CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In September 2013

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
101 CVE-2013-5370 Exec Code 2013-09-30 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in IBM SPSS Collaboration and Deployment Services 4.2.1 and 5.0 through FP2 allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2013-4042.
102 CVE-2013-5369 94 Exec Code 2013-09-16 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
IBM SPSS Analytical Decision Management 6.1 before IF1, 6.2 before IF1, and 7.0 before FP1 IF6 might allow remote attackers to execute arbitrary code by deploying and accessing a service.
103 CVE-2013-5324 119 DoS Exec Code Overflow Mem. Corr. 2013-09-12 2018-12-13
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows and Mac OS X, before 11.2.202.310 on Linux, before 11.1.111.73 on Android 2.x and 3.x, and before 11.1.115.81 on Android 4.x; Adobe AIR before 3.8.0.1430; and Adobe AIR SDK & Compiler before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3361, CVE-2013-3362, and CVE-2013-3363.
104 CVE-2013-5221 20 2013-09-24 2013-12-30
3.5
None Remote Medium Single system None Partial None
The mobile-upload feature in Esri ArcGIS for Server 10.1 through 10.2 allows remote authenticated users to upload .exe files by leveraging (1) publisher or (2) administrator privileges.
105 CVE-2013-5216 22 Dir. Trav. 2013-09-12 2013-09-13
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in logreader/uploadreader.jsp in CapaSystems Performance Guard before 6.2.102 allows remote attackers to read arbitrary files via unspecified vectors.
106 CVE-2013-5200 287 +Info 2013-09-25 2013-10-15
7.5
None Remote Low Not required Partial Partial Partial
The (1) REST and (2) memcache interfaces in the Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 do not require authentication, which allows remote attackers to obtain sensitive information or modify data via an API call.
107 CVE-2013-5161 264 Bypass 2013-09-27 2013-10-07
4.4
None Local Medium Not required Partial Partial Partial
Passcode Lock in Apple iOS before 7.0.2 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement, and open the Camera app or read the list of all recently opened apps, by leveraging unspecified transition errors.
108 CVE-2013-5160 264 Bypass 2013-09-27 2013-10-07
3.3
None Local Medium Not required Partial Partial None
Passcode Lock in Apple iOS before 7.0.2 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by making a series of taps of the emergency-call button to trigger a NULL pointer dereference.
109 CVE-2013-5159 264 Bypass +Info 2013-09-19 2013-10-22
4.3
None Remote Medium Not required Partial None None
WebKit in Apple iOS before 7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive information about use of the window.webkitRequestAnimationFrame API via an IFRAME element.
110 CVE-2013-5158 264 +Info 2013-09-19 2013-10-22
2.1
None Local Low Not required Partial None None
The Social subsystem in Apple iOS before 7 does not properly restrict access to the cache of Twitter icons, which allows physically proximate attackers to obtain sensitive information about recent Twitter interaction via unspecified vectors.
111 CVE-2013-5157 264 2013-09-19 2013-10-22
5.0
None Remote Low Not required None Partial None
The Twitter subsystem in Apple iOS before 7 does not require API conformity for access to Twitter daemon interfaces, which allows attackers to post Tweets via a crafted app that sends direct requests to the daemon.
112 CVE-2013-5156 264 Bypass 2013-09-19 2013-10-22
4.3
None Remote Medium Not required Partial None None
The Telephony subsystem in Apple iOS before 7 does not require API conformity for access to telephony-daemon interfaces, which allows attackers to bypass intended restrictions on phone calls via a crafted app that sends direct requests to the daemon.
113 CVE-2013-5155 20 DoS 2013-09-19 2013-10-22
7.1
None Remote Medium Not required None None Complete
The Sandbox subsystem in Apple iOS before 7 allows attackers to cause a denial of service (infinite loop) via an application that writes crafted values to /dev/random.
114 CVE-2013-5154 264 Bypass 2013-09-19 2013-10-25
4.3
None Remote Medium Not required None Partial None
The Sandbox subsystem in Apple iOS before 7 determines the sandboxing requirement for a #! application on the basis of the script interpreter instead of the script, which allows attackers to bypass intended access restrictions via a crafted application.
115 CVE-2013-5153 264 2013-09-19 2013-10-22
2.1
None Local Low Not required Partial None None
Springboard in Apple iOS before 7 does not properly manage the lock state in Lost Mode, which allows physically proximate attackers to read notifications via unspecified vectors.
