Security Vulnerabilities, CVEs, Published In 2013 CVSS score >= 9
CVE-2013-6935
Public exploit
Buffer overflow in VideoCharge Software Watermark Master 2.2.23 allows remote attackers to execute arbitrary code via a long string in the SourcePath value in a .wcf file.
Max CVSS
9.3
EPSS Score
88.31%
Published
2013-12-04
Updated
2016-12-08
CVE-2013-5486
Public exploit
Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to write arbitrary files via the chartid parameter, aka Bug IDs CSCue77035 and CSCue77036. NOTE: this can be leveraged to execute arbitrary commands by using the JBoss autodeploy functionality.
Max CVSS
10.0
EPSS Score
97.13%
Published
2013-09-23
Updated
2016-09-16
CVE-2013-5331
Public exploit
Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before 11.9.900.170 on Windows and Mac OS X and before 11.2.202.332 on Linux, Adobe AIR before 3.9.0.1380, Adobe AIR SDK before 3.9.0.1380, and Adobe AIR SDK & Compiler before 3.9.0.1380 allow remote attackers to execute arbitrary code via crafted .swf content that leverages an unspecified "type confusion," as exploited in the wild in December 2013.
Max CVSS
9.3
EPSS Score
96.49%
Published
2013-12-11
Updated
2018-12-13
CVE-2013-5019
Public exploit
Stack-based buffer overflow in Ultra Mini HTTPD 1.21 allows remote attackers to execute arbitrary code via a long resource name in an HTTP request.
Max CVSS
10.0
EPSS Score
91.29%
Published
2013-07-31
Updated
2018-04-27
CVE-2013-4988
Public exploit
Stack-based buffer overflow in IcoFX 2.5 and earlier allows remote attackers to execute arbitrary code via a long idCount value in an ICONDIR structure in an ICO file. NOTE: some of these details are obtained from third party information.
Max CVSS
9.3
EPSS Score
67.03%
Published
2013-12-13
Updated
2021-06-07
CVE-2013-4983
Public exploit
The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to end-user/index.php.
Max CVSS
10.0
EPSS Score
91.81%
Published
2013-09-10
Updated
2013-10-09
CVE-2013-4837
Public exploit
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1832.
Max CVSS
10.0
EPSS Score
94.95%
Published
2013-11-04
Updated
2019-10-09
CVE-2013-4822
Public exploit
Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Branch Intelligent Management System Software Module (aka BIMS) allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1606.
Max CVSS
10.0
EPSS Score
94.95%
Published
2013-10-13
Updated
2019-10-09
CVE-2013-4812
Public exploit
UpdateCertificatesServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the fileName argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743.
Max CVSS
10.0
EPSS Score
96.63%
Published
2013-09-16
Updated
2013-09-26
CVE-2013-4811
Public exploit
UpdateDomainControllerServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the adCert argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743.
Max CVSS
10.0
EPSS Score
96.63%
Published
2013-09-16
Updated
2013-09-26
CVE-2013-4800
Public exploit
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1735.
Max CVSS
9.3
EPSS Score
96.97%
Published
2013-07-29
Updated
2017-08-29
CVE-2013-4798
Public exploit
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1705.
Max CVSS
10.0
EPSS Score
94.42%
Published
2013-07-29
Updated
2017-08-29
CVE-2013-4782
Public exploit
The Supermicro BMC implementation allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password.
Max CVSS
10.0
EPSS Score
5.74%
Published
2013-07-08
Updated
2013-10-16
CVE-2013-3918
Public exploit
The InformationCardSigninHelper Class ActiveX control in icardie.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted web page that is accessed by Internet Explorer, as exploited in the wild in November 2013, aka "InformationCardSigninHelper Vulnerability."
Max CVSS
9.3
EPSS Score
96.26%
Published
2013-11-12
Updated
2019-05-14
CVE-2013-3906
Known exploited
Public exploit
GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2; Office 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Office Compatibility Pack SP3; and Lync 2010, 2010 Attendee, 2013, and Basic 2013 allows remote attackers to execute arbitrary code via a crafted TIFF image, as demonstrated by an image in a Word document, and exploited in the wild in October and November 2013.
Max CVSS
9.3
EPSS Score
97.03%
Published
2013-11-06
Updated
2023-12-07
CISA KEV Added
2022-02-15
CVE-2013-3897
Known exploited
Public exploit
Use-after-free vulnerability in the CDisplayPointer class in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted JavaScript code that uses the onpropertychange event handler, as exploited in the wild in September and October 2013, aka "Internet Explorer Memory Corruption Vulnerability."
Max CVSS
9.3
EPSS Score
96.50%
Published
2013-10-09
Updated
2018-10-12
CISA KEV Added
2022-03-03
CVE-2013-3893
Public exploit
Use-after-free vulnerability in the SetMouseCapture implementation in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript strings, as demonstrated by use of an ms-help: URL that triggers loading of hxds.dll.
Max CVSS
9.3
EPSS Score
96.40%
Published
2013-09-18
Updated
2021-05-17
CVE-2013-3623
Public exploit
Multiple stack-based buffer overflows in cgi/close_window.cgi in the web interface in the Intelligent Platform Management Interface (IPMI) with firmware before 3.15 (SMT_X9_315) on Supermicro X9 generation motherboards allow remote attackers to execute arbitrary code via the (1) sess_sid or (2) ACT parameter.
Max CVSS
10.0
EPSS Score
97.11%
Published
2013-12-10
Updated
2017-11-15
CVE-2013-3576
Public exploit
ginkgosnmp.inc in HP System Management Homepage (SMH) allows remote authenticated users to execute arbitrary commands via shell metacharacters in the PATH_INFO to smhutil/snmpchp.php.en.
Max CVSS
9.0
EPSS Score
44.83%
Published
2013-06-14
Updated
2014-01-08
CVE-2013-3346
Known exploited
Public exploit
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.
Max CVSS
10.0
EPSS Score
97.27%
Published
2013-08-30
Updated
2017-09-19
CISA KEV Added
2022-03-03
CVE-2013-3248
Public exploit
Untrusted search path vulnerability in Corel PDF Fusion 1.11 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .pdf or .xps file.
Max CVSS
9.3
EPSS Score
0.31%
Published
2013-10-03
Updated
2013-10-04
CVE-2013-3205
Public exploit
Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
Max CVSS
9.3
EPSS Score
97.13%
Published
2013-09-11
Updated
2018-10-12
CVE-2013-3184
Public exploit
Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
Max CVSS
9.3
EPSS Score
97.13%
Published
2013-08-14
Updated
2018-10-12
CVE-2013-3163
Known exploited
Public exploit
Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3144 and CVE-2013-3151.
Max CVSS
9.3
EPSS Score
96.39%
Published
2013-07-10
Updated
2018-10-12
CISA KEV Added
2023-03-30
CVE-2013-2751
Public exploit
Eval injection vulnerability in frontview/lib/np_handler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to execute arbitrary Perl code via a crafted request, related to the "forgot password workflow."
Max CVSS
10.0
EPSS Score
50.87%
Published
2013-12-12
Updated
2019-07-18