CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
7401 CVE-2013-5051 119 DoS Exec Code Overflow Mem. Corr. 2013-12-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
7402 CVE-2013-5049 119 DoS Exec Code Overflow Mem. Corr. 2013-12-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
7403 CVE-2013-5048 119 DoS Exec Code Overflow Mem. Corr. 2013-12-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-5047.
7404 CVE-2013-5047 119 DoS Exec Code Overflow Mem. Corr. 2013-12-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-5048.
7405 CVE-2013-5034 2014-01-12 2014-01-13
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vulnerability than CVE-2013-5031, CVE-2013-5032, and CVE-2013-5033.
7406 CVE-2013-5033 2014-01-12 2014-01-13
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vulnerability than CVE-2013-5031, CVE-2013-5032, and CVE-2013-5034.
7407 CVE-2013-5032 2014-01-12 2014-01-13
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vulnerability than CVE-2013-5031, CVE-2013-5033, and CVE-2013-5034.
7408 CVE-2013-5031 2014-01-12 2014-01-13
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vulnerability than CVE-2013-5032, CVE-2013-5033, and CVE-2013-5034.
7409 CVE-2013-5026 Exec Code 2013-08-06 2013-09-17
9.3
None Remote Medium Not required Complete Complete Complete
An ActiveX control in lookout650.ocx, lookout660.ocx, and lookout670.ocx in National Instruments Lookout 6.5 through 6.7 allows remote attackers to execute arbitrary code by triggering the download of, and calls to, an arbitrary DLL file.
7410 CVE-2013-5022 22 Dir. Trav. 2013-08-06 2013-09-17
10.0
None Remote Low Not required Complete Complete Complete
Absolute path traversal vulnerability in the 3D Graph ActiveX control in cw3dgrph.ocx in National Instruments LabWindows/CVI 2012 SP1 and earlier, LabVIEW 2012 SP1 and earlier, and other products allows remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method, in conjunction with file content in the (1) Caption or (2) FormatString property value.
7411 CVE-2013-5021 22 Dir. Trav. 2013-08-06 2013-09-17
9.3
None Remote Medium Not required Complete Complete Complete
Multiple absolute path traversal vulnerabilities in National Instruments cwui.ocx, as used in National Instruments LabWindows/CVI 2012 SP1 and earlier, National Instruments LabVIEW 2012 SP1 and earlier, the Data Analysis component in ABB DataManager 1 through 6.3.6, and other products allow remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method in the (1) CWNumEdit, (2) CWGraph, (3) CWBoolean, (4) CWSlide, or (5) CWKnob ActiveX control, in conjunction with file content in the (a) Caption or (b) FormatString property value.
7412 CVE-2013-5019 119 3 Exec Code Overflow 2013-07-31 2018-04-26
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in Ultra Mini HTTPD 1.21 allows remote attackers to execute arbitrary code via a long resource name in an HTTP request.
7413 CVE-2013-4988 119 1 Exec Code Overflow 2013-12-13 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in IcoFX 2.5 and earlier allows remote attackers to execute arbitrary code via a long idCount value in an ICONDIR structure in an ICO file. NOTE: some of these details are obtained from third party information.
7414 CVE-2013-4983 78 Exec Code 2013-09-10 2013-10-09
10.0
None Remote Low Not required Complete Complete Complete
The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to end-user/index.php.
7415 CVE-2013-4981 119 DoS Exec Code Overflow 2014-03-03 2014-03-04
9.0
None Remote Low Not required Partial Partial Complete
Buffer overflow in cgi-bin/user/Config.cgi in AVTECH AVN801 DVR with firmware 1017-1003-1009-1003 and earlier, and possibly other devices, allows remote attackers to cause a denial of service (device crash) and possibly execute arbitrary code via a long string in the Network.SMTP.Receivers parameter.
7416 CVE-2013-4980 119 DoS Exec Code Overflow 2014-03-03 2014-03-04
9.0
None Remote Low Not required Partial Partial Complete
Buffer overflow in the RTSP Packet Handler in AVTECH AVN801 DVR with firmware 1017-1003-1009-1003 and earlier, and possibly other devices, allows remote attackers to cause a denial of service (device crash) and possibly execute arbitrary code via a long string in the URI in an RTSP SETUP request.
7417 CVE-2013-4979 119 Exec Code Overflow 2014-01-31 2014-02-21
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the gldll32.dll module in EPS Viewer 3.2 and earlier allows remote attackers to execute arbitrary code via a crafted EPS file.
7418 CVE-2013-4978 119 Exec Code Overflow 2014-02-05 2014-02-24
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in AloahaPDFViewer 5.0.0.7 and earlier in Aloaha PDF Suite FREE allows remote attackers to execute arbitrary code via a crafted PDF file.
