LiveActive security incident?Get immediate response
CVE archive

March 2013

Browse CVE records published in March 2013, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 550 matching CVEs · Page 3 of 11.

Unknown · CVSS Not scored

CVE-2013-1050: The default configuration in gnome-screensaver 3.5.4 through 3.6.0 sets the AutostartCondition line to fall...

The default configuration in gnome-screensaver 3.5.4 through 3.6.0 sets the AutostartCondition line to fallback mode in the .desktop file, which prevents the program from starting automatically after login and allows physically proximate attackers to bypass screen locking and access an unattended workstation.

Published Mar 8, 2013 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2013-0936: Cross-site scripting (XSS) vulnerability in EMC Smarts IP Manager, Smarts Service Assurance Manager, Smarts...

Cross-site scripting (XSS) vulnerability in EMC Smarts IP Manager, Smarts Service Assurance Manager, Smarts Server Manager, Smarts VoIP Availability Manager, Smarts Network Protocol Manager, and Smarts MPLS Manager before 9.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

Published Mar 28, 2013 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2013-0206: Unrestricted file upload vulnerability in the Live CSS module 6.x-2.x before 6.x-2.1 and 7.x-2.x before 7.x...

Unrestricted file upload vulnerability in the Live CSS module 6.x-2.x before 6.x-2.1 and 7.x-2.x before 7.x-2.7 for Drupal allows remote authenticated users with the "administer CSS" permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.

Published Mar 19, 2013 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2013-2493: The Hook_Terminate function in chrome_frame/protocol_sink_wrap.cc in the Google Chrome Frame plugin before...

The Hook_Terminate function in chrome_frame/protocol_sink_wrap.cc in the Google Chrome Frame plugin before 26.0.1410.28 for Internet Explorer does not properly handle attach tab requests, which allows user-assisted remote attackers to cause a denial of service (application crash) via an _blank value for the target attribute of an A element.

Published Mar 7, 2013 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2013-2264: The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before...

The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; Asterisk Business Edition (BE) C.3.x before C.3.8.1; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones exhibits different behavior for invalid INVITE, SUBSCRIBE, and REGISTER transactions depending on whether the user account exists, which allows remote attackers to enumerate account names by (1) reading HTTP status codes, (2) reading additional text in a 403 (aka Forbidden) response, or (3) observing whether certain retransmissions occur.

Published Mar 29, 2013 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2013-2293: The CTransaction::FetchInputs method in bitcoind and Bitcoin-Qt before 0.8.0rc1 copies transactions from di...

The CTransaction::FetchInputs method in bitcoind and Bitcoin-Qt before 0.8.0rc1 copies transactions from disk to memory without incrementally checking for spent prevouts, which allows remote attackers to cause a denial of service (disk I/O consumption) via a Bitcoin transaction with many inputs corresponding to many different parts of the stored block chain.

Published Mar 12, 2013 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2013-1147: The Protocol Translation (PT) functionality in Cisco IOS 12.3 through 12.4 and 15.0 through 15.3, when one-...

The Protocol Translation (PT) functionality in Cisco IOS 12.3 through 12.4 and 15.0 through 15.3, when one-step port-23 translation or a Telnet-to-PAD ruleset is configured, does not properly validate TCP connection information, which allows remote attackers to cause a denial of service (device reload) via an attempted connection to a PT resource, aka Bug ID CSCtz35999.

Published Mar 28, 2013 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2013-1079: Directory traversal vulnerability in the ISCreateObject method in an ActiveX control in InstallShield\ISPro...

Directory traversal vulnerability in the ISCreateObject method in an ActiveX control in InstallShield\ISProxy.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.3 through 11.2 allows remote attackers to execute arbitrary local DLL files via a crafted web page that also calls the Initialize method.

Published Mar 29, 2013 · Updated Sep 16, 2024