CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In June 2013

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
101 CVE-2013-3386 399 DoS 2013-06-27 2018-10-30
7.8
None Remote Low Not required None None Complete
The IronPort Spam Quarantine (ISQ) component in the web framework in IronPort AsyncOS on Cisco Email Security Appliance devices before 7.1.5-106 and 7.3, 7.5, and 7.6 before 7.6.3-019 and Content Security Management Appliance devices before 7.9.1-102 and 8.0 before 8.0.0-404 allows remote attackers to cause a denial of service (service crash or hang) via a high rate of TCP connection attempts, aka Bug IDs CSCzv25573 and CSCzv81712.
102 CVE-2013-3385 399 DoS 2013-06-27 2018-10-30
7.8
None Remote Low Not required None None Complete
The management GUI in the web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-602; Email Security Appliance devices before 7.1.5-106 and 7.3, 7.5, and 7.6 before 7.6.3-019; and Content Security Management Appliance devices before 7.9.1-102 and 8.0 before 8.0.0-404 allows remote attackers to cause a denial of service (system hang) via a series of (1) HTTP or (2) HTTPS requests to a management interface, aka Bug IDs CSCzv58669, CSCzv63329, and CSCzv78669.
103 CVE-2013-3384 94 Exec Code 2013-06-27 2018-10-30
9.0
None Remote Low ??? Complete Complete Complete
The web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-550; Email Security Appliance devices before 7.1.5-104, 7.3 before 7.3.2-026, 7.5 before 7.5.2-203, and 7.6 before 7.6.3-019; and Content Security Management Appliance devices before 7.2.2-110, 7.7 before 7.7.0-213, and 7.8 and 7.9 before 7.9.1-102 allows remote authenticated users to execute arbitrary commands via crafted command-line input in a URL, aka Bug IDs CSCzv85726, CSCzv44633, and CSCzv24579.
104 CVE-2013-3383 94 Exec Code 2013-06-27 2013-06-28
9.0
None Remote Low ??? Complete Complete Complete
The web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-550 allows remote authenticated users to execute arbitrary commands via crafted command-line input in a URL sent over IPv4, aka Bug ID CSCzv69294.
105 CVE-2013-3382 20 DoS 2013-06-26 2013-06-27
7.8
None Remote Low Not required None None Complete
The Next-Generation Firewall (aka NGFW, formerly CX Context-Aware Security) module 9.x before 9.1.1.9 and 9.1.2.x before 9.1.2.12 for Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (device reload or traffic-processing outage) via fragmented (1) IPv4 or (2) IPv6 traffic, aka Bug ID CSCue88387.
106 CVE-2013-3381 399 DoS 2013-06-12 2013-06-12
5.0
None Remote Low Not required None None Partial
Cisco Hosted Collaboration Mediation allows remote attackers to cause a denial of service (CPU consumption) via a flood of malformed UDP packets on port 162, aka Bug ID CSCug85756.
107 CVE-2013-3380 200 +Info 2013-06-12 2018-10-30
4.0
None Remote Low ??? Partial None None
The administrative web interface in the Access Control Server in Cisco Secure Access Control System (ACS) does not properly restrict the report view page, which allows remote authenticated users to obtain sensitive information via a direct request, aka Bug ID CSCue79279.
108 CVE-2013-3379 264 2013-06-21 2013-06-21
8.3
None Local Network Low Not required Complete Complete Complete
The firewall subsystem in Cisco TelePresence TC Software before 4.2 does not properly implement rules that grant access to hosts, which allows remote attackers to obtain shell access with root privileges by leveraging connectivity to the management network, aka Bug ID CSCts37781.
109 CVE-2013-3378 20 DoS 2013-06-21 2013-06-21
7.8
None Remote Low Not required None None Complete
Cisco TelePresence TC Software before 6.1 and TE Software before 4.1.3 allow remote attackers to cause a denial of service (temporary device hang) via crafted SIP packets, aka Bug ID CSCuf89557.
110 CVE-2013-3377 399 DoS 2013-06-21 2013-06-21
7.8
None Remote Low Not required None None Complete
Cisco TelePresence TC Software before 5.1.7 and TE Software before 4.1.3 allow remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCue01743.
111 CVE-2013-3376 20 2013-06-14 2013-06-14
4.3
None Remote Medium Not required None Partial None
Open redirect vulnerability in the help page in Cisco Video Surveillance Operations Manager allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka Bug ID CSCty74490.
112 CVE-2013-3375 79 XSS 2013-06-14 2013-06-14
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the portal page in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCue23798.