7419 CVE-2013-4977 119 DoS Exec Code Overflow 2014-03-03 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the RTSP Packet Handler in Hikvision DS-2CD7153-E IP camera with firmware 4.1.0 b130111 (Jan 2013), and possibly other devices, allows remote attackers to cause a denial of service (device crash and reboot) and possibly execute arbitrary code via a long string in the Range header field in an RTSP transaction.
7420 CVE-2013-4974 119 DoS Exec Code Overflow Mem. Corr. 2013-08-26 2013-09-11
9.3
None Remote Medium Not required Complete Complete Complete
RealNetworks RealPlayer before 16.0.3.51, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed RealMedia file.
7421 CVE-2013-4973 119 Exec Code Overflow 2013-08-26 2013-09-11
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in RealNetworks RealPlayer before 16.0.3.51, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted .rmp file.
7422 CVE-2013-4937 2013-07-26 2013-07-26
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the AiCloud feature on the ASUS RT-AC66U, RT-N66U, RT-N65U, RT-N14U, RT-N16, RT-N56U, and DSL-N55U with firmware before 3.0.4.372 have unknown impact and attack vectors.
7423 CVE-2013-4841 Exec Code 2014-02-26 2014-02-26
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in dbd_manager in LeftHand OS before 11.0 in HP StoreVirtual 4000 and StoreVirtual VSA Software (formerly LeftHand Virtual SAN Appliance) allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1509.
7424 CVE-2013-4838 Exec Code 2013-11-04 2013-11-08
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1850.
7425 CVE-2013-4837 Exec Code 2013-11-04 2013-11-08
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1832.
7426 CVE-2013-4822 Exec Code 2013-10-13 2013-10-15
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Branch Intelligent Management System Software Module (aka BIMS) allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1606.
7427 CVE-2013-4813 94 Exec Code 2013-09-16 2013-09-25
10.0
None Remote Low Not required Complete Complete Complete
The Agent (aka AgentController) servlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 allows remote attackers to execute arbitrary commands via a HEAD request, aka ZDI-CAN-1745.
7428 CVE-2013-4812 20 Exec Code 2013-09-16 2013-09-25
10.0
None Remote Low Not required Complete Complete Complete
UpdateCertificatesServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the fileName argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743.
7429 CVE-2013-4811 20 Exec Code 2013-09-16 2013-09-25
10.0
None Remote Low Not required Complete Complete Complete
UpdateDomainControllerServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the adCert argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743.
7430 CVE-2013-4810 94 Exec Code 2013-09-16 2017-10-04
10.0
None Remote Low Not required Complete Complete Complete
HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet or (2) JMXInvokerServlet, aka ZDI-CAN-1760. NOTE: this is probably a duplicate of CVE-2007-1036, CVE-2010-0738, and/or CVE-2012-0874.
7431 CVE-2013-4808 2013-08-17 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Service Manager 7.11, 9.21, 9.30, and 9.31 and Service Center 6.2.8 allows remote attackers to obtain privileged access via unknown vectors.
7432 CVE-2013-4805 Bypass 2013-08-05 2013-08-22
9.0
None Remote Low Not required Partial Partial Complete
Unspecified vulnerability in HP Integrated Lights-Out 3 (aka iLO3) firmware before 1.60 and 4 (aka iLO4) firmware before 1.30 allows remote attackers to bypass authentication via unknown vectors.
7433 CVE-2013-4804 Exec Code +Info 2013-10-13 2013-10-15
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Business Process Monitor 9.13.1 patch 1 and 9.22 patch 1 allows remote attackers to execute arbitrary code and obtain sensitive information via unknown vectors.
7434 CVE-2013-4800 Exec Code 2013-07-29 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1735.
7435 CVE-2013-4798 Exec Code 2013-07-29 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1705.
7436 CVE-2013-4787 310 Exec Code 2013-07-09 2013-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Android 1.6 Donut through 4.2 Jelly Bean does not properly check cryptographic signatures for applications, which allows attackers to execute arbitrary code via an application package file (APK) that is modified in a way that does not violate the cryptographic signature, probably involving multiple entries in a Zip file with the same name in which one entry is validated but the other entry is installed, aka Android security bug 8219321 and the "Master Key" vulnerability.
7437 CVE-2013-4785 2013-07-08 2013-09-26
10.0
None Remote Low Not required Complete Complete Complete
The web interface on the Dell iDRAC6 with firmware before 1.95 allows remote attackers to modify the CLP interface for arbitrary users and possibly have other impact via a request to an unspecified form that is accessible from testurls.html. NOTE: the vendor disputes the significance of this issue, stating "DRAC's are intended to be on a separate management network; they are not designed nor intended to be placed on or connected to the Internet."
