CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2013 (CVSS score >= 5)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2013-5648 22 Dir. Trav. 2013-08-29 2013-08-30
6.8
None Remote Medium Not required Partial Partial Partial
Absolute path traversal vulnerability in the handleStartDataFile function in DigiDocSAXParser.c in libdigidoc 3.6.0.0, as used in ID-software before 3.7.2 and other products, allows remote attackers to overwrite arbitrary files via a filename beginning with / (slash) or \ (backslash) in a DDOC file.
2 CVE-2013-5647 94 Exec Code 2013-08-29 2013-08-29
7.5
None Remote Low Not required Partial Partial Partial
lib/sounder/sound.rb in the sounder gem 1.0.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a filename.
3 CVE-2013-5589 89 Exec Code Sql 2013-08-29 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in cacti/host.php in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
4 CVE-2013-5578 119 1 Exec Code Overflow 2013-08-25 2013-08-26
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the ToDot method in the WINGRAPHVIZLib.NEATO ActiveX control in WinGraphviz.dll in StarUML allows remote attackers to execute arbitrary code via a long argument.
5 CVE-2013-5569 89 Exec Code Sql 2013-08-23 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Slideshare extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
6 CVE-2013-5469 119 DoS Overflow 2013-08-30 2017-08-29
7.1
None Remote Medium Not required None None Complete
The TCP implementation in Cisco IOS does not properly implement the transitions from the ESTABLISHED state to the CLOSED state, which allows remote attackers to cause a denial of service (flood of ACK packets) via a crafted series of ACK and FIN packets, aka Bug ID CSCtz14399.
7 CVE-2013-5322 89 Exec Code Sql 2013-08-20 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the CoolURI extension before 1.0.30 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
8 CVE-2013-5321 89 1 Exec Code Sql 2013-08-20 2013-08-21
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.1 allow remote attackers to execute arbitrary SQL commands via the (1) sensor parameter in a Query action to forensics/base_qry_main.php; the (2) tcp_flags[] or (3) tcp_port[0][4] parameter to forensics/base_stat_alerts.php; the (4) ip_addr[1][8] or (5) port_type parameter to forensics/base_stat_ports.php; or the (6) sortby or (7) rvalue parameter in a search action to vulnmeter/index.php.
9 CVE-2013-5318 89 1 Exec Code Sql 2013-08-20 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Ginkgo CMS 5.0 allows remote attackers to execute arbitrary SQL commands via the rang parameter to index.php.
10 CVE-2013-5316 352 1 CSRF 2013-08-20 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in RiteCMS 1.0.0 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via an edit user action to cms/index.php.
11 CVE-2013-5313 352 CSRF 2013-08-19 2013-08-20
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/update.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to hijack the authentication of administrators for requests that modify arbitrary user accounts via an edit user action.
12 CVE-2013-5311 89 1 Exec Code Sql 2013-08-19 2013-08-20
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Vastal I-Tech phpVID 1.2.3 allow remote attackers to execute arbitrary SQL commands via the "n" parameter to (1) browse_videos.php or (2) members.php. NOTE: the cat parameter is already covered by CVE-2008-4157.
13 CVE-2013-5310 89 Exec Code Sql 2013-08-16 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the DB Integration (wfqbe) extension before 2.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
14 CVE-2013-5306 89 Exec Code Sql 2013-08-16 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Browser - TYPO3 without PHP (browser) extension before 4.5.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
15 CVE-2013-5304 89 Exec Code Sql 2013-08-16 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
16 CVE-2013-5303 2013-08-16 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 has unknown impact and remote attack vectors, related to "Insecure Unserialize."
17 CVE-2013-5302 89 Exec Code Sql 2013-08-16 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Faceted Search (ke_search) extension before 1.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
18 CVE-2013-5301 22 Dir. Trav. 2013-08-16 2017-08-29
7.8
None Remote Low Not required Complete None None
Directory traversal vulnerability in help.php in Trustport Webfilter 5.5.0.2232 allows remote attackers to read arbitrary files via a .. (dot dot) in the hf parameter.
19 CVE-2013-5209 200 +Info 2013-08-29 2019-03-18
7.8
None Remote Low Not required Complete None None
The sctp_send_initiate_ack function in sys/netinet/sctp_output.c in the SCTP implementation in the kernel in FreeBSD 8.3 through 9.2-PRERELEASE does not properly initialize the state-cookie data structure, which allows remote attackers to obtain sensitive information from kernel stack memory by reading packet data in INIT-ACK chunks.
