CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In July 2013

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
201 CVE-2013-3445 264 DoS 2013-07-29 2017-11-29
5.0
None Remote Low Not required None None Partial
The firewall subsystem in Cisco Identity Services Engine has an incorrect rule for open ports, which allows remote attackers to cause a denial of service (CPU consumption or process crash) via a flood of malformed IP packets, aka Bug ID CSCug94572.
202 CVE-2013-3441 119 DoS Overflow Mem. Corr. 2013-07-23 2017-11-18
5.4
None Remote High Not required None None Complete
Cisco Aironet 3600 access points allow remote attackers to cause a denial of service (memory corruption and device crash) by disrupting Cisco Wireless LAN Controller communication and consequently forcing many transitions from FlexConnect mode to Standalone mode, aka Bug ID CSCuh71210.
203 CVE-2013-3440 79 XSS 2013-07-23 2017-11-18
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cisco Unified Operations Manager allow remote attackers to inject arbitrary web script or HTML, and obtain improperly secured cookies, via unspecified vectors, aka Bug ID CSCud80186.
204 CVE-2013-3439 79 XSS 2013-07-23 2017-11-18
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Cisco Unified Operations Manager allows remote attackers to inject arbitrary web script or HTML via a crafted URL in an unspecified HTTP header field, aka Bug ID CSCud80182.
205 CVE-2013-3438 264 Bypass 2013-07-24 2016-09-16
5.0
None Remote Low Not required Partial None None
The web framework in the server in Cisco Unified MeetingPlace Web Conferencing allows remote attackers to bypass intended access restrictions and read unspecified web pages via crafted parameters, aka Bug ID CSCuh86385.
206 CVE-2013-3437 89 Exec Code Sql 2013-07-23 2016-09-16
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in the management application in Cisco Unified Operations Manager allows remote authenticated users to execute arbitrary SQL commands via an entry field, aka Bug ID CSCud80179.
207 CVE-2013-3436 264 Bypass 2013-07-19 2017-11-29
5.0
None Remote Low Not required Partial None None
The default configuration of the Group Encrypted Transport VPN (GET VPN) feature on Cisco IOS uses an improper mechanism for enabling Group Domain of Interpretation (GDOI) traffic flow, which allows remote attackers to bypass the encryption policy via certain uses of UDP port 848, aka Bug ID CSCui07698.
208 CVE-2013-3435 399 DoS 2013-07-23 2016-09-16
5.0
None Remote Low Not required None None Partial
The Cisco Unified IP Conference Station 7937G allows remote attackers to cause a denial of service (networking outage) via a flood of TCP packets, aka Bug ID CSCuh42052.
209 CVE-2013-3434 +Priv 2013-07-18 2017-11-18
6.8
None Local Low ??? Complete Complete Complete
Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02242.
210 CVE-2013-3433 +Priv 2013-07-18 2017-11-18
6.8
None Local Low ??? Complete Complete Complete
Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02276.
211 CVE-2013-3431 287 +Info 2013-07-25 2017-08-29
7.8
None Remote Low Not required Complete None None
Cisco Video Surveillance Manager (VSM) before 7.0.0 does not require authentication for access to VSMC monitoring pages, which allows remote attackers to obtain sensitive configuration, archive, and log information via unspecified vectors, related to the Cisco_VSBWT (aka Broadware sample code) package, aka Bug ID CSCsv40169.
212 CVE-2013-3430 287 +Info 2013-07-25 2017-08-29
9.0
None Remote Low Not required Complete Partial Partial
Cisco Video Surveillance Manager (VSM) before 7.0.0 allows remote attackers to obtain sensitive configuration, archive, and log information via unspecified vectors, related to the Cisco_VSBWT (aka Broadware sample code) package, aka Bug ID CSCsv37288.
213 CVE-2013-3429 22 Dir. Trav. 2013-07-25 2017-08-29
7.8
None Remote Low Not required Complete None None
Multiple directory traversal vulnerabilities in Cisco Video Surveillance Manager (VSM) before 7.0.0 allow remote attackers to read system files via a crafted URL, related to the Cisco_VSBWT (aka Broadware sample code) package, aka Bug ID CSCsv37163.
214 CVE-2013-3428 200 +Info 2013-07-15 2013-07-16
4.0
None Remote Low ??? Partial None None
The web interface in Cisco Secure Access Control System (ACS) does not properly suppress error-condition details, which allows remote authenticated users to obtain sensitive information via an unspecified request that triggers an error, aka Bug ID CSCue65957.