113 CVE-2013-3343 119 DoS Exec Code Overflow Mem. Corr. 2013-06-12 2018-12-13
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player before 10.3.183.90 and 11.x before 11.7.700.224 on Windows, before 10.3.183.90 and 11.x before 11.7.700.225 on Mac OS X, before 10.3.183.90 and 11.x before 11.2.202.291 on Linux, before 11.1.111.59 on Android 2.x and 3.x, and before 11.1.115.63 on Android 4.x; Adobe AIR before 3.7.0.2090 on Windows and Android and before 3.7.0.2100 on Mac OS X; and Adobe AIR SDK & Compiler before 3.7.0.2090 on Windows and before 3.7.0.2100 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
114 CVE-2013-3261 79 XSS 2013-06-01 2013-06-03
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in the GRAND FlAGallery plugin before 2.72 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter in a flag-manage-gallery action.
115 CVE-2013-3250 352 CSRF 2013-06-21 2013-06-24
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the WP Maintenance Mode plugin before 1.8.8 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that modify this plugin's settings.
116 CVE-2013-3142 119 DoS Exec Code Overflow Mem. Corr. 2013-06-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3112, CVE-2013-3113, CVE-2013-3121, and CVE-2013-3139.
117 CVE-2013-3141 119 DoS Exec Code Overflow Mem. Corr. 2013-06-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3110.
118 CVE-2013-3139 119 DoS Exec Code Overflow Mem. Corr. 2013-06-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3112, CVE-2013-3113, CVE-2013-3121, and CVE-2013-3142.
119 CVE-2013-3138 189 DoS Overflow 2013-06-12 2020-09-28
7.1
None Remote Medium Not required None None Complete
Integer overflow in the TCP/IP kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (system hang) via crafted TCP packets, aka "TCP/IP Integer Overflow Vulnerability."
120 CVE-2013-3136 399 +Info 2013-06-12 2018-10-12
4.4
None Local Medium ??? Complete None None
The kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly handle unspecified page-fault system calls, which allows local users to obtain sensitive information from kernel memory via a crafted application, aka "Kernel Information Disclosure Vulnerability."
121 CVE-2013-3126 119 Exec Code Overflow 2013-06-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 9 and 10, when script debugging is enabled, does not properly handle objects in memory during the processing of script, which allows remote attackers to execute arbitrary code via a crafted web site, aka "Internet Explorer Script Debug Vulnerability."
122 CVE-2013-3125 119 DoS Exec Code Overflow Mem. Corr. 2013-06-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3118 and CVE-2013-3120.
123 CVE-2013-3124 119 DoS Exec Code Overflow Mem. Corr. 2013-06-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3117 and CVE-2013-3122.
124 CVE-2013-3123 119 DoS Exec Code Overflow Mem. Corr. 2013-06-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3111.
125 CVE-2013-3122 119 DoS Exec Code Overflow Mem. Corr. 2013-06-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3117 and CVE-2013-3124.
126 CVE-2013-3121 119 DoS Exec Code Overflow Mem. Corr. 2013-06-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3112, CVE-2013-3113, CVE-2013-3139, and CVE-2013-3142.
127 CVE-2013-3120 119 DoS Exec Code Overflow Mem. Corr. 2013-06-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3118 and CVE-2013-3125.
128 CVE-2013-3119 119 DoS Exec Code Overflow Mem. Corr. 2013-06-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3114.
129 CVE-2013-3118 119 DoS Exec Code Overflow Mem. Corr. 2013-06-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3120 and CVE-2013-3125.
130 CVE-2013-3117 119 DoS Exec Code Overflow Mem. Corr. 2013-06-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3122 and CVE-2013-3124.
131 CVE-2013-3116 119 DoS Exec Code Overflow Mem. Corr. 2013-06-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 7 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
132 CVE-2013-3114 119 DoS Exec Code Overflow Mem. Corr. 2013-06-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3119.
133 CVE-2013-3113 119 DoS Exec Code Overflow Mem. Corr. 2013-06-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3112, CVE-2013-3121, CVE-2013-3139, and CVE-2013-3142.
134 CVE-2013-3112 119 DoS Exec Code Overflow Mem. Corr. 2013-06-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3113, CVE-2013-3121, CVE-2013-3139, and CVE-2013-3142.
135 CVE-2013-3111 119 DoS Exec Code Overflow Mem. Corr. 2013-06-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3123.
136 CVE-2013-3110 119 DoS Exec Code Overflow Mem. Corr. 2013-06-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3141.
