CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
8901 CVE-2013-5576 20 1 Bypass 2013-10-09 2013-11-30
6.8
None Remote Medium Not required Partial Partial Partial
administrator/components/com_media/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote authenticated users or remote attackers to bypass intended access restrictions and upload files with dangerous extensions via a filename with a trailing . (dot), as exploited in the wild in August 2013.
8902 CVE-2013-5559 119 Exec Code Overflow 2013-11-04 2016-09-21
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the Active Template Library (ATL) framework in the VPNAPI COM module in Cisco AnyConnect Secure Mobility Client 2.x allows user-assisted remote attackers to execute arbitrary code via a crafted HTML document, aka Bug ID CSCuj58139.
8903 CVE-2013-5557 17 DoS Bypass 2015-02-06 2017-08-28
6.3
None Remote Medium Single system None None Complete
The Proxy Bypass Content Rewriter feature in the WebVPN subsystem in Cisco Adaptive Security Appliance (ASA) Software 9.1(.2) and earlier allows remote authenticated users to cause a denial of service (device crash or error-recovery event) via an HTTP request that triggers a rewrite, aka Bug ID CSCug91577.
8904 CVE-2013-5556 264 Exec Code +Priv 2013-11-17 2013-11-20
6.8
None Local Low Single system Complete Complete Complete
The license-installation module on the Cisco Nexus 1000V switch 4.2(1)SV1(5.2b) and earlier for VMware vSphere, Cisco Nexus 1000V switch 5.2(1)SM1(5.1) for Microsoft Hyper-V, and Cisco Virtual Security Gateway 4.2(1)VSG1(1) for Nexus 1000V switches allows local users to gain privileges and execute arbitrary commands via crafted "install all iso" arguments, aka Bug ID CSCui21340.
8905 CVE-2013-5552 264 Bypass 2013-11-13 2013-11-14
6.4
None Remote Low Not required Partial Partial None
Cisco IOS 12.4(24)MDB9 and earlier on Content Services Gateway (CSG) devices does not properly implement the "parse error drop" feature, which allows remote attackers to bypass intended access restrictions via a crafted series of packets, aka Bug ID CSCug90143.
8906 CVE-2013-5551 119 DoS Overflow 2013-10-31 2013-11-05
6.3
None Remote Medium Single system None None Complete
Cisco Adaptive Security Appliance (ASA) Software, when certain same-security-traffic and management-access options are enabled, allows remote authenticated users to cause a denial of service (stack overflow and device reload) by using the clientless SSL VPN portal for internal-resource browsing, aka Bug ID CSCui51199.
8907 CVE-2013-5540 399 DoS 2013-10-16 2013-10-16
6.8
None Remote Low Single system None None Complete
The file-upload feature in Cisco Identity Services Engine (ISE) allows remote authenticated users to cause a denial of service (disk consumption and administration-interface outage) by uploading many files, aka Bug ID CSCui67519.
8908 CVE-2013-5539 20 2013-10-16 2013-10-16
6.0
None Remote Medium Single system Partial Partial Partial
The upload-dialog implementation in Cisco Identity Services Engine (ISE) allows remote authenticated users to upload files with an arbitrary file type, and consequently conduct attacks against unspecified other systems, via a crafted file, aka Bug ID CSCui67511.
8909 CVE-2013-5535 255 2013-10-16 2013-10-17
6.4
None Remote Low Not required Partial Partial None
The analytics page on Cisco Video Surveillance 4000 IP cameras has hardcoded credentials, which allows remote attackers to watch the video feed by leveraging knowledge of the password, aka Bug IDs CSCuj70402 and CSCuj70419.
8910 CVE-2013-5533 20 +Priv 2013-10-10 2016-09-22
6.0
None Local High Single system Complete Complete Complete
The image-upgrade functionality on Cisco 9900 Unified IP phones allows local users to gain privileges by placing shell commands in an unspecified parameter, aka Bug ID CSCuh10334.
8911 CVE-2013-5529 20 DoS 2013-10-16 2013-10-16
6.8
None Remote Medium Not required Partial Partial Partial
The deployment module in the server in Cisco WebEx Meeting Center does not properly validate the passphrase, which allows remote attackers to launch a deployment or cause a denial of service (deployment interruption) via a direct request, aka Bug ID CSCuf52200.
8912 CVE-2013-5525 89 Exec Code Sql 2013-10-10 2017-08-28
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCug90502.
8913 CVE-2013-5522 264 +Priv 2013-10-24 2013-10-25
6.8
None Local Low Single system Complete Complete Complete
Cisco IOS on Catalyst 3750X switches has default Service Module credentials, which makes it easier for local users to gain privileges via a Service Module login, aka Bug ID CSCue92286.
