CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2013

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
251 CVE-2013-5170 119 DoS Exec Code Overflow 2013-10-24 2014-04-24
6.8
None Remote Medium Not required Partial Partial Partial
Buffer underflow in CoreGraphics in Apple Mac OS X before 10.9 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.
252 CVE-2013-5169 264 +Info 2013-10-24 2013-10-25
1.9
None Local Medium Not required Partial None None
CoreGraphics in Apple Mac OS X before 10.9, when display-sleep mode is used, does not ensure that screen locking blocks the visibility of all windows, which allows physically proximate attackers to obtain sensitive information by reading the screen.
253 CVE-2013-5168 20 2013-10-24 2013-10-24
6.8
None Remote Medium Not required Partial Partial Partial
Console in Apple Mac OS X before 10.9 allows user-assisted remote attackers to execute arbitrary applications by triggering a log entry with a crafted attached URL.
254 CVE-2013-5167 16 2013-10-24 2013-10-24
5.0
None Remote Low Not required None Partial None
CFNetwork in Apple Mac OS X before 10.9 does not properly support Safari's deletion of session cookies in response to a reset operation, which makes it easier for remote web servers to track users via Set-Cookie HTTP headers.
255 CVE-2013-5166 DoS 2013-10-24 2013-10-24
4.9
None Local Low Not required None None Complete
The Bluetooth USB host controller in Apple Mac OS X before 10.9 prematurely deletes interfaces, which allows local users to cause a denial of service (system crash) via a crafted application.
256 CVE-2013-5165 264 Bypass 2013-10-24 2013-10-25
6.4
None Remote Low Not required Partial Partial None
socketfilterfw in Application Firewall in Apple Mac OS X before 10.9 does not properly implement the --blockApp option, which allows remote attackers to bypass intended access restrictions via a network connection to an application for which blocking was configured.
257 CVE-2013-5164 362 Bypass 2013-10-24 2013-10-24
3.3
None Local Medium Not required Partial Partial None
Multiple race conditions in the Phone app in Apple iOS before 7.0.3 allow physically proximate attackers to bypass the locked state, and dial the telephone numbers in arbitrary Contacts entries, by visiting the Contacts pane.
258 CVE-2013-5163 287 Bypass 2013-10-04 2013-10-07
6.6
None Local Low Not required None Complete Complete
Directory Services in Apple Mac OS X before 10.8.5 Supplemental Update allows local users to bypass password-based authentication and modify arbitrary Directory Services records via unspecified vectors.
259 CVE-2013-5162 264 Bypass 2013-10-24 2013-10-24
2.1
None Local Low Not required Partial None None
Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass the passcode-failure disabled state by leveraging certain incorrect visibility of the passcode-entry view after use of the Phone app.
260 CVE-2013-5148 264 2013-10-24 2013-10-24
7.2
None Local Low Not required Complete Complete Complete
Apple Keynote before 6.0 does not properly handle the interaction between Keynote presentation mode and the Screen Lock implementation, which allows physically proximate attackers to obtain access by visiting an unattended workstation on which this mode was enabled during a sleep operation.
261 CVE-2013-5144 264 Bypass 2013-10-24 2013-10-24
3.3
None Local Medium Not required Partial Partial None
Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by tapping the emergency-call button during a certain notification and camera-pane state to trigger a NULL pointer dereference.
262 CVE-2013-5143 2013-10-24 2013-10-24
6.8
None Remote Medium Not required Partial Partial Partial
The RADIUS service in Server App in Apple OS X Server before 3.0 selects a fallback X.509 certificate in unspecified circumstances, which might allow man-in-the-middle attackers to hijack RADIUS sessions by leveraging knowledge of the private key that matches this fallback certificate.
263 CVE-2013-5136 200 +Info 2013-10-24 2018-10-30
4.3
None Remote Medium Not required Partial None None
Apple Remote Desktop before 3.7 does not properly use server authentication-type information during decisions about whether to present an unencrypted-connection warning message, which allows remote attackers to obtain sensitive information in opportunistic circumstances by sniffing the network during an unintended cleartext VNC session.
264 CVE-2013-5135 134 Exec Code 2013-10-24 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in Screen Sharing Server in Apple Mac OS X before 10.9 and Apple Remote Desktop before 3.5.4 allows remote attackers to execute arbitrary code via format string specifiers in a VNC username.
265 CVE-2013-5130 200 +Info 2013-10-24 2013-10-24
5.0
None Remote Low Not required Partial None None
WebKit in Apple Safari before 6.1 disables the Private Browsing feature upon a launch of the Web Inspector, which makes it easier for context-dependent attackers to obtain browsing information by leveraging LocalStorage/ files.
