CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In September 2013

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
251 CVE-2013-3847 119 DoS Exec Code Overflow Mem. Corr. 2013-09-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3848, CVE-2013-3849, and CVE-2013-3858.
252 CVE-2013-3845 119 DoS Exec Code Overflow Mem. Corr. 2013-09-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
253 CVE-2013-3658 22 Dir. Trav. 2013-09-10 2013-09-12
9.4
None Remote Low Not required None Complete Complete
Directory traversal vulnerability in VMware ESXi 4.0 through 5.0, and ESX 4.0 and 4.1, allows remote attackers to delete arbitrary host OS files via unspecified vectors.
254 CVE-2013-3657 119 DoS Exec Code Overflow 2013-09-10 2013-09-13
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in VMware ESXi 4.0 through 5.0, and ESX 4.0 and 4.1, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors.
255 CVE-2013-3616 79 XSS 2013-09-24 2013-10-15
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the KnowledgeView Editorial and Management application allows remote attackers to inject arbitrary web script or HTML via the username parameter.
256 CVE-2013-3615 255 2013-09-17 2013-09-17
7.8
None Remote Low Not required Complete None None
Dahua DVR appliances use a password-hash algorithm with a short hash length, which makes it easier for context-dependent attackers to discover cleartext passwords via a brute-force attack.
257 CVE-2013-3614 264 2013-09-17 2013-09-25
9.3
None Remote Medium Not required Complete Complete Complete
Dahua DVR appliances have a small value for the maximum password length, which makes it easier for remote attackers to obtain access via a brute-force attack.
258 CVE-2013-3613 287 2013-09-17 2013-09-17
7.8
None Remote Low Not required Complete None None
Dahua DVR appliances do not properly restrict UPnP requests, which makes it easier for remote attackers to obtain access via vectors involving a replay attack against the TELNET port.
259 CVE-2013-3612 255 2013-09-17 2013-09-17
10.0
None Remote Low Not required Complete Complete Complete
Dahua DVR appliances have a hardcoded password for (1) the root account and (2) an unspecified "backdoor" account, which makes it easier for remote attackers to obtain administrative access via authorization requests involving (a) ActiveX, (b) a standalone client, or (c) unknown other vectors.
260 CVE-2013-3611 264 Bypass 2013-09-24 2013-09-24
6.0
None Remote Medium Single system Partial Partial Partial
NETELLER Direct Payment API 4.1.6 allows remote authenticated users to bypass intended payment requirements via a modified (1) amount, (2) merchant_id, (3) merch_key, or (4) secure_id parameter.
261 CVE-2013-3609 20 Bypass 2013-09-07 2017-11-14
10.0
None Remote Low Not required Complete Complete Complete
The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices relies on JavaScript code on the client for authorization checks, which allows remote authenticated users to bypass intended access restrictions via a crafted request, related to the PrivilegeCallBack function.
262 CVE-2013-3608 20 Exec Code 2013-09-07 2017-11-14
10.0
None Remote Low Not required Complete Complete Complete
The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allows remote authenticated users to execute arbitrary commands via shell metacharacters, as demonstrated by the IP address field in config_date_time.cgi.
263 CVE-2013-3607 119 Exec Code Overflow 2013-09-07 2017-11-14
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in the web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allow remote attackers to execute arbitrary code on the Baseboard Management Controller (BMC), as demonstrated by the (1) username or (2) password field in login.cgi.
264 CVE-2013-3605 352 CSRF 2013-09-06 2013-09-06
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Coursemill Learning Management System (LMS) 6.6 allows remote attackers to hijack the authentication of arbitrary users via vectors related to cookies.
265 CVE-2013-3604 79 XSS 2013-09-06 2013-09-06
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Coursemill Learning Management System (LMS) 6.6 allow remote attackers to inject arbitrary web script or HTML via crafted input.
266 CVE-2013-3603 79 XSS 2013-09-06 2013-09-06
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Coursemill Learning Management System (LMS) 6.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages.
267 CVE-2013-3602 89 Exec Code Sql 2013-09-06 2013-09-06
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in admindocumentworker.jsp in Coursemill Learning Management System (LMS) 6.6 allows remote authenticated users to execute arbitrary SQL commands via the docID parameter.
268 CVE-2013-3601 264 2013-09-06 2013-09-30
6.0
None Remote Medium Single system Partial Partial Partial
Coursemill Learning Management System (LMS) 6.6 does not properly restrict JSP function calls, which allows remote authenticated users to perform arbitrary JSP operations by leveraging the Student role and providing an op parameter.
269 CVE-2013-3600 20 +Priv 2013-09-06 2013-09-06
8.5
None Remote Medium Single system Complete Complete Complete
Coursemill Learