4
None Local Network Medium Not required None Partial Complete
Cisco Small Business Wireless Access Points WAP200, WAP2000, WAP200E, and WET200 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SSID that is not properly handled during a site survey, aka Bug IDs CSCua86182, CSCua91196, CSCud36155, and CSCua86190.
8669 CVE-2013-1130 264 +Priv 2013-09-20 2013-09-23
6.8
None Local Low Single system Complete Complete Complete
Cisco AnyConnect Secure Mobility Client on Mac OS X uses weak permissions for a library directory, which allows local users to gain privileges via a crafted library file, aka Bug ID CSCue33619.
8670 CVE-2013-1128 352 CSRF 2013-02-15 2013-02-18
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in the server in Cisco Unified MeetingPlace before 7.1(2.2000) allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCuc64903. NOTE: some of these details are obtained from third party information.
8671 CVE-2013-1125 20 2013-02-19 2013-02-20
6.8
None Local Low Single system Complete Complete Complete
The command-line interface in Cisco Identity Services Engine Software, Secure Access Control System (ACS), Application Networking Manager (ANM), Prime LAN Management Solution (LMS), Prime Network Control System, Quad, Context Directory Agent, Prime Collaboration, Unified Provisioning Manager, and Network Services Manager does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs CSCue46001, CSCud95790, CSCue46021, CSCue46025, CSCue46023, CSCue46058, CSCue46013, CSCue46031, CSCue46035, and CSCue46042.
8672 CVE-2013-1120 352 CSRF 2013-02-06 2013-02-07
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Unity Express with software before 8.0 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCue35910.
8673 CVE-2013-1109 352 CSRF 2013-01-17 2013-02-02
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in testingLibraryAction.do in the Training Center testing library in Cisco WebEx Training Center allows remote attackers to hijack the authentication of arbitrary users for requests that delete tests, aka Bug ID CSCzu81067.
8674 CVE-2013-1088 352 CSRF 2013-04-24 2013-05-16
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
8675 CVE-2013-1079 22 Dir. Trav. 2013-03-29 2013-04-02
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in the ISCreateObject method in an ActiveX control in InstallShield\ISProxy.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.3 through 11.2 allows remote attackers to execute arbitrary local DLL files via a crafted web page that also calls the Initialize method.
8676 CVE-2013-1060 264 +Priv 2013-09-25 2013-10-02
6.9
None Local Medium Not required Complete Complete Complete
A certain Ubuntu build procedure for perf, as distributed in the Linux kernel packages in Ubuntu 10.04 LTS, 12.04 LTS, 12.10, 13.04, and 13.10, sets the HOME environment variable to the ~buildd directory and consequently reads the system configuration file from the ~buildd directory, which allows local users to gain privileges by leveraging control over the buildd account.
8677 CVE-2013-1047 119 DoS Exec Code Overflow Mem. Corr. 2013-09-19 2016-11-17
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
8678 CVE-2013-1046 119 DoS Exec Code Overflow Mem. Corr. 2013-09-19 2014-01-27
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
8679 CVE-2013-1045 119 DoS Exec Code Overflow Mem. Corr. 2013-09-19 2014-01-27
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
8680 CVE-2013-1044 119 DoS Exec Code Overflow Mem. Corr. 2013-09-19 2014-01-27
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
8681 CVE-2013-1043 119 DoS Exec Code Overflow Mem. Corr. 2013-09-19 2014-01-27
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
8682 CVE-2013-1042 119 DoS Exec Code Overflow Mem. Corr. 2013-09-19 2014-01-27
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
8683 CVE-2013-1041 119 DoS Exec Code Overflow Mem. Corr. 2013-09-19 2016-11-18
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
8684 CVE-2013-1040 119 DoS Exec Code Overflow Mem. Corr. 2013-09-19 2016-11-18
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
8685 CVE-2013-1039 119 DoS Exec Code Overflow Mem. Corr. 2013-09-19 2016-11-18
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
8686 CVE-2013-1038 119 DoS Exec Code Overflow Mem. Corr. 2013-09-19 2016-11-18
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
8687 CVE-2013-1037 119 DoS Exec Code Overflow Mem. Corr. 2013-09-19 2016-11-18
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
8688 CVE-2013-1036 119 DoS Exec Code Overflow Mem. Corr. 2013-09-19 2013-10-30
6.8
None Remote Medium Not required Partial Partial Partial
Safari in Apple iOS before 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
8689 CVE-2013-1032 119 DoS Exec Code Overflow Mem. Corr. 2013-09-16 2014-03-05
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted idsc atom in a QuickTime movie file.
8690 CVE-2013-1027 264 Exec Code 2013-09-16 2013-09-18
6.8
None Remote Medium Not required Partial Partial Partial
Installer in Apple Mac OS X before 10.8.5 provides an option to continue a package's installation after encountering a revoked certificate, which might allow user-assisted remote attackers to execute arbitrary code via a crafted package.
8691 CVE-2013-1026 119 DoS Exec Code Overflow 2013-09-16 2013-09-26
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in ImageIO in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF document.
8692 CVE-2013-1025 119 DoS Exec Code Overflow 2013-09-16 2013-09-26
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in CoreGraphics in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JBIG2 data in a PDF document.
8693 CVE-2013-1024 20 DoS Exec Code 2013-06-05 2014-01-27
6.8
None Remote Medium Not required Partial Partial Partial
CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly initialize memory during the processing of text tracks, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.
8694 CVE-2013-1023 119 DoS Exec Code Overflow Mem. Corr. 2013-06-05 2013-06-05
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2013-1009.
8695 CVE-2013-1011 399 DoS Exec Code Mem. Corr. 2013-05-20 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
8696 CVE-2013-1009 119 DoS Exec Code Overflow Mem. Corr. 2013-06-05 2013-06-05
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2013-1023.
8697 CVE-2013-0998 399 DoS Exec Code Mem. Corr. 2013-05-20 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
8698 CVE-2013-0997 399 DoS Exec Code Mem. Corr. 2013-05-20 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
8699 CVE-2013-0996 399 DoS Exec Code Mem. Corr. 2013-05-20 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
8700 CVE-2013-0995 399 DoS Exec Code Mem. Corr. 2013-05-20 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.