116 CVE-2013-5152 20 2013-09-19 2013-10-11
4.3
None Remote Medium Not required None Partial None
Mobile Safari in Apple iOS before 7 allows remote attackers to spoof the URL bar via a crafted web site.
117 CVE-2013-5151 79 XSS 2013-09-19 2013-10-22
4.3
None Remote Medium Not required None Partial None
Mobile Safari in Apple iOS before 7 does not prevent HTML interpretation of a document served with a text/plain content type, which allows remote attackers to conduct cross-site scripting (XSS) attacks by uploading a file.
118 CVE-2013-5150 200 +Info 2013-09-19 2014-10-24
1.9
None Local Medium Not required Partial None None
The history-clearing feature in Safari in Apple iOS before 7 does not clear the back/forward history of an open tab, which allows physically proximate attackers to obtain sensitive information by leveraging an unattended workstation.
119 CVE-2013-5149 264 +Info 2013-09-19 2013-10-25
4.3
None Remote Medium Not required Partial None None
The Push Notifications subsystem in Apple iOS before 7 provides the push-notification token to an app without user approval, which allows attackers to obtain sensitive information via an app that employs a crafted push-notification registration process.
120 CVE-2013-5147 362 Bypass 2013-09-19 2013-09-26
3.7
None Local High Not required Partial Partial Partial
Passcode Lock in Apple iOS before 7 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging a race condition involving phone calls and ejection of a SIM card.
121 CVE-2013-5145 264 2013-09-19 2013-10-30
6.3
None Local Medium Not required None Complete Complete
kextd in Kext Management in Apple iOS before 7 does not properly verify authorization for IPC messages, which allows local users to (1) load or (2) unload kernel extensions via a crafted message.
122 CVE-2013-5142 200 +Info 2013-09-19 2013-10-30
4.9
None Local Low Not required Complete None None
The kernel in Apple iOS before 7 does not initialize unspecified kernel data structures, which allows local users to obtain sensitive information from kernel stack memory via the (1) msgctl API or (2) segctl API.
123 CVE-2013-5141 189 DoS 2013-09-19 2013-10-30
7.1
None Remote Medium Not required None None Complete
The kernel in Apple iOS before 7 uses an incorrect data size for a certain integer variable, which allows attackers to cause a denial of service (infinite loop and device hang) via a crafted application, related to an "integer truncation vulnerability."
124 CVE-2013-5140 20 DoS 2013-09-19 2013-10-22
7.8
None Remote Low Not required None None Complete
The kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (assertion failure and device restart) via an invalid packet fragment.
125 CVE-2013-5139 119 DoS Exec Code Overflow 2013-09-19 2014-03-05
9.3
None Remote Medium Not required Complete Complete Complete
The IOSerialFamily driver in Apple iOS before 7 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds array access) via a crafted application.
126 CVE-2013-5138 DoS 2013-09-19 2013-10-30
4.7
None Local Medium Not required None None Complete
IOCatalogue in IOKitUser in Apple iOS before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via a crafted application.
127 CVE-2013-5137 264 2013-09-19 2013-10-22
2.6
None Remote High Not required None None Partial
IOKit in Apple iOS before 7 allows attackers to send user-interface events to the foreground app by leveraging control over a background app and using the (1) task-completion API or (2) VoIP API.
128 CVE-2013-5132 189 DoS 2013-09-07 2013-09-18
5.4
None Remote High Not required None None Complete
Apple AirPort Base Station Firmware before 7.6.4 does not properly handle incorrect frame lengths, which allows remote attackers to cause a denial of service (device crash) by associating with the access point and then sending a short frame.
129 CVE-2013-5131 79 XSS 2013-09-19 2013-10-30
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
130 CVE-2013-5129 79 XSS 2013-09-19 2013-10-30
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in WebKit in Apple iOS before 7 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation.
