CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
10701 CVE-2013-2332 Exec Code 2013-06-06 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1654.
10702 CVE-2013-2331 Exec Code 2013-06-06 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1652.
10703 CVE-2013-2330 Exec Code 2013-06-06 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1638.
10704 CVE-2013-2329 Exec Code 2013-06-06 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1637.
10705 CVE-2013-2328 Exec Code 2013-06-06 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1636.
10706 CVE-2013-2327 Exec Code 2013-06-06 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1635.
10707 CVE-2013-2326 Exec Code 2013-06-06 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1634.
10708 CVE-2013-2325 Exec Code 2013-06-06 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1633.
10709 CVE-2013-2324 Exec Code 2013-06-06 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1629.
10710 CVE-2013-2298 119 Overflow 2014-06-02 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in the XML parser in BOINC 7.x allow attackers to have unspecified impact via a crafted XML file, related to the scheduler.
10711 CVE-2013-2278 DoS Exec Code 2014-04-01 2014-04-01
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in War FTP Daemon (warftpd) 1.82, when running as a Windows service, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to log messages and the "internal log handler to the Windows Event log."
10712 CVE-2013-2267 94 Exec Code 2020-01-27 2020-01-29
9.0
None Remote Low ??? Complete Complete Complete
PHP Code Injection vulnerability in FUDforum Bulletin Board Software 3.0.4 could allow remote attackers to execute arbitrary code on the system.
10713 CVE-2013-2251 20 2013-07-20 2020-10-20
9.3
None Remote Medium Not required Complete Complete Complete
Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
10714 CVE-2013-2250 20 2013-08-15 2018-05-18
10.0
None Remote Low Not required Complete Complete Complete
Apache Open For Business Project (aka OFBiz) 10.04.01 through 10.04.05, 11.04.01 through 11.04.02, and 12.04.01 allows remote attackers to execute arbitrary Unified Expression Language (UEL) functions via JUEL metacharacters in unspecified parameters, related to nested expressions.
10715 CVE-2013-2135 94 Exec Code 2013-07-16 2018-11-23
9.3
None Remote Medium Not required Complete Complete Complete
Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
10716 CVE-2013-2134 94 Exec Code 2013-07-16 2018-11-23
9.3
None Remote Medium Not required Complete Complete Complete
Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
10717 CVE-2013-2115 94 Exec Code 2013-07-10 2020-09-24
9.3
None Remote Medium Not required Complete Complete Complete
Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
10718 CVE-2013-2100 310 2014-09-29 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
The urlopen function in pym/portage/util/_urlopen.py in Gentoo Portage 2.1.12, when using HTTPS, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and modify binary package lists via a crafted certificate.
10719 CVE-2013-2097 1 Exec Code 2020-02-12 2020-02-24
9.3
None Remote Medium Not required Complete Complete Complete
ZPanel through 10.1.0 has Remote Command Execution
10720 CVE-2013-2093 20 Exec Code 2019-11-20 2019-11-22
10.0
None Remote Low Not required Complete Complete Complete
Dolibarr ERP/CRM 3.3.1 does not properly validate user input in viewimage.php and barcode.lib.php which allows remote attackers to execute arbitrary commands.
10721 CVE-2013-2090 78 Exec Code 2014-05-27 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
The set_meta_data function in lib/cremefraiche.rb in the Creme Fraiche gem before 0.6.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the file name of an email attachment. NOTE: some of these details are obtained from third party information.
10722 CVE-2013-2068 22 1 Dir. Trav. 2013-09-28 2014-01-14
9.4
None Remote Low Not required None Complete Complete
Multiple directory traversal vulnerabilities in the AgentController in Red Hat CloudForms Management Engine 2.0 allow remote attackers to create and overwrite arbitrary files via a .. (dot dot) in the filename parameter to the (1) log, (2) upload, or (3) linuxpkgs method.
10723 CVE-2013-2060 78 Exec Code 2020-01-28 2020-01-30
10.0
None Remote Low Not required Complete Complete Complete
The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary commands via shell metacharacters in the URL of a request to download a cart.
10724 CVE-2013-2024 78 2019-10-31 2020-08-18
9.0
None Remote Low ??? Complete Complete Complete
OS command injection vulnerability in the "qs" procedure from the "utils" module in Chicken before 4.9.0.
10725 CVE-2013-2019 119 Overflow 2014-06-02 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in BOINC 6.10.58 and 6.12.34 allows remote attackers to have unspecified impact via multiple file_signature elements.
10726 CVE-2013-1966 94 Exec Code 2013-07-10 2019-08-12
9.3
None Remote Medium Not required Complete Complete Complete
Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
10727 CVE-2013-1965 94 Exec Code 2013-07-10 2019-08-12
9.3
None Remote Medium Not required Complete Complete Complete
Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
10728 CVE-2013-1961 119 DoS Overflow 2013-07-03 2016-12-31
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the t2p_write_pdf_page function in tiff2pdf in libtiff before 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted image length and resolution in a TIFF image file.
