Security Vulnerabilities, CVEs, Published In 2013 CVSS score >= 7
CVE-2013-6935
Public exploit
Buffer overflow in VideoCharge Software Watermark Master 2.2.23 allows remote attackers to execute arbitrary code via a long string in the SourcePath value in a .wcf file.
Max CVSS
9.3
EPSS Score
88.31%
Published
2013-12-04
Updated
2016-12-08
CVE-2013-6829
Public exploit
admin/confnetworking.html in PineApp Mail-SeCure allows remote attackers to execute arbitrary commands via shell metacharacters in the pinghost parameter during a ping operation.
Max CVSS
7.5
EPSS Score
1.95%
Published
2013-11-20
Updated
2013-11-21
CVE-2013-6282
Known exploited
Public exploit
The (1) get_user and (2) put_user API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses, which allows attackers to read or modify the contents of arbitrary kernel memory locations via a crafted application, as exploited in the wild against Android devices in October and November 2013.
Max CVSS
7.2
EPSS Score
4.69%
Published
2013-11-20
Updated
2023-12-08
CISA KEV Added
2022-09-15
CVE-2013-6129
Public exploit
The install/upgrade.php scripts in vBulletin 4.1 and 5 allow remote attackers to create administrative accounts via the customerid, htmldata[password], htmldata[confirmpassword], and htmldata[email] parameters, as exploited in the wild in October 2013.
Max CVSS
7.5
EPSS Score
75.99%
Published
2013-10-19
Updated
2013-11-21
CVE-2013-5486
Public exploit
Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to write arbitrary files via the chartid parameter, aka Bug IDs CSCue77035 and CSCue77036. NOTE: this can be leveraged to execute arbitrary commands by using the JBoss autodeploy functionality.
Max CVSS
10.0
EPSS Score
97.13%
Published
2013-09-23
Updated
2016-09-16
CVE-2013-5331
Public exploit
Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before 11.9.900.170 on Windows and Mac OS X and before 11.2.202.332 on Linux, Adobe AIR before 3.9.0.1380, Adobe AIR SDK before 3.9.0.1380, and Adobe AIR SDK & Compiler before 3.9.0.1380 allow remote attackers to execute arbitrary code via crafted .swf content that leverages an unspecified "type confusion," as exploited in the wild in December 2013.
Max CVSS
9.3
EPSS Score
96.49%
Published
2013-12-11
Updated
2018-12-13
CVE-2013-5065
Known exploited
Public exploit
NDProxy.sys in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in November 2013.
Max CVSS
7.2
EPSS Score
0.06%
Published
2013-11-28
Updated
2018-10-12
CISA KEV Added
2022-03-03
CVE-2013-5019
Public exploit
Stack-based buffer overflow in Ultra Mini HTTPD 1.21 allows remote attackers to execute arbitrary code via a long resource name in an HTTP request.
Max CVSS
10.0
EPSS Score
91.29%
Published
2013-07-31
Updated
2018-04-27
CVE-2013-4988
Public exploit
Stack-based buffer overflow in IcoFX 2.5 and earlier allows remote attackers to execute arbitrary code via a long idCount value in an ICONDIR structure in an ICO file. NOTE: some of these details are obtained from third party information.
Max CVSS
9.3
EPSS Score
67.03%
Published
2013-12-13
Updated
2021-06-07
CVE-2013-4984
Public exploit
The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows local users to gain privileges via shell metacharacters in the second argument.
Max CVSS
7.2
EPSS Score
0.08%
Published
2013-09-10
Updated
2016-11-08
CVE-2013-4983
Public exploit
The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to end-user/index.php.
Max CVSS
10.0
EPSS Score
91.81%
Published
2013-09-10
Updated
2013-10-09
CVE-2013-4837
Public exploit
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1832.
Max CVSS
10.0
EPSS Score
94.95%
Published
2013-11-04
Updated
2019-10-09
CVE-2013-4835
Public exploit
The APISiteScopeImpl SOAP service in HP SiteScope 10.1x and 11.x before 11.22 allows remote attackers to bypass authentication and execute arbitrary code via a direct request to the issueSiebelCmd method, aka ZDI-CAN-1765.
Max CVSS
7.5
EPSS Score
97.14%
Published
2013-11-04
Updated
2017-07-01
CVE-2013-4824
Public exploit
Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to bypass authentication via unknown vectors, aka ZDI-CAN-1644.
Max CVSS
7.5
EPSS Score
95.13%
Published
2013-10-13
Updated
2019-10-09
CVE-2013-4822
Public exploit
Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Branch Intelligent Management System Software Module (aka BIMS) allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1606.
Max CVSS
10.0
EPSS Score
94.95%
Published
2013-10-13
Updated
2019-10-09
CVE-2013-4812
Public exploit
UpdateCertificatesServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the fileName argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743.
Max CVSS
10.0
EPSS Score
96.63%
Published
2013-09-16
Updated
2013-09-26
CVE-2013-4811
Public exploit
UpdateDomainControllerServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the adCert argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743.
Max CVSS
10.0
EPSS Score
96.63%
Published
2013-09-16
Updated
2013-09-26
CVE-2013-4800
Public exploit
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1735.
Max CVSS
9.3
EPSS Score
96.97%
Published
2013-07-29
Updated
2017-08-29
CVE-2013-4798
Public exploit
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1705.
Max CVSS
10.0
EPSS Score
94.42%
Published
2013-07-29
Updated
2017-08-29
CVE-2013-4786
Public exploit
The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks by obtaining the HMAC from a RAKP message 2 response from a BMC.
Max CVSS
7.8
EPSS Score
27.20%
Published
2013-07-08
Updated
2020-10-29
CVE-2013-4782
Public exploit
The Supermicro BMC implementation allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password.
Max CVSS
10.0
EPSS Score
5.74%
Published
2013-07-08
Updated
2013-10-16
CVE-2013-4011
Public exploit
Multiple unspecified vulnerabilities in the InfiniBand subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allow local users to gain privileges via vectors involving (1) arp.ib or (2) ibstat.
Max CVSS
7.2
EPSS Score
0.16%
Published
2013-07-18
Updated
2017-09-19
CVE-2013-3956
Public exploit
The NICM.SYS kernel driver 3.1.11.0 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003; Novell Client 2 SP2 on Windows Vista and Windows Server 2008; and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted 0x143B6B IOCTL call.
Max CVSS
7.2
EPSS Score
0.49%
Published
2013-07-31
Updated
2013-08-22
CVE-2013-3918
Public exploit
The InformationCardSigninHelper Class ActiveX control in icardie.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted web page that is accessed by Internet Explorer, as exploited in the wild in November 2013, aka "InformationCardSigninHelper Vulnerability."
Max CVSS
9.3
EPSS Score
96.26%
Published
2013-11-12
Updated
2019-05-14
CVE-2013-3906
Known exploited
Public exploit
GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2; Office 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Office Compatibility Pack SP3; and Lync 2010, 2010 Attendee, 2013, and Basic 2013 allows remote attackers to execute arbitrary code via a crafted TIFF image, as demonstrated by an image in a Word document, and exploited in the wild in October and November 2013.
Max CVSS
9.3
EPSS Score
97.03%
Published
2013-11-06
Updated
2023-12-07
CISA KEV Added
2022-02-15