CVE List - 2013 / November
Showing 101 - 200 of 394 CVEs for November 2013 (Page 2 of 4)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2013-3044 | 2013-11-09 | The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote authenticated users to spoof the origin of chat messages, or compose anonymous chat messages, by leveraging meeting-attendance... |
| CVE-2013-3045 | 2013-11-09 | The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote authenticated users to share crafted links via the Library function. |
| CVE-2013-3985 | 2013-11-09 | The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 does not properly restrict application cookies, which allows remote attackers to read session variables by leveraging a weak setting... |
| CVE-2013-2239 | 2013-11-12 | vzkernel before 042stab080.2 in the OpenVZ modification for the Linux kernel 2.6.32 does not initialize certain length variables, which allows local users to obtain sensitive information from kernel stack memory... |
| CVE-2013-4511 | 2013-11-12 | Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and... |
| CVE-2013-4512 | 2013-11-12 | Buffer overflow in the exitcode_proc_write function in arch/um/kernel/exitcode.c in the Linux kernel before 3.12 allows local users to cause a denial of service or possibly have unspecified other impact by... |
| CVE-2013-4513 | 2013-11-12 | Buffer overflow in the oz_cdev_write function in drivers/staging/ozwpan/ozcdev.c in the Linux kernel before 3.12 allows local users to cause a denial of service or possibly have unspecified other impact via... |
| CVE-2013-4514 | 2013-11-12 | Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN... |
| CVE-2013-4515 | 2013-11-12 | The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via... |
| CVE-2013-4516 | 2013-11-12 | The mp_get_count function in drivers/staging/sb105x/sb_pci_mp.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory... |
| CVE-2013-6763 | 2013-11-12 | The uio_mmap_physical function in drivers/uio/uio.c in the Linux kernel before 3.12 does not validate the size of a memory block, which allows local users to cause a denial of service... |
| CVE-2013-3918 | 2013-11-12 | The InformationCardSigninHelper Class ActiveX control in icardie.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7... |
| CVE-2013-4740 | 2013-11-12 | goodix_tool.c in the Goodix gt915 touchscreen driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, relies on user-space... |
| CVE-2013-6122 | 2013-11-12 | goodix_tool.c in the Goodix gt915 touchscreen driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly... |
| CVE-2013-5726 | 2013-11-12 | Tweetbot 1.3.3 for Mac, and 2.8.5 for iPad and iPhone, does not require confirmation of (1) follow or (2) favorite actions, which allows remote attackers to automatically force the user... |
| CVE-2013-0082 | 2013-11-13 | Microsoft Office 2003 SP3 and 2007 SP3 allows remote attackers to execute arbitrary code via a crafted WordPerfect document (.wpd) file, aka "WPD File Format Memory Corruption Vulnerability." |
| CVE-2013-1324 | 2013-11-13 | Stack-based buffer overflow in Microsoft Office 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT allows remote attackers to execute arbitrary code via a crafted WordPerfect document... |
| CVE-2013-1325 | 2013-11-13 | Heap-based buffer overflow in Microsoft Office 2003 SP3 and 2007 SP3 allows remote attackers to execute arbitrary code via a crafted WordPerfect document (.wpd) file, aka "Word Heap Overwrite Vulnerability." |
| CVE-2013-3869 | 2013-11-13 | Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012... |
| CVE-2013-3887 | 2013-11-13 | The Ancillary Function Driver (AFD) in afd.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1,... |
| CVE-2013-3898 | 2013-11-13 | Microsoft Windows 8 and Windows Server 2012, when Hyper-V is used, does not ensure memory-address validity, which allows guest OS users to execute arbitrary code in all guest OS instances,... |
