CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 3 and 3.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
7001 CVE-2013-4235 367 2019-12-03 2021-02-25
3.3
None Local Medium Not required None Partial Partial
shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees
7002 CVE-2013-4199 20 DoS 2014-03-11 2014-03-12
3.5
None Remote Medium ??? None None Partial
(1) cb_decode.py and (2) linkintegrity.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users to cause a denial of service (resource consumption) via a large zip archive, which is expanded (decompressed).
7003 CVE-2013-4184 59 2019-12-10 2019-12-17
3.6
None Local Low Not required None Partial Partial
Perl module Data::UUID from CPAN version 1.219 vulnerable to symlink attacks
7004 CVE-2013-4157 59 2013-10-04 2013-10-07
3.6
None Local Low Not required None Partial Partial
Red Hat Storage 2.0 allows local users to overwrite arbitrary files via a symlink attack on the (1) e, (2) local-bricks.list, (3) bricks.err, or (4) limits.conf files in /tmp.
7005 CVE-2013-4116 59 2014-04-22 2020-10-14
3.3
None Local Medium Not required None Partial Partial
lib/npm.js in Node Packaged Modules (npm) before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives.
7006 CVE-2013-4055 79 XSS 2013-11-08 2017-08-29
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in webadmin.nsf in Domino Web Administrator in IBM Domino 8.5 and 9.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-4051.
7007 CVE-2013-4051 79 XSS 2013-11-08 2017-08-29
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in webadmin.nsf in Domino Web Administrator in IBM Domino 8.5 and 9.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-4055.
7008 CVE-2013-4048 79 XSS 2013-09-16 2017-08-29
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in IBM SPSS Analytical Decision Management 6.1 before IF1, 6.2 before IF1, and 7.0 before FP1 IF6 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving addition of script to a page.
7009 CVE-2013-4036 79 XSS 2013-11-27 2017-08-29
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data Management Server for Product Information Management 9.x before 9.1 FP13, and IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1 FP7 and 11.0 before FP2, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
7010 CVE-2013-4022 255 Bypass 2013-09-25 2017-08-29
3.5
None Remote Medium ??? Partial None None
IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x store unspecified authentication information in a cookie, which allows remote authenticated users to bypass intended access restrictions via unknown vectors.
7011 CVE-2013-4019 79 XSS 2013-10-01 2017-08-29
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 7.1 before 7.1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
7012 CVE-2013-4007 79 XSS 2013-08-16 2017-08-29
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in adv_sw.php in the Advanced Management Module (AMM) with firmware BBET before BBET64G and BPET before BPET64G for IBM BladeCenter systems allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
7013 CVE-2013-4005 79 XSS 2013-08-21 2017-08-29
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified fields.
7014 CVE-2013-4004 79 XSS 2013-08-21 2017-08-29
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 8.0 before 8.0.0.7 and 8.5 before 8.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
7015 CVE-2013-4003 79 XSS 2013-08-29 2017-08-29
3.5
None Remote Medium ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3.1.1, and 8, allow remote authenticated users to inject arbitrary web script or HTML via (1) unspecified input to WebProcess.srv, (2) unspecified input to html/en/default/actionHandler/queryHandler.jsp, or (3) unspecified input in a portalSectionId action to html/en/default/reportTemplate/hGridTopQuery.jsp.
7016 CVE-2013-3998 94 Http R.Spl. 2014-03-26 2017-08-29
3.5
None Remote Medium ??? None Partial None
CRLF injection vulnerability in the Web Application Enterprise Console in IBM InfoSphere BigInsights 1.1 and 2.x before 2.1 FP2 allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
7017 CVE-2013-3995 79 XSS 2013-08-06 2017-08-29
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in IBM InfoSphere BigInsights 1.1 through 2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
7018 CVE-2013-3993 264 Bypass 2014-07-07 2017-08-29
3.5
None Remote Medium ??? Partial None None
IBM InfoSphere BigInsights before 2.1.0.3 allows remote authenticated users to bypass intended file and directory restrictions, or access untrusted data or code, via crafted parameters in unspecified API calls.
