CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
7201 CVE-2013-5019 119 3 Exec Code Overflow 2013-07-31 2018-04-26
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in Ultra Mini HTTPD 1.21 allows remote attackers to execute arbitrary code via a long resource name in an HTTP request.
7202 CVE-2013-4988 119 1 Exec Code Overflow 2013-12-13 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in IcoFX 2.5 and earlier allows remote attackers to execute arbitrary code via a long idCount value in an ICONDIR structure in an ICO file. NOTE: some of these details are obtained from third party information.
7203 CVE-2013-4983 78 Exec Code 2013-09-10 2013-10-09
10.0
None Remote Low Not required Complete Complete Complete
The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to end-user/index.php.
7204 CVE-2013-4981 119 DoS Exec Code Overflow 2014-03-03 2014-03-04
9.0
None Remote Low Not required Partial Partial Complete
Buffer overflow in cgi-bin/user/Config.cgi in AVTECH AVN801 DVR with firmware 1017-1003-1009-1003 and earlier, and possibly other devices, allows remote attackers to cause a denial of service (device crash) and possibly execute arbitrary code via a long string in the Network.SMTP.Receivers parameter.
7205 CVE-2013-4980 119 DoS Exec Code Overflow 2014-03-03 2014-03-04
9.0
None Remote Low Not required Partial Partial Complete
Buffer overflow in the RTSP Packet Handler in AVTECH AVN801 DVR with firmware 1017-1003-1009-1003 and earlier, and possibly other devices, allows remote attackers to cause a denial of service (device crash) and possibly execute arbitrary code via a long string in the URI in an RTSP SETUP request.
7206 CVE-2013-4979 119 Exec Code Overflow 2014-01-31 2014-02-21
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the gldll32.dll module in EPS Viewer 3.2 and earlier allows remote attackers to execute arbitrary code via a crafted EPS file.
7207 CVE-2013-4978 119 Exec Code Overflow 2014-02-05 2014-02-24
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in AloahaPDFViewer 5.0.0.7 and earlier in Aloaha PDF Suite FREE allows remote attackers to execute arbitrary code via a crafted PDF file.
7208 CVE-2013-4977 119 DoS Exec Code Overflow 2014-03-03 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the RTSP Packet Handler in Hikvision DS-2CD7153-E IP camera with firmware 4.1.0 b130111 (Jan 2013), and possibly other devices, allows remote attackers to cause a denial of service (device crash and reboot) and possibly execute arbitrary code via a long string in the Range header field in an RTSP transaction.
7209 CVE-2013-4974 119 DoS Exec Code Overflow Mem. Corr. 2013-08-26 2013-09-11
9.3
None Remote Medium Not required Complete Complete Complete
RealNetworks RealPlayer before 16.0.3.51, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed RealMedia file.
7210 CVE-2013-4973 119 Exec Code Overflow 2013-08-26 2013-09-11
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in RealNetworks RealPlayer before 16.0.3.51, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted .rmp file.
7211 CVE-2013-4937 2013-07-26 2013-07-26
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the AiCloud feature on the ASUS RT-AC66U, RT-N66U, RT-N65U, RT-N14U, RT-N16, RT-N56U, and DSL-N55U with firmware before 3.0.4.372 have unknown impact and attack vectors.
7212 CVE-2013-4841 Exec Code 2014-02-26 2014-02-26
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in dbd_manager in LeftHand OS before 11.0 in HP StoreVirtual 4000 and StoreVirtual VSA Software (formerly LeftHand Virtual SAN Appliance) allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1509.
7213 CVE-2013-4838 Exec Code 2013-11-04 2013-11-08
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1850.
7214 CVE-2013-4837 Exec Code 2013-11-04 2013-11-08
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1832.
7215 CVE-2013-4822 Exec Code 2013-10-13 2013-10-15
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Branch Intelligent Management System Software Module (aka BIMS) allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1606.
7216 CVE-2013-4813 94 Exec Code 2013-09-16 2013-09-25
10.0
None Remote Low Not required Complete Complete Complete
The Agent (aka AgentController) servlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 allows remote attackers to execute arbitrary commands via a HEAD request, aka ZDI-CAN-1745.
7217 CVE-2013-4812 20 Exec Code 2013-09-16 2013-09-25
10.0
None Remote Low Not required Complete Complete Complete
UpdateCertificatesServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the fileName argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743.
7218 CVE-2013-4811 20 Exec Code 2013-09-16 2013-09-25
10.0
None Remote Low Not required Complete Complete Complete
UpdateDomainControllerServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the adCert argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743.
