CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In June 2013 (CVSS score >= 6)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2013-4735 264 2013-06-30 2013-07-01
10.0
None Remote Low Not required Complete Complete Complete
The Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 have a default password for an administrative account, which makes it easier for remote attackers to obtain access via an IP network.
2 CVE-2013-4734 2013-06-30 2013-07-01
7.5
None Remote Low Not required Partial Partial Partial
dasdec_mkuser on the Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 generates predictable passwords, which might make it easier for attackers to obtain non-administrative access via unspecified vectors.
3 CVE-2013-4733 264 +Info 2013-06-30 2013-07-01
7.8
None Remote Low Not required Complete None None
The web server on the Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 allows remote attackers to obtain sensitive configuration and status information by reading log files.
4 CVE-2013-4732 255 2013-06-30 2013-07-01
10.0
None Remote Low Not required Complete Complete Complete
** DISPUTED ** The administrative web server on the Digital Alert Systems DASDEC EAS device through 2.0-2 and the Monroe Electronics R189 One-Net EAS device through 2.0-2 uses predictable session ID values, which makes it easier for remote attackers to hijack sessions by sniffing the network. NOTE: VU#662676 states "Monroe Electronics could not reproduce this finding."
5 CVE-2013-4731 287 Exec Code 2013-06-30 2013-07-17
9.3
None Remote Medium Not required Complete Complete Complete
ajax.cgi in the web interface on the Choice Wireless Green Packet WIXFMR-111 4G WiMax modem allows remote attackers to execute arbitrary commands via shell metacharacters in the pip parameter in an Ajax tag_ipPing request, a different vulnerability than CVE-2013-3581.
6 CVE-2013-4721 89 Exec Code Sql 2013-06-27 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the RSS feed from records extension 1.0.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
7 CVE-2013-4720 89 Exec Code Sql 2013-06-27 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the WEC Discussion Forum extension before 2.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
8 CVE-2013-4719 89 Exec Code Sql 2013-06-27 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the SEO Pack for tt_news extension before 1.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
9 CVE-2013-4683 89 Exec Code Sql 2013-06-25 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the meta_feedit extension 0.1.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
10 CVE-2013-4682 89 Exec Code Sql 2013-06-25 2013-10-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Multishop extension before 2.0.39 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
11 CVE-2013-4681 89 Exec Code Sql 2013-06-25 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the sofortueberweisung2commerce extension before 2.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
12 CVE-2013-4680 2013-06-25 2017-08-29
6.4
None Remote Low Not required Partial Partial None
Open redirect vulnerability in Maag Form Captcha extension 2.0.0 and earlier for TYPO3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
13 CVE-2013-4660 20 Exec Code 2013-06-28 2013-07-01
6.8
None Remote Medium Not required Partial Partial Partial
The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, which allows remote attackers to execute arbitrary code via a crafted string that triggers an eval operation.
14 CVE-2013-4634 89 Exec Code Sql 2013-06-20 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the jQuery autocomplete for indexed_search (rzautocomplete) extension before 0.0.9 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
15 CVE-2013-4633 264 +Priv 2013-06-20 2013-06-21
9.0
None Remote Low ??? Complete Complete Complete
Huawei Seco Versatile Security Manager (VSM) before V200R002C00SPC300 allows remote authenticated users to gain privileges via a certain change to a group configuration setting.
16 CVE-2013-4632 20 DoS 2013-06-20 2013-06-21
7.8
None Remote Low Not required None None Complete
The Huawei Access Router (AR) before V200R002SPC003 allows remote attackers to cause a denial of service (device reset) via a crafted field in a DHCP request, as demonstrated by a request from an IP phone.
17 CVE-2013-4631 119 DoS Overflow 2013-06-20 2013-06-21
7.8
None Remote Low Not required None None Complete
Huawei AR 150, 200, 1200, 2200, and 3200 routers, when SNMPv3 is enabled, allow remote attackers to cause a denial of service (device crash) via malformed SNMPv3 requests that leverage unspecified overflow issues.
18 CVE-2013-4630 119 1 Exec Code Overflow 2013-06-20 2013-11-03
7.6
None Remote High Not required Complete Complete Complete
Stack-based buffer overflow on Huawei AR 150, 200, 1200, 2200, and 3200 routers, when SNMPv3 debugging is enabled, allows remote attackers to execute arbitrary code via malformed SNMPv3 requests.
19 CVE-2013-4629 255 2013-06-20 2013-06-21
8.5
None Remote Medium ??? Complete Complete Complete
The Huawei viewpoint VP9610 and VP9620 units for the Huawei Video Conference system do not update the Session ID upon successful establishment of a login session, which allows remote authenticated users to hijack sessions via an unspecified interception method.
20 CVE-2013-4622 255 2013-06-19 2013-06-19
7.5
None Remote Low Not required Partial Partial Partial
The 3G Mobile Hotspot feature on the HTC Droid Incredible has a default WPA2 PSK passphrase of 1234567890, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area.