8914 CVE-2013-5516 399 DoS 2013-09-30 2013-10-22
6.3
None Remote Medium Single system None None Complete
The Media Snapshot implementation on Cisco TelePresence Multipoint Switch (CTMS) devices allows remote authenticated users to cause a denial of service (device reload) by sending many Media Snapshot requests at the time of a meeting termination, aka Bug ID CSCuh44796.
8915 CVE-2013-5506 264 2013-10-13 2013-10-15
6.6
None Local Medium Single system Complete Complete Complete
The authorization functionality in Cisco Firewall Services Module (FWSM) 3.1.x and 3.2.x before 3.2(25) and 4.x before 4.1(13), when multiple-context mode is enabled, allows local users to read or modify any context's configuration via unspecified commands, aka Bug ID CSCue46080.
8916 CVE-2013-5496 20 DoS 2013-09-16 2013-10-16
6.3
None Remote Medium Single system None None Complete
Open Network Environment Platform (ONEP) in Cisco NX-OS allows remote authenticated users to cause a denial of service (network-element reload) via a crafted packet, aka Bug ID CSCui51551.
8917 CVE-2013-5494 352 CSRF 2013-09-16 2013-10-18
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Unified MeetingPlace Solution, as used in Unified MeetingPlace Web Conferencing and Unified MeetingPlace, allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCui45209 and CSCui44674.
8918 CVE-2013-5493 20 Exec Code Bypass 2013-09-13 2013-10-22
6.8
None Local Low Single system Complete Complete Complete
The diagnostic module in the firmware on Cisco Virtualization Experience Client 6000 devices allows local users to bypass intended access restrictions and execute arbitrary commands via unspecified vectors, aka Bug ID CSCug68407.
8919 CVE-2013-5471 352 CSRF 2013-09-04 2013-09-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Global Site Selector (GSS) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuh42164.
8920 CVE-2013-5465 264 2014-05-26 2017-08-28
6.5
None Remote Low Single system Partial Partial Partial
IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, and 7.5.0.4 before IFIX011; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 do not properly restrict file types during uploads, which allows remote authenticated users to have an unspecified impact via an invalid type.
8921 CVE-2013-5464 264 Bypass 2014-05-26 2017-08-28
6.0
None Remote Medium Single system Partial Partial Partial
IBM Maximo Asset Management 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 before IFIX011, and 7.5.0.5 before IFIX006 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to bypass intended access restrictions, and modify physical counts associated with restricted storerooms, via unspecified vectors.
8922 CVE-2013-5447 119 1 Exec Code Overflow 2013-12-10 2017-08-28
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in IBM Forms Viewer 4.x before 4.0.0.3 and 8.x before 8.0.1.1 allows remote attackers to execute arbitrary code via an XFDL form with a long fontname value.
8923 CVE-2013-5443 352 CSRF 2014-03-25 2017-08-28
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, 10.1 before IFIX 2, and 10.2.1 before FP1 allows remote attackers to hijack the authentication of arbitrary users.
8924 CVE-2013-5427 352 CSRF 2014-02-04 2017-08-28
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1 FP8 through 11.0 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 allows remote attackers to hijack the authentication of arbitrary users.
8925 CVE-2013-5424 264 Bypass 2013-10-25 2017-08-28
6.8
None Remote Medium Not required Partial Partial Partial
IBM Flex System Manager (FSM) 1.3.0 allows remote attackers to bypass intended access restrictions, and create new user accounts or execute tasks, by leveraging an expired password for the system-level account.
8926 CVE-2013-5419 119 Overflow +Priv 2013-10-04 2017-09-18
6.9
None Local Medium Not required Complete Complete Complete
Multiple buffer overflows in (1) mkque and (2) mkquedev in bos.rte.printers in IBM AIX 6.1 and 7.1 allow local users to gain privileges by leveraging printq group membership.
8927 CVE-2013-5409 89 Exec Code Sql 2013-12-21 2017-08-28
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
8928 CVE-2013-5381 +Priv 2013-10-01 2017-08-28
6.5
None Remote Low Single system Partial Partial Partial
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.3 allows remote authenticated users to gain privileges via unspecified vectors.
8929 CVE-2013-5375 2013-11-24 2017-08-28
6.8
None Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6, 6.0.1 before SR7, 6.0.0 before SR15, and 5.0.0 before SR16 FP4 allows remote attackers to access restricted classes via unspecified vectors related to XML and XSL.
8930 CVE-2013-5373 264 +Priv 2013-09-25 2017-08-28
6.9
None Local Medium Not required Complete Complete Complete
The RemoteClient component in IBM Rational ClearCase 8.0.0.03 through 8.0.0.07, and 8.0.1, uses world-writable permissions for the rcleartool script, which allows local users to gain privileges by appending commands.
