CVE-2013-5696

Public exploit
inc/central.class.php in GLPI before 0.84.2 does not attempt to make install/install.php unavailable after an installation is completed, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and (1) perform a SQL injection via an Etape_4 action or (2) execute arbitrary PHP code via an update_1 action.
Max CVSS
6.8
EPSS Score
61.10%
Published
2013-09-23
Updated
2013-09-23

CVE-2013-5486

Public exploit
Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to write arbitrary files via the chartid parameter, aka Bug IDs CSCue77035 and CSCue77036. NOTE: this can be leveraged to execute arbitrary commands by using the JBoss autodeploy functionality.
Max CVSS
10.0
EPSS Score
97.29%
Published
2013-09-23
Updated
2016-09-16

CVE-2013-5093

Public exploit
The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object.
Max CVSS
6.8
EPSS Score
96.42%
Published
2013-09-27
Updated
2013-10-07

CVE-2013-4984

Public exploit
The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows local users to gain privileges via shell metacharacters in the second argument.
Max CVSS
7.2
EPSS Score
0.08%
Published
2013-09-10
Updated
2016-11-08

CVE-2013-4983

Public exploit
The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to end-user/index.php.
Max CVSS
10.0
EPSS Score
91.81%
Published
2013-09-10
Updated
2013-10-09

CVE-2013-4812

Public exploit
UpdateCertificatesServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the fileName argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743.
Max CVSS
10.0
EPSS Score
96.96%
Published
2013-09-16
Updated
2013-09-26

CVE-2013-4811

Public exploit
UpdateDomainControllerServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the adCert argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743.
Max CVSS
10.0
EPSS Score
96.96%
Published
2013-09-16
Updated
2013-09-26

CVE-2013-4341

Public exploit
Multiple cross-site scripting (XSS) vulnerabilities in Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 allow remote attackers to inject arbitrary web script or HTML via a crafted blog link within an RSS feed.
Max CVSS
4.3
EPSS Score
0.17%
Published
2013-09-16
Updated
2022-05-01

CVE-2013-3893

Public exploit
Use-after-free vulnerability in the SetMouseCapture implementation in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript strings, as demonstrated by use of an ms-help: URL that triggers loading of hxds.dll.
Max CVSS
9.3
EPSS Score
96.25%
Published
2013-09-18
Updated
2021-05-17

CVE-2013-3205

Public exploit
Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
Max CVSS
9.3
EPSS Score
97.08%
Published
2013-09-11
Updated
2018-10-12

CVE-2013-2068

Public exploit
Multiple directory traversal vulnerabilities in the AgentController in Red Hat CloudForms Management Engine 2.0 allow remote attackers to create and overwrite arbitrary files via a .. (dot dot) in the filename parameter to the (1) log, (2) upload, or (3) linuxpkgs method.
Max CVSS
9.4
EPSS Score
59.65%
Published
2013-09-28
Updated
2014-01-14

CVE-2013-0810

Public exploit
Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, and Windows Server 2008 SP2 allow remote attackers to execute arbitrary code via a crafted screensaver in a theme file, aka "Windows Theme File Remote Code Execution Vulnerability."
Max CVSS
9.3
EPSS Score
95.62%
Published
2013-09-11
Updated
2023-12-07
12 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!