7438 CVE-2013-4784 287 1 Exec Code Bypass 2013-07-08 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
The HP Integrated Lights-Out (iLO) BMC implementation allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password.
7439 CVE-2013-4783 287 1 Exec Code Bypass 2013-07-08 2013-09-26
10.0
None Remote Low Not required Complete Complete Complete
The Dell iDRAC6 with firmware 1.x before 1.92 and 2.x and 3.x before 3.42, and iDRAC7 with firmware before 1.23.23, allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password. NOTE: the vendor disputes the significance of this issue, stating "DRAC's are intended to be on a separate management network; they are not designed nor intended to be placed on or connected to the Internet."
7440 CVE-2013-4782 287 1 Exec Code Bypass 2013-07-08 2013-10-16
10.0
None Remote Low Not required Complete Complete Complete
The Supermicro BMC implementation allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password.
7441 CVE-2013-4781 78 Exec Code 2013-07-18 2013-08-22
10.0
None Remote Low Not required Complete Complete Complete
core/getLog.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Controller (SBC) before 2 R0.32.0, and 7 before 7 R1.7.0, allows remote attackers to execute arbitrary commands via unspecified vectors.
7442 CVE-2013-4772 287 Bypass 2014-05-12 2014-05-12
9.3
None Remote Medium Not required Complete Complete Complete
D-Link DIR-505L SharePort Mobile Companion 1.01 and DIR-826L Wireless N600 Cloud Router 1.02 allows remote attackers to bypass authentication via a direct request when an authorized session is active.
7443 CVE-2013-4767 2013-10-09 2013-10-10
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Eucalyptus before 3.3.2 has unknown impact and attack vectors.
7444 CVE-2013-4737 264 Bypass 2014-02-15 2014-02-18
9.3
None Remote Medium Not required Complete Complete Complete
The CONFIG_STRICT_MEMORY_RWX implementation for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly consider certain memory sections, which makes it easier for attackers to bypass intended access restrictions by leveraging the presence of RWX memory at a fixed location.
7445 CVE-2013-4735 264 2013-06-30 2013-07-01
10.0
None Remote Low Not required Complete Complete Complete
The Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 have a default password for an administrative account, which makes it easier for remote attackers to obtain access via an IP network.
7446 CVE-2013-4732 255 2013-06-30 2013-07-01
10.0
None Remote Low Not required Complete Complete Complete
** DISPUTED ** The administrative web server on the Digital Alert Systems DASDEC EAS device through 2.0-2 and the Monroe Electronics R189 One-Net EAS device through 2.0-2 uses predictable session ID values, which makes it easier for remote attackers to hijack sessions by sniffing the network. NOTE: VU#662676 states "Monroe Electronics could not reproduce this finding."
7447 CVE-2013-4731 287 Exec Code 2013-06-30 2013-07-17
9.3
None Remote Medium Not required Complete Complete Complete
ajax.cgi in the web interface on the Choice Wireless Green Packet WIXFMR-111 4G WiMax modem allows remote attackers to execute arbitrary commands via shell metacharacters in the pip parameter in an Ajax tag_ipPing request, a different vulnerability than CVE-2013-3581.
7448 CVE-2013-4730 119 1 Exec Code Overflow 2014-05-15 2016-12-30
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in PCMan's FTP Server 2.0.7 allows remote attackers to execute arbitrary code via a long string in a USER command.
7449 CVE-2013-4710 20 DoS 2014-03-02 2014-03-10
9.3
None Remote Medium Not required Complete Complete Complete
Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows remote attackers to execute arbitrary methods of Java objects or cause a denial of service (reboot) via a crafted web page, as demonstrated by use of the WebView.addJavascriptInterface method, a related issue to CVE-2012-6636.
7450 CVE-2013-4697 +Priv 2013-07-31 2013-07-31
9.0
None Remote Low Single system Complete Complete Complete
Multiple unspecified vulnerabilities in Hitachi JP1/IT Desktop Management - Manager 09-50 through 09-50-03, 09-51 through 09-51-05, 10-00 through 10-00-02, and 10-01 through 10-01-02; Hitachi Job Management Partner 1/IT Desktop Management - Manager 09-50 through 09-50-03 and 10-01; and Hitachi IT Operations Director 02-50 through 02-50-07, 03-00 through 03-00-12, and 04-00 through 04-00-01 allow remote authenticated users to gain privileges via unknown vectors.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.