CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2013 (CVSS score >= 6)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2013-5648 22 Dir. Trav. 2013-08-29 2013-08-30
6.8
None Remote Medium Not required Partial Partial Partial
Absolute path traversal vulnerability in the handleStartDataFile function in DigiDocSAXParser.c in libdigidoc 3.6.0.0, as used in ID-software before 3.7.2 and other products, allows remote attackers to overwrite arbitrary files via a filename beginning with / (slash) or \ (backslash) in a DDOC file.
2 CVE-2013-5647 94 Exec Code 2013-08-29 2013-08-29
7.5
None Remote Low Not required Partial Partial Partial
lib/sounder/sound.rb in the sounder gem 1.0.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a filename.
3 CVE-2013-5589 89 Exec Code Sql 2013-08-29 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in cacti/host.php in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
4 CVE-2013-5578 119 1 Exec Code Overflow 2013-08-25 2013-08-26
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the ToDot method in the WINGRAPHVIZLib.NEATO ActiveX control in WinGraphviz.dll in StarUML allows remote attackers to execute arbitrary code via a long argument.
5 CVE-2013-5569 89 Exec Code Sql 2013-08-23 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Slideshare extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
6 CVE-2013-5469 119 DoS Overflow 2013-08-30 2017-08-29
7.1
None Remote Medium Not required None None Complete
The TCP implementation in Cisco IOS does not properly implement the transitions from the ESTABLISHED state to the CLOSED state, which allows remote attackers to cause a denial of service (flood of ACK packets) via a crafted series of ACK and FIN packets, aka Bug ID CSCtz14399.
7 CVE-2013-5322 89 Exec Code Sql 2013-08-20 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the CoolURI extension before 1.0.30 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
8 CVE-2013-5321 89 1 Exec Code Sql 2013-08-20 2013-08-21
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.1 allow remote attackers to execute arbitrary SQL commands via the (1) sensor parameter in a Query action to forensics/base_qry_main.php; the (2) tcp_flags[] or (3) tcp_port[0][4] parameter to forensics/base_stat_alerts.php; the (4) ip_addr[1][8] or (5) port_type parameter to forensics/base_stat_ports.php; or the (6) sortby or (7) rvalue parameter in a search action to vulnmeter/index.php.
9 CVE-2013-5318 89 1 Exec Code Sql 2013-08-20 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Ginkgo CMS 5.0 allows remote attackers to execute arbitrary SQL commands via the rang parameter to index.php.
10 CVE-2013-5316 352 1 CSRF 2013-08-20 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in RiteCMS 1.0.0 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via an edit user action to cms/index.php.
11 CVE-2013-5313 352 CSRF 2013-08-19 2013-08-20
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/update.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to hijack the authentication of administrators for requests that modify arbitrary user accounts via an edit user action.
12 CVE-2013-5311 89 1 Exec Code Sql 2013-08-19 2013-08-20
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Vastal I-Tech phpVID 1.2.3 allow remote attackers to execute arbitrary SQL commands via the "n" parameter to (1) browse_videos.php or (2) members.php. NOTE: the cat parameter is already covered by CVE-2008-4157.
13 CVE-2013-5310 89 Exec Code Sql 2013-08-16 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the DB Integration (wfqbe) extension before 2.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
14 CVE-2013-5306 89 Exec Code Sql 2013-08-16 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Browser - TYPO3 without PHP (browser) extension before 4.5.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
15 CVE-2013-5304 89 Exec Code Sql 2013-08-16 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
16 CVE-2013-5303 2013-08-16 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 has unknown impact and remote attack vectors, related to "Insecure Unserialize."
17 CVE-2013-5302 89 Exec Code Sql 2013-08-16 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Faceted Search (ke_search) extension before 1.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
18 CVE-2013-5301 22 Dir. Trav. 2013-08-16 2017-08-29
7.8
None Remote Low Not required Complete None None
Directory traversal vulnerability in help.php in Trustport Webfilter 5.5.0.2232 allows remote attackers to read arbitrary files via a .. (dot dot) in the hf parameter.
19 CVE-2013-5209 200 +Info 2013-08-29 2019-03-18
7.8
None Remote Low Not required Complete None None
The sctp_send_initiate_ack function in sys/netinet/sctp_output.c in the SCTP implementation in the kernel in FreeBSD 8.3 through 9.2-PRERELEASE does not properly initialize the state-cookie data structure, which allows remote attackers to obtain sensitive information from kernel stack memory by reading packet data in INIT-ACK chunks.
