CVE List - 2013 / September
Showing 301 - 400 of 454 CVEs for September 2013 (Page 4 of 5)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2013-5154 | 2013-09-19 | The Sandbox subsystem in Apple iOS before 7 determines the sandboxing requirement for a #! application on the basis of the script interpreter instead of the script, which allows attackers... |
| CVE-2013-5155 | 2013-09-19 | The Sandbox subsystem in Apple iOS before 7 allows attackers to cause a denial of service (infinite loop) via an application that writes crafted values to /dev/random. |
| CVE-2013-5156 | 2013-09-19 | The Telephony subsystem in Apple iOS before 7 does not require API conformity for access to telephony-daemon interfaces, which allows attackers to bypass intended restrictions on phone calls via a... |
| CVE-2013-5157 | 2013-09-19 | The Twitter subsystem in Apple iOS before 7 does not require API conformity for access to Twitter daemon interfaces, which allows attackers to post Tweets via a crafted app that... |
| CVE-2013-5158 | 2013-09-19 | The Social subsystem in Apple iOS before 7 does not properly restrict access to the cache of Twitter icons, which allows physically proximate attackers to obtain sensitive information about recent... |
| CVE-2013-5159 | 2013-09-19 | WebKit in Apple iOS before 7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive information about use of the window.webkitRequestAnimationFrame API via an IFRAME element. |
| CVE-2013-5497 | 2013-09-19 | The authentication manager process in the web framework in Cisco Intrusion Prevention System (IPS) does not properly handle user tokens, which allows remote attackers to cause a denial of service... |
| CVE-2013-1121 | 2013-09-19 | The regex engine in the BGP implementation in Cisco NX-OS, when a complex regular expression is configured for inbound routes, allows remote attackers to cause a denial of service (device... |
| CVE-2013-4068 | 2013-09-20 | Buffer overflow in iNotes in IBM Domino 8.5.3 before FP5 IF1 and 9.0 before IF4 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka SPR PTHN9ADPA8. |
| CVE-2013-4706 | 2013-09-20 | The SSH implementation on the D-Link Japan DWL-2100AP with firmware before R252JP-RC572 allows remote authenticated users to cause a denial of service (reboot) by leveraging login access. |
| CVE-2013-4707 | 2013-09-20 | The SSH implementation on D-Link Japan DES-3810 devices with firmware before R2.20.011 allows remote authenticated users to cause a denial of service (device hang) by leveraging login access. |
| CVE-2013-4709 | 2013-09-20 | Buffer overflow in the PPP Access Concentrator (PPPAC) on the SEIL/x86 with firmware before 2.82, SEIL/X1 with firmware before 4.32, SEIL/X2 with firmware before 4.32, SEIL/B1 with firmware before 4.32,... |
| CVE-2010-5290 | 2013-09-20 | The authentication process in Adobe ColdFusion before 10 does not require knowledge of the cleartext password if the password hash is known, which makes it easier for context-dependent attackers to... |
| CVE-2012-4072 | 2013-09-20 | The KVM subsystem in Cisco Unified Computing System (UCS) relies on a hardcoded X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers, and read keyboard and mouse events, by... |
| CVE-2012-4073 | 2013-09-20 | The KVM subsystem in the client in Cisco Unified Computing System (UCS) does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers, and read or... |
| CVE-2012-4074 | 2013-09-20 | The Board Management Controller (BMC) in the Serial over LAN (SoL) subsystem in Cisco Unified Computing System (UCS) relies on a hardcoded private key, which allows man-in-the-middle attackers to obtain... |
| CVE-2012-4083 | 2013-09-20 | Multiple buffer overflows in the administrative web interface in Cisco Unified Computing System (UCS) allow remote authenticated users to cause a denial of service (memory corruption and session termination) via... |
| CVE-2012-4093 | 2013-09-20 | The Manager component in Cisco Unified Computing System (UCS) allows local users to cause a denial of service via an invalid Smart Call Home contact address, aka Bug ID CSCtl00186. |
