CVE-2013-7102

Public exploit
Multiple unrestricted file upload vulnerabilities in (1) media-upload.php, (2) media-upload-lncthumb.php, and (3) media-upload-sq_button.php in lib/admin/ in the OptimizePress theme before 1.61 for WordPress allow remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images_comingsoon, images_lncthumbs, or images_optbuttons in wp-content/uploads/optpress/, as exploited in the wild in November 2013.
Max CVSS
6.8
EPSS Score
20.10%
Published
2013-12-23
Updated
2013-12-24

CVE-2013-7091

Public exploit
Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter. NOTE: this can be leveraged to execute arbitrary code by obtaining LDAP credentials and accessing the service/admin/soap API.
Max CVSS
5.0
EPSS Score
97.34%
Published
2013-12-13
Updated
2020-06-04

CVE-2013-6935

Public exploit
Buffer overflow in VideoCharge Software Watermark Master 2.2.23 allows remote attackers to execute arbitrary code via a long string in the SourcePath value in a .wcf file.
Max CVSS
9.3
EPSS Score
88.31%
Published
2013-12-04
Updated
2016-12-08

CVE-2013-6829

Public exploit
admin/confnetworking.html in PineApp Mail-SeCure allows remote attackers to execute arbitrary commands via shell metacharacters in the pinghost parameter during a ping operation.
Max CVSS
7.5
EPSS Score
1.95%
Published
2013-11-20
Updated
2013-11-21

CVE-2013-6414

Public exploit
actionpack/lib/action_view/lookup_context.rb in Action View in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to cause a denial of service (memory consumption) via a header containing an invalid MIME type that leads to excessive caching.
Max CVSS
5.0
EPSS Score
17.34%
Published
2013-12-07
Updated
2019-08-08

CVE-2013-6282

Known exploited
Public exploit
The (1) get_user and (2) put_user API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses, which allows attackers to read or modify the contents of arbitrary kernel memory locations via a crafted application, as exploited in the wild against Android devices in October and November 2013.
Max CVSS
7.2
EPSS Score
4.32%
Published
2013-11-20
Updated
2023-12-08
CISA KEV Added
2022-09-15

CVE-2013-6129

Public exploit
The install/upgrade.php scripts in vBulletin 4.1 and 5 allow remote attackers to create administrative accounts via the customerid, htmldata[password], htmldata[confirmpassword], and htmldata[email] parameters, as exploited in the wild in October 2013.
Max CVSS
7.5
EPSS Score
75.99%
Published
2013-10-19
Updated
2013-11-21

CVE-2013-5696

Public exploit
inc/central.class.php in GLPI before 0.84.2 does not attempt to make install/install.php unavailable after an installation is completed, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and (1) perform a SQL injection via an Etape_4 action or (2) execute arbitrary PHP code via an update_1 action.
Max CVSS
6.8
EPSS Score
61.10%
Published
2013-09-23
Updated
2013-09-23

CVE-2013-5576

Public exploit
administrator/components/com_media/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote authenticated users or remote attackers to bypass intended access restrictions and upload files with dangerous extensions via a filename with a trailing . (dot), as exploited in the wild in August 2013.
Max CVSS
6.8
EPSS Score
78.47%
Published
2013-10-09
Updated
2013-12-01

CVE-2013-5486

Public exploit
Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to write arbitrary files via the chartid parameter, aka Bug IDs CSCue77035 and CSCue77036. NOTE: this can be leveraged to execute arbitrary commands by using the JBoss autodeploy functionality.
Max CVSS
10.0
EPSS Score
97.29%
Published
2013-09-23
Updated
2016-09-16

CVE-2013-5447

Public exploit
Stack-based buffer overflow in IBM Forms Viewer 4.x before 4.0.0.3 and 8.x before 8.0.1.1 allows remote attackers to execute arbitrary code via an XFDL form with a long fontname value.
Max CVSS
6.8
EPSS Score
94.46%
Published
2013-12-10
Updated
2017-08-29

