| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2013-5959 |
119 |
|
DoS Overflow |
2013-09-28 |
2013-10-11 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
Blue Coat ProxySG before 6.2.14.1, 6.3.x, 6.4.x, and 6.5 before 6.5.2 allows remote attackers to cause a denial of service (memory consumption and dropped connections) via a recursive href in an HTML page, which triggers a large number of HTTP RW pipeline pre-fetch requests. |
|
2 |
CVE-2013-5932 |
|
|
|
2013-09-23 |
2013-10-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in WebAdmin in Sophos UTM (aka Astaro Security Gateway) before 9.105 has unknown impact and attack vectors. |
|
3 |
CVE-2013-5931 |
89 |
|
Exec Code Sql |
2013-09-23 |
2013-10-15 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in property_listings_detail.php in Real Estate PHP Script allows remote attackers to execute arbitrary SQL commands via the listingid parameter. |
|
4 |
CVE-2013-5917 |
89 |
|
Exec Code Sql |
2013-09-23 |
2013-09-23 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in wp-comments-post.php in the NOSpam PTI plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the comment_post_ID parameter. |
|
5 |
CVE-2013-5754 |
264 |
|
|
2013-09-17 |
2013-09-25 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The authorization implementation on Dahua DVR appliances accepts a hash string representing the current date for the role of a master password, which makes it easier for remote attackers to obtain administrative access and change the administrator password via requests involving (1) ActiveX, (2) a standalone client, or (3) unspecified other vectors, a different vulnerability than CVE-2013-3612. |
|
6 |
CVE-2013-5723 |
89 |
|
Exec Code Sql |
2013-09-12 |
2018-12-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "ABAD0_DELETE_DERIVATION_TABLE." |
|
7 |
CVE-2013-5715 |
119 |
|
Overflow |
2013-09-09 |
2013-10-08 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in Gretech GOM Media Player before 2.2.53.5169 has unspecified impact and attack vectors. |
|
8 |
CVE-2013-5709 |
189 |
|
|
2013-09-17 |
2020-02-10 |
8.3 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Complete |
|
The authentication implementation in the web server on Siemens SCALANCE X-200 switches with firmware before 5.0.0 does not use a sufficient source of entropy for generating values of random numbers, which makes it easier for remote attackers to hijack sessions by predicting a value. |
|
9 |
CVE-2013-5697 |
89 |
|
Exec Code Sql |
2013-09-30 |
2013-10-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in mod_accounting.c in the mod_accounting module 0.5 and earlier for Apache allows remote attackers to execute arbitrary SQL commands via a Host header. |
|
10 |
CVE-2013-5692 |
22 |
1
|
Dir. Trav. |
2013-09-30 |
2013-10-01 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
|
Directory traversal vulnerability in X2Engine X2CRM before 3.5 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the file parameter to index.php/admin/translationManager. |
|
11 |
CVE-2013-5674 |
94 |
|
|
2013-09-16 |
2020-12-01 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
badges/external.php in Moodle 2.5.x before 2.5.2 does not properly handle an object obtained by unserializing a description of an external badge, which allows remote attackers to conduct PHP object injection attacks via unspecified vectors, as demonstrated by overwriting the value of the userid parameter. |
|
12 |
CVE-2013-5673 |
89 |
1
|
Exec Code Sql |
2013-09-10 |
2017-08-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in testimonial.php in the IndiaNIC Testimonial plugin 2.2 for WordPress allows remote attackers to execute arbitrary SQL commands via the custom_query parameter in a testimonial_add action to wp-admin/admin-ajax.php. |
|
13 |
CVE-2013-5490 |
200 |
|
+Info |
2013-09-23 |
2017-08-29 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary text files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCud80148. |
|
14 |
CVE-2013-5487 |
200 |
|
+Info |
2013-09-23 |
2013-09-23 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary files via unspecified vectors, aka Bug ID CSCue77029. |
|
15 |
CVE-2013-5486 |
78 |
1
|
Exec Code Dir. Trav. |
2013-09-23 |
2016-09-16 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to write arbitrary files via the chartid parameter, aka Bug IDs CSCue77035 and CSCue77036. NOTE: this can be leveraged to execute arbitrary commands by using the JBoss autodeploy functionality. |
|
16 |
CVE-2013-5481 |
20 |
|
DoS |
2013-09-27 |
2013-10-07 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
The PPTP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via crafted TCP port-1723 packets, aka Bug ID CSCtq14817. |
|
17 |
CVE-2013-5480 |
20 |
|
DoS |
2013-09-27 |
2013-10-07 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka Bug ID CSCuf28733. |