20 CVE-2013-5121 89 1 Exec Code Sql 2013-08-14 2013-08-14
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in PHPFox before 3.6.0 (build6) allows remote attackers to execute arbitrary SQL commands via the search[sort_by] parameter to user/browse/view_/.
21 CVE-2013-5120 89 1 Exec Code Sql 2013-08-14 2013-08-14
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in PHPFox before 3.6.0 (build4) allows remote attackers to execute arbitrary SQL commands via the search[gender] parameter to user/browse/view_/.
22 CVE-2013-5026 Exec Code 2013-08-06 2013-09-18
9.3
None Remote Medium Not required Complete Complete Complete
An ActiveX control in lookout650.ocx, lookout660.ocx, and lookout670.ocx in National Instruments Lookout 6.5 through 6.7 allows remote attackers to execute arbitrary code by triggering the download of, and calls to, an arbitrary DLL file.
23 CVE-2013-5022 22 Dir. Trav. 2013-08-06 2013-09-18
10.0
None Remote Low Not required Complete Complete Complete
Absolute path traversal vulnerability in the 3D Graph ActiveX control in cw3dgrph.ocx in National Instruments LabWindows/CVI 2012 SP1 and earlier, LabVIEW 2012 SP1 and earlier, and other products allows remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method, in conjunction with file content in the (1) Caption or (2) FormatString property value.
24 CVE-2013-5021 22 Dir. Trav. 2013-08-06 2013-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Multiple absolute path traversal vulnerabilities in National Instruments cwui.ocx, as used in National Instruments LabWindows/CVI 2012 SP1 and earlier, National Instruments LabVIEW 2012 SP1 and earlier, the Data Analysis component in ABB DataManager 1 through 6.3.6, and other products allow remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method in the (1) CWNumEdit, (2) CWGraph, (3) CWBoolean, (4) CWSlide, or (5) CWKnob ActiveX control, in conjunction with file content in the (a) Caption or (b) FormatString property value.
25 CVE-2013-4974 119 DoS Exec Code Overflow Mem. Corr. 2013-08-27 2013-09-12
9.3
None Remote Medium Not required Complete Complete Complete
RealNetworks RealPlayer before 16.0.3.51, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed RealMedia file.
26 CVE-2013-4973 119 Exec Code Overflow 2013-08-27 2013-09-12
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in RealNetworks RealPlayer before 16.0.3.51, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted .rmp file.
27 CVE-2013-4967 255 2013-08-20 2019-07-10
5.0
None Remote Low Not required Partial None None
Puppet Enterprise before 3.0.1 allows remote attackers to obtain the database password via vectors related to how the password is "seeded as a console parameter," External Node Classifiers, and the lack of access control for /nodes.
28 CVE-2013-4964 264 2013-08-20 2019-07-10
5.0
None Remote Low Not required None Partial None
Puppet Enterprise before 3.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
29 CVE-2013-4962 255 2013-08-20 2019-07-10
5.8
None Remote Medium Not required None Partial Partial
The reset password page in Puppet Enterprise before 3.0.1 does not force entry of the current password, which allows attackers to modify user passwords by leveraging session hijacking, an unattended workstation, or other vectors.
30 CVE-2013-4961 200 +Info 2013-08-20 2019-07-10
5.0
None Remote Low Not required Partial None None
Puppet Enterprise before 3.0.1 includes version information for the Apache and Phusion Passenger products in its HTTP response headers, which allows remote attackers to obtain sensitive information.
31 CVE-2013-4958 287 +Priv 2013-08-20 2019-07-10
6.9
None Local Medium Not required Complete Complete Complete
Puppet Enterprise before 3.0.1 does not use a session timeout, which makes it easier for attackers to gain privileges by leveraging an unattended workstation.
32 CVE-2013-4955 20 2013-08-20 2019-07-10
5.8
None Remote Medium Not required Partial Partial None
Open redirect vulnerability in the login page in Puppet Enterprise before 3.0.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the service parameter.
33 CVE-2013-4943 264 +Priv Bypass 2013-08-09 2013-08-13
7.2
None Local Low Not required Complete Complete Complete
The client application in Siemens COMOS before 9.1 Update 458, 9.2 before 9.2.0.6.37, and 10.0 before 10.0.3.0.19 allows local users to gain privileges and bypass intended database-operation restrictions by leveraging COMOS project access.
