CVE-2013-4660

Public exploit
The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, which allows remote attackers to execute arbitrary code via a crafted string that triggers an eval operation.
Max CVSS
6.8
EPSS Score
93.32%
Published
2013-06-28
Updated
2013-07-01

CVE-2013-4615

Public exploit
The Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers allow remote attackers to cause a denial of service (device hang) via a crafted LAN_TXT24 parameter to English/pages_MacUS/cgi_lan.cgi followed by a direct request to English/pages_MacUS/lan_set_content.html. NOTE: the vendor has apparently responded by stating "Canon believes that its printers will not have to deal with unauthorized access to the network from an external location as long as the printers are used in a secured environment."
Max CVSS
5.0
EPSS Score
69.69%
Published
2013-06-21
Updated
2013-06-24

CVE-2013-4614

Public exploit
English/pages_MacUS/wls_set_content.html on the Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers shows the Wi-Fi PSK passphrase in cleartext, which allows physically proximate attackers to obtain sensitive information by reading the screen of an unattended workstation.
Max CVSS
2.1
EPSS Score
0.50%
Published
2013-06-21
Updated
2013-06-24

CVE-2013-4074

Public exploit
The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 incorrectly uses a -1 data value to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Max CVSS
5.0
EPSS Score
6.09%
Published
2013-06-09
Updated
2018-10-30

CVE-2013-3576

Public exploit
ginkgosnmp.inc in HP System Management Homepage (SMH) allows remote authenticated users to execute arbitrary commands via shell metacharacters in the PATH_INFO to smhutil/snmpchp.php.en.
Max CVSS
9.0
EPSS Score
44.83%
Published
2013-06-14
Updated
2014-01-08

CVE-2013-3520

Public exploit
VMware vCenter Chargeback Manager (aka CBM) before 2.5.1 does not proper handle uploads, which allows remote attackers to execute arbitrary code via unspecified vectors.
Max CVSS
7.5
EPSS Score
93.13%
Published
2013-06-17
Updated
2013-06-18

CVE-2013-2465

Known exploited
Public exploit
Used for ransomware
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image channel verification" in 2D.
Max CVSS
10.0
EPSS Score
82.82%
Published
2013-06-18
Updated
2022-05-13
CISA KEV Added
2022-03-28

CVE-2013-2460

Public exploit
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serviceability. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "insufficient access checks" in the tracing component.
Max CVSS
9.3
EPSS Score
96.85%
Published
2013-06-18
Updated
2017-09-19

CVE-2013-2333

Public exploit
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1680.
Max CVSS
10.0
EPSS Score
94.48%
Published
2013-06-06
Updated
2019-10-09

CVE-2013-1690

Known exploited
Public exploit
Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location.
Max CVSS
9.3
EPSS Score
6.40%
Published
2013-06-26
Updated
2017-09-19
CISA KEV Added
2022-03-28

CVE-2013-0136

Public exploit
Multiple directory traversal vulnerabilities in the EditDocument servlet in the Frontend in Mutiny before 5.0-1.11 allow remote authenticated users to upload and execute arbitrary programs, read arbitrary files, or cause a denial of service (file deletion or renaming) via (1) the uploadPath parameter in an UPLOAD operation; the paths[] parameter in a (2) DELETE, (3) CUT, or (4) COPY operation; or the newPath parameter in a (5) CUT or (6) COPY operation.
Max CVSS
8.5
EPSS Score
10.85%
Published
2013-06-01
Updated
2013-06-03
The Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 have a default password for an administrative account, which makes it easier for remote attackers to obtain access via an IP network.
Max CVSS
10.0
EPSS Score
0.60%
Published
2013-06-30
Updated
2013-07-01
dasdec_mkuser on the Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 generates predictable passwords, which might make it easier for attackers to obtain non-administrative access via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.34%
Published
2013-06-30
Updated
2013-07-01
The web server on the Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 allows remote attackers to obtain sensitive configuration and status information by reading log files.
Max CVSS
7.8
EPSS Score
0.31%
Published
2013-06-30
Updated
2013-07-01
The administrative web server on the Digital Alert Systems DASDEC EAS device through 2.0-2 and the Monroe Electronics R189 One-Net EAS device through 2.0-2 uses predictable session ID values, which makes it easier for remote attackers to hijack sessions by sniffing the network. NOTE: VU#662676 states "Monroe Electronics could not reproduce this finding.
Max CVSS
10.0
EPSS Score
0.56%
Published
2013-06-30
Updated
2024-03-21
ajax.cgi in the web interface on the Choice Wireless Green Packet WIXFMR-111 4G WiMax modem allows remote attackers to execute arbitrary commands via shell metacharacters in the pip parameter in an Ajax tag_ipPing request, a different vulnerability than CVE-2013-3581.
Max CVSS
9.3
EPSS Score
0.52%
Published
2013-06-30
Updated
2013-07-17
SQL injection vulnerability in the RSS feed from records extension 1.0.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.15%
Published
2013-06-27
Updated
2017-08-29
SQL injection vulnerability in the WEC Discussion Forum extension before 2.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.30%
Published
2013-06-27
Updated
2017-08-29
SQL injection vulnerability in the SEO Pack for tt_news extension before 1.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.16%
Published
2013-06-27
Updated
2017-08-29
SQL injection vulnerability in the meta_feedit extension 0.1.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.15%
Published
2013-06-25
Updated
2017-08-29
SQL injection vulnerability in the Multishop extension before 2.0.39 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.14%
Published
2013-06-25
Updated
2013-10-11
SQL injection vulnerability in the sofortueberweisung2commerce extension before 2.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.16%
Published
2013-06-25
Updated
2017-08-29
Open redirect vulnerability in Maag Form Captcha extension 2.0.0 and earlier for TYPO3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
Max CVSS
6.4
EPSS Score
0.28%
Published
2013-06-25
Updated
2017-08-29
FortiClient before 4.3.5.472 on Windows, before 4.0.3.134 on Mac OS X, and before 4.0 on Android; FortiClient Lite before 4.3.4.461 on Windows; FortiClient Lite 2.0 through 2.0.0223 on Android; and FortiClient SSL VPN before 4.0.2258 on Linux proceed with an SSL session after determining that the server's X.509 certificate is invalid, which allows man-in-the-middle attackers to obtain sensitive information by leveraging a password transmission that occurs before the user warning about the certificate problem.
Max CVSS
5.4
EPSS Score
0.07%
Published
2013-06-25
Updated
2015-11-04
The mget function in libmagic/softmagic.c in the Fileinfo component in PHP 5.4.x before 5.4.16 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via an MP3 file that triggers incorrect MIME type detection during access to an finfo object.
Max CVSS
4.3
EPSS Score
0.20%
Published
2013-06-21
Updated
2013-06-24
360 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!