| CVE-2013-3905 | 2013-11-13 | Microsoft Outlook 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT does not properly expand metadata contained in S/MIME certificates, which allows remote attackers to obtain sensitive network configuration... |
| CVE-2013-3908 | 2013-11-13 | Microsoft Internet Explorer 6 through 10 allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information from any visited document via a crafted web page that... |
| CVE-2013-3909 | 2013-11-13 | Microsoft Internet Explorer 6 through 8 allows remote attackers to read content from a different (1) domain or (2) zone via crafted characters in Cascading Style Sheets (CSS) token sequences,... |
| CVE-2013-3910 | 2013-11-13 | Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory... |
| CVE-2013-3911 | 2013-11-13 | Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory... |
| CVE-2013-3912 | 2013-11-13 | Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory... |
| CVE-2013-3914 | 2013-11-13 | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory... |
| CVE-2013-3915 | 2013-11-13 | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory... |
| CVE-2013-3916 | 2013-11-13 | Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory... |
| CVE-2013-3917 | 2013-11-13 | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory... |
| CVE-2013-3940 | 2013-11-13 | Integer overflow in the Graphics Device Interface (GDI) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows... |
| CVE-2013-2653 | 2013-11-13 | security/MemberLoginForm.php in SilverStripe 3.0.3 supports login using a GET request, which makes it easier for remote attackers to conduct phishing attacks without detection by the victim. |
| CVE-2013-6789 | 2013-11-13 | security/MemberLoginForm.php in SilverStripe 3.0.3 supports credentials in a GET request, which allows remote or local attackers to obtain sensitive information by reading web-server access logs, web-server Referer logs, or the... |
| CVE-2013-5326 | 2013-11-13 | Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 9.0 before Update 12, 9.0.1 before Update 11, 9.0.2 before Update 6, and 10 before Update 12, when the CFIDE directory is available,... |
| CVE-2013-5329 | 2013-11-13 | Adobe Flash Player before 11.7.700.252 and 11.8.x and 11.9.x before 11.9.900.152 on Windows and Mac OS X and before 11.2.202.327 on Linux, Adobe AIR before 3.9.0.1210, Adobe AIR SDK before... |
| CVE-2013-5330 | 2013-11-13 | Adobe Flash Player before 11.7.700.252 and 11.8.x and 11.9.x before 11.9.900.152 on Windows and Mac OS X and before 11.2.202.327 on Linux, Adobe AIR before 3.9.0.1210, Adobe AIR SDK before... |
| CVE-2013-5328 | 2013-11-13 | Adobe ColdFusion 10 before Update 12 allows remote attackers to read arbitrary files via unspecified vectors. |
| CVE-2013-2931 | 2013-11-13 | Multiple unspecified vulnerabilities in Google Chrome before 31.0.1650.48 allow attackers to execute arbitrary code or possibly have other impact via unknown vectors. |
| CVE-2013-4475 | 2013-11-13 | Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfs_streams_depot or vfs_streams_xattr is enabled, allows remote attackers to bypass intended file restrictions by leveraging ACL... |
| CVE-2013-4476 | 2013-11-13 | Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is provided over SSL, uses world-readable permissions for a private key, which allows local users to obtain sensitive... |
| CVE-2013-5378 | 2013-11-13 | Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.x before 8.0.0.1 CF8 allows remote authenticated users to inject arbitrary web script or HTML by leveraging incorrect IBM Connections integration. |
| CVE-2013-5379 | 2013-11-13 | Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.x before 7.0.0.2 CF25 and 8.x before 8.0.0.1 CF8 allows remote authenticated users to inject arbitrary web script or HTML by leveraging... |
| CVE-2013-5442 | 2013-11-13 | Cross-site scripting (XSS) vulnerability in the Local Management Interface (LMI) in IBM Security Network Protection on XGS 5100 devices with firmware 5.1 before 5.1.0.6 and 5.1.1 before 5.1.1.1 allows remote... |
