High · CVSS 7.5
The web server on the Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 allows remote attackers to obtain sensitive configuration and status information by reading log files.
Published Jun 29, 2013 · Updated Jun 2, 2026
High · CVSS 7.3
dasdec_mkuser on the Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 generates predictable passwords, which might make it easier for attackers to obtain non-administrative access via unspecified vectors.
Published Jun 29, 2013 · Updated Jun 2, 2026
High · CVSS 7.8 · CISA KEV
Buffer overflow in Microsoft Office 2003 SP3 and Office 2011 for Mac allows remote attackers to execute arbitrary code via crafted PNG data in an Office document, leading to improper memory allocation, aka "Office Buffer Overflow Vulnerability."
Published Jun 12, 2013 · Updated Oct 22, 2025
Critical · CVSS 9.8 · CISA KEV
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image channel verification" in 2D.
Published Jun 18, 2013 · Updated Oct 22, 2025
High · CVSS 8.8 · CISA KEV
Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location.
Published Jun 26, 2013 · Updated Oct 22, 2025
Medium · CVSS 5.6
Buffer overflow vulnerability in matplotlib.This issue affects matplotlib: before upstream commit ba4016014cb4fb4927e36ce8ea429fed47dcb787.
Published Jun 26, 2025 · Updated Jun 26, 2025
Medium · CVSS 5
A vulnerability classified as problematic was found in Exit Box Lite Plugin up to 1.06 on WordPress. Affected by this vulnerability is the function exitboxadmin of the file wordpress-exit-box-lite.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. Upgrading to version 1.10 is able to address this issue. The patch is named fad26701addb862c51baf85c6e3cc136aa79c309. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230671.
Published Jun 5, 2023 · Updated Nov 22, 2024
Unknown · CVSS Not scored
The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 does not have an off autocomplete attribute for the password (aka j_password) field on the secsphLogin.jsp login page, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
Published Jun 28, 2013 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in data/class/pages/products/LC_Page_Products_List.php in LOCKON EC-CUBE 2.11.0 through 2.12.4 allows remote attackers to inject arbitrary web script or HTML via vectors involving the classcategory_id2 field, a different vulnerability than CVE-2013-3653.
Published Jun 29, 2013 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Multiple unspecified vulnerabilities in REDCap before 5.1.1 allow remote attackers to have an unknown impact via vectors involving (1) the Online Designer page or (2) the Manage Survey Participants page.
Published Jun 17, 2013 · Updated Sep 17, 2024
Unknown · CVSS Not scored
ServerAdmin/TestDRConnection.jsp in DS3 Authentication Server allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in a -REG-E-OPEN error message.
Published Jun 28, 2013 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in LOCKON EC-CUBE 2.12.0 through 2.12.4 allows remote attackers to read arbitrary image files via vectors related to data/class/SC_CheckError.php and data/class/SC_FormParam.php, a different vulnerability than CVE-2013-3650.
Published Jun 29, 2013 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability component in Cisco Unified Communications Manager (CUCM) allows remote attackers to hijack the authentication of arbitrary users for requests that perform Unified Serviceability actions, aka Bug ID CSCuh10298.
Published Jun 26, 2013 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The gif_decode_frame function in gifdec.c in libavcodec in FFmpeg before 1.2.1 does not properly manage the disposal methods of frames, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted GIF data.
Published Jun 10, 2013 · Updated Sep 17, 2024
Unknown · CVSS Not scored
XSS Auditor in WebKit in Apple Safari before 6.0.5 does not properly rewrite URLs, which allows remote attackers to trigger unintended form submissions via unspecified vectors.
Published Jun 5, 2013 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The Content Provider in the MovatwiTouch application before 1.793 and MovatwiTouch Paid application before 1.793 for Android does not properly restrict access to authorization information, which allows attackers to hijack Twitter accounts via a crafted application.
Published Jun 6, 2013 · Updated Sep 17, 2024
Unknown · CVSS Not scored
FileMaker Pro before 12 and Pro Advanced before 12 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Published Jun 10, 2013 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Disk Management in Apple Mac OS X before 10.8.4 does not properly authenticate attempts to disable FileVault, which allows local users to cause a denial of service (loss of encryption functionality) via an unspecified command line.
Published Jun 5, 2013 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers allow remote attackers to cause a denial of service (device hang) via a crafted LAN_TXT24 parameter to English/pages_MacUS/cgi_lan.cgi followed by a direct request to English/pages_MacUS/lan_set_content.html. NOTE: the vendor has apparently responded by stating "Canon believes that its printers will not have to deal with unauthorized access to the network from an external location as long as the printers are used in a secured environment."
Published Jun 21, 2013 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in the client library in Siemens COMOS 9.2 before 9.2.0.6.10 and 10.0 before 10.0.3.0.4 allows local users to obtain unintended write access to the database by leveraging read access.
Published Jun 18, 2013 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Cisco TelePresence TC Software before 5.1.7 and TE Software before 4.1.3 allow remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCue01743.
Published Jun 21, 2013 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Cisco Hosted Collaboration Mediation allows remote attackers to cause a denial of service (CPU consumption) via a flood of malformed UDP packets on port 162, aka Bug ID CSCug85756.
Published Jun 12, 2013 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The administrative web interface in the Access Control Server in Cisco Secure Access Control System (ACS) does not properly restrict the report view page, which allows remote authenticated users to obtain sensitive information via a direct request, aka Bug ID CSCue79279.
Published Jun 12, 2013 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The firewall module on the Huawei Quidway Service Process Unit (SPU) board S7700, S9300, and S9700 on Huawei Campus Switch devices allows remote authenticated users to obtain sensitive information from the high-priority security zone by leveraging access to the low-priority security zone.