|
18 |
CVE-2013-5479 |
20 |
|
DoS |
2013-09-27 |
2013-10-07 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka Bug ID CSCtn53730. |
|
19 |
CVE-2013-5478 |
20 |
|
DoS |
2013-09-27 |
2013-10-07 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Cisco IOS 15.0 through 15.3 and IOS XE 3.2 through 3.8, when a VRF interface exists, allows remote attackers to cause a denial of service (interface queue wedge) via crafted UDP RSVP packets, aka Bug ID CSCuf17023. |
|
20 |
CVE-2013-5477 |
20 |
|
DoS |
2013-09-27 |
2013-10-07 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The T1/E1 driver-queue functionality in Cisco IOS 12.2 and 15.0 through 15.3, when an HDLC32 driver is used, allows remote attackers to cause a denial of service (interface queue wedge) via bursty network traffic, aka Bug ID CSCub67465. |
|
21 |
CVE-2013-5476 |
20 |
|
DoS |
2013-09-27 |
2013-10-07 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The Zone-Based Firewall (ZFW) feature in Cisco IOS 15.1 through 15.2, when content filtering or HTTP ALG inspection is enabled, allows remote attackers to cause a denial of service (device reload or hang) via crafted IPv4 HTTP traffic, aka Bug ID CSCtx56174. |
|
22 |
CVE-2013-5475 |
20 |
|
DoS |
2013-09-27 |
2013-10-07 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Cisco IOS 12.2 through 12.4 and 15.0 through 15.3, and IOS XE 2.1 through 3.9, allows remote attackers to cause a denial of service (device reload) via crafted DHCP packets that are processed locally by a (1) server or (2) relay agent, aka Bug ID CSCug31561. |
|
23 |
CVE-2013-5474 |
362 |
|
DoS |
2013-09-27 |
2013-10-07 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Race condition in the IPv6 virtual fragmentation reassembly (VFR) implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.3 allows remote attackers to cause a denial of service (device reload or hang) via fragmented IPv6 packets, aka Bug ID CSCud64812. |
|
24 |
CVE-2013-5473 |
399 |
|
DoS |
2013-09-27 |
2013-10-07 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Memory leak in Cisco IOS 12.2, 15.1, and 15.2; IOS XE 3.4.2S through 3.4.5S; and IOS XE 3.6.xS before 3.6.1S allows remote attackers to cause a denial of service (memory consumption or device reload) via malformed IKEv1 packets, aka Bug ID CSCtx66011. |
|
25 |
CVE-2013-5472 |
20 |
|
DoS |
2013-09-27 |
2013-09-30 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
The NTP implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.1, and IOS XE 2.1 through 3.3, does not properly handle encapsulation of multicast NTP packets within MSDP SA messages, which allows remote attackers to cause a denial of service (device reload) by leveraging an MSDP peer relationship, aka Bug ID CSCuc81226. |
|
26 |
CVE-2013-5403 |
|
|
|
2013-09-27 |
2017-08-29 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability on the IBM WebSphere DataPower XC10 appliance 2.0 through 2.5.0.1 allows remote attackers to obtain administrative access via unknown vectors. |
|
27 |
CVE-2013-5369 |
94 |
|
Exec Code |
2013-09-16 |
2017-08-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
IBM SPSS Analytical Decision Management 6.1 before IF1, 6.2 before IF1, and 7.0 before FP1 IF6 might allow remote attackers to execute arbitrary code by deploying and accessing a service. |
|
28 |
CVE-2013-5324 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2013-09-12 |
2018-12-13 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows and Mac OS X, before 11.2.202.310 on Linux, before 11.1.111.73 on Android 2.x and 3.x, and before 11.1.115.81 on Android 4.x; Adobe AIR before 3.8.0.1430; and Adobe AIR SDK & Compiler before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3361, CVE-2013-3362, and CVE-2013-3363. |
|
29 |
CVE-2013-5200 |
287 |
|
+Info |
2013-09-25 |
2013-10-15 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The (1) REST and (2) memcache interfaces in the Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 do not require authentication, which allows remote attackers to obtain sensitive information or modify data via an API call. |
|
30 |
CVE-2013-5155 |
20 |
|
DoS |
2013-09-19 |
2013-10-22 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
The Sandbox subsystem in Apple iOS before 7 allows attackers to cause a denial of service (infinite loop) via an application that writes crafted values to /dev/random. |
|
31 |
CVE-2013-5141 |
189 |
|
DoS |
2013-09-19 |
2013-10-31 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
The kernel in Apple iOS before 7 uses an incorrect data size for a certain integer variable, which allows attackers to cause a denial of service (infinite loop and device hang) via a crafted application, related to an "integer truncation vulnerability." |
|
32 |
CVE-2013-5140 |
20 |
|
DoS |
2013-09-19 |
