Security Vulnerabilities, CVEs, Published In September 2013
CVE-2013-5696
Public exploit
inc/central.class.php in GLPI before 0.84.2 does not attempt to make install/install.php unavailable after an installation is completed, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and (1) perform a SQL injection via an Etape_4 action or (2) execute arbitrary PHP code via an update_1 action.
Max CVSS
6.8
EPSS Score
61.10%
Published
2013-09-23
Updated
2013-09-23
CVE-2013-5486
Public exploit
Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to write arbitrary files via the chartid parameter, aka Bug IDs CSCue77035 and CSCue77036. NOTE: this can be leveraged to execute arbitrary commands by using the JBoss autodeploy functionality.
Max CVSS
10.0
EPSS Score
97.29%
Published
2013-09-23
Updated
2016-09-16
CVE-2013-5093
Public exploit
The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object.
Max CVSS
6.8
EPSS Score
96.42%
Published
2013-09-27
Updated
2013-10-07
CVE-2013-4984
Public exploit
The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows local users to gain privileges via shell metacharacters in the second argument.
Max CVSS
7.2
EPSS Score
0.08%
Published
2013-09-10
Updated
2016-11-08
CVE-2013-4983
Public exploit
The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to end-user/index.php.
Max CVSS
10.0
EPSS Score
91.81%
Published
2013-09-10
Updated
2013-10-09
CVE-2013-4812
Public exploit
UpdateCertificatesServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the fileName argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743.
Max CVSS
10.0
EPSS Score
96.96%
Published
2013-09-16
Updated
2013-09-26
CVE-2013-4811
Public exploit
UpdateDomainControllerServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the adCert argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743.
Max CVSS
10.0
EPSS Score
96.96%
Published
2013-09-16
Updated
2013-09-26
CVE-2013-4341
Public exploit
Multiple cross-site scripting (XSS) vulnerabilities in Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 allow remote attackers to inject arbitrary web script or HTML via a crafted blog link within an RSS feed.
Max CVSS
4.3
EPSS Score
0.17%
Published
2013-09-16
Updated
2022-05-01
CVE-2013-3893
Public exploit
Use-after-free vulnerability in the SetMouseCapture implementation in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript strings, as demonstrated by use of an ms-help: URL that triggers loading of hxds.dll.
Max CVSS
9.3
EPSS Score
96.25%
Published
2013-09-18
Updated
2021-05-17
CVE-2013-3205
Public exploit
Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
Max CVSS
9.3
EPSS Score
97.08%
Published
2013-09-11
Updated
2018-10-12
CVE-2013-2068
Public exploit
Multiple directory traversal vulnerabilities in the AgentController in Red Hat CloudForms Management Engine 2.0 allow remote attackers to create and overwrite arbitrary files via a .. (dot dot) in the filename parameter to the (1) log, (2) upload, or (3) linuxpkgs method.
Max CVSS
9.4
EPSS Score
59.65%
Published
2013-09-28
Updated
2014-01-14
CVE-2013-0810
Public exploit
Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, and Windows Server 2008 SP2 allow remote attackers to execute arbitrary code via a crafted screensaver in a theme file, aka "Windows Theme File Remote Code Execution Vulnerability."
Max CVSS
9.3
EPSS Score
95.62%
Published
2013-09-11
Updated
2023-12-07
12 vulnerabilities found