21 CVE-2013-4613 264 2013-06-21 2013-06-24
7.5
None Remote Low Not required Partial Partial Partial
The default configuration of the administrative interface on the Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers does not require authentication, which allows remote attackers to modify the configuration by visiting the Advanced page. NOTE: the vendor has apparently responded by stating "for user convenience, the default setting does not require a password. However, if a user has a particular concern about third parties accessing the user's home printer, the default setting can be changed to add a password."
22 CVE-2013-4611 2013-06-17 2021-07-01
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in REDCap before 5.1.1 allow remote attackers to have an unknown impact via vectors involving (1) the Online Designer page or (2) the Manage Survey Participants page.
23 CVE-2013-4610 2013-06-17 2021-07-01
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Data Search utility in data-entry forms in REDCap before 5.0.3 and 5.1.x before 5.1.2 has unknown impact and remote attack vectors.
24 CVE-2013-4609 264 Bypass 2013-06-17 2021-07-01
6.5
None Remote Low ??? Partial Partial Partial
REDCap before 5.0.4 and 5.1.x before 5.1.3 does not reject certain undocumented syntax within branching logic and calculations, which allows remote authenticated users to bypass intended access restrictions via (1) the Online Designer or (2) the Data Dictionary upload, as demonstrated by an eval call.
25 CVE-2013-4604 264 2013-06-25 2013-06-26
6.5
None Remote Low ??? Partial Partial Partial
Fortinet FortiOS before 5.0.3 on FortiGate devices does not properly restrict Guest capabilities, which allows remote authenticated users to read, modify, or delete the records of arbitrary users by leveraging the Guest role.
26 CVE-2013-4096 20 Exec Code 2013-06-28 2013-07-01
9.0
None Remote Low ??? Complete Complete Complete
ServerAdmin/TestTelnetConnection.jsp in DS3 Authentication Server allows remote authenticated users to execute arbitrary commands via shell metacharacters in the HOST_NAME field.
27 CVE-2013-4095 20 Exec Code 2013-06-28 2013-07-01
6.5
None Remote Low ??? Partial Partial Partial
plain/actionsets.html in the SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to execute arbitrary commands via a task with a [command].value field in conjunction with an [arguments].value field.
28 CVE-2013-4094 20 2013-06-28 2013-07-01
6.5
None Remote Low ??? Partial Partial Partial
The Key Management feature in the SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to upload executable files via the (1) private_key or (2) public_key parameter in a T/keyManagement request to plain/settings.html, as demonstrated by uploading a Linux ELF file and a shell script.
29 CVE-2013-4091 255 2013-06-28 2013-07-01
7.5
None Remote Low Not required Partial Partial Partial
The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 does not have an off autocomplete attribute for the password (aka j_password) field on the secsphLogin.jsp login page, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
30 CVE-2013-3958 255 2013-06-14 2013-06-17
7.5
None Remote Low Not required Partial Partial Partial
The login implementation in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, has a hardcoded account, which makes it easier for remote attackers to obtain access via an unspecified request.
31 CVE-2013-3957 89 Exec Code Sql 2013-06-14 2013-06-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the login screen in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
32 CVE-2013-3955 20 DoS Mem. Corr. 2013-06-05 2013-10-11
6.2
None Local High Not required Complete Complete Complete
The get_xattrinfo function in the XNU kernel in Apple iOS 5.x and 6.x through 6.1.3 on iPad devices does not properly validate the header of an AppleDouble file, which might allow local users to cause a denial of service (memory corruption) or have unspecified other impact via an invalid file on an msdosfs filesystem.
33 CVE-2013-3954 20 DoS +Info 2013-06-05 2013-10-31
6.9
None Local Medium Not required Complete Complete Complete
The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not properly validate the data for file actions and port actions, which allows local users to (1) cause a denial of service (panic) via a size value that is inconsistent with a header count field, or (2) obtain sensitive information from kernel heap memory via a certain size value in conjunction with a crafted buffer.
34 CVE-2013-3919 DoS 2013-06-06 2018-10-30
7.8
None Remote Low Not required None None Complete
resolver.c in ISC BIND 9.8.5 before 9.8.5-P1, 9.9.3 before 9.9.3-P1, and 9.6-ESV-R9 before 9.6-ESV-R9-P1, when a recursive resolver is configured, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a record in a malformed zone.
35 CVE-2013-3743 2013-06-18 2022-05-13
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 45 and earlier and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT.
36 CVE-2013-3651 94 2013-06-30 2013-10-11
7.5
None Remote Low Not required Partial Partial Partial
LOCKON EC-CUBE 2.11.2 through 2.12.4 allows remote attackers to conduct unspecified PHP code-injection attacks via a crafted string, related to data/class/SC_CheckError.php and data/class/SC_FormParam.php.
37 CVE-2013-3647 200 Exec Code +Info 2013-06-18 2015-11-10
6.8
None Remote Medium Not required Partial Partial Partial
The WebView class in the Cybozu Live application before 2.0.1 for Android allows attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL. NOTE: this vulnerability exists because of a CVE-2012-4009 regression.
38 CVE-2013-3646 17 Exec Code +Info 2013-06-18 2015-11-10
6.8
None Remote Medium Not required Partial Partial Partial
The Cybozu Live application before 2.0.1 for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site. NOTE: this vulnerability exists because of a CVE-2012-4008 regression.