7219 CVE-2013-4810 94 Exec Code 2013-09-16 2017-10-04
10.0
None Remote Low Not required Complete Complete Complete
HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet or (2) JMXInvokerServlet, aka ZDI-CAN-1760. NOTE: this is probably a duplicate of CVE-2007-1036, CVE-2010-0738, and/or CVE-2012-0874.
7220 CVE-2013-4808 2013-08-17 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Service Manager 7.11, 9.21, 9.30, and 9.31 and Service Center 6.2.8 allows remote attackers to obtain privileged access via unknown vectors.
7221 CVE-2013-4805 Bypass 2013-08-05 2013-08-22
9.0
None Remote Low Not required Partial Partial Complete
Unspecified vulnerability in HP Integrated Lights-Out 3 (aka iLO3) firmware before 1.60 and 4 (aka iLO4) firmware before 1.30 allows remote attackers to bypass authentication via unknown vectors.
7222 CVE-2013-4804 Exec Code +Info 2013-10-13 2013-10-15
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Business Process Monitor 9.13.1 patch 1 and 9.22 patch 1 allows remote attackers to execute arbitrary code and obtain sensitive information via unknown vectors.
7223 CVE-2013-4800 Exec Code 2013-07-29 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1735.
7224 CVE-2013-4798 Exec Code 2013-07-29 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1705.
7225 CVE-2013-4787 310 Exec Code 2013-07-09 2013-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Android 1.6 Donut through 4.2 Jelly Bean does not properly check cryptographic signatures for applications, which allows attackers to execute arbitrary code via an application package file (APK) that is modified in a way that does not violate the cryptographic signature, probably involving multiple entries in a Zip file with the same name in which one entry is validated but the other entry is installed, aka Android security bug 8219321 and the "Master Key" vulnerability.
7226 CVE-2013-4785 2013-07-08 2013-09-26
10.0
None Remote Low Not required Complete Complete Complete
The web interface on the Dell iDRAC6 with firmware before 1.95 allows remote attackers to modify the CLP interface for arbitrary users and possibly have other impact via a request to an unspecified form that is accessible from testurls.html. NOTE: the vendor disputes the significance of this issue, stating "DRAC's are intended to be on a separate management network; they are not designed nor intended to be placed on or connected to the Internet."
7227 CVE-2013-4784 287 1 Exec Code Bypass 2013-07-08 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
The HP Integrated Lights-Out (iLO) BMC implementation allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password.
7228 CVE-2013-4783 287 1 Exec Code Bypass 2013-07-08 2013-09-26
10.0
None Remote Low Not required Complete Complete Complete
The Dell iDRAC6 with firmware 1.x before 1.92 and 2.x and 3.x before 3.42, and iDRAC7 with firmware before 1.23.23, allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password. NOTE: the vendor disputes the significance of this issue, stating "DRAC's are intended to be on a separate management network; they are not designed nor intended to be placed on or connected to the Internet."
7229 CVE-2013-4782 287 1 Exec Code Bypass 2013-07-08 2013-10-16
10.0
None Remote Low Not required Complete Complete Complete
The Supermicro BMC implementation allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password.
7230 CVE-2013-4781 78 Exec Code 2013-07-18 2013-08-22
10.0
None Remote Low Not required Complete Complete Complete
core/getLog.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Controller (SBC) before 2 R0.32.0, and 7 before 7 R1.7.0, allows remote attackers to execute arbitrary commands via unspecified vectors.
7231 CVE-2013-4772 287 Bypass 2014-05-12 2014-05-12
9.3
None Remote Medium Not required Complete Complete Complete
D-Link DIR-505L SharePort Mobile Companion 1.01 and DIR-826L Wireless N600 Cloud Router 1.02 allows remote attackers to bypass authentication via a direct request when an authorized session is active.
7232 CVE-2013-4767 2013-10-09 2013-10-10
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Eucalyptus before 3.3.2 has unknown impact and attack vectors.
7233 CVE-2013-4737 264 Bypass 2014-02-15 2014-02-18
9.3
None Remote Medium Not required Complete Complete Complete
The CONFIG_STRICT_MEMORY_RWX implementation for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly consider certain memory sections, which makes it easier for attackers to bypass intended access restrictions by leveraging the presence of RWX memory at a fixed location.
7234 CVE-2013-4735 264 2013-06-30 2013-07-01
10.0
None Remote Low Not required Complete Complete Complete
The Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 have a default password for an administrative account, which makes it easier for remote attackers to obtain access via an IP network.
7235 CVE-2013-4732 255 2013-06-30 2013-07-01
10.0
None Remote Low Not required Complete Complete Complete
** DISPUTED ** The administrative web server on the Digital Alert Systems DASDEC EAS device through 2.0-2 and the Monroe Electronics R189 One-Net EAS device through 2.0-2 uses predictable session ID values, which makes it easier for remote attackers to hijack sessions by sniffing the network. NOTE: VU#662676 states "Monroe Electronics could not reproduce this finding."