215 CVE-2013-3426 264 2013-07-18 2013-07-18
5.0
None Remote Low Not required Partial None None
The Serviceability servlet on Cisco 9900 IP phones does not properly restrict paths, which allows remote attackers to read arbitrary files by specifying a pathname in a file request, aka Bug ID CSCuh52810.
216 CVE-2013-3425 264 2013-07-31 2017-08-29
4.0
None Remote Low ??? Partial None None
The Meeting Center component in Cisco WebEx 11 generates different error messages for invalid file-access attempts depending on whether a file exists, which allows remote authenticated users to enumerate files via a series of SPI calls, aka Bug ID CSCuc35965.
217 CVE-2013-3424 352 CSRF 2013-07-12 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Administration and View pages in Cisco Secure Access Control System (ACS) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCud75177.
218 CVE-2013-3423 79 XSS 2013-07-12 2017-08-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the web interface in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified field, aka Bug ID CSCud75174.
219 CVE-2013-3422 79 XSS 2013-07-12 2017-08-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Administration pages in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud75165.
220 CVE-2013-3421 79 XSS 2013-07-12 2017-08-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Help index page in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud75170.
221 CVE-2013-3420 352 CSRF 2013-07-18 2013-07-18
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the web framework on the Cisco Identity Services Engine (ISE) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuh25506.
222 CVE-2013-3419 79 XSS 2013-07-11 2013-07-12
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Cisco Unified MeetingPlace Web Conferencing allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuh74981.
223 CVE-2013-3418 399 DoS 2013-07-11 2013-07-25
6.8
None Remote Low ??? None None Complete
Cisco Unified Communications Domain Manager does not properly allocate memory for GET and POST requests, which allows remote authenticated users to cause a denial of service (memory consumption and process crash) via crafted requests to the management interface, aka Bug ID CSCud22922.
224 CVE-2013-3416 79 XSS 2013-07-10 2013-08-20
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the web framework in the unified-communications management implementation in Cisco Unified Operations Manager and Unified Service Monitor allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuh47574 and CSCuh95997.
225 CVE-2013-3414 79 XSS 2013-07-25 2017-08-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the WebVPN portal login page on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCug83080.
226 CVE-2013-3413 79 XSS 2013-07-04 2013-07-13
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the search form in the administration/monitoring panel on the Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuh87036.
227 CVE-2013-3412 89 Exec Code Sql 2013-07-18 2013-08-20
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuh81766.
228 CVE-2013-3411 DoS 2013-07-18 2013-08-20
7.8
None Remote Low Not required None None Complete
The IDSM-2 drivers in Cisco Intrusion Prevention System (IPS) Software on Cisco Catalyst 6500 devices with an IDSM-2 module allow remote attackers to cause a denial of service (device hang) via malformed IPv4 TCP packets, aka Bug ID CSCuh27460.
229 CVE-2013-3410 119 DoS Overflow 2013-07-18 2013-08-20
7.8
None Remote Low Not required None None Complete
Cisco Intrusion Prevention System (IPS) Software on IPS NME devices before 7.0(9)E4 allows remote attackers to cause a denial of service (device reload) via malformed IPv4 packets that trigger incorrect memory allocation, aka Bug ID CSCua61977.
230 CVE-2013-3408 264 +Priv 2013-07-10 2013-08-20
6.8
None Local Low ??? Complete Complete Complete
The firmware on Cisco Virtualization Experience Client 6000 devices sets incorrect operating-system permissions, which allows local users to gain privileges via an unspecified sequence of commands, aka Bug ID CSCuc31764.
231 CVE-2013-3405 264 Bypass 2013-07-10 2013-10-11
4.3
None Remote Medium Not required None Partial None
The web portal in TC software on Cisco TelePresence endpoints does not require an exact password match during a login attempt by a user who has not configured a password, which allows remote attackers to bypass authentication by sending an arbitrary password, aka Bug ID CSCud96071.
232 CVE-2013-3404 89 Exec Code Sql 2013-07-18 2013-08-20
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discovery of encrypted credentials by leveraging metadata, aka Bug ID CSCuh01051.
233 CVE-2013-3403 +Priv 2013-07-18 2013-08-20
6.8
None Local Low ??? Complete Complete Complete
Multiple untrusted search path vulnerabilities in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allow local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCuh73454.
234 CVE-2013-3402 94 Exec Code 2013-07-18 2013-08-20
6.5
None Remote Low ??? Partial Partial Partial
An unspecified function in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary commands via unknown vectors, aka Bug ID CSCuh73440.