8931 CVE-2013-5355 352 CSRF 2013-12-09 2014-06-18
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in Sharetronix 3.1.1 allow remote attackers to hijack the authentication of administrators for requests that (1) change configuration settings or (2) create new administrative users via unspecified vectors.
8932 CVE-2013-5353 Exec Code 2014-06-13 2017-08-28
6.8
None Remote Medium Not required Partial Partial Partial
Unrestricted file upload vulnerability in system/controllers/ajax/attachments.php in Sharetronix 3.1.1.3, 3.1.1, and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.
8933 CVE-2013-5352 94 Exec Code 2014-06-13 2017-08-28
6.8
None Remote Medium Not required Partial Partial Partial
Sharetronix 3.1.1.3, 3.1.1, and earlier allows remote attackers to execute arbitrary PHP code via the (1) activities_text parameter to services/activities/set or (2) comments_text parameter to services/comments/set, which is not properly handled when executing the preg_replace function with the e modifier.
8934 CVE-2013-5316 352 1 CSRF 2013-08-20 2017-08-28
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in RiteCMS 1.0.0 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via an edit user action to cms/index.php.
8935 CVE-2013-5313 352 CSRF 2013-08-19 2013-08-20
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/update.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to hijack the authentication of administrators for requests that modify arbitrary user accounts via an edit user action.
8936 CVE-2013-5228 119 DoS Exec Code Overflow Mem. Corr. 2013-12-18 2016-12-09
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.
8937 CVE-2013-5227 264 Bypass 2013-12-18 2017-01-06
6.4
None Remote Low Not required Partial Partial None
Apple Safari before 6.1.1 and 7.x before 7.0.1 allows remote attackers to bypass the Same Origin Policy and discover credentials by triggering autofill of subframe form fields.
8938 CVE-2013-5225 119 DoS Exec Code Overflow Mem. Corr. 2013-12-18 2016-12-09
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.
8939 CVE-2013-5220 20 DoS 2013-12-29 2013-12-30
6.1
None Local Network Low Not required None None Complete
goform/login on the HOT HOTBOX router with software 2.1.11 allows remote attackers to cause a denial of service (device crash) via crafted HTTP POST data.
8940 CVE-2013-5199 119 DoS Exec Code Overflow Mem. Corr. 2013-12-18 2016-12-09
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.
8941 CVE-2013-5198 119 DoS Exec Code Overflow Mem. Corr. 2013-12-18 2016-12-09
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.
8942 CVE-2013-5197 119 DoS Exec Code Overflow Mem. Corr. 2013-12-18 2016-12-09
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.
8943 CVE-2013-5196 119 DoS Exec Code Overflow Mem. Corr. 2013-12-18 2016-12-09
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.
8944 CVE-2013-5195 119 DoS Exec Code Overflow Mem. Corr. 2013-12-18 2016-12-09
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.
8945 CVE-2013-5175 20 DoS +Info 2013-10-23 2013-10-24
6.6
None Local Low Not required Complete None Complete
The kernel in Apple Mac OS X before 10.9 allows local users to obtain sensitive information or cause a denial of service (out-of-bounds read and system crash) via a crafted Mach-O file.
8946 CVE-2013-5170 119 DoS Exec Code Overflow 2013-10-23 2014-04-24
6.8
None Remote Medium Not required Partial Partial Partial
Buffer underflow in CoreGraphics in Apple Mac OS X before 10.9 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.
8947 CVE-2013-5168 20 2013-10-23 2013-10-24
6.8
None Remote Medium Not required Partial Partial Partial
Console in Apple Mac OS X before 10.9 allows user-assisted remote attackers to execute arbitrary applications by triggering a log entry with a crafted attached URL.
8948 CVE-2013-5165 264 Bypass 2013-10-23 2013-10-24
6.4
None Remote Low Not required Partial Partial None
socketfilterfw in Application Firewall in Apple Mac OS X before 10.9 does not properly implement the --blockApp option, which allows remote attackers to bypass intended access restrictions via a network connection to an application for which blocking was configured.
8949 CVE-2013-5163 287 Bypass 2013-10-04 2013-10-07
6.6
None Local Low Not required None Complete Complete
Directory Services in Apple Mac OS X before 10.8.5 Supplemental Update allows local users to bypass password-based authentication and modify arbitrary Directory Services records via unspecified vectors.
8950 CVE-2013-5145 264 2013-09-19 2013-10-30
6.3
None Local Medium Not required None Complete Complete
kextd in Kext Management in Apple iOS before 7 does not properly verify authorization for IPC messages, which allows local users to (1) load or (2) unload kernel extensions via a crafted message.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.