| CVE-2013-5450 | 2013-11-13 | IBM Security AppScan Enterprise 8.5 through 8.7.0.1, when Jazz authentication is enabled, allows man-in-the-middle attackers to obtain sensitive information or modify data by leveraging an improperly protected URL to obtain... |
| CVE-2013-5453 | 2013-11-13 | IBM Security AppScan Enterprise 5.6 through 8.7.0.1 allows remote authenticated users to read arbitrary report files by leveraging knowledge of filenames that cannot be easily predicted. |
| CVE-2013-6621 | 2013-11-13 | Use-after-free vulnerability in Google Chrome before 31.0.1650.48 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the x-webkit-speech attribute in... |
| CVE-2013-6622 | 2013-11-13 | Use-after-free vulnerability in the HTMLMediaElement::didMoveToNewDocument function in core/html/HTMLMediaElement.cpp in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers to cause a denial of service or possibly have unspecified... |
| CVE-2013-6623 | 2013-11-13 | The SVG implementation in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers to cause a denial of service (out-of-bounds read) by leveraging the use of tree order,... |
| CVE-2013-6624 | 2013-11-13 | Use-after-free vulnerability in Google Chrome before 31.0.1650.48 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the string values of id... |
| CVE-2013-6625 | 2013-11-13 | Use-after-free vulnerability in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging... |
| CVE-2013-6626 | 2013-11-13 | The WebContentsImpl::AttachInterstitialPage function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 31.0.1650.48 does not cancel JavaScript dialogs upon generating an interstitial warning, which allows remote attackers to spoof the address bar via... |
| CVE-2013-6627 | 2013-11-13 | net/http/http_stream_parser.cc in Google Chrome before 31.0.1650.48 does not properly process HTTP Informational (aka 1xx) status codes, which allows remote web servers to cause a denial of service (out-of-bounds read) via... |
| CVE-2013-6628 | 2013-11-13 | net/socket/ssl_client_socket_nss.cc in the TLS implementation in Google Chrome before 31.0.1650.48 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which might... |
| CVE-2013-6780 | 2013-11-13 | Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via the allowedDomain parameter. |
| CVE-2013-5552 | 2013-11-13 | Cisco IOS 12.4(24)MDB9 and earlier on Content Services Gateway (CSG) devices does not properly implement the "parse error drop" feature, which allows remote attackers to bypass intended access restrictions via... |
| CVE-2013-5560 | 2013-11-13 | The IPv6 implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1.3 and earlier, when NAT64 or NAT66 is enabled, does not properly process NAT rules, which allows remote attackers to... |
| CVE-2013-5568 | 2013-11-13 | The auto-update implementation in Cisco Adaptive Security Appliance (ASA) Software 9.0.3.6 and earlier allows remote attackers to cause a denial of service (device reload) via crafted update data, aka Bug... |
| CVE-2013-5990 | 2013-11-13 | Unspecified vulnerability in JustSystems Ichitaro 2006 through 2011; Ichitaro Government 6, 7, and 2006 through 2010; Ichitaro 2011 Sou; Ichitaro 2012 Shou; Ichitaro 2013 Gen and Gen Trial Edition; Ichitaro... |
| CVE-2013-6357 | 2013-11-13 | Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that manipulate application deployment... |
| CVE-2013-6682 | 2013-11-13 | The phone-proxy implementation in Cisco Adaptive Security Appliance (ASA) Software 9.0.3.6 and earlier does not properly validate X.509 certificates, which allows remote attackers to cause a denial of service (connection-database... |
| CVE-2013-6683 | 2013-11-13 | The IPv6 implementation in Cisco NX-OS does not properly handle neighbor-table adjacencies, which allows remote attackers to cause a denial of service (NS processing outage) via a series of malformed... |