| CVE-2013-5500 | 2013-09-20 | Multiple cross-site scripting (XSS) vulnerabilities in the oraadmin service page in Cisco MediaSense allow remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs... |
| CVE-2013-5501 | 2013-09-20 | Cross-site scripting (XSS) vulnerability in the oraservice page in Cisco MediaSense allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuj23328. |
| CVE-2013-1130 | 2013-09-20 | Cisco AnyConnect Secure Mobility Client on Mac OS X uses weak permissions for a library directory, which allows local users to gain privileges via a crafted library file, aka Bug... |
| CVE-2012-4081 | 2013-09-20 | MCServer in the Cisco Management Controller in Cisco Unified Computing System (UCS) allows local users to cause a denial of service (application crash) via invalid MCTools parameters, aka Bug ID... |
| CVE-2012-4082 | 2013-09-20 | MCTools in the Cisco Management Controller in Cisco Unified Computing System (UCS) allows local users to gain privileges by entering crafted command-line parameters on a Fabric Interconnect device, aka Bug... |
| CVE-2013-3473 | 2013-09-20 | The web framework in Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance before 9.1.1 does not properly determine the existence of an authenticated session, which allows remote attackers to... |
| CVE-2013-0596 | 2013-09-20 | Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2013-4052 | 2013-09-20 | Cross-site scripting (XSS) vulnerability in the UDDI Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote... |
| CVE-2013-4053 | 2013-09-20 | The WS-Security implementation in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1, and WAS Feature Pack for Web Services 6.1... |
| CVE-2013-4815 | 2013-09-20 | Cross-site scripting (XSS) vulnerability in the web interface in HP ArcSight Enterprise Security Manager (ESM) before 5.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2013-5696 | 2013-09-23 | inc/central.class.php in GLPI before 0.84.2 does not attempt to make install/install.php unavailable after an installation is completed, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and (1)... |
| CVE-2013-4325 | 2013-09-23 | The check_permission_v1 function in base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.9 does not properly use D-Bus for communication with a polkit authority, which allows local users to... |
| CVE-2013-4817 | 2013-09-23 | Unspecified vulnerability in HP IceWall SSO Agent Option 8.0 through 10.0 allows remote attackers to obtain sensitive information via unknown vectors. |
| CVE-2013-4818 | 2013-09-23 | Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall SSO Agent Option 8.0 through 10.0, IceWall SSO Smart Device Option 10.0, and IceWall File Manager 3.0 through SP4 allows... |
| CVE-2013-4819 | 2013-09-23 | Unspecified vulnerability in HP IceWall SSO Agent Option 8.0 through 10.0 allows remote authenticated users to obtain sensitive information via unknown vectors. |
| CVE-2013-4820 | 2013-09-23 | Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall SSO Agent Option 8.0 through 10.0, IceWall SSO Smart Device Option 10.0, IceWall SSO SAML2 Agent Option 8.0, IceWall SSO... |
| CVE-2013-5486 | 2013-09-23 | Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to write arbitrary files via the chartid parameter, aka... |
| CVE-2013-5490 | 2013-09-23 | Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary text files via an XML external entity declaration in conjunction with an entity reference, related... |
| CVE-2013-5502 | 2013-09-23 | The web interface in Cisco MediaSense does not properly protect the client-server communication channel, which allows remote attackers to obtain sensitive query string or cookie information via unspecified vectors, aka... |
| CVE-2013-5691 | 2013-09-23 | The (1) IPv6 and (2) ATM ioctl request handlers in the kernel in FreeBSD 8.3 through 9.2-STABLE do not validate SIOCSIFADDR, SIOCSIFBRDADDR, SIOCSIFDSTADDR, and SIOCSIFNETMASK requests, which allows local users... |