7236 CVE-2013-4731 287 Exec Code 2013-06-30 2013-07-17
9.3
None Remote Medium Not required Complete Complete Complete
ajax.cgi in the web interface on the Choice Wireless Green Packet WIXFMR-111 4G WiMax modem allows remote attackers to execute arbitrary commands via shell metacharacters in the pip parameter in an Ajax tag_ipPing request, a different vulnerability than CVE-2013-3581.
7237 CVE-2013-4730 119 1 Exec Code Overflow 2014-05-15 2016-12-30
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in PCMan's FTP Server 2.0.7 allows remote attackers to execute arbitrary code via a long string in a USER command.
7238 CVE-2013-4710 20 DoS 2014-03-02 2014-03-10
9.3
None Remote Medium Not required Complete Complete Complete
Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows remote attackers to execute arbitrary methods of Java objects or cause a denial of service (reboot) via a crafted web page, as demonstrated by use of the WebView.addJavascriptInterface method, a related issue to CVE-2012-6636.
7239 CVE-2013-4697 +Priv 2013-07-31 2013-07-31
9.0
None Remote Low Single system Complete Complete Complete
Multiple unspecified vulnerabilities in Hitachi JP1/IT Desktop Management - Manager 09-50 through 09-50-03, 09-51 through 09-51-05, 10-00 through 10-00-02, and 10-01 through 10-01-02; Hitachi Job Management Partner 1/IT Desktop Management - Manager 09-50 through 09-50-03 and 10-01; and Hitachi IT Operations Director 02-50 through 02-50-07, 03-00 through 03-00-12, and 04-00 through 04-00-01 allow remote authenticated users to gain privileges via unknown vectors.
7240 CVE-2013-4685 119 Exec Code Overflow 2013-07-11 2013-08-22
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7, 12.1 before 12.1R6, and 12.1X44 before 12.1X44-D15 on SRX devices, when Captive Portal is enabled with the UAC enforcer role, allows remote attackers to execute arbitrary code via crafted HTTP requests, aka PR 849100.
7241 CVE-2013-4659 119 Exec Code Overflow 2017-03-14 2017-03-15
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Broadcom ACSD allows remote attackers to execute arbitrary code via a long string to TCP port 5916. This component is used on routers of multiple vendors including ASUS RT-AC66U and TRENDnet TEW-812DRU.
7242 CVE-2013-4652 Exec Code Bypass 2013-08-01 2013-08-01
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the command-line management interface on Siemens Scalance W7xx devices with firmware before 4.5.4 allows remote attackers to bypass authentication and execute arbitrary code via a (1) SSH or (2) TELNET connection.
7243 CVE-2013-4633 264 +Priv 2013-06-20 2013-06-21
9.0
None Remote Low Single system Complete Complete Complete
Huawei Seco Versatile Security Manager (VSM) before V200R002C00SPC300 allows remote authenticated users to gain privileges via a certain change to a group configuration setting.
7244 CVE-2013-4611 2013-06-17 2013-06-17
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in REDCap before 5.1.1 allow remote attackers to have an unknown impact via vectors involving (1) the Online Designer page or (2) the Manage Survey Participants page.
7245 CVE-2013-4610 2013-06-17 2013-06-17
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Data Search utility in data-entry forms in REDCap before 5.0.3 and 5.1.x before 5.1.2 has unknown impact and remote attack vectors.
7246 CVE-2013-4495 94 Exec Code 2013-11-20 2016-12-07
10.0
None Remote Low Not required Complete Complete Complete
The send_the_mail function in server/svr_mail.c in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) before 4.2.6 allows remote attackers to execute arbitrary commands via shell metacharacters in the email (-M switch) to qsub.
7247 CVE-2013-4437 2013-11-05 2013-11-07
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in salt-ssh in Salt (aka SaltStack) 0.17.0 has unspecified impact and vectors related to "insecure Usage of /tmp."
7248 CVE-2013-4436 20 2013-11-05 2013-11-07
9.3
None Remote Medium Not required Complete Complete Complete
The default configuration for salt-ssh in Salt (aka SaltStack) 0.17.0 does not validate the SSH host key of requests, which allows remote attackers to have unspecified impact via a man-in-the-middle (MITM) attack.
7249 CVE-2013-4319 264 Exec Code 2013-10-11 2013-10-15
9.0
None Remote Low Single system Complete Complete Complete
pbs_mom in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 2.5.x, 4.x, and earlier does not properly restrict access by unprivileged ports, which allows remote authenticated users to execute arbitrary jobs by submitting a command.
7250 CVE-2013-4316 284 2013-09-30 2016-12-07
10.0
None Remote Low Not required Complete Complete Complete
Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.