CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In March 2013

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
201 CVE-2013-0910 287 Bypass 2013-03-05 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
Google Chrome before 25.0.1364.152 does not properly manage the interaction between the browser process and renderer processes during authorization of the loading of a plug-in, which makes it easier for remote attackers to bypass intended access restrictions via vectors involving a blocked plug-in.
202 CVE-2013-0909 200 XSS +Info 2013-03-05 2017-09-19
5.0
None Remote Low Not required Partial None None
The XSS Auditor in Google Chrome before 25.0.1364.152 allows remote attackers to obtain sensitive HTTP Referer information via unspecified vectors.
203 CVE-2013-0908 2013-03-05 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
Google Chrome before 25.0.1364.152 does not properly manage bindings of extension processes, which has unspecified impact and attack vectors.
204 CVE-2013-0907 362 DoS 2013-03-05 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
Race condition in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of media threads.
205 CVE-2013-0906 119 DoS Overflow Mem. Corr. 2013-03-05 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
The IndexedDB implementation in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
206 CVE-2013-0905 399 DoS 2013-03-05 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving an SVG animation.
207 CVE-2013-0904 119 DoS Overflow Mem. Corr. 2013-03-05 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
The Web Audio implementation in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
208 CVE-2013-0903 399 DoS 2013-03-05 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of browser navigation.
209 CVE-2013-0902 399 DoS 2013-03-05 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the frame-loader implementation in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
210 CVE-2013-0809 Exec Code 2013-03-05 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the 2D component in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2013-1493.
211 CVE-2013-0787 399 Exec Code 2013-03-11 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey before 2.16.1 allows remote attackers to execute arbitrary code via vectors involving an execCommand call.
212 CVE-2013-0731 264 XSS 2013-03-22 2017-08-29
5.0
None Remote Low Not required None Partial None
ajax.functions.php in the MailUp plugin before 1.3.3 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote attackers to modify plugin settings and conduct cross-site scripting (XSS) attacks by setting the wordpress_logged_in cookie. NOTE: this is due to an incomplete fix for a similar issue that was fixed in 1.3.2.
213 CVE-2013-0720 264 +Info 2013-03-27 2013-03-28
5.0
None Remote Low Not required Partial None None
The COBIME application before 0.9.4 for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application that accesses the local filesystem.
214 CVE-2013-0719 264 +Info 2013-03-27 2013-03-28
5.0
None Remote Low Not required Partial None None
The ArtIME Japanese Input application 1.1.2 and earlier for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application that accesses the local filesystem.
215 CVE-2013-0718 264 +Info 2013-03-27 2013-04-05
5.0
None Remote Low Not required Partial None None
The Simeji application 4.8.1 and earlier for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application that accesses the local filesystem.
216 CVE-2013-0717 352 CSRF 2013-03-19 2013-03-21
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in the web-based management utility on the NEC AtermWR9500N, AtermWR8600N, AtermWR8370N, AtermWR8160N, AtermWM3600R, and AtermWM3450RN routers allow remote attackers to hijack the authentication of administrators for requests that (1) initialize settings or (2) reboot the device.
217 CVE-2013-0716 20 DoS 2013-03-20 2013-05-21
5.0
None Remote Low Not required None None Partial
The web server in Wind River VxWorks 5.5 through 6.9 allows remote attackers to cause a denial of service (daemon crash) via a crafted URI.
218 CVE-2013-0715 20 DoS 2013-03-20 2013-05-21
4.0
None Remote Low ??? None None Partial
The WebCLI component in Wind River VxWorks 5.5 through 6.9 allows remote authenticated users to cause a denial of service (CLI session crash) via a crafted command string.
219 CVE-2013-0714 20 DoS Exec Code 2013-03-20 2013-05-21
10.0
None Remote Low Not required Complete Complete Complete
IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote attackers to execute arbitrary code or cause a denial of service (daemon hang) via a crafted public-key authentication request.
220 CVE-2013-0713 20 DoS 2013-03-20 2013-05-21
6.8
None Remote Low ??? None None Complete
IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote authenticated users to cause a denial of service (daemon outage) via a crafted pty request.
221 CVE-2013-0712 20 DoS 2013-03-20 2013-03-21
6.8
None Remote Low ??? None None Complete
IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote authenticated users to cause a denial of service (daemon outage) via a crafted packet.
222 CVE-2013-0711 20 DoS 2013-03-20 2013-05-21
7.8
None Remote Low Not required None None Complete
IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote attackers to cause a denial of service (daemon outage) via a crafted authentication request.
223 CVE-2013-0710 119 Exec Code Overflow 2013-03-05 2013-03-05
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Kingsoft Writer 2007 and 2010 before 2724 allows remote attackers to execute arbitrary code via a crafted RTF document.
224 CVE-2013-0709 79 XSS 2013-03-01 2013-03-01
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in dopvSTAR* 0091 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly handled during display of the access log.
225 CVE-2013-0708 79 XSS 2013-03-01 2013-03-01
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in dopvCOMET* 0009b allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly handled during display of the access log.
226 CVE-2013-0707 Exec Code 2013-03-01 2013-03-01
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in JustSystems Ichitaro 2006 and 2007, Ichitaro Government 2006 and 2007, Ichitaro Portable with oreplug, Hanako 2006 through 2013, Hanako Police, Hanako Police 3, and Hanako Police 2010 allows remote attackers to execute arbitrary code via a crafted file.
227 CVE-2013-0679 22 Dir. Trav. 2013-03-21 2013-03-22
4.0
None Remote Low ??? Partial None None
Directory traversal vulnerability in the web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote authenticated users to read arbitrary files via vectors involving a query for a pathname.