| CVE-2013-4814 | 2013-09-23 | Cross-site scripting (XSS) vulnerability in HP XP P9000 Command View Advanced Edition Suite Software 7.x before 7.5.0-02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2013-4821 | 2013-09-23 | Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors. |
| CVE-2013-5487 | 2013-09-23 | DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary files via unspecified vectors, aka Bug ID CSCue77029. |
| CVE-2013-5917 | 2013-09-23 | SQL injection vulnerability in wp-comments-post.php in the NOSpam PTI plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the comment_post_ID parameter. |
| CVE-2013-5918 | 2013-09-23 | Cross-site scripting (XSS) vulnerability in platinum_seo_pack.php in the Platinum SEO plugin before 1.3.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. |
| CVE-2012-5338 | 2013-09-23 | Open redirect vulnerability in JForum 2.1.9 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the returnPath parameter in a validateLogin... |
| CVE-2013-1431 | 2013-09-23 | The Wocky module in Telepathy Gabble before 0.16.6 and 0.17.x before 0.17.4, when connecting to a "legacy Jabber server," does not properly enforce the WockyConnector:tls-required flag, which allows remote attackers... |
| CVE-2013-1443 | 2013-09-23 | The authentication framework (django.contrib.auth) in Django 1.4.x before 1.4.8, 1.5.x before 1.5.4, and 1.6.x before 1.6 beta 4 allows remote attackers to cause a denial of service (CPU consumption) via... |
| CVE-2013-2217 | 2013-09-23 | cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache... |
| CVE-2013-4294 | 2013-09-23 | The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens,... |
| CVE-2013-5710 | 2013-09-23 | The nullfs implementation in sys/fs/nullfs/null_vnops.c in the kernel in FreeBSD 8.3 through 9.2 allows local users with certain permissions to bypass access restrictions via a hardlink in a nullfs instance... |
| CVE-2013-5930 | 2013-09-23 | Cross-site scripting (XSS) vulnerability in search_residential.php in Real Estate PHP Script allows remote attackers to inject arbitrary web script or HTML via the bos parameter. |
| CVE-2013-5932 | 2013-09-23 | Unspecified vulnerability in WebAdmin in Sophos UTM (aka Astaro Security Gateway) before 9.105 has unknown impact and attack vectors. |
| CVE-2012-2624 | 2013-09-23 | Stack-based buffer overflow in Logica HotScan allows remote attackers to cause a denial of service (crash) via a crafted packet. |
| CVE-2013-5119 | 2013-09-23 | Zimbra Collaboration Suite (ZCS) 6.0.16 and earlier allows man-in-the-middle attackers to obtain access by sniffing the network and replaying the ZM_AUTH_TOKEN token. |
| CVE-2013-5666 | 2013-09-23 | The sendfile system-call implementation in sys/kern/uipc_syscalls.c in the kernel in FreeBSD 9.2-RC1 and 9.2-RC2 does not properly pad transmissions, which allows local users to obtain sensitive information (kernel memory) via... |
| CVE-2013-5931 | 2013-09-23 | SQL injection vulnerability in property_listings_detail.php in Real Estate PHP Script allows remote attackers to execute arbitrary SQL commands via the listingid parameter. |
| CVE-2012-4078 | 2013-09-24 | The Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) does not properly handle SSH escape sequences, which allows remote authenticated users to bypass an unspecified authentication step via... |
| CVE-2012-4085 | 2013-09-24 | The Intelligent Platform Management Interface (IPMI) implementation in the Blade Management Controller in Cisco Unified Computing System (UCS) allows remote attackers to enumerate valid usernames by observing IPMI interface responses,... |
| CVE-2012-4087 | 2013-09-24 | A cluster setup script for fabric interconnect devices in Cisco Unified Computing System (UCS) allows remote attackers to execute arbitrary commands via invalid parameters, aka Bug ID CSCtg20793. |
| CVE-2012-4089 | 2013-09-24 | MCTOOLS in the fabric interconnect in Cisco Unified Computing System (UCS) allows local users to execute arbitrary Baseboard Management Controller (BMC) commands by leveraging (1) local, (2) shell-level, or (3)... |
| CVE-2012-4094 | 2013-09-24 | Buffer overflow in the Smart Call Home feature in the fabric interconnect in Cisco Unified Computing System (UCS) allows remote attackers to cause a denial of service by reading and... |