2013-10-22 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (assertion failure and device restart) via an invalid packet fragment. |
|
33 |
CVE-2013-5139 |
119 |
|
DoS Exec Code Overflow |
2013-09-19 |
2014-03-06 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The IOSerialFamily driver in Apple iOS before 7 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds array access) via a crafted application. |
|
34 |
CVE-2013-4984 |
264 |
|
+Priv |
2013-09-10 |
2016-11-08 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows local users to gain privileges via shell metacharacters in the second argument. |
|
35 |
CVE-2013-4983 |
78 |
|
Exec Code |
2013-09-10 |
2013-10-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to end-user/index.php. |
|
36 |
CVE-2013-4813 |
94 |
|
Exec Code |
2013-09-16 |
2013-09-26 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Agent (aka AgentController) servlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 allows remote attackers to execute arbitrary commands via a HEAD request, aka ZDI-CAN-1745. |
|
37 |
CVE-2013-4812 |
20 |
|
Exec Code |
2013-09-16 |
2013-09-26 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
UpdateCertificatesServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the fileName argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743. |
|
38 |
CVE-2013-4811 |
20 |
|
Exec Code |
2013-09-16 |
2013-09-26 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
UpdateDomainControllerServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the adCert argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743. |
|
39 |
CVE-2013-4810 |
94 |
|
Exec Code |
2013-09-16 |
2017-10-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet or (2) JMXInvokerServlet, aka ZDI-CAN-1760. NOTE: this is probably a duplicate of CVE-2007-1036, CVE-2010-0738, and/or CVE-2012-0874. |
|
40 |
CVE-2013-4809 |
89 |
|
Exec Code Sql |
2013-09-16 |
2013-09-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in GetEventsServlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter. |
|
41 |
CVE-2013-4362 |
264 |
|
+Priv |
2013-09-30 |
2017-07-01 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
WEB-DAV Linux File System (davfs2) 1.4.6 and 1.4.7 allow local users to gain privileges via unknown attack vectors in (1) kernel_interface.c and (2) mount_davfs.c, related to the "system" function. |
|
42 |
CVE-2013-4339 |
20 |
|
Bypass |
2013-09-12 |
2013-12-31 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
WordPress before 3.6.1 does not properly validate URLs before use in an HTTP redirect, which allows remote attackers to bypass intended redirection restrictions via a crafted string. |
|
43 |
CVE-2013-4338 |
94 |
|
Exec Code |
2013-09-12 |
2013-10-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
wp-includes/functions.php in WordPress before 3.6.1 does not properly determine whether data has been serialized, which allows remote attackers to execute arbitrary code by triggering erroneous PHP unserialize operations. |
|
44 |
CVE-2013-4316 |
16 |
|
|
2013-09-30 |
2016-12-07 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors. |
|
45 |
CVE-2013-4313 |
89 |
|
Sql |
2013-09-16 |
2020-12-01 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 does not prevent use of '\0' characters in query strings, which might allow remote attackers to conduct SQL injection attacks against Microsoft SQL Server via a crafted string. |
|
46 |
CVE-2013-4300 |
264 |
|
+Priv |
2013-09-25 |
2013-10-31 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.11 performs a capability check in an incorrect namespace, which allows local users to gain privileges via PID spoofing. |
|
47 |
CVE-2013-4182 |
264 |
|
|
2013-09-16 |
2013-09-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
app/controllers/api/v1/hosts_controller.rb in Foreman before 1.2.2 does not properly restrict access to hosts, which allows remote attackers to access arbitrary hosts via an API request. |
|
48 |
CVE-2013-4068 |
119 |
|
Exec Code Overflow |
2013-09-20 |
2017-08-29 |
7.1 |
None |
Remote |
High |
??? |
Complete |
Complete |
Complete |
|
Buffer overflow in iNotes in IBM Domino 8.5.3 before FP5 IF1 and 9.0 before IF4 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka SPR PTHN9ADPA8. |
|
49 |
CVE-2013-4049 |
|
|
Exec Code |
2013-09-16 |
2017-08-29 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
|
Unrestricted file upload vulnerability in IBM SPSS Analytical Decision Management 6.1 before IF1, 6.2 before IF1, and 7.0 before FP1 IF6 allows remote authenticated users to execute arbitrary code by uploading and accessing a JSP file. |
|
50 |
CVE-2013-3934 |
119 |
|
Exec Code Overflow |
2013-09-10 |
2013-09-10 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in Kingsoft Writer 2012 8.1.0.3030, as used in Kingsoft Office 2013 before 9.1.0.4256, allows remote attackers to execute arbitrary code via a long font name in a WPS file. |