39 CVE-2013-3644 Exec Code 2013-06-18 2013-06-19
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in JustSystems Ichitaro 2006 through 2013; Ichitaro Pro through 2; Ichitaro Government 6, 7, and 2006 through 2010; Ichitaro Portable with oreplug; Ichitaro Viewer; and Ichitaro JUST School through 2010 allows remote attackers to execute arbitrary code via a crafted document.
40 CVE-2013-3576 78 Exec Code 2013-06-14 2014-01-08
9.0
None Remote Low ??? Complete Complete Complete
ginkgosnmp.inc in HP System Management Homepage (SMH) allows remote authenticated users to execute arbitrary commands via shell metacharacters in the PATH_INFO to smhutil/snmpchp.php.en.
41 CVE-2013-3574 20 2013-06-14 2013-06-14
7.8
None Remote Low Not required None Complete None
Absolute path traversal vulnerability in hpdiags/frontend2/commands/saveCompareConfig.php in HP Insight Diagnostics 9.4.0.4710 allows remote attackers to write data to arbitrary files via a full pathname in the argument to the devicePath (aka mount) parameter.
42 CVE-2013-3573 20 2013-06-14 2013-06-14
10.0
None Remote Low Not required Complete Complete Complete
HP Insight Diagnostics 9.4.0.4710 allows remote attackers to conduct unspecified injection attacks via unknown vectors.
43 CVE-2013-3520 94 Exec Code 2013-06-17 2013-06-18
7.5
None Remote Low Not required Partial Partial Partial
VMware vCenter Chargeback Manager (aka CBM) before 2.5.1 does not proper handle uploads, which allows remote attackers to execute arbitrary code via unspecified vectors.
44 CVE-2013-3475 119 Overflow +Priv 2013-06-05 2018-09-25
7.2
None Local Low Not required Complete Complete Complete
Stack-based buffer overflow in db2aud in the Audit Facility in IBM DB2 and DB2 Connect 9.1, 9.5, 9.7, 9.8, and 10.1, as used in Smart Analytics System 7600 and other products, allows local users to gain privileges via unspecified vectors.
45 CVE-2013-3397 352 CSRF 2013-06-26 2013-10-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability component in Cisco Unified Communications Manager (CUCM) allows remote attackers to hijack the authentication of arbitrary users for requests that perform Unified Serviceability actions, aka Bug ID CSCuh10298.
46 CVE-2013-3386 399 DoS 2013-06-27 2018-10-30
7.8
None Remote Low Not required None None Complete
The IronPort Spam Quarantine (ISQ) component in the web framework in IronPort AsyncOS on Cisco Email Security Appliance devices before 7.1.5-106 and 7.3, 7.5, and 7.6 before 7.6.3-019 and Content Security Management Appliance devices before 7.9.1-102 and 8.0 before 8.0.0-404 allows remote attackers to cause a denial of service (service crash or hang) via a high rate of TCP connection attempts, aka Bug IDs CSCzv25573 and CSCzv81712.
47 CVE-2013-3385 399 DoS 2013-06-27 2018-10-30
7.8
None Remote Low Not required None None Complete
The management GUI in the web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-602; Email Security Appliance devices before 7.1.5-106 and 7.3, 7.5, and 7.6 before 7.6.3-019; and Content Security Management Appliance devices before 7.9.1-102 and 8.0 before 8.0.0-404 allows remote attackers to cause a denial of service (system hang) via a series of (1) HTTP or (2) HTTPS requests to a management interface, aka Bug IDs CSCzv58669, CSCzv63329, and CSCzv78669.
48 CVE-2013-3384 94 Exec Code 2013-06-27 2018-10-30
9.0
None Remote Low ??? Complete Complete Complete
The web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-550; Email Security Appliance devices before 7.1.5-104, 7.3 before 7.3.2-026, 7.5 before 7.5.2-203, and 7.6 before 7.6.3-019; and Content Security Management Appliance devices before 7.2.2-110, 7.7 before 7.7.0-213, and 7.8 and 7.9 before 7.9.1-102 allows remote authenticated users to execute arbitrary commands via crafted command-line input in a URL, aka Bug IDs CSCzv85726, CSCzv44633, and CSCzv24579.
49 CVE-2013-3383 94 Exec Code 2013-06-27 2013-06-28
9.0
None Remote Low ??? Complete Complete Complete
The web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-550 allows remote authenticated users to execute arbitrary commands via crafted command-line input in a URL sent over IPv4, aka Bug ID CSCzv69294.
50 CVE-2013-3382 20 DoS 2013-06-26 2013-06-27
7.8
None Remote Low Not required None None Complete
The Next-Generation Firewall (aka NGFW, formerly CX Context-Aware Security) module 9.x before 9.1.1.9 and 9.1.2.x before 9.1.2.12 for Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (device reload or traffic-processing outage) via fragmented (1) IPv4 or (2) IPv6 traffic, aka Bug ID CSCue88387.
Total number of vulnerabilities : 200   Page : 1 (This Page)2 3 4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.