20 CVE-2013-5121 89 1 Exec Code Sql 2013-08-14 2013-08-14
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in PHPFox before 3.6.0 (build6) allows remote attackers to execute arbitrary SQL commands via the search[sort_by] parameter to user/browse/view_/.
21 CVE-2013-5120 89 1 Exec Code Sql 2013-08-14 2013-08-14
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in PHPFox before 3.6.0 (build4) allows remote attackers to execute arbitrary SQL commands via the search[gender] parameter to user/browse/view_/.
22 CVE-2013-5026 Exec Code 2013-08-06 2013-09-18
9.3
None Remote Medium Not required Complete Complete Complete
An ActiveX control in lookout650.ocx, lookout660.ocx, and lookout670.ocx in National Instruments Lookout 6.5 through 6.7 allows remote attackers to execute arbitrary code by triggering the download of, and calls to, an arbitrary DLL file.
23 CVE-2013-5022 22 Dir. Trav. 2013-08-06 2013-09-18
10.0
None Remote Low Not required Complete Complete Complete
Absolute path traversal vulnerability in the 3D Graph ActiveX control in cw3dgrph.ocx in National Instruments LabWindows/CVI 2012 SP1 and earlier, LabVIEW 2012 SP1 and earlier, and other products allows remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method, in conjunction with file content in the (1) Caption or (2) FormatString property value.
24 CVE-2013-5021 22 Dir. Trav. 2013-08-06 2013-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Multiple absolute path traversal vulnerabilities in National Instruments cwui.ocx, as used in National Instruments LabWindows/CVI 2012 SP1 and earlier, National Instruments LabVIEW 2012 SP1 and earlier, the Data Analysis component in ABB DataManager 1 through 6.3.6, and other products allow remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method in the (1) CWNumEdit, (2) CWGraph, (3) CWBoolean, (4) CWSlide, or (5) CWKnob ActiveX control, in conjunction with file content in the (a) Caption or (b) FormatString property value.
25 CVE-2013-4974 119 DoS Exec Code Overflow Mem. Corr. 2013-08-27 2013-09-12
9.3
None Remote Medium Not required Complete Complete Complete
RealNetworks RealPlayer before 16.0.3.51, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed RealMedia file.
26 CVE-2013-4973 119 Exec Code Overflow 2013-08-27 2013-09-12
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in RealNetworks RealPlayer before 16.0.3.51, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted .rmp file.
27 CVE-2013-4958 287 +Priv 2013-08-20 2019-07-10
6.9
None Local Medium Not required Complete Complete Complete
Puppet Enterprise before 3.0.1 does not use a session timeout, which makes it easier for attackers to gain privileges by leveraging an unattended workstation.
28 CVE-2013-4943 264 +Priv Bypass 2013-08-09 2013-08-13
7.2
None Local Low Not required Complete Complete Complete
The client application in Siemens COMOS before 9.1 Update 458, 9.2 before 9.2.0.6.37, and 10.0 before 10.0.3.0.19 allows local users to gain privileges and bypass intended database-operation restrictions by leveraging COMOS project access.
29 CVE-2013-4911 352 CSRF 2013-08-01 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP1 allows remote attackers to hijack the authentication of unspecified victims by leveraging improper configuration of SIMATIC HMI panels by the WinCC product.
30 CVE-2013-4881 352 CSRF 2013-08-19 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/create.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create an administrative user via an add user action to index.php.
31 CVE-2013-4879 89 Exec Code Sql 2013-08-14 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in core/inc/bigtree/cms.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to index.php.
32 CVE-2013-4852 189 DoS Exec Code Overflow 2013-08-19 2021-08-06
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key signature during the SSH handshake, which triggers a heap-based buffer overflow.
33 CVE-2013-4808 2013-08-18 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Service Manager 7.11, 9.21, 9.30, and 9.31 and Service Center 6.2.8 allows remote attackers to obtain privileged access via unknown vectors.
34 CVE-2013-4807 2013-08-05 2017-08-29
7.8
None Remote Low Not required None Complete None
Unspecified vulnerability on the HP LaserJet Pro P1102w, P1606dn, M1212nf MFP, M1213nf MFP, M1214nfh MFP, M1216nfh MFP, M1217nfw MFP, M1218nfs MFP, and CP1025nw with firmware before 2013-07-26 20130703 allows remote attackers to modify data via unknown vectors.
35 CVE-2013-4806 DoS +Info 2013-08-12 2014-01-04
7.0
None Remote Medium ??? Partial None Complete
The OSPF implementation on HP JD9##A routers; HP J4###A, J484#B, J8###A, JD3##A, JE###A, and JF55#A switches; HP 3COM routers and switches; and HP H3C routers and switches does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote authenticated users to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.