7019 CVE-2013-3989 310 +Info 2013-10-25 2017-08-29
3.5
None Remote Medium ??? Partial None None
IBM Security AppScan Enterprise 8.x before 8.8 sends a cleartext AppScan Source database password in a response, which allows remote authenticated users to obtain sensitive information, and subsequently conduct man-in-the-middle attacks, by examining the response content.
7020 CVE-2013-3979 79 XSS 2013-07-25 2017-08-29
3.5
None Remote Medium ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the help pages in Web\Content\Help\ in the Web Client in IBM Cognos Command Center (aka Star Command Center or Star Analytics) before 10.1, when Internet Explorer is used, allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
7021 CVE-2013-3943 79 XSS 2014-03-12 2014-03-13
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the Display Name field in the Manage Profile.
7022 CVE-2013-3931 79 XSS 2020-01-02 2020-01-09
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the Jomres (com_jomres) component before 7.3.1 for Joomla! allows remote authenticated users with the "Business Manager" permission to inject arbitrary web script or HTML via the property_name parameter, related to editing property details.
7023 CVE-2013-3920 79 XSS 2013-11-27 2013-11-29
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in Jahia xCM before 6.6.2 allows remote authenticated users to inject arbitrary web script or HTML via the "about me" field.
7024 CVE-2013-3880 264 Bypass +Info 2013-10-09 2018-10-12
3.5
None Remote Medium ??? Partial None None
The App Container feature in the kernel-mode drivers in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to bypass intended access restrictions and obtain sensitive information from a different container via a Trojan horse application, aka "App Container Elevation of Privilege Vulnerability."
7025 CVE-2013-3836 2013-10-16 2013-10-24
3.5
None Remote Medium ??? Partial None None
Unspecified vulnerability in the Oracle Web Cache component in Oracle Fusion Middleware 11.1.1.6 and 11.1.1.7 allows remote authenticated users to affect confidentiality via vectors related to ESI/Partial Page Caching.
7026 CVE-2013-3812 2013-07-17 2019-12-17
3.5
None Remote Medium ??? None None Partial
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.
7027 CVE-2013-3811 2013-07-17 2017-08-29
3.5
None Remote Medium ??? None None Partial
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-3806.
7028 CVE-2013-3810 2013-07-17 2017-08-29
3.5
None Remote Medium ??? None None Partial
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA Transactions.
7029 CVE-2013-3803 2013-07-17 2019-06-11
3.5
None Remote Medium ??? Partial None None
Unspecified vulnerability in the Hyperion BI+ component in Oracle Hyperion 11.1.1.3, 11.1.1.4.107 and earlier, 11.1.2.1.129 and earlier, and 11.1.2.2.305 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Intelligence Service.
7030 CVE-2013-3792 2013-10-16 2013-10-16
3.8
None Local High ??? None None Complete
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.18, 4.0.20, 4.1.28, and 4.2.18 allows local users to affect availability via unknown vectors related to Core.
7031 CVE-2013-3749 2013-07-17 2017-08-29
3.5
None Remote Medium ??? Partial None None
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote authenticated users to affect confidentiality via unknown vectors related to Logging. NOTE: the previous information is from the July 2013 CPU. Oracle has not commented on claims from a third party that the issue is due to storage of credentials in the (1) FND_LOG_MESSAGES database table or (2) log files by "native login pages."
7032 CVE-2013-3742 79 XSS 2013-07-04 2013-09-07
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in view_create.php (aka the Create View page) in phpMyAdmin 4.x before 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via an invalid SQL CREATE VIEW statement with a crafted name that triggers an error message.
7033 CVE-2013-3728 79 XSS 2014-03-13 2017-08-29
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in Kasseler CMS before 2 r1232 allows remote authenticated users with permissions to create categories to inject arbitrary web script or HTML via the cat parameter in an admin_new_category action to admin.php.