CVE-2013-5331

Public exploit
Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before 11.9.900.170 on Windows and Mac OS X and before 11.2.202.332 on Linux, Adobe AIR before 3.9.0.1380, Adobe AIR SDK before 3.9.0.1380, and Adobe AIR SDK & Compiler before 3.9.0.1380 allow remote attackers to execute arbitrary code via crafted .swf content that leverages an unspecified "type confusion," as exploited in the wild in December 2013.
Max CVSS
9.3
EPSS Score
96.49%
Published
2013-12-11
Updated
2018-12-13

CVE-2013-5093

Public exploit
The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object.
Max CVSS
6.8
EPSS Score
96.42%
Published
2013-09-27
Updated
2013-10-07

CVE-2013-5065

Known exploited
Public exploit
NDProxy.sys in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in November 2013.
Max CVSS
7.2
EPSS Score
0.06%
Published
2013-11-28
Updated
2018-10-12
CISA KEV Added
2022-03-03

CVE-2013-5045

Public exploit
Microsoft Internet Explorer 10 and 11 allows local users to bypass the Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code, aka "Internet Explorer Elevation of Privilege Vulnerability."
Max CVSS
6.2
EPSS Score
0.08%
Published
2013-12-11
Updated
2018-10-12

CVE-2013-5019

Public exploit
Stack-based buffer overflow in Ultra Mini HTTPD 1.21 allows remote attackers to execute arbitrary code via a long resource name in an HTTP request.
Max CVSS
10.0
EPSS Score
91.29%
Published
2013-07-31
Updated
2018-04-27

CVE-2013-4988

Public exploit
Stack-based buffer overflow in IcoFX 2.5 and earlier allows remote attackers to execute arbitrary code via a long idCount value in an ICONDIR structure in an ICO file. NOTE: some of these details are obtained from third party information.
Max CVSS
9.3
EPSS Score
67.03%
Published
2013-12-13
Updated
2021-06-07

CVE-2013-4984

Public exploit
The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows local users to gain privileges via shell metacharacters in the second argument.
Max CVSS
7.2
EPSS Score
0.08%
Published
2013-09-10
Updated
2016-11-08

CVE-2013-4983

Public exploit
The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to end-user/index.php.
Max CVSS
10.0
EPSS Score
91.81%
Published
2013-09-10
Updated
2013-10-09

CVE-2013-4837

Public exploit
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1832.
Max CVSS
10.0
EPSS Score
94.56%
Published
2013-11-04
Updated
2019-10-09

CVE-2013-4835

Public exploit
The APISiteScopeImpl SOAP service in HP SiteScope 10.1x and 11.x before 11.22 allows remote attackers to bypass authentication and execute arbitrary code via a direct request to the issueSiebelCmd method, aka ZDI-CAN-1765.
Max CVSS
7.5
EPSS Score
97.14%
Published
2013-11-04
Updated
2017-07-01

CVE-2013-4826

Public exploit
Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-1647.
Max CVSS
5.0
EPSS Score
1.85%
Published
2013-10-13
Updated
2019-10-09

CVE-2013-4824

Public exploit
Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to bypass authentication via unknown vectors, aka ZDI-CAN-1644.
Max CVSS
7.5
EPSS Score
95.13%
Published
2013-10-13
Updated
2019-10-09

CVE-2013-4823

Public exploit
Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Branch Intelligent Management System Software Module (aka BIMS) allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-1607.
Max CVSS
5.0
EPSS Score
91.62%
Published
2013-10-13
Updated
2019-10-09

CVE-2013-4822

Public exploit
Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Branch Intelligent Management System Software Module (aka BIMS) allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1606.
Max CVSS
10.0
EPSS Score
94.56%
Published
2013-10-13
Updated
2019-10-09
153 vulnerabilities found
1 2 3 4 5 6 7
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!