36 CVE-2013-4805 Bypass 2013-08-05 2013-08-22
9.0
None Remote Low Not required Partial Partial Complete
Unspecified vulnerability in HP Integrated Lights-Out 3 (aka iLO3) firmware before 1.60 and 4 (aka iLO4) firmware before 1.30 allows remote attackers to bypass authentication via unknown vectors.
37 CVE-2013-4789 89 Exec Code Sql 2013-08-09 2013-08-13
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in modules/rss/rss.php in Cotonti before 0.9.14 allows remote attackers to execute arbitrary SQL commands via the "c" parameter to index.php.
38 CVE-2013-4742 119 DoS Exec Code Overflow 2013-08-09 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in NetWin SurgeFTP before 23d2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string within the authentication request.
39 CVE-2013-4701 DoS 2013-08-21 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via XRDS data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
40 CVE-2013-4679 119 Overflow +Priv 2013-08-05 2013-10-07
6.6
None Local Medium ??? Complete Complete Complete
Symantec Workspace Virtualization before 6.x before 6.4.1953.0, when a virtual application layer is configured, allows local users to gain privileges via an application that performs crafted interaction with the operating system.
41 CVE-2013-4672 264 Bypass 2013-08-01 2014-01-17
7.2
None Local Network Low ??? Complete Complete Complete
The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 has an incorrect sudoers file, which allows local users to bypass intended access restrictions via a command.
42 CVE-2013-4671 352 CSRF 2013-08-01 2014-01-17
6.0
None Remote Medium ??? Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.
43 CVE-2013-4652 Exec Code Bypass 2013-08-01 2013-08-01
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the command-line management interface on Siemens Scalance W7xx devices with firmware before 4.5.4 allows remote attackers to bypass authentication and execute arbitrary code via a (1) SSH or (2) TELNET connection.
44 CVE-2013-4651 255 2013-08-01 2013-08-01
6.6
None Remote High Not required Partial Partial Complete
Siemens Scalance W7xx devices with firmware before 4.5.4 use the same hardcoded X.509 certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust relationship.
45 CVE-2013-4619 89 Exec Code Sql 2013-08-09 2013-08-13
6.5
None Remote Low ??? Partial Partial Partial
Multiple SQL injection vulnerabilities in OpenEMR 4.1.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) start or (2) end parameter to interface/reports/custom_report_range.php, or the (3) form_newid parameter to custom/chart_tracker.php.
46 CVE-2013-4575 119 DoS Exec Code Overflow 2013-08-05 2013-08-22
7.9
None Local Network Medium Not required Complete Complete Complete
Heap-based buffer overflow in the utility program in the Linux agent in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allows remote attackers to cause a denial of service (agent crash) or possibly execute arbitrary code via unspecified vectors.
47 CVE-2013-4254 20 DoS +Priv 2013-08-25 2013-10-02
6.9
None Local Medium Not required Complete Complete Complete
The validate_event function in arch/arm/kernel/perf_event.c in the Linux kernel before 3.10.8 on the ARM platform allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by adding a hardware event to an event group led by a software event.
48 CVE-2013-4247 189 DoS Mem. Corr. 2013-08-25 2013-08-27
7.8
None Remote Low Not required None None Complete
Off-by-one error in the build_unc_path_to_root function in fs/cifs/connect.c in the Linux kernel before 3.9.6 allows remote attackers to cause a denial of service (memory corruption and system crash) via a DFS share mount operation that triggers use of an unexpected DFS referral name length.
49 CVE-2013-4230 264 2013-08-21 2017-08-29
6.0
None Remote Medium ??? Partial Partial Partial
The mm_webform submodule in the Monster Menus module 6.x-6.x before 6.x-6.61 and 7.x-1.x before 7.x-1.13 for Drupal does not properly restrict access to webform submissions, which allows remote authenticated users with the "Who can read data submitted to this webform" permission to delete arbitrary submissions via unspecified vectors.
50 CVE-2013-4219 189 DoS Exec Code Overflow 2013-08-25 2013-08-26
7.5
None Remote Low Not required Partial Partial Partial
Multiple integer overflows in the Intel WiMAX Network Service through 1.5.2 for Intel Wireless WiMAX Connection 2400 devices allow remote attackers to cause a denial of service (component crash) or possibly execute arbitrary code via an L5 connection with a crafted PDU value that triggers a heap-based buffer overflow within (1) L5SocketsDispatcher.c or (2) L5Connector.c.
Total number of vulnerabilities : 185   Page : 1 (This Page)2 3 4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.