| CVE-2013-5221 | 2013-09-24 | The mobile-upload feature in Esri ArcGIS for Server 10.1 through 10.2 allows remote authenticated users to upload .exe files by leveraging (1) publisher or (2) administrator privileges. |
| CVE-2013-3589 | 2013-09-24 | Cross-site scripting (XSS) vulnerability in the login page in the Administrative Web Interface on Dell iDRAC6 monolithic devices with firmware before 1.96 and iDRAC7 devices with firmware before 1.46.45 allows... |
| CVE-2013-3616 | 2013-09-24 | Cross-site scripting (XSS) vulnerability in the KnowledgeView Editorial and Management application allows remote attackers to inject arbitrary web script or HTML via the username parameter. |
| CVE-2013-5911 | 2013-09-24 | Cross-site scripting (XSS) vulnerability in devform.php in Tenable SecurityCenter 4.6 through 4.7 allows remote attackers to inject arbitrary web script or HTML via the message parameter. |
| CVE-2012-4086 | 2013-09-25 | A setup script for fabric interconnect devices in Cisco Unified Computing System (UCS) allows remote attackers to execute arbitrary commands via invalid parameters, aka Bug ID CSCtg20790. |
| CVE-2013-1060 | 2013-09-25 | A certain Ubuntu build procedure for perf, as distributed in the Linux kernel packages in Ubuntu 10.04 LTS, 12.04 LTS, 12.10, 13.04, and 13.10, sets the HOME environment variable to... |
| CVE-2013-2140 | 2013-09-25 | The dispatch_discard_io function in drivers/block/xen-blkback/blkback.c in the Xen blkback implementation in the Linux kernel before 3.10.5 allows guest OS users to cause a denial of service (data loss) via filesystem... |
| CVE-2013-4022 | 2013-09-25 | IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x store unspecified authentication information... |
| CVE-2013-4024 | 2013-09-25 | IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x support HTTP access to... |
| CVE-2013-4025 | 2013-09-25 | IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x do not have an... |
| CVE-2013-4300 | 2013-09-25 | The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.11 performs a capability check in an incorrect namespace, which allows local users to gain privileges via PID spoofing. |
| CVE-2013-4343 | 2013-09-25 | Use-after-free vulnerability in drivers/net/tun.c in the Linux kernel through 3.11.1 allows local users to gain privileges by leveraging the CAP_NET_ADMIN capability and providing an invalid tuntap interface name in a... |
| CVE-2013-4350 | 2013-09-25 | The IPv6 SCTP implementation in net/sctp/ipv6.c in the Linux kernel through 3.11.1 uses data structures and function calls that do not trigger an intended configuration of IPsec encryption, which allows... |
| CVE-2013-5373 | 2013-09-25 | The RemoteClient component in IBM Rational ClearCase 8.0.0.03 through 8.0.0.07, and 8.0.1, uses world-writable permissions for the rcleartool script, which allows local users to gain privileges by appending commands. |
| CVE-2013-5634 | 2013-09-25 | arch/arm/kvm/arm.c in the Linux kernel before 3.10 on the ARM platform, when KVM is used, allows host OS users to cause a denial of service (NULL pointer dereference, OOPS, and... |
| CVE-2013-4777 | 2013-09-25 | A certain configuration of Android 2.3.7 on the Motorola Defy XT phone for Republic Wireless uses init to create a /dev/socket/init_runit socket that listens for shell commands, which allows local... |
| CVE-2013-5118 | 2013-09-25 | Cross-site scripting (XSS) vulnerability in the Good for Enterprise app before 2.2.4.1659 for iOS allows remote attackers to inject arbitrary web script or HTML via an HTML e-mail message. |
| CVE-2013-5200 | 2013-09-25 | The (1) REST and (2) memcache interfaces in the Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 do not require authentication, which allows remote attackers... |
| CVE-2013-5750 | 2013-09-25 | The login form in the FriendsOfSymfony FOSUserBundle bundle before 1.3.3 for Symfony allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an... |
