LiveActive security incident?Get immediate response
CVE archive

May 2013

Browse CVE records published in May 2013, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 500 matching CVEs · Page 2 of 10.

Unknown · CVSS Not scored

CVE-2013-3056: Joomla!

Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and delete the private messages of arbitrary users via unspecified vectors.

Published May 3, 2013 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2013-3496: Infotecs ViPNet Client 3.2.10 (15632) and earlier, ViPNet Coordinator 3.2.10 (15632) and earlier, ViPNet Pe...

Infotecs ViPNet Client 3.2.10 (15632) and earlier, ViPNet Coordinator 3.2.10 (15632) and earlier, ViPNet Personal Firewall 3.1 and earlier, and ViPNet SafeDisk 4.1 (0.5643) and earlier use weak permissions (Everyone: Full Control) for a folder under %PROGRAMFILES%\Infotecs, which allows local users to gain privileges via a Trojan horse (1) executable file or (2) DLL file.

Published May 22, 2013 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2013-0582: Cross-site scripting (XSS) vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0...

Cross-site scripting (XSS) vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.12, 6.2.1 before 6.2.1.5, and 6.2.2 before 6.2.2.4 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.12 and 6.2.1 before 6.2.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL that triggers a SAML 2.0 response.

Published May 2, 2013 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2013-1210: Array index error in the Virtual Ethernet Module (VEM) kernel driver for VMware ESXi in Cisco NX-OS on the...

Array index error in the Virtual Ethernet Module (VEM) kernel driver for VMware ESXi in Cisco NX-OS on the Nexus 1000V, when STUN debugging is enabled, allows remote attackers to cause a denial of service (ESXi crash and purple screen of death) by sending crafted STUN packets to a VEM, aka Bug ID CSCud14825.

Published May 29, 2013 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2013-1213: Cisco NX-OS on the Nexus 1000V does not assign the proper priority to heartbeat messages from a Virtual Eth...

Cisco NX-OS on the Nexus 1000V does not assign the proper priority to heartbeat messages from a Virtual Ethernet Module (VEM) to a Virtual Supervisor Module (VSM), which allows remote attackers to cause a denial of service (false VEM unavailability report) via a flood of UDP packets, aka Bug ID CSCud14840.

Published May 29, 2013 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2013-7385: LiveZilla 5.1.2.1 and earlier includes the MD5 hash of the operator password in plaintext in Javascript cod...

LiveZilla 5.1.2.1 and earlier includes the MD5 hash of the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which allows remote attackers to obtain sensitive information and gain privileges by accessing the loginName and loginPassword variables using an independent cross-site scripting (XSS) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7033.

Published May 19, 2014 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2013-1209: The encryption functionality in the Virtual Supervisor Module (VSM) to Virtual Ethernet Module (VEM) commun...

The encryption functionality in the Virtual Supervisor Module (VSM) to Virtual Ethernet Module (VEM) communication component in Cisco NX-OS on the Nexus 1000V does not properly authenticate VSM/VEM packets, which allows remote attackers to disable packet-level encryption and integrity protection via crafted packets, aka Bug ID CSCud14710.

Published May 29, 2013 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2013-3057: Joomla!

Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and list the privileges of arbitrary users via unspecified vectors.

Published May 3, 2013 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2013-1225: Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 allows remote attackers to read arbit...

Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 allows remote attackers to read arbitrary files via a Resource Manager (1) HTTP or (2) HTTPS request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCub38366.

Published May 9, 2013 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2013-0686: Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal allows remote attacke...

Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Published May 9, 2013 · Updated Sep 16, 2024