7034 CVE-2013-3720 79 XSS 2013-05-31 2013-08-27
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in widget_remove.php in the Feedweb plugin before 1.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wp_post_id parameter.
7035 CVE-2013-3659 287 +Info 2013-08-09 2017-08-29
3.3
None Local Network Low Not required Partial None None
The NTT DOCOMO overseas usage application 2.0.0 through 2.0.4 for Android does not properly connect to Wi-Fi access points, which allows remote attackers to obtain sensitive information by leveraging presence in an 802.11 network's coverage area.
7036 CVE-2013-3637 79 XSS 2020-02-07 2020-02-10
3.5
None Remote Medium ??? None Partial None
ProjectPier 0.8.8 does not use the Secure flag for cookies
7037 CVE-2013-3636 79 XSS 2020-02-07 2020-02-10
3.5
None Remote Medium ??? None Partial None
ProjectPier 0.8.8 has a Remote Information Disclosure Weakness because of the lack of the HttpOnly cookie flag
7038 CVE-2013-3635 79 XSS 2020-02-07 2020-02-10
3.5
None Remote Medium ??? None Partial None
ProjectPier 0.8.8 has stored XSS
7039 CVE-2013-3617 264 2013-11-02 2013-11-21
3.5
None Remote Medium ??? Partial None None
The XML API in Openbravo ERP 2.5, 3.0, and earlier allows remote authenticated users to read arbitrary files via an XML document with an external entity declaration in conjunction with an entity reference to /ws/dal/ADUser or other /ws/dal/XXX interfaces, related to an XML External Entity (XXE) issue.
7040 CVE-2013-3517 79 XSS 2019-11-13 2019-11-15
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in NETGEAR WNR3500U and WNR3500L.
7041 CVE-2013-3503 264 2013-05-08 2013-05-08
3.5
None Remote Medium ??? Partial None None
The Profile Importer feature in monarch.cgi in the MONARCH component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
7042 CVE-2013-3368 59 2013-08-23 2013-08-26
3.3
None Local Medium Not required None Partial Partial
bin/rt in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with predictable name.
7043 CVE-2013-3285 310 2013-11-02 2013-11-15
3.5
None Remote Medium ??? Partial None None
The NetWorker Management Console (NMC) in EMC NetWorker 8.0.x before 8.0.2.3, when using Active Directory/LDAP for authentication, allows remote authenticated users to discover cleartext administrator passwords via (1) unspecified NMC audit reports or (2) requests to RAP resources.
7044 CVE-2013-3069 79 XSS 2014-04-25 2014-04-25
3.5
None Remote Medium ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in NETGEAR WNDR4700 with firmware 1.0.0.34 allow remote authenticated users to inject arbitrary web script or HTML via the (1) UserName or (2) Password to the NAS User Setup page, (3) deviceName to USB_advanced.htm, or (4) Network Key to the Wireless Setup page.
7045 CVE-2013-3067 79 XSS 2020-02-07 2020-02-10
3.5
None Remote Medium ??? None Partial None
Linksys WRT310Nv2 2.0.0.1 is vulnerable to XSS.
7046 CVE-2013-3065 79 XSS 2014-09-29 2014-09-30
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the Parental Controls section in Linksys EA6500 with firmware 1.1.28.147876 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the Blocked Specific Sites section.
7047 CVE-2013-3048 79 XSS 2013-10-01 2017-08-29
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
7048 CVE-2013-3045 20 2013-11-09 2017-08-29
3.5
None Remote Medium ??? None Partial None
The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote authenticated users to share crafted links via the Library function.
7049 CVE-2013-3044 264 2013-11-09 2017-08-29
3.5
None Remote Medium ??? None Partial None
The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote authenticated users to spoof the origin of chat messages, or compose anonymous chat messages, by leveraging meeting-attendance privileges.
7050 CVE-2013-3034 79 XSS 2013-08-16 2017-08-29
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in IBM InfoSphere Information Server through 8.5 FP3, 8.7 through FP2, and 9.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the web console.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.