266 CVE-2013-5091 89 1 Exec Code Sql 2013-10-04 2018-10-30
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in CalendarCommon.php in vTiger CRM 5.4.0 and possibly earlier allows remote authenticated users to execute arbitrary SQL commands via the onlyforuser parameter in an index action to index.php. NOTE: this issue might be a duplicate of CVE-2011-4559.
267 CVE-2013-5030 264 Bypass 2013-10-16 2014-04-23
7.2
None Local Low Not required Complete Complete Complete
Ruckus Wireless Zoneflex 2942 devices with firmware 9.6.0.0.267 allow remote attackers to bypass authentication, and subsequently access certain configuration/ and maintenance/ scripts, by constructing a crafted URI after receiving an authentication error for an arbitrary login attempt.
268 CVE-2013-5028 89 Exec Code Sql 2013-10-11 2017-08-29
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in IT/hardware-list.dll in Kwoksys Kwok Information Server before 2.8.5 allows remote authenticated users to execute arbitrary SQL commands via the (1) hardwareType, (2) hardwareStatus, or (3) hardwareLocation parameter in a search command.
269 CVE-2013-5008 200 DoS +Info 2013-10-10 2013-10-10
4.6
None Local Low Not required Partial Partial Partial
The agent and task-agent components in Symantec Management Platform 7.0 and 7.1 before 7.1 SP2 Mp1.1v7 rollup, as used in certain Altiris products, use the same registry-entry encryption key across different customers' installations, which makes it easier for local users to obtain sensitive information about package-server access, or cause a denial of service, by leveraging knowledge of this key.
270 CVE-2013-4986 119 Exec Code Overflow 2013-10-04 2013-10-07
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in PDFAX0722_IconCool.dll 7.22.1125.2121 in IconCool PDFCool Studio 3.32 Build 130330 and earlier allows remote attackers to execute arbitrary code via a crafted PDF file.
271 CVE-2013-4965 287 Bypass 2013-10-25 2019-07-10
5.0
None Remote Low Not required None Partial None
Puppet Enterprise before 3.1.0 does not properly restrict the number of authentication attempts by a console account, which makes it easier for remote attackers to bypass intended access restrictions via a brute-force attack.
272 CVE-2013-4957 94 Exec Code 2013-10-25 2019-07-10
6.8
None Remote Medium Not required Partial Partial Partial
The dashboard report in Puppet Enterprise before 3.0.1 allows attackers to execute arbitrary YAML code via a crafted report-specific type.
273 CVE-2013-4885 Dir. Trav. 2013-10-26 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
The http-domino-enum-passwords.nse script in NMap before 6.40, when domino-enum-passwords.idpath is set, allows remote servers to upload "arbitrarily named" files via a crafted FullName parameter in a response, as demonstrated using directory traversal sequences.
274 CVE-2013-4833 79 XSS 2013-10-16 2019-10-09
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in HP Service Manager 9.30 through 9.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
275 CVE-2013-4832 200 +Info 2013-10-16 2019-10-09
4.0
None Remote Low ??? Partial None None
HP Service Manager 9.30 through 9.32 allows remote authenticated users to obtain sensitive information via unspecified vectors.
276 CVE-2013-4831 +Info 2013-10-16 2019-10-09
5.5
None Remote Low ??? Partial Partial None
HP Service Manager 9.30 through 9.32 does not properly manage privileges, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.
277 CVE-2013-4830 94 Exec Code 2013-10-16 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
HP Service Manager 9.30 through 9.32 allows remote attackers to execute arbitrary code via an unspecified "injection" approach.
278 CVE-2013-4829 200 +Info 2013-10-04 2019-10-09
1.5
None Local Medium ??? Partial None None
HP LaserJet M4555, M525, and M725; LaserJet flow MFP M525c; LaserJet Enterprise color flow MFP M575c; Color LaserJet CM4540, M575, and M775; and ScanJet Enterprise 8500fn1 FutureSmart devices allow local users to read images of arbitrary scanned documents via unspecified vectors.
279 CVE-2013-4828 310 +Info 2013-10-04 2019-10-09
4.3
None Remote Medium Not required Partial None None
HP LaserJet M4555, M525, and M725; LaserJet flow MFP M525c; LaserJet Enterprise color flow MFP M575c; Color LaserJet CM4540, M575, and M775; and ScanJet Enterprise 8500fn1 FutureSmart devices do not properly encrypt PDF documents, which allows remote attackers to obtain sensitive information via unspecified vectors.
280 CVE-2013-4827 89 Exec Code Sql 2013-10-13 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka ZDI-CAN-1664.
281 CVE-2013-4826 200 +Info 2013-10-13 2019-10-09
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-1647.
282 CVE-2013-4825 264 Bypass 2013-10-13 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to bypass intended access restrictions via unknown vectors, aka ZDI-CAN-1645.
