CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In November 2013 (CVSS score >= 6)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2013-6875 89 Exec Code Sql 2013-11-26 2013-11-27
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in functions/prepend_adm.php in Nagios Core Config Manager in Nagios XI before 2012R2.4 allows remote attackers to execute arbitrary SQL commands via the tfPassword parameter to nagiosql/index.php.
2 CVE-2013-6874 119 1 Exec Code Overflow 2013-11-26 2013-11-27
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Vortex Light Alloy before 4.7.4 allows remote attackers to execute arbitrary code via a long URL in a .m3u file.
3 CVE-2013-6873 89 Exec Code Sql 2013-11-26 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Testa Online Test Management System (OTMS) 2.0.0.2 allows remote attackers to execute arbitrary SQL commands via the test_id parameter.
4 CVE-2013-6869 89 Exec Code Sql 2013-11-23 2018-12-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the SRTT_GET_COUNT_BEFORE_KEY_RFC function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
5 CVE-2013-6868 200 +Info 2013-11-23 2013-11-25
7.8
None Remote Low Not required Complete None None
SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows local users to obtain sensitive information via unspecified vectors.
6 CVE-2013-6867 DoS 2013-11-23 2013-11-26
7.1
None Remote Medium Not required None None Complete
Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) 15.7 before 15.7 SP50 or 15.7 SP100 allows remote attackers to cause a denial of service via unspecified vectors.
7 CVE-2013-6866 94 Exec Code 2013-11-23 2013-11-27
9.0
None Remote Low ??? Complete Complete Complete
SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka CR736689.
8 CVE-2013-6865 94 Exec Code 2013-11-23 2013-11-25
9.0
None Remote Low ??? Complete Complete Complete
SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka CR732989.
9 CVE-2013-6864 22 Dir. Trav. 2013-11-23 2013-11-27
6.1
None Remote High ??? Complete Partial Partial
Directory traversal vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to affect confidentiality, integrity, and availability via unspecified vectors.
10 CVE-2013-6863 264 +Priv 2013-11-23 2013-11-27
9.0
None Remote Low ??? Complete Complete Complete
SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to gain privileges via unspecified vectors.
11 CVE-2013-6862 DoS 2013-11-23 2013-11-27
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote attackers to cause a denial of service via unspecified vectors.
12 CVE-2013-6860 +Info 2013-11-23 2013-11-27
6.8
None Remote Low ??? Complete None None
Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to obtain sensitive information via unspecified vectors.
13 CVE-2013-6859 287 +Priv 2013-11-23 2013-11-25
8.5
None Remote Medium ??? Complete Complete Complete
SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3. 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 does not properly perform authorization, which allows remote authenticated users to gain privileges via unspecified vectors.
14 CVE-2013-6852 352 1 CSRF 2013-11-22 2013-11-22
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in html/json.html on HP 2620 switches allows remote attackers to hijack the authentication of administrators for requests that change an administrative password via the setPassword method.
15 CVE-2013-6831 264 +Priv 2013-11-20 2013-11-25
7.2
None Local Low Not required Complete Complete Complete
PineApp Mail-SeCure 3.70 and earlier on 5099SK and earlier platforms has a sudoers file that does not properly restrict user specifications, which allows local users to gain privileges via a sudo command that leverages access to the qmailq account.
16 CVE-2013-6830 94 Exec Code 2013-11-20 2013-11-25
7.5
None Remote Low Not required Partial Partial Partial
admin/confnetworking.html in PineApp Mail-SeCure 3.70 and earlier on 5099SK and earlier platforms allows remote attackers to execute arbitrary commands via shell metacharacters in the nsserver parameter during an nslookup operation.
17 CVE-2013-6829 94 Exec Code 2013-11-20 2013-11-21
7.5
None Remote Low Not required Partial Partial Partial
admin/confnetworking.html in PineApp Mail-SeCure allows remote attackers to execute arbitrary commands via shell metacharacters in the pinghost parameter during a ping operation.
18 CVE-2013-6828 287 Bypass 2013-11-20 2013-11-21
6.4
None Remote Low Not required Partial Partial None
admin/management.html in PineApp Mail-SeCure allows remote attackers to bypass authentication and perform a sys_usermng operation via the it parameter.
19 CVE-2013-6826 352 CSRF 2013-11-20 2013-11-20
6.8
None Remote Medium Not required Partial Partial Partial
cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrf_token parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks.
20 CVE-2013-6823 264 Bypass 2013-11-20 2018-12-10
6.4
None Remote Low Not required Partial Partial None
GRMGApp in SAP NetWeaver allows remote attackers to bypass intended access restrictions via unspecified vectors.
