LiveActive security incident?Get immediate response
CVE archive

December 2013

Browse CVE records published in December 2013, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 547 matching CVEs · Page 3 of 11.

Unknown · CVSS Not scored

CVE-2013-6987: Multiple directory traversal vulnerabilities in the FileBrowser components in Synology DiskStation Manager...

Multiple directory traversal vulnerabilities in the FileBrowser components in Synology DiskStation Manager (DSM) before 4.3-3810 Update 3 allow remote attackers to read, write, and delete arbitrary files via a .. (dot dot) in the (1) path parameter to file_delete.cgi or (2) folder_path parameter to file_share.cgi in webapi/FileStation/; (3) dlink parameter to fbdownload/; or unspecified parameters to (4) html5_upload.cgi, (5) file_download.cgi, (6) file_sharing.cgi, (7) file_MVCP.cgi, or (8) file_rename.cgi in webapi/FileStation/.

Published Dec 31, 2013 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2013-7043: Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Scientific Atlanta DPR2320R2 routers wi...

Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Scientific Atlanta DPR2320R2 routers with software 2.0.2r1262-090417 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password via the Password parameter to goform/RgSecurity; (2) reboot the device via the Restart parameter to goform/restart; (3) modify Wi-Fi settings, as demonstrated by the WpaPreSharedKey parameter to goform/wlanSecurity; or (4) modify parental controls via the ParentalPassword parameter to goform/RgParentalBasic.

Published Dec 10, 2013 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2013-6956: Cross-site scripting (XSS) vulnerability in the Secure Access Service Web rewriting feature in Juniper Juno...

Cross-site scripting (XSS) vulnerability in the Secure Access Service Web rewriting feature in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r17, 7.3 before 7.3r8, 7.4 before 7.4r6, and 8.0 before 8.0r1, when web rewrite is enabled, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Published Dec 13, 2013 · Updated Aug 6, 2024