228 CVE-2013-0678 255 +Info 2013-03-21 2013-03-22
4.0
None Remote Low ??? Partial None None
Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly represent WebNavigator credentials in a database, which makes it easier for remote authenticated users to obtain sensitive information via a SQL query.
229 CVE-2013-0677 200 DoS +Info 2013-03-21 2013-03-22
5.8
None Remote Medium Not required Partial None Partial
The web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to obtain sensitive information or cause a denial of service via a crafted project file.
230 CVE-2013-0676 264 +Info 2013-03-21 2013-03-22
4.0
None Remote Low ??? Partial None None
Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly assign privileges for the database containing WebNavigator credentials, which allows remote authenticated users to obtain sensitive information via a SQL query.
231 CVE-2013-0675 119 DoS Overflow 2013-03-21 2013-03-22
6.1
None Local Network Low Not required None None Complete
Buffer overflow in CCEServer (aka the central communications component) in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to cause a denial of service via a crafted packet.
232 CVE-2013-0674 119 Exec Code Overflow 2013-03-21 2013-03-22
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the RegReader ActiveX control in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to execute arbitrary code via a long parameter.
233 CVE-2013-0672 79 XSS 2013-03-21 2013-03-22
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the HMI web application in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to inject arbitrary web script or HTML via unspecified data.
234 CVE-2013-0671 22 Dir. Trav. 2013-03-21 2013-03-22
4.0
None Remote Low ??? Partial None None
Directory traversal vulnerability in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to read HMI web-application source code and user-defined scripts via a crafted URL.
235 CVE-2013-0670 20 Http R.Spl. 2013-03-21 2013-03-22
4.3
None Remote Medium Not required None Partial None
CRLF injection vulnerability in the HMI web application in Siemens WinCC (TIA Portal) 11 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.
236 CVE-2013-0669 20 DoS 2013-03-21 2013-03-22
4.0
None Remote Low ??? None None Partial
The HMI web application in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to cause a denial of service (daemon crash) via a crafted HTTP request.
237 CVE-2013-0668 79 XSS 2013-03-21 2013-03-22
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the HMI web application in Siemens WinCC (TIA Portal) 11 allow remote attackers to inject arbitrary web script or HTML via a crafted URL.
238 CVE-2013-0667 79 XSS 2013-03-21 2013-03-22
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the HMI web application in Siemens WinCC (TIA Portal) 11 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
239 CVE-2013-0665 264 +Priv 2013-03-21 2013-03-21
6.2
None Local High Not required Complete Complete Complete
Schweitzer Engineering Laboratories (SEL) AcSELerator QuickSet before 5.12.0.1 uses weak permissions for its Program Files directory, which allows local users to replace executable files, and consequently gain privileges, via standard filesystem operations.
240 CVE-2013-0650 399 Exec Code 2013-03-13 2014-03-26
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x; Adobe AIR before 3.6.0.6090; Adobe AIR SDK before 3.6.0.6090; and Adobe AIR SDK & Compiler before 3.6.0.6090 allows attackers to execute arbitrary code via unspecified vectors.
241 CVE-2013-0646 189 Exec Code Overflow 2013-03-13 2014-03-26
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x; Adobe AIR before 3.6.0.6090; Adobe AIR SDK before 3.6.0.6090; and Adobe AIR SDK & Compiler before 3.6.0.6090 allows attackers to execute arbitrary code via unspecified vectors.
242 CVE-2013-0532 352 DoS CSRF 2013-03-29 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that cause a denial of service via malformed HTTP data.
243 CVE-2013-0525 79 XSS 2013-03-26 2017-08-29
1.5
None Local Medium ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in IBM iNotes 8.5.x allow local users to inject arbitrary web script or HTML via a shared mail file, aka SPR DKEN8PDNTX.
244 CVE-2013-0513 +Priv 2013-03-29 2017-08-29
7.2
None Local Low Not required Complete Complete Complete
IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 create a service that lacks " (double quote) characters in the service path, which allows local users to gain privileges via a Trojan horse program, related to an "Unquoted Service Path Enumeration" vulnerability.
245 CVE-2013-0512 119 DoS Overflow 2013-03-29 2017-08-29
4.3
None Remote Medium Not required None None Partial
Stack-based buffer overflow in the Manual Explore browser plug-in for Firefox in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allows remote attackers to cause a denial of service (plug-in crash) via a crafted web page.
246 CVE-2013-0511 89 Exec Code Sql 2013-03-29 2017-08-29
6.5
None Remote Low ??? Partial Partial Partial
Multiple SQL injection vulnerabilities in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified parameters.
247 CVE-2013-0510 264 2013-03-29 2017-08-29
4.3
None Remote Medium Not required Partial None None
IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 includes a security test that sends session cookies to a specific external server, which allows man-in-the-middle attackers to hijack the test account by capturing these cookies.
248 CVE-2013-0506 79 XSS 2013-03-19 2017-08-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in IBM Sterling Order Management 8.0 before HF127, 8.5 before HF89, 9.0 before HF69, 9.1.0 before FP41, and 9.2.0 before FP13 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
249 CVE-2013-0505 200 +Info 2013-03-19 2017-08-29
5.5
None Remote Low ??? Partial Partial None
IBM Sterling Order Management 8.0 before HF127, 8.5 before HF89, 9.0 before HF69, 9.1.0 before FP41, and 9.2.0 before FP13 allows remote authenticated users to conduct XPath injection attacks, and read arbitrary XML files, via unspecified vectors.
250 CVE-2013-0489 352 CSRF 2013-03-27 2017-08-29
6.0
None Remote Medium ??? Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in webadmin.nsf (aka the Web Administrator client) in IBM Domino 8.5.x allows remote authenticated users to hijack the authentication of administrators.
Total number of vulnerabilities : 430   Page : 1 2 3 4 5 (This Page)6 7 8 9
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.