21 CVE-2013-6822 2013-11-20 2018-12-10
10.0
None Remote Low Not required Complete Complete Complete
GRMGApp in SAP NetWeaver allows remote attackers to have unspecified impact and attack vectors, related to an XML External Entity (XXE) issue.
22 CVE-2013-6820 Exec Code 2013-11-20 2018-12-10
9.3
None Remote Medium Not required Complete Complete Complete
Unrestricted file upload vulnerability in the SAP NetWeaver Development Infrastructure (NWDI) allows remote attackers to execute arbitrary code by uploading a file with an executable extension via unspecified vectors.
23 CVE-2013-6818 264 Bypass 2013-11-20 2018-12-10
6.4
None Remote Low Not required Partial Partial None
SAP NetWeaver Logviewer 6.30, when running on Windows, allows remote attackers to bypass intended access restrictions via unspecified vectors.
24 CVE-2013-6817 119 DoS Exec Code Overflow 2013-11-20 2018-12-10
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in SAP Network Interface Router (SAProuter) 7.30 allows remote attackers to cause a denial of service and execute arbitrary code via crafted NI Route messages.
25 CVE-2013-6801 399 DoS 2013-11-18 2013-11-19
7.1
None Remote Medium Not required None None Complete
Microsoft Word 2003 SP2 and SP3 on Windows XP SP3 allows remote attackers to cause a denial of service (CPU consumption) via a malformed .doc file containing an embedded image, as demonstrated by word2003forkbomb.doc, related to a "fork bomb" issue.
26 CVE-2013-6797 352 CSRF 2013-11-19 2013-11-19
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in bluewrench-video-widget.php in the Blue Wrench Video Widget plugin before 2.0.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that embed arbitrary URLs via the bw_url parameter in the bw-videos page to wp-admin/admin.php, as demonstrated by embedding a URL to a JavaScript file.
27 CVE-2013-6763 119 DoS Overflow +Priv Mem. Corr. 2013-11-12 2014-01-08
6.9
None Local Medium Not required Complete Complete Complete
The uio_mmap_physical function in drivers/uio/uio.c in the Linux kernel before 3.12 does not validate the size of a memory block, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via crafted mmap operations, a different vulnerability than CVE-2013-4511.
28 CVE-2013-6692 399 DoS 2013-11-22 2013-11-22
6.3
None Remote Medium ??? None None Complete
Cisco IOS XE 3.8S(.2) and earlier does not properly use a DHCP pool during assignment of an IP address, which allows remote authenticated users to cause a denial of service (device reload) via an AAA packet that triggers an address requirement, aka Bug ID CSCuh04949.
29 CVE-2013-6689 20 Bypass 2013-11-18 2013-11-19
6.9
None Local Medium Not required Complete Complete Complete
Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier allows local users to bypass file permissions, and read, modify, or create arbitrary files, via an "overload" of the command-line utility, aka Bug ID CSCui58229.
30 CVE-2013-6688 22 Dir. Trav. 2013-11-18 2013-11-19
6.3
None Remote Medium ??? None Complete None
Directory traversal vulnerability in the license-upload interface in the Enterprise License Manager (ELM) component in Cisco Unified Communications Manager 9.1(1) and earlier allows remote authenticated users to create arbitrary files via a crafted path, aka Bug ID CSCui58222.
31 CVE-2013-6686 20 DoS 2013-11-18 2013-11-19
6.8
None Remote Low ??? None None Complete
The SSL VPN implementation in Cisco IOS 15.3(1)T2 and earlier allows remote authenticated users to cause a denial of service (interface queue wedge) via crafted DTLS packets in an SSL session, aka Bug IDs CSCuh97409 and CSCud90568.
32 CVE-2013-6685 264 +Priv 2013-11-13 2013-11-14
6.6
None Local Medium ??? Complete Complete Complete
The firmware on Cisco Unified IP phones 8961, 9951, and 9971 uses weak permissions for memory block devices, which allows local users to gain privileges by mounting a device with a setuid file in its filesystem, aka Bug ID CSCui04382.
33 CVE-2013-6684 20 DoS 2013-11-13 2013-11-14
6.8
None Remote Low ??? None None Complete
The web framework on Cisco Wireless LAN Controller (WLC) devices does not properly validate configuration parameters, which allows remote authenticated users to cause a denial of service via a crafted HTTP request, aka Bug ID CSCuh81011.
34 CVE-2013-6683 20 DoS 2013-11-13 2013-11-14
6.1
None Local Network Low Not required None None Complete
The IPv6 implementation in Cisco NX-OS does not properly handle neighbor-table adjacencies, which allows remote attackers to cause a denial of service (NS processing outage) via a series of malformed packets, aka Bug ID CSCtd15904.
