CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In December 2013

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
101 CVE-2013-6963 79 XSS 2013-12-14 2017-11-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the registration component in Cisco WebEx Training Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36207.
102 CVE-2013-6962 79 XSS 2013-12-14 2017-11-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the mobile-browser subsystem in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36228.
103 CVE-2013-6961 79 XSS 2013-12-14 2017-11-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Collaboration Partner Access Console (CPAC) in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36237.
104 CVE-2013-6960 79 XSS 2013-12-14 2017-11-29
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Cisco WebEx Meeting Center allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36248.
105 CVE-2013-6959 20 2013-12-14 2017-11-29
5.8
None Remote Medium Not required Partial Partial None
Open redirect vulnerability in Cisco WebEx Sales Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul25557.
106 CVE-2013-6958 DoS 2013-12-13 2014-01-04
7.1
None Remote Medium Not required None None Complete
Juniper NetScreen Firewall running ScreenOS 5.4, 6.2, or 6.3, when the Ping of Death screen is disabled, allows remote attackers to cause a denial of service via a crafted packet.
107 CVE-2013-6957 79 XSS 2013-12-13 2014-01-04
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the web administrative component in Juniper IDP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to the ACM web server.
108 CVE-2013-6956 79 XSS 2013-12-13 2014-01-04
2.1
None Remote High ??? None Partial None
Cross-site scripting (XSS) vulnerability in the Secure Access Service Web rewriting feature in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r17, 7.3 before 7.3r8, 7.4 before 7.4r6, and 8.0 before 8.0r1, when web rewrite is enabled, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
109 CVE-2013-6945 264 Bypass 2013-12-04 2014-02-25
7.5
None Remote Low Not required Partial Partial Partial
The M2M Broker in OSEHRA VistA, as distributed before September 30, 2013, allows attackers to bypass authentication and authorization to perform doctor-only actions and read or modify patient records via unspecified vectors related to a "logic flaw."
110 CVE-2013-6937 119 1 Exec Code Overflow 2013-12-04 2014-01-04
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in VideoCharge Software Watermark Master 2.2.23 allows remote attackers to execute arbitrary code via a long string in the name attribute of the cols element in a .wstyle file.
111 CVE-2013-6936 89 1 Exec Code Sql 2013-12-04 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in ajaxfs.php in the Ajax forum stat (Ajaxfs) Plugin 2.0 for MyBB (aka MyBulletinBoard) allow remote attackers to execute arbitrary SQL commands via the (1) tooltip or (2) usertooltip parameter.
112 CVE-2013-6935 119 1 Exec Code Overflow 2013-12-04 2016-12-08
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in VideoCharge Software Watermark Master 2.2.23 allows remote attackers to execute arbitrary code via a long string in the SourcePath value in a .wcf file.
113 CVE-2013-6932 119 Exec Code Overflow 2013-12-28 2013-12-30
7.6
None Remote High Not required Complete Complete Complete
Buffer overflow in IrfanView before 4.37, when a multibyte-character directory name is used, allows user-assisted remote attackers to execute arbitrary code via a crafted file that is incorrectly handled by the Thumbnail tooltips feature in the Thumbnails window.
114 CVE-2013-6929 89 Exec Code Sql 2013-12-28 2013-12-30
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in Cybozu Garoon 3.7 SP2 and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted API input.
115 CVE-2013-6926 264 Bypass 2013-12-17 2013-12-17
8.0
None Remote Low ??? Partial Partial Complete
The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 allows remote authenticated users to bypass intended restrictions on administrative actions by leveraging access to a (1) guest or (2) operator account.
116 CVE-2013-6925 2013-12-17 2013-12-17
8.3
None Remote Medium Not required Partial Partial Complete
The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 allows remote attackers to hijack web sessions by predicting a session id value.
117 CVE-2013-6920 287 Bypass 2013-12-07 2020-02-10
10.0
None Remote Low Not required Complete Complete Complete
Siemens SINAMICS S/G controllers with firmware before 4.6.11 do not require authentication for FTP and TELNET sessions, which allows remote attackers to bypass intended access restrictions via TCP traffic to port (1) 21 or (2) 23.
118 CVE-2013-6916 79 XSS 2013-12-05 2013-12-13
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Yahoo! User Interface Library in Cybozu Garoon before 3.7.2, when Internet Explorer 9 or 10 or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
119 CVE-2013-6915 79 XSS 2013-12-05 2013-12-31
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the system-administration component in Cybozu Garoon before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
120 CVE-2013-6914 79 XSS 2013-12-05 2013-12-31
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in a calendar component in Cybozu Garoon before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
121 CVE-2013-6913 79 XSS 2013-12-05 2021-07-23
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in a search component in Cybozu Garoon before 3.7.2, when Internet Explorer is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
122 CVE-2013-6912 79 XSS 2013-12-05 2013-12-13
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in a calendar component in Cybozu Garoon before 3.7.2, when Internet Explorer 6 through 9 is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
123 CVE-2013-6911 79 XSS 2013-12-05 2021-07-23
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the bulletin-board component in Cybozu Garoon before 3.7.2, when Internet Explorer or Firefox is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
124 CVE-2013-6910 79 XSS 2013-12-05 2013-12-31
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Ajax components in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
125 CVE-2013-6909 79 XSS 2013-12-05 2013-12-31
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in a report component in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
126 CVE-2013-6908 79 XSS 2013-12-05 2013-12-31
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon 3.x before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
127 CVE-2013-6907 79 XSS 2013-12-05 2013-12-31
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon 2.x and 3.x before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
128 CVE-2013-6906 79 XSS 2013-12-05 2013-12-13
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon before 3.7.0, when Internet Explorer 6 through 8 is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
129 CVE-2013-6905 79 XSS 2013-12-05 2021-07-23
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in a phone component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
130 CVE-2013-6904 79 XSS 2013-12-05 2021-07-23
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in a note component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
131 CVE-2013-6903 79 XSS 2013-12-05 2021-07-23
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in a schedule component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
132 CVE-2013-6902 79 XSS 2013-12-05 2014-01-03
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Space function in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
133 CVE-2013-6901 79 XSS 2013-12-05 2013-12-13
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Space function in Cybozu Garoon before 3.7.0, when Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
134 CVE-2013-6900 79 XSS 2013-12-05 2014-01-03
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the system-administration component in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
135 CVE-2013-6890 287 DoS 2013-12-23 2013-12-24
5.0
None Remote Low Not required None None Partial
denyhosts 2.6 uses an incorrect regular expression when analyzing authentication logs, which allows remote attackers to cause a denial of service (incorrect block of IP addresses) via crafted login names.