34 CVE-2013-4912 20 2013-08-01 2017-08-29
5.8
None Remote Medium Not required Partial Partial None
Open redirect vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks by leveraging improper configuration of SIMATIC HMI panels by the WinCC product.
35 CVE-2013-4911 352 CSRF 2013-08-01 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP1 allows remote attackers to hijack the authentication of unspecified victims by leveraging improper configuration of SIMATIC HMI panels by the WinCC product.
36 CVE-2013-4881 352 CSRF 2013-08-19 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/create.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create an administrative user via an add user action to index.php.
37 CVE-2013-4879 89 Exec Code Sql 2013-08-14 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in core/inc/bigtree/cms.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to index.php.
38 CVE-2013-4852 189 DoS Exec Code Overflow 2013-08-19 2021-08-06
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key signature during the SSH handshake, which triggers a heap-based buffer overflow.
39 CVE-2013-4808 2013-08-18 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Service Manager 7.11, 9.21, 9.30, and 9.31 and Service Center 6.2.8 allows remote attackers to obtain privileged access via unknown vectors.
40 CVE-2013-4807 2013-08-05 2017-08-29
7.8
None Remote Low Not required None Complete None
Unspecified vulnerability on the HP LaserJet Pro P1102w, P1606dn, M1212nf MFP, M1213nf MFP, M1214nfh MFP, M1216nfh MFP, M1217nfw MFP, M1218nfs MFP, and CP1025nw with firmware before 2013-07-26 20130703 allows remote attackers to modify data via unknown vectors.
41 CVE-2013-4806 DoS +Info 2013-08-12 2014-01-04
7.0
None Remote Medium ??? Partial None Complete
The OSPF implementation on HP JD9##A routers; HP J4###A, J484#B, J8###A, JD3##A, JE###A, and JF55#A switches; HP 3COM routers and switches; and HP H3C routers and switches does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote authenticated users to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.
42 CVE-2013-4805 Bypass 2013-08-05 2013-08-22
9.0
None Remote Low Not required Partial Partial Complete
Unspecified vulnerability in HP Integrated Lights-Out 3 (aka iLO3) firmware before 1.60 and 4 (aka iLO4) firmware before 1.30 allows remote attackers to bypass authentication via unknown vectors.
43 CVE-2013-4789 89 Exec Code Sql 2013-08-09 2013-08-13
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in modules/rss/rss.php in Cotonti before 0.9.14 allows remote attackers to execute arbitrary SQL commands via the "c" parameter to index.php.
44 CVE-2013-4762 20 2013-08-20 2019-07-10
5.8
None Remote Medium Not required Partial Partial None
Puppet Enterprise before 3.0.1 does not sufficiently invalidate a session when a user logs out, which might allow remote attackers to hijack sessions by obtaining an old session ID.
45 CVE-2013-4761 2013-08-20 2019-07-10
5.1
None Remote High Not required Partial Partial Partial
Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service. NOTE: this vulnerability can only be exploited utilizing unspecified "local file system access" to the Puppet Master.
46 CVE-2013-4742 119 DoS Exec Code Overflow 2013-08-09 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in NetWin SurgeFTP before 23d2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string within the authentication request.
47 CVE-2013-4702 22 Dir. Trav. 2013-08-30 2013-09-12
5.0
None Remote Low Not required Partial None None
Multiple directory traversal vulnerabilities in the doApiAction function in data/class/api/SC_Api_Operation.php in LOCKON EC-CUBE 2.12.0 through 2.12.5 on Windows allow remote attackers to read arbitrary files via vectors involving a (1) Operation, (2) Service, (3) Style, (4) Validate, or (5) Version value.
48 CVE-2013-4701 DoS 2013-08-21 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via XRDS data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
49 CVE-2013-4700 310 +Info 2013-08-21 2014-03-05
5.8
None Remote Medium Not required Partial Partial None
The Yahoo! Japan Shopping application 1.4 and earlier for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
50 CVE-2013-4699 310 +Info 2013-08-21 2014-03-05
5.8
None Remote Medium Not required Partial Partial None
The Yahoo! Japan Yafuoku! application 4.3.0 and earlier for iOS and Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Total number of vulnerabilities : 236   Page : 1 (This Page)2 3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.