35 CVE-2013-6682 20 DoS 2013-11-13 2013-11-14
6.4
None Remote Low Not required None Partial Partial
The phone-proxy implementation in Cisco Adaptive Security Appliance (ASA) Software 9.0.3.6 and earlier does not properly validate X.509 certificates, which allows remote attackers to cause a denial of service (connection-database corruption) via an invalid entry, aka Bug ID CSCui33299.
36 CVE-2013-6632 189 DoS Exec Code Overflow Mem. Corr. 2013-11-18 2018-12-13
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in Google Chrome before 31.0.1650.57 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as demonstrated during a Mobile Pwn2Own competition at PacSec 2013.
37 CVE-2013-6631 DoS Mem. Corr. 2013-11-19 2014-03-06
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the Channel::SendRTCPPacket function in voice_engine/channel.cc in libjingle in WebRTC, as used in Google Chrome before 31.0.1650.48 and other products, allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via vectors that trigger the absence of certain statistics initialization, leading to the skipping of a required DeRegisterExternalTransport call.
38 CVE-2013-6625 399 DoS 2013-11-13 2017-09-19
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of DOM range objects in circumstances that require child node removal after a (1) mutation or (2) blur event.
39 CVE-2013-6624 399 DoS 2013-11-13 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 31.0.1650.48 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the string values of id attributes.
40 CVE-2013-6622 399 DoS 2013-11-13 2017-09-19
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in the HTMLMediaElement::didMoveToNewDocument function in core/html/HTMLMediaElement.cpp in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the movement of a media element between documents.
41 CVE-2013-6621 399 DoS 2013-11-13 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 31.0.1650.48 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the x-webkit-speech attribute in a text INPUT element.
42 CVE-2013-6618 20 1 Exec Code 2013-11-05 2017-08-29
9.0
None Remote Low ??? Complete Complete Complete
jsdm/ajax/port.php in J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1 before 12.1R5, 12.2 before 12.2R3, and 12.3 before 12.3R1 allows remote authenticated users to execute arbitrary commands via the rsargs parameter in an exec action.
43 CVE-2013-6617 264 +Priv 2013-11-05 2013-11-06
10.0
None Remote Low Not required Complete Complete Complete
The salt master in Salt (aka SaltStack) 0.11.0 through 0.17.0 does not properly drop group privileges, which makes it easier for remote attackers to gain privileges.
44 CVE-2013-6383 264 Bypass 2013-11-27 2014-03-26
6.9
None Local Medium Not required Complete Complete Complete
The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call.
45 CVE-2013-6381 119 DoS Overflow 2013-11-27 2016-12-31
6.9
None Local Medium Not required Complete Complete Complete
Buffer overflow in the qeth_snmp_command function in drivers/s390/net/qeth_core_main.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service or possibly have unspecified other impact via an SNMP ioctl call with a length value that is incompatible with the command-buffer size.
46 CVE-2013-6375 264 DoS +Priv 2013-11-23 2018-10-30
7.9
None Local Network Medium Not required Complete Complete Complete
Xen 4.2.x and 4.3.x, when using Intel VT-d for PCI passthrough, does not properly flush the TLB after clearing a present translation table entry, which allows local guest administrators to cause a denial of service or gain privileges via unspecified vectors related to an "inverted boolean parameter."
47 CVE-2013-6366 94 1 Exec Code 2013-11-04 2013-11-07
6.5
None Remote Low ??? Partial Partial Partial
The Groovy script console in VMware Hyperic HQ 4.6.6 allows remote authenticated administrators to execute arbitrary code via a Runtime.getRuntime().exec call.
48 CVE-2013-6357 352 CSRF 2013-11-13 2013-11-14
6.8
None Remote Medium Not required Partial Partial Partial
** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that manipulate application deployment via the POST method, as demonstrated by a /manager/html/undeploy?path= URI. NOTE: the vendor disputes the significance of this report, stating that "the Apache Tomcat Security team has not accepted any reports of CSRF attacks against the Manager application ... as they require a reckless system administrator."
49 CVE-2013-6349 94 Exec Code 2013-11-02 2013-11-04
8.5
None Remote Medium ??? Complete Complete Complete
McAfee Email Gateway (MEG) 7.0 before 7.0.4 and 7.5 before 7.5.1 allows remote authenticated users to execute arbitrary commands via unspecified vectors.
50 CVE-2013-6347 287 2013-11-02 2013-11-04
6.8
None Remote Medium Not required Partial Partial Partial
Session fixation vulnerability in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows remote attackers to hijack web sessions via unspecified vectors.
Total number of vulnerabilities : 182   Page : 1 (This Page)2 3 4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.