131 CVE-2013-5128 119 DoS Exec Code Overflow Mem. Corr. 2013-09-19 2014-01-27
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
132 CVE-2013-5127 119 DoS Exec Code Overflow Mem. Corr. 2013-09-19 2014-01-27
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
133 CVE-2013-5126 119 DoS Exec Code Overflow Mem. Corr. 2013-09-19 2014-01-27
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
134 CVE-2013-5125 119 DoS Exec Code Overflow Mem. Corr. 2013-09-19 2014-01-27
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
135 CVE-2013-5119 287 2013-09-23 2013-10-16
6.8
None Remote Medium Not required Partial Partial Partial
Zimbra Collaboration Suite (ZCS) 6.0.16 and earlier allows man-in-the-middle attackers to obtain access by sniffing the network and replaying the ZM_AUTH_TOKEN token.
136 CVE-2013-5118 79 XSS 2013-09-25 2013-09-25
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Good for Enterprise app before 2.2.4.1659 for iOS allows remote attackers to inject arbitrary web script or HTML via an HTML e-mail message.
137 CVE-2013-5093 94 1 Exec Code 2013-09-27 2013-10-07
6.8
None Remote Medium Not required Partial Partial Partial
The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object.
138 CVE-2013-5035 362 2013-09-05 2013-10-08
4.9
None Remote Medium Single system Partial Partial None
Multiple race conditions in HtmlCleaner before 2.6, as used in Open-Xchange AppSuite 7.2.2 before rev13 and other products, allow remote authenticated users to read the private e-mail of other persons in opportunistic circumstances by leveraging lack of thread safety and performing a rapid series of (1) mail-sending or (2) draft-saving operations.
139 CVE-2013-4984 78 +Priv 2013-09-10 2016-11-08
7.2
None Local Low Not required Complete Complete Complete
The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows local users to gain privileges via shell metacharacters in the second argument.
140 CVE-2013-4983 78 Exec Code 2013-09-10 2013-10-09
10.0
None Remote Low Not required Complete Complete Complete
The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to end-user/index.php.
141 CVE-2013-4900 22 1 Dir. Trav. 2013-09-09 2013-09-13
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in DeWeS web server 0.4.2 and possibly earlier, as used in Twilight CMS, allows remote attackers to read arbitrary files via a ..%5c (dot dot encoded backslash) in a GET request.
142 CVE-2013-4899 79 XSS 2013-09-09 2013-09-10
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Twilight CMS 5.17 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the gallery/ page.
143 CVE-2013-4821 DoS 2013-09-23 2019-10-09
4.0
None Remote Low Single system None None Partial
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors.
144 CVE-2013-4820 +Info 2013-09-23 2018-05-09
2.1
None Remote High Single system Partial None None
Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall SSO Agent Option 8.0 through 10.0, IceWall SSO Smart Device Option 10.0, IceWall SSO SAML2 Agent Option 8.0, IceWall SSO JAVA Agent Library 8.0 through 10.0, IceWall Federation Agent 3.0, and IceWall File Manager 3.0 through SP4 allows remote authenticated users to obtain sensitive information via unknown vectors.
145 CVE-2013-4819 +Info 2013-09-23 2018-05-09
3.5
None Remote Medium Single system Partial None None
Unspecified vulnerability in HP IceWall SSO Agent Option 8.0 through 10.0 allows remote authenticated users to obtain sensitive information via unknown vectors.
146 CVE-2013-4818 +Info 2013-09-23 2018-05-09
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall SSO Agent Option 8.0 through 10.0, IceWall SSO Smart Device Option 10.0, and IceWall File Manager 3.0 through SP4 allows remote attackers to obtain sensitive information via unknown vectors.
147 CVE-2013-4817 +Info 2013-09-23 2018-05-09
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in HP IceWall SSO Agent Option 8.0 through 10.0 allows remote attackers to obtain sensitive information via unknown vectors.
148 CVE-2013-4815 79 XSS 2013-09-20 2019-10-09
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the web interface in HP ArcSight Enterprise Security Manager (ESM) before 5.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
149 CVE-2013-4814 79 XSS 2013-09-23 2019-10-09
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in HP XP P9000 Command View Advanced Edition Suite Software 7.x before 7.5.0-02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
150 CVE-2013-4813 94 Exec Code 2013-09-16 2013-09-25
10.0
None Remote Low Not required Complete Complete Complete
The Agent (aka AgentController) servlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 allows remote attackers to execute arbitrary commands via a HEAD request, aka ZDI-CAN-1745.
Total number of vulnerabilities : 464   Page : 1 2 3 (This Page)4 5 6 7 8 9 10
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.