LiveActive security incident?Get immediate response
CVE archive

March 2013

Browse CVE records published in March 2013, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 550 matching CVEs · Page 1 of 11.

Medium · CVSS 5.5

CVE-2013-0266: Puppetlabs-cinder: packstack: openstack: puppetlabs-cinder: information disclosure of openstack administrative passwords due to world-readable configuration files.

A flaw was found in the `puppetlabs-cinder` module, as used in PackStack. This vulnerability is due to incorrect file permissions, specifically world-readable permissions, on the `cinder.conf` and `api-paste.ini` configuration files. A local user can exploit this by reading these files, which leads to the disclosure of OpenStack administrative passwords. This information disclosure could allow unauthorized access to sensitive OpenStack resources.

Published Mar 8, 2013 · Updated Apr 30, 2026

High · CVSS 8.8

CVE-2013-0261: Packstack: packstack: arbitrary file overwrite via symlink attack

A flaw was found in PackStack. A local user could exploit a symlink attack on a temporary file with a predictable name in the `/tmp` directory. This vulnerability allows the local user to overwrite arbitrary files on the system, potentially leading to system compromise or data corruption.

Published Mar 8, 2013 · Updated Apr 30, 2026

Medium · CVSS 6.9

CVE-2013-20005: Qool CMS 2.0 RC2 Cross-Site Request Forgery via adduser

Qool CMS 2.0 RC2 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious web pages. Attackers can forge POST requests to the /admin/adduser endpoint with parameters like username, password, email, and level to create root-level user accounts without user consent.

Published Mar 15, 2026 · Updated Mar 16, 2026

High · CVSS 8.7

CVE-2013-20006: Qool CMS Multiple Persistent Cross-Site Scripting Vulnerabilities

Qool CMS contains multiple persistent cross-site scripting vulnerabilities in several administrative scripts where POST parameters are not properly sanitized before being stored and returned to users. Attackers can inject malicious JavaScript code through parameters like 'title', 'name', 'email', 'username', 'link', and 'task' in endpoints such as addnewtype, addnewdatafield, addmenu, addusergroup, addnewuserfield, adduser, addgeneraldata, and addcontentitem to execute arbitrary scripts in administrator browsers.

Published Mar 15, 2026 · Updated Mar 16, 2026

High · CVSS 8.8 · CISA KEV

CVE-2013-2551: Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute...

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-1309.

Published Mar 11, 2013 · Updated Oct 22, 2025

Unknown · CVSS Not scored

CVE-2013-0126: Multiple cross-site request forgery (CSRF) vulnerabilities in index.cgi on the Verizon FIOS Actiontec MI424...

Multiple cross-site request forgery (CSRF) vulnerabilities in index.cgi on the Verizon FIOS Actiontec MI424WR-GEN3I router with firmware 40.19.36 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via the username and user_level parameters or (2) enable remote administration via the is_telnet_primary and is_telnet_secondary parameters.

Published Mar 21, 2013 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2013-0717: Multiple cross-site request forgery (CSRF) vulnerabilities in the web-based management utility on the NEC A...

Multiple cross-site request forgery (CSRF) vulnerabilities in the web-based management utility on the NEC AtermWR9500N, AtermWR8600N, AtermWR8370N, AtermWR8160N, AtermWM3600R, and AtermWM3450RN routers allow remote attackers to hijack the authentication of administrators for requests that (1) initialize settings or (2) reboot the device.

Published Mar 19, 2013 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2013-2279: CA SiteMinder Federation (FSS) 12.5, 12.0, and r6; Federation (Standalone) 12.1 and 12.0; Agent for SharePo...

CA SiteMinder Federation (FSS) 12.5, 12.0, and r6; Federation (Standalone) 12.1 and 12.0; Agent for SharePoint 2010; and SiteMinder for Secure Proxy Server 6.0, 12.0, and 12.5 does not properly verify XML signatures for SAML statements, which allows remote attackers to spoof other users and gain privileges.

Published Mar 21, 2013 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2013-1423: (1) contrib/gforge-3.0-cronjobs.patch, (2) cronjobs/homedirs.php, (3) deb-specific/fileforge.pl, (4) deb-sp...

(1) contrib/gforge-3.0-cronjobs.patch, (2) cronjobs/homedirs.php, (3) deb-specific/fileforge.pl, (4) deb-specific/group_dump_update.pl, (5) deb-specific/ssh_dump_update.pl, (6) deb-specific/user_dump_update.pl, (7) plugins/scmbzr/common/BzrPlugin.class.php, (8) plugins/scmcvs/common/CVSPlugin.class.php, (9) plugins/scmcvs/cronjobs/cvs.php, (10) plugins/scmcvs/cronjobs/ssh_create.php, (11) plugins/scmgit/common/GitPlugin.class.php, (12) plugins/scmsvn/common/SVNPlugin.class.php, (13) plugins/wiki/cronjobs/create_groups.php, (14) utils/cvs1/cvscreate.sh, and (15) utils/include.pl in FusionForge 5.0, 5.1, and 5.2 allows local users to change arbitrary file permissions, obtain sensitive information, and have other unspecified impacts via a (1) symlink or (2) hard link attack on certain files.

Published Mar 12, 2013 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2013-2717: Multiple unspecified vulnerabilities in the System Management (aka SysAdmin) Console in EMC Smarts Network...

Multiple unspecified vulnerabilities in the System Management (aka SysAdmin) Console in EMC Smarts Network Configuration Manager (NCM) through 9.2 have unknown impact and attack vectors, a different issue than CVE-2013-0935. NOTE: this might overlap CVEs for open-source server components or other third-party components.

Published Mar 28, 2013 · Updated Sep 17, 2024