| CVE-2013-6684 | 2013-11-13 | The web framework on Cisco Wireless LAN Controller (WLC) devices does not properly validate configuration parameters, which allows remote authenticated users to cause a denial of service via a crafted... |
| CVE-2013-6685 | 2013-11-13 | The firmware on Cisco Unified IP phones 8961, 9951, and 9971 uses weak permissions for memory block devices, which allows local users to gain privileges by mounting a device with... |
| CVE-2013-6058 | 2013-11-14 | SQL injection vulnerability in appRain CMF 3.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to blog-by-cat/. |
| CVE-2013-6163 | 2013-11-14 | Multiple cross-site scripting (XSS) vulnerabilities in ProjeQtOr (formerly Project'Or RIA) before 4.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) type parameter to view/parameter.php, (2)... |
| CVE-2013-6164 | 2013-11-14 | SQL injection vulnerability in view/objectDetail.php in Project'Or RIA 3.4.0 allows remote attackers to execute arbitrary SQL commands via the objectId parameter. |
| CVE-2013-6168 | 2013-11-14 | Cross-site scripting (XSS) vulnerability in Zikula Application Framework before 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the returnpage parameter to index.php. |
| CVE-2013-6226 | 2013-11-14 | Directory traversal vulnerability in plugins/editor.zoho/agent/save_zoho.php in the Zoho plugin in Pydio (formerly AjaXplorer) before 5.0.4 allows remote attackers to read or delete arbitrary files via unspecified vectors. |
| CVE-2013-6793 | 2013-11-14 | Multiple cross-site scripting (XSS) vulnerabilities in the Calendar module in Olat 7.8.0.1 (b20130821 N1) allow remote attackers to inject arbitrary web script or HTML via the (1) event name or... |
| CVE-2013-6794 | 2013-11-14 | Cross-site scripting (XSS) vulnerability in the Calendar module in Olat 7.8.0.1 (b20130821 N1) allows remote attackers to inject arbitrary web script or HTML via the Location field. NOTE: the provenance... |
| CVE-2013-2031 | 2013-11-15 | MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a CDATA section containing valid UTF-7 encoded sequences in a SVG... |
| CVE-2013-2032 | 2013-11-15 | MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote attackers to bypass the intended restrictions... |
| CVE-2013-2061 | 2013-11-15 | The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison... |
| CVE-2013-4204 | 2013-11-15 | Multiple cross-site scripting (XSS) vulnerabilities in the JUnit files in the GWTTestCase in Google Web Toolkit (GWT) before 2.5.1 RC1 allow remote attackers to inject arbitrary web script or HTML... |
| CVE-2013-4425 | 2013-11-15 | The DICOM listener in OsiriX before 5.8 and before 2.5-MD, when starting up, encrypts the TLS private key file using "SuperSecretPassword" as the hardcoded password, which allows local users to... |
| CVE-2013-4480 | 2013-11-15 | Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator... |
| CVE-2013-4551 | 2013-11-15 | Xen 4.2.x and 4.3.x, when nested virtualization is disabled, does not properly check the emulation paths for (1) VMLAUNCH and (2) VMRESUME, which allows local HVM guest users to cause... |
| CVE-2013-4555 | 2013-11-15 | Cross-site request forgery (CSRF) vulnerability in ecrire/action/logout.php in SPIP before 2.1.24 allows remote attackers to hijack the authentication of arbitrary users for requests that logout the user via unspecified vectors. |
| CVE-2013-4556 | 2013-11-15 | Cross-site scripting (XSS) vulnerability in the author page (prive/formulaires/editer_auteur.php) in SPIP before 2.1.24 and 3.0.x before 3.0.12 allows remote attackers to inject arbitrary web script or HTML via the url_site... |
| CVE-2013-4557 | 2013-11-15 | The Security Screen (_core_/securite/ecran_securite.php) before 1.1.8 for SPIP, as used in SPIP 3.0.x before 3.0.12, allows remote attackers to execute arbitrary PHP via the connect parameter. |
| CVE-2013-1057 | 2013-11-15 | Untrusted search path vulnerability in maas-import-pxe-files in MAAS before 13.10 allows local users to execute arbitrary code via a Trojan horse import_pxe_files configuration file in the current working directory. |