235 CVE-2013-3401 2013-07-02 2013-07-02
4.3
None Remote Medium Not required None Partial None
The SIP implementation in Cisco TelePresence TC Software allows remote attackers to trigger unintended use of NOTIFY messages via unspecified vectors, aka Bug ID CSCud96080.
236 CVE-2013-3400 20 Exec Code 2013-07-10 2013-08-20
6.8
None Local Low ??? Complete Complete Complete
The license-installation module in Cisco NX-OS on Nexus 1000V devices allows local users to execute arbitrary commands via crafted "install license" arguments, aka Bug ID CSCuh30824.
237 CVE-2013-3399 119 Exec Code Overflow 2013-07-02 2013-07-23
6.6
None Local Medium ??? Complete Complete Complete
Buffer overflow in an unspecified Android API on the Cisco Desktop Collaboration Experience DX650 allows attackers to execute arbitrary code via vectors that leverage incorrect memory allocation, aka Bug IDs CSCuf93957, CSCug22352, and CSCug22462.
238 CVE-2013-3395 352 CSRF 2013-07-02 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the web framework on Cisco IronPort Web Security Appliance (WSA) devices, Email Security Appliance (ESA) devices, and Content Security Management Appliance (SMA) devices allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuh70263, CSCuh70323, and CSCuh26634.
239 CVE-2013-3350 2013-07-10 2020-09-04
10.0
None Remote Low Not required Complete Complete Complete
Adobe ColdFusion 10 before Update 11 allows remote attackers to call ColdFusion Components (CFC) public methods via WebSockets.
240 CVE-2013-3349 DoS 2013-07-10 2014-01-28
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Adobe ColdFusion 9.0 through 9.0.2, when the JRun application server is used, allows remote attackers to cause a denial of service via unknown vectors.
241 CVE-2013-3348 119 DoS Exec Code Overflow Mem. Corr. 2013-07-10 2013-08-20
10.0
None Remote Low Not required Complete Complete Complete
Adobe Shockwave Player before 12.0.3.133 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
242 CVE-2013-3347 189 Exec Code Overflow 2013-07-10 2013-08-22
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code via PCM data that is not properly handled during resampling.
243 CVE-2013-3345 119 DoS Exec Code Overflow Mem. Corr. 2013-07-10 2013-08-22
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
244 CVE-2013-3344 119 Exec Code Overflow 2013-07-10 2015-10-23
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code via unspecified vectors.
245 CVE-2013-3300 119 Overflow +Info 2013-07-29 2013-07-29
4.0
None Remote Low ??? Partial None None
The JsonParser class in json/JsonParser.scala in Lift before 2.5 interprets a certain end-index value as a length value, which allows remote authenticated users to obtain sensitive information from other users' sessions via invalid input data containing a < (less than) character.
246 CVE-2013-3299 20 DoS 2013-07-06 2013-07-08
4.3
None Remote Medium Not required None None Partial
RealNetworks RealPlayer 16.0.2.32 and earlier allows remote attackers to cause a denial of service (resource consumption or application crash) via an HTML document containing JavaScript code that constructs a long string.
247 CVE-2013-3275 20 XSS +Info 2013-07-19 2013-07-29
4.3
None Remote Medium Not required None Partial None
EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly restrict use of FRAME elements, which makes it easier for remote attackers to obtain sensitive information via a crafted web site, related to "cross frame scripting vulnerabilities."
248 CVE-2013-3274 264 Exec Code 2013-07-19 2013-07-29
9.0
None Remote Low ??? Complete Complete Complete
EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly determine authorization for calls to Java RMI methods, which allows remote authenticated users to execute arbitrary code via unspecified vectors.
249 CVE-2013-3273 255 +Info 2013-07-08 2020-03-27
2.1
None Local Low Not required Partial None None
EMC RSA Authentication Manager 8.0 before P2 and 7.1 before SP4 P26, as used in Appliance 3.0, does not omit the cleartext administrative password from trace logging in custom SDK applications, which allows local users to obtain sensitive information by reading the trace log file.
250 CVE-2013-3272 255 +Info 2013-07-08 2013-10-11
2.1
None Local Low Not required Partial None None
EMC Replication Manager (RM) before 5.4.4 places encoded passwords in application log files, which makes it easier for local users to obtain sensitive information by reading a file and conducting an unspecified decoding attack.
Total number of vulnerabilities : 470   Page : 1 2 3 4 5 (This Page)6 7 8 9 10
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.