136 CVE-2013-6886 264 +Priv 2013-12-28 2013-12-30
7.2
None Local Low Not required Complete Complete Complete
RealVNC VNC 5.0.6 on Mac OS X, Linux, and UNIX allows local users to gain privileges via a crafted argument to the (1) vncserver, (2) vncserver-x11, or (3) Xvnc helper.
137 CVE-2013-6883 352 1 CSRF 2013-12-17 2014-01-14
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in CRU Ditto Forensic FieldStation with firmware before 2013Oct15a allows remote attackers to hijack the authentication of administrators for requests that modify the disk erase technique settings via unspecified vectors.
138 CVE-2013-6882 79 1 XSS 2013-12-17 2014-01-14
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in CRU Ditto Forensic FieldStation with firmware 2013Oct15a and earlier allow (1) remote attackers to inject arbitrary web script or HTML via the username parameter in a login or (2) remote authenticated users to inject arbitrary web script or HTML via unspecified form fields.
139 CVE-2013-6877 119 Exec Code Overflow 2013-12-19 2016-12-31
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before 12.0.1.1738, allows remote attackers to execute arbitrary code via a long string in the TRACKID element of an RMP file, a different vulnerability than CVE-2013-7260.
140 CVE-2013-6840 264 +Priv 2013-12-10 2013-12-12
6.9
None Local Medium Not required Complete Complete Complete
Siemens COMOS before 9.2.0.8.1, 10.0 before 10.0.3.1.40, and 10.1 before 10.1.0.0.2 allows local users to gain database privileges via unspecified vectors.
141 CVE-2013-6839 89 Exec Code Sql 2013-12-13 2013-12-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in InstantSoft InstantCMS 1.10.3 and earlier allows remote attackers to execute arbitrary SQL commands via the orderby parameter to catalog/[id].
142 CVE-2013-6837 79 XSS 2013-12-19 2017-10-03
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the setTimeout function in js/jquery.prettyPhoto.js in prettyPhoto 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted PATH_INTO to the default URI.
143 CVE-2013-6836 119 DoS Overflow 2013-12-19 2016-12-31
4.3
None Remote Medium Not required None None Partial
Heap-based buffer overflow in the ms_escher_get_data function in plugins/excel/ms-escher.c in GNOME Office Gnumeric before 1.12.9 allows remote attackers to cause a denial of service (crash) via a crafted xls file with a crafted length value.
144 CVE-2013-6824 94 Exec Code 2013-12-19 2014-03-06
7.5
None Remote Low Not required Partial Partial Partial
Zabbix before 1.8.19rc1, 2.0 before 2.0.10rc1, and 2.2 before 2.2.1rc1 allows remote Zabbix servers and proxies to execute arbitrary commands via a newline in a flexible user parameter.
145 CVE-2013-6812 310 +Info 2013-12-28 2014-02-27
5.8
None Remote Medium Not required Partial Partial None
The ONEDC app before 1.7 for iOS does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
146 CVE-2013-6810 94 Exec Code 2013-12-12 2017-09-16
10.0
None Remote Low Not required Complete Complete Complete
The server in Brocade Network Advisor before 12.1.0, as used in EMC Connectrix Manager Converged Network Edition (CMCNE), HP B-series SAN Network Advisor, and possibly other products, allows remote attackers to execute arbitrary code by using a servlet to upload an executable file.
147 CVE-2013-6809 134 DoS Exec Code 2013-12-13 2017-08-29
5.0
None Remote Low Not required None None Partial
Format string vulnerability in the client in Tftpd32 before 4.50 allows remote servers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the Remote File field.
148 CVE-2013-6808 79 XSS 2013-12-28 2013-12-30
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in lib/NSSDropoff.php in ZendTo before 4.11-13 allows remote attackers to inject arbitrary web script or HTML via a modified emailAddr field to pickup.php.
149 CVE-2013-6804 79 XSS 2013-12-05 2013-12-06
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Search module before 1.1.1 for Jamroom allows remote attackers to inject arbitrary web script or HTML via the search_string parameter to search/results/all/1/4.
150 CVE-2013-6795 94 Exec Code 2013-12-24 2013-12-26
9.3
None Remote Medium Not required Complete Complete Complete
The Updater in Rackspace Openstack Windows Guest Agent for XenServer before 1.2.6.0 allows remote attackers to execute arbitrary code via a crafted serialized .NET object to TCP port 1984, which triggers the download and extraction of a ZIP file that overwrites the Agent service binary.
Total number of vulnerabilities : 484   Page : 1 2 3 (This Page)4 5 6 7 8 9 10
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.