10729 CVE-2013-1960 119 DoS Exec Code Overflow 2013-07-03 2016-12-08
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the t2p_process_jpeg_strip function in tiff2pdf in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image file.
10730 CVE-2013-1948 Exec Code 2013-04-25 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
converter.rb in the md2pdf gem 0.0.1 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename.
10731 CVE-2013-1947 78 Exec Code 2013-04-25 2013-05-01
9.3
None Remote Medium Not required Complete Complete Complete
kelredd-pruview gem 0.3.8 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument to (1) document.rb, (2) video.rb, or (3) video_image.rb.
10732 CVE-2013-1933 78 Exec Code 2013-04-25 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
The extract_from_ocr function in lib/docsplit/text_extractor.rb in the Karteek Docsplit (karteek-docsplit) gem 0.5.4 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a PDF filename.
10733 CVE-2013-1903 264 2013-04-04 2017-10-20
10.0
None Remote Low Not required Complete Complete Complete
PostgreSQL, possibly 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, 8.4.x before 8.4.17, and 8.3.x before 8.3.23 incorrectly provides the superuser password to scripts related to "graphical installers for Linux and Mac OS X," which has unspecified impact and attack vectors.
10734 CVE-2013-1902 2013-04-04 2017-10-20
10.0
None Remote Low Not required Complete Complete Complete
PostgreSQL, 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, 8.4.x before 8.4.17, and 8.3.x before 8.3.23 generates insecure temporary files with predictable filenames, which has unspecified impact and attack vectors related to "graphical installers for Linux and Mac OS X."
10735 CVE-2013-1868 119 DoS Exec Code Overflow 2013-07-10 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in VideoLAN VLC media player 2.0.4 and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to the (1) freetype renderer and (2) HTML subtitle parser.
10736 CVE-2013-1777 94 Exec Code 2013-07-11 2014-04-01
10.0
None Remote Low Not required Complete Complete Complete
The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not properly implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
10737 CVE-2013-1751 20 Exec Code 2019-11-07 2019-11-08
10.0
None Remote Low Not required Complete Complete Complete
TWiki before 5.1.4 allows remote attackers to execute arbitrary shell commands by sending a crafted '%MAKETEXT{}%' parameter value containing Perl backtick characters.
10738 CVE-2013-1750 119 Exec Code Overflow 2013-03-20 2013-03-21
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in RealNetworks RealPlayer before 16.0.1.18 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a malformed MP4 file.
10739 CVE-2013-1738 399 Exec Code 2013-09-18 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the JS_GetGlobalForScopeChain function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code by leveraging incorrect garbage collection in situations involving default compartments and frame-chain restoration.
10740 CVE-2013-1736 119 DoS Exec Code Overflow Mem. Corr. 2013-09-18 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to improperly establishing parent-child relationships of range-request nodes.
10741 CVE-2013-1735 20 Exec Code 2013-09-18 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the mozilla::layout::ScrollbarActivity function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code via vectors related to image-document scrolling.
10742 CVE-2013-1732 119 Exec Code Overflow 2013-09-18 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the nsFloatManager::GetFlowArea function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code via crafted use of lists and floats within a multi-column layout.
10743 CVE-2013-1724 399 DoS Exec Code Mem. Corr. 2013-09-18 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the mozilla::dom::HTMLFormElement::IsDefaultSubmitElement function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving a destroyed SELECT element.
10744 CVE-2013-1722 399 DoS Exec Code Mem. Corr. 2013-09-18 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the nsAnimationManager::BuildAnimations function in the Animation Manager in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving stylesheet cloning.
10745 CVE-2013-1721 119 Exec Code Overflow 2013-09-18 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in the drawLineLoop function in the libGLESv2 library in Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox before 24.0 and SeaMonkey before 2.21, allows remote attackers to execute arbitrary code via a crafted web site.
10746 CVE-2013-1719 119 DoS Exec Code Overflow Mem. Corr. 2013-09-18 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
10747 CVE-2013-1718 119 DoS Exec Code Overflow Mem. Corr. 2013-09-18 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
10748 CVE-2013-1710 20 Exec Code XSS 2013-08-07 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allows remote attackers to execute arbitrary JavaScript code or conduct cross-site scripting (XSS) attacks via vectors related to Certificate Request Message Format (CRMF) request generation.
10749 CVE-2013-1705 119 DoS Exec Code Overflow 2013-08-07 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer underflow in the cryptojs_interpret_key_gen_type function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Certificate Request Message Format (CRMF) request.
10750 CVE-2013-1704 399 DoS Exec Code Mem. Corr. 2013-08-07 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the nsINode::GetParentNode function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors involving a DOM modification at the time of a SetBody mutation event.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.