| CVE-2013-2114 | 2013-11-15 | Unrestricted file upload vulnerability in the chunk upload API in MediaWiki 1.19 through 1.19.6 and 1.20.x before 1.20.6 allows remote attackers to execute arbitrary code by uploading a file with... |
| CVE-2013-4510 | 2013-11-15 | Directory traversal vulnerability in the client in Tryton 3.0.0, as distributed before 20131104 and earlier, allows remote servers to write arbitrary files via path separators in the extension of a... |
| CVE-2013-4519 | 2013-11-15 | Multiple cross-site scripting (XSS) vulnerabilities in Review Board 1.6.x before 1.6.21 and 1.7.x before 1.7.17 allow remote attackers to inject arbitrary web script or HTML via the (1) Branch field... |
| CVE-2013-6042 | 2013-11-15 | Cross-site scripting (XSS) vulnerability in filemanager/login.php in the File Manager module in Softaculous Webuzo before 2.1.4 allows remote attackers to inject arbitrary web script or HTML via the user parameter. |
| CVE-2013-6629 | 2013-11-15 | The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain... |
| CVE-2013-6630 | 2013-11-15 | The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array... |
| CVE-2013-6631 | 2013-11-15 | Use-after-free vulnerability in the Channel::SendRTCPPacket function in voice_engine/channel.cc in libjingle in WebRTC, as used in Google Chrome before 31.0.1650.48 and other products, allows remote attackers to cause a denial of... |
| CVE-2013-5223 | 2013-11-15 | Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2760U Gateway (Rev. E1) allow remote authenticated users to inject arbitrary web script or HTML via the (1) ntpServer1 parameter to sntpcfg.cgi, username... |
| CVE-2013-0741 | 2013-11-15 | Cross-site scripting (XSS) vulnerability in imagegen.ashx in Percipient Studios ImageGen before 2.9.0 for Umbraco CMS allows remote attackers to inject arbitrary web script or HTML via the font parameter. |
| CVE-2013-2271 | 2013-11-15 | The D-Link DSL-2740B Gateway with firmware EU_1.0, when an active administrator session exists, allows remote attackers to bypass authentication and gain administrator access via a request to login.cgi. |
| CVE-2013-6797 | 2013-11-15 | Cross-site request forgery (CSRF) vulnerability in bluewrench-video-widget.php in the Blue Wrench Video Widget plugin before 2.0.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that... |
| CVE-2013-1418 | 2013-11-16 | The setup_server_realm function in main.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.7, when multiple realms are configured, allows remote attackers to cause a... |
| CVE-2013-3030 | 2013-11-16 | The servlet gateway in IBM Cognos Business Intelligence 8.4.1 before IF3, 10.1.0 before IF4, 10.1.1 before IF4, 10.2.0 before IF4, 10.2.1 before IF2, and 10.2.1.1 before IF1 allows remote attackers... |
| CVE-2013-4034 | 2013-11-16 | IBM Cognos Business Intelligence 8.4.1 before IF3, 10.1.0 before IF4, 10.1.1 before IF4, 10.2.0 before IF4, 10.2.1 before IF2, and 10.2.1.1 before IF1 allows remote authenticated users to read arbitrary... |
| CVE-2013-5425 | 2013-11-16 | Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Virtual Enterprise 6.1 before 6.1.1.6 and 7.0 before 7.0.0.4 allows remote authenticated users to inject arbitrary web script or... |
| CVE-2013-5454 | 2013-11-16 | IBM WebSphere Portal 6.0 through 6.0.1.7, 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF25, and 8.0 through 8.0.0.1 CF08 allows remote attackers to read arbitrary files... |
| CVE-2013-3406 | 2013-11-16 | The "Files Available for Download" implementation in the Cisco Intelligent Automation for Cloud component in Cisco Services Portal 9.4(1) allows remote authenticated users to read arbitrary files via a crafted... |
| CVE-2013-3407 | 2013-11-16 | The web interface in Cisco Server Provisioner 6.4.0 Patch 5-1301292331 and earlier does not require authentication for unspecified pages, which allows remote attackers to obtain sensitive information via a direct... |