283 CVE-2013-4824 287 Bypass 2013-10-13 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to bypass authentication via unknown vectors, aka ZDI-CAN-1644.
284 CVE-2013-4823 +Info 2013-10-13 2019-10-09
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Branch Intelligent Management System Software Module (aka BIMS) allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-1607.
285 CVE-2013-4822 Exec Code 2013-10-13 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Branch Intelligent Management System Software Module (aka BIMS) allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1606.
286 CVE-2013-4804 Exec Code +Info 2013-10-13 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Business Process Monitor 9.13.1 patch 1 and 9.22 patch 1 allows remote attackers to execute arbitrary code and obtain sensitive information via unknown vectors.
287 CVE-2013-4788 20 Overflow 2013-10-04 2017-07-01
5.1
None Remote High Not required Partial Partial Partial
The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address.
288 CVE-2013-4767 2013-10-10 2013-10-10
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Eucalyptus before 3.3.2 has unknown impact and attack vectors.
289 CVE-2013-4758 399 DoS Exec Code 2013-10-04 2013-10-07
6.8
None Remote Medium Not required Partial Partial Partial
Double free vulnerability in the writeDataError function in the ElasticSearch plugin (omelasticsearch) in rsyslog before 7.4.2 and before 7.5.2 devel, when errorfile is set to local logging, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted JSON response.
290 CVE-2013-4712 399 +Info 2013-10-19 2013-10-21
6.8
None Remote Medium Not required Partial Partial Partial
I-O DATA DEVICE HDL-A and HDL2-A devices with firmware 1.07 and earlier do not properly manage sessions, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors.
291 CVE-2013-4711 79 XSS 2013-10-04 2013-10-07
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Accela BizSearch 3.2 on Linux and Solaris allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
292 CVE-2013-4708 310 Bypass 2013-10-01 2013-10-07
4.0
None Remote High Not required Partial Partial None
The PPP Access Concentrator (PPPAC) in Internet Initiative Japan Inc. SEIL/x86 1.00 through 2.80, SEIL/X1 1.00 through 4.30, SEIL/X2 1.00 through 4.30, SEIL/B1 1.00 through 4.30, SEIL/Turbo 1.80 through 2.15, and SEIL/neu 2FE Plus 1.80 through 2.15 generates predictable random numbers, which allows remote attackers to bypass RADIUS authentication by sniffing RADIUS traffic.
293 CVE-2013-4689 352 Bypass CSRF 2013-10-17 2013-10-25
5.1
None Remote High Not required Partial Partial Partial
J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1R before 12.1R6, 12.1X44 before 12.1X44-D15, 12.1x45 before 12.1X45-D10, 12.2 before 12.2R3, 12.3 before 12.3R2, and 13.1 before 13.1R3 allow remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism and hijack the authentication of administrators for requests that (1) create new administrator accounts or (2) have other unspecified impacts.
294 CVE-2013-4465 Exec Code 2013-10-25 2013-10-28
4.6
None Remote High ??? Partial Partial Partial
Unrestricted file upload vulnerability in the avatar upload functionality in Simple Machines Forum before 2.0.6 and 2.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.
295 CVE-2013-4450 20 DoS 2013-10-21 2018-08-13
5.0
None Remote Low Not required None None Partial
The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of service (memory and CPU consumption) by sending a large number of pipelined requests without reading the response.
296 CVE-2013-4434 189 2013-10-25 2018-10-30
5.0
None Remote Low Not required Partial None None
Dropbear SSH Server before 2013.59 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to discover valid usernames.
297 CVE-2013-4428 264 2013-10-27 2018-11-15
3.5
None Remote Medium ??? Partial None None
OpenStack Image Registry and Delivery Service (Glance) Folsom, Grizzly before 2013.1.4, and Havana before 2013.2, when the download_image policy is configured, does not properly restrict access to cached images, which allows remote authenticated users to read otherwise restricted images via an image UUID.
298 CVE-2013-4422 89 Exec Code Sql 2013-10-23 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 or later and PostgreSQL 8.2 or later are used, allows remote attackers to execute arbitrary SQL commands via a \ (backslash) in a message.
299 CVE-2013-4421 189 DoS 2013-10-25 2018-10-30
5.0
None Remote Low Not required None None Partial
The buf_decompress function in packet.c in Dropbear SSH Server before 2013.59 allows remote attackers to cause a denial of service (memory consumption) via a compressed packet that has a large size when it is decompressed.
300 CVE-2013-4402 20 DoS 2013-10-28 2014-01-04
5.0
None Remote Low Not required None None Partial
The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote attackers to cause a denial of service (infinite recursion) via a crafted OpenPGP message.
Total number of vulnerabilities : 583   Page : 1 2 3 4 5 6 (This Page)7 8 9 10 11 12
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.