| CVE-2013-5933 | 2013-09-25 | Stack-based buffer overflow in the sub_E110 function in init in a certain configuration of Android 2.3.7 on the Motorola Defy XT phone for Republic Wireless allows local users to gain... |
| CVE-2013-5934 | 2013-09-25 | Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 has a hardcoded password for node join operations, which allows remote attackers to expand a cluster by finding this password in... |
| CVE-2013-5935 | 2013-09-25 | The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 does not properly restrict the set of network interfaces that can receive API calls, which makes... |
| CVE-2013-5936 | 2013-09-25 | The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 allows remote attackers to obtain sensitive information about (1) runtime activity, (2) network configuration, (3) user... |
| CVE-2013-5586 | 2013-09-25 | Cross-site scripting (XSS) vulnerability in wikka.php in WikkaWiki before 1.3.4-p1 allows remote attackers to inject arbitrary web script or HTML via the wakka parameter to sql/. |
| CVE-2013-5937 | 2013-09-25 | Cross-site request forgery (CSRF) vulnerability in the Click2Sell Suite module 6.x-1.x for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete database information via vectors... |
| CVE-2013-5938 | 2013-09-25 | Cross-site scripting (XSS) vulnerability in the Click2Sell Suite module 6.x-1.x for Drupal allows remote attackers to inject arbitrary web script or HTML via a confirmation form. |
| CVE-2012-4079 | 2013-09-26 | The XML API service in the Fabric Interconnect component in Cisco Unified Computing System (UCS) allows remote attackers to cause a denial of service (API service outage) via a malformed... |
| CVE-2012-4088 | 2013-09-26 | The FTP server in Cisco Unified Computing System (UCS) has a hardcoded password for an unspecified user account, which makes it easier for remote attackers to read or modify files... |
| CVE-2012-4092 | 2013-09-26 | The management interface in the Central Software component in Cisco Unified Computing System (UCS) does not properly validate the identity of vCenter consoles, which allows man-in-the-middle attackers to read or... |
| CVE-2013-4626 | 2013-09-26 | Cross-site scripting (XSS) vulnerability in the BackWPup plugin before 3.0.13 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tab parameter to wp-admin/admin.php. |
| CVE-2013-5093 | 2013-09-27 | The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized... |
| CVE-2013-5472 | 2013-09-27 | The NTP implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.1, and IOS XE 2.1 through 3.3, does not properly handle encapsulation of multicast NTP packets within MSDP... |
| CVE-2013-5473 | 2013-09-27 | Memory leak in Cisco IOS 12.2, 15.1, and 15.2; IOS XE 3.4.2S through 3.4.5S; and IOS XE 3.6.xS before 3.6.1S allows remote attackers to cause a denial of service (memory... |
| CVE-2013-5474 | 2013-09-27 | Race condition in the IPv6 virtual fragmentation reassembly (VFR) implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.3 allows remote attackers to cause a denial of service (device... |
| CVE-2013-5475 | 2013-09-27 | Cisco IOS 12.2 through 12.4 and 15.0 through 15.3, and IOS XE 2.1 through 3.9, allows remote attackers to cause a denial of service (device reload) via crafted DHCP packets... |
| CVE-2013-5476 | 2013-09-27 | The Zone-Based Firewall (ZFW) feature in Cisco IOS 15.1 through 15.2, when content filtering or HTTP ALG inspection is enabled, allows remote attackers to cause a denial of service (device... |
| CVE-2013-5477 | 2013-09-27 | The T1/E1 driver-queue functionality in Cisco IOS 12.2 and 15.0 through 15.3, when an HDLC32 driver is used, allows remote attackers to cause a denial of service (interface queue wedge)... |
| CVE-2013-5478 | 2013-09-27 | Cisco IOS 15.0 through 15.3 and IOS XE 3.2 through 3.8, when a VRF interface exists, allows remote attackers to cause a denial of service (interface queue wedge) via crafted... |
| CVE-2013-5479 | 2013-09-27 | The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4... |
| CVE-2013-5480 | 2013-09-27 | The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4... |