Published Jun 20, 2013 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 have a default password for an administrative account, which makes it easier for remote attackers to obtain access via an IP network.
Published Jun 29, 2013 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The Pizza Hut Japan Official Order application before 1.1.1.a for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Published Jun 10, 2013 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in the portal page in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCue23798.
Published Jun 14, 2013 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Multiple directory traversal vulnerabilities in the EditDocument servlet in the Frontend in Mutiny before 5.0-1.11 allow remote authenticated users to upload and execute arbitrary programs, read arbitrary files, or cause a denial of service (file deletion or renaming) via (1) the uploadPath parameter in an UPLOAD operation; the paths[] parameter in a (2) DELETE, (3) CUT, or (4) COPY operation; or the newPath parameter in a (5) CUT or (6) COPY operation.
Published Jun 1, 2013 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1654.
Published Jun 6, 2013 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote attackers to obtain sensitive information via (1) a direct request to dwr/call/plaincall/AsyncOperationsContainer.getOperationState.dwr, which reveals the installation path in the s0.filePath field, or (2) a T/keyManagement request to plain/settings.html, which reveals a temporary path in an error message.
Published Jun 28, 2013 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The Precision Video Engine component in Cisco Jabber for Windows and Cisco Virtualization Experience Media Engine allows remote attackers to cause a denial of service (process crash and call disconnection) via crafted RTP packets, aka Bug IDs CSCuh60706 and CSCue21117.
Published Jun 26, 2013 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Absolute path traversal vulnerability in hpdiags/frontend2/commands/saveCompareConfig.php in HP Insight Diagnostics 9.4.0.4710 allows remote attackers to write data to arbitrary files via a full pathname in the argument to the devicePath (aka mount) parameter.
Published Jun 14, 2013 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unspecified vulnerability on HP Integrated Lights-Out 3 (aka iLO3) cards with firmware before 1.57 and 4 (aka iLO4) cards with firmware before 1.22, when Single-Sign-On (SSO) is used, allows remote attackers to execute arbitrary code via unknown vectors.
Published Jun 14, 2013 · Updated Sep 17, 2024
High · CVSS 8.8
The controller of the Open Build Service API prior to version 2.4.4 is missing a write permission check, allowing an authenticated attacker to add or remove user roles from packages and/or project meta data.
Published Jun 8, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The Event Center module in Cisco WebEx Meetings Server does not perform request authentication in all intended circumstances, which allows remote attackers to discover host keys and event passwords via crafted URLs, aka Bug ID CSCue62485.
Published Jun 6, 2013 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, which allows remote attackers to execute arbitrary code via a crafted string that triggers an eval operation.
Published Jun 28, 2013 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The Sleipnir Mobile application 2.9.1 and earlier and Sleipnir Mobile Black Edition application 2.9.1 and earlier for Android allow remote attackers to spoof the address bar via vectors involving the opening of a new window.
Published Jun 3, 2013 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in the Display Suite module 7.x-1.x before 7.x-1.7 and 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via an entity bundle label.
Published Jun 25, 2013 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The Key Management feature in the SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to upload executable files via the (1) private_key or (2) public_key parameter in a T/keyManagement request to plain/settings.html, as demonstrated by uploading a Linux ELF file and a shell script.
Published Jun 28, 2013 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1680.
Published Jun 6, 2013 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Cisco TelePresence TC Software before 6.1 and TE Software before 4.1.3 allow remote attackers to cause a denial of service (temporary device hang) via crafted SIP packets, aka Bug ID CSCuf89557.
Published Jun 21, 2013 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The rle_unpack function in vmdav.c in libavcodec in FFmpeg git 20130328 through 20130501 does not properly use the bytestream2 API, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted RLE data. NOTE: the vendor has listed this as an issue fixed in 1.2.1, but the issue is actually in new code that was not shipped with the 1.2.1 release or any earlier release.
Published Jun 10, 2013 · Updated Sep 17, 2024
Unknown · CVSS Not scored
HP Insight Diagnostics 9.4.0.4710 allows remote attackers to conduct unspecified injection attacks via unknown vectors.
Published Jun 14, 2013 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS 7.0r2 through 7.0r8 and 7.1r1 through 7.1r5 and Junos Pulse Access Control Service (aka UAC) with UAC OS 4.1r1 through 4.1r5 include a test Certification Authority (CA) certificate in the Trusted Server CAs list, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging control over that test CA.
Published Jun 13, 2013 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1634.
Published Jun 6, 2013 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in JustSystems Ichitaro 2006 through 2013; Ichitaro Pro through 2; Ichitaro Government 6, 7, and 2006 through 2010; Ichitaro Portable with oreplug; Ichitaro Viewer; and Ichitaro JUST School through 2010 allows remote attackers to execute arbitrary code via a crafted document.
Published Jun 18, 2013 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows context-dependent attackers to obtain sensitive information by leveraging the presence of (1) a session ID in the jsessionid field to secsphLogin.jsp or (2) credentials in the j_password parameter to j_acegi_security_check, and reading (a) web-server access logs, (b) web-server Referer logs, or (c) the browser history.
Published Jun 28, 2013 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in the lfCheckFileName function in data/class/pages/LC_Page_ResizeImage.php in LOCKON EC-CUBE before 2.12.5 allows remote attackers to read arbitrary image files via vectors involving the image parameter to resize_image.php, a different vulnerability than CVE-2013-3654.
Published Jun 29, 2013 · Updated Sep 17, 2024
Unknown · CVSS Not scored
English/pages_MacUS/wls_set_content.html on the Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers shows the Wi-Fi PSK passphrase in cleartext, which allows physically proximate attackers to obtain sensitive information by reading the screen of an unattended workstation.
Published Jun 21, 2013 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1652.
Published Jun 6, 2013 · Updated Sep 17, 2024