137 CVE-2013-3035 20 DoS 2013-06-21 2017-09-19
7.1
None Remote Medium Not required None None Complete
The IPv6 implementation in the inet subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allows remote attackers to cause a denial of service (system hang) via a crafted packet to an IPv6 interface.
138 CVE-2013-3026 119 Exec Code Overflow 2013-06-17 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the Lotus Quickr for Domino ActiveX control in qp2.cab in IBM Lotus Quickr 8.1 before FP 8.1.0.32-001a, 8.2 before FP 8.2.0.28-001a, and 8.5.1 before FP 8.5.1.39-002a for Domino allows remote attackers to execute arbitrary code via a crafted web site.
139 CVE-2013-2981 22 Dir. Trav. 2013-06-17 2017-08-29
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the Web Console in IBM Data Studio 3.1.0 and 3.1.1 allows remote attackers to read arbitrary files via unspecified vectors.
140 CVE-2013-2980 352 CSRF 2013-06-17 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the Web Console in IBM Data Studio 3.1.0 and 3.1.1 allows remote attackers to hijack the authentication of arbitrary users for requests that access monitored database information.
141 CVE-2013-2970 Exec Code 2013-06-03 2017-08-29
6.5
None Remote Low ??? Partial Partial Partial
Unspecified vulnerability in IBM QRadar Security Information and Event Manager (SIEM) 7.x before 7.1 MR2 Patch 1 allows remote authenticated users to execute operating-system commands via unknown vectors.
142 CVE-2013-2969 79 XSS 2013-06-19 2017-08-29
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in IBM Sterling Control Center (SCC) 5.2 before 5.2.0.9, 5.3 before 5.3.0.4, and 5.4 through 5.4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving invalid characters.
143 CVE-2013-2968 119 DoS Overflow 2013-06-19 2017-08-29
6.3
None Remote Medium ??? None None Complete
An unspecified buffer-read method in IBM Sterling Control Center (SCC) 5.2 before 5.2.0.9, 5.3 before 5.3.0.4, and 5.4 through 5.4.0.1 allows remote authenticated users to cause a denial of service via a large file that lacks end-of-line characters.
144 CVE-2013-2961 20 Bypass 2013-06-21 2017-08-29
4.3
None Remote Medium Not required None Partial None
The internal web server in the Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as used in IBM Application Manager for Smart Business (formerly Tivoli Foundations Application Manager) 1.2.1 before 1.2.1.0-TIV-IAMSB-FP0004 and other products, allows remote attackers to perform unspecified redirection of HTTP requests, and bypass the proxy-server configuration, via crafted HTTP traffic.
145 CVE-2013-2960 119 DoS Overflow 2013-06-21 2017-08-29
5.0
None Remote Low Not required None None Partial
Buffer overflow in KDSMAIN in the Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as used in IBM Application Manager for Smart Business (formerly Tivoli Foundations Application Manager) 1.2.1 before 1.2.1.0-TIV-IAMSB-FP0004 and other products, allows remote attackers to cause a denial of service (segmentation fault) via a crafted http URL.
146 CVE-2013-2950 94 Http R.Spl. 2013-06-03 2017-08-29
3.5
None Remote Medium ??? None Partial None
CRLF injection vulnerability in IBM WebSphere Portal 6.1.0.x before 6.1.0.3 CF26, 6.1.5.x before 6.1.5 CF26, 7.0.0.x before 7.0.0.2 CF21, and 8.0.0.x through 8.0.0.1 CF5, when home substitution (aka uri.home.substitution) is enabled, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
147 CVE-2013-2866 264 +Info 2013-06-19 2017-09-19
4.3
None Remote Medium Not required Partial None None
The Flash plug-in in Google Chrome before 27.0.1453.116, as used on Google Chrome OS before 27.0.1453.116 and separately, does not properly determine whether a user wishes to permit camera or microphone access by a Flash application, which allows remote attackers to obtain sensitive information from a machine's physical environment via a clickjacking attack, as demonstrated by an attack using a crafted Cascading Style Sheets (CSS) opacity property.
148 CVE-2013-2865 DoS 2013-06-05 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in Google Chrome before 27.0.1453.110 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
149 CVE-2013-2864 119 DoS Overflow 2013-06-05 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
The PDF functionality in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via unknown vectors.
150 CVE-2013-2863 119 DoS Exec Code Overflow Mem. Corr. 2013-06-05 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 27.0.1453.110 does not properly handle SSL sockets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Total number of vulnerabilities : 360   Page : 1 2 3 (This Page)4 5 6 7 8
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.