CVE-2013-5019

Public exploit
Stack-based buffer overflow in Ultra Mini HTTPD 1.21 allows remote attackers to execute arbitrary code via a long resource name in an HTTP request.
Max CVSS
10.0
EPSS Score
91.29%
Published
2013-07-31
Updated
2018-04-27

CVE-2013-4800

Public exploit
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1735.
Max CVSS
9.3
EPSS Score
96.68%
Published
2013-07-29
Updated
2017-08-29

CVE-2013-4798

Public exploit
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1705.
Max CVSS
10.0
EPSS Score
96.36%
Published
2013-07-29
Updated
2017-08-29

CVE-2013-4786

Public exploit
The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks by obtaining the HMAC from a RAKP message 2 response from a BMC.
Max CVSS
7.8
EPSS Score
27.20%
Published
2013-07-08
Updated
2020-10-29

CVE-2013-4782

Public exploit
The Supermicro BMC implementation allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password.
Max CVSS
10.0
EPSS Score
5.74%
Published
2013-07-08
Updated
2013-10-16

CVE-2013-4011

Public exploit
Multiple unspecified vulnerabilities in the InfiniBand subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allow local users to gain privileges via vectors involving (1) arp.ib or (2) ibstat.
Max CVSS
7.2
EPSS Score
0.16%
Published
2013-07-18
Updated
2017-09-19

CVE-2013-3956

Public exploit
The NICM.SYS kernel driver 3.1.11.0 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003; Novell Client 2 SP2 on Windows Vista and Windows Server 2008; and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted 0x143B6B IOCTL call.
Max CVSS
7.2
EPSS Score
0.46%
Published
2013-07-31
Updated
2013-08-22

CVE-2013-3763

Public exploit
Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 7.4.0 and 7.5.1.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2013-3764.
Max CVSS
5.5
EPSS Score
97.24%
Published
2013-07-17
Updated
2013-09-11

CVE-2013-3563

Public exploit
Stack-based buffer overflow in db_netserver in Lianja SQL Server before 1.0.0RC5.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted string to TCP port 8001.
Max CVSS
7.5
EPSS Score
51.68%
Published
2013-07-04
Updated
2013-07-05

CVE-2013-3163

Known exploited
Public exploit
Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3144 and CVE-2013-3151.
Max CVSS
9.3
EPSS Score
96.39%
Published
2013-07-10
Updated
2018-10-12
CISA KEV Added
2023-03-30

CVE-2013-2370

Public exploit
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1671.
Max CVSS
7.5
EPSS Score
94.56%
Published
2013-07-29
Updated
2019-10-09

CVE-2013-2367

Public exploit
Multiple unspecified vulnerabilities in HP SiteScope 11.20 and 11.21, when SOAP is used, allow remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1678.
Max CVSS
10.0
EPSS Score
94.56%
Published
2013-07-31
Updated
2019-10-09

CVE-2013-2343

Public exploit
Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1510.
Max CVSS
10.0
EPSS Score
77.62%
Published
2013-07-02
Updated
2019-10-09

CVE-2013-2251

Known exploited
Public exploit
Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
Max CVSS
9.3
EPSS Score
97.42%
Published
2013-07-20
Updated
2020-10-20
CISA KEV Added
2022-03-25

CVE-2013-2171

Public exploit
The vm_map_lookup function in sys/vm/vm_map.c in the mmap implementation in the kernel in FreeBSD 9.0 through 9.1-RELEASE-p4 does not properly determine whether a task should have write access to a memory location, which allows local users to bypass filesystem write permissions and consequently gain privileges via a crafted application that leverages read permissions, and makes mmap and ptrace system calls.
Max CVSS
6.9
EPSS Score
0.42%
Published
2013-07-02
Updated
2019-03-18

CVE-2013-2121

Public exploit
Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute.
Max CVSS
6.0
EPSS Score
50.86%
Published
2013-07-31
Updated
2023-02-13

CVE-2013-2115

Public exploit
Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
Max CVSS
9.3
EPSS Score
0.22%
Published
2013-07-10
Updated
2020-09-24

CVE-2013-2113

Public exploit
The create method in app/controllers/users_controller.rb in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create or edit other users to gain privileges by (1) changing the admin flag or (2) assigning an arbitrary role.
Max CVSS
6.0
EPSS Score
11.10%
Published
2013-07-31
Updated
2023-02-13

CVE-2013-2028

Public exploit
The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.
Max CVSS
7.5
EPSS Score
11.66%
Published
2013-07-20
Updated
2021-11-10

CVE-2013-1966

Public exploit
Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
Max CVSS
9.3
EPSS Score
1.86%
Published
2013-07-10
Updated
2019-08-12

CVE-2013-1362

Public exploit
Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor (NRPE) before 2.14 might allow remote attackers to execute arbitrary shell commands via "$()" shell metacharacters, which are processed by bash.
Max CVSS
7.5
EPSS Score
94.16%
Published
2013-07-09
Updated
2018-10-30

CVE-2013-1300

Public exploit
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Allocation Vulnerability."
Max CVSS
7.2
EPSS Score
0.08%
Published
2013-07-10
Updated
2023-12-07

CVE-2013-0235

Public exploit
The XMLRPC API in WordPress before 3.5.1 allows remote attackers to send HTTP requests to intranet servers, and conduct port-scanning attacks, by specifying a crafted source URL for a pingback, related to a Server-Side Request Forgery (SSRF) issue.
Max CVSS
6.4
EPSS Score
13.01%
Published
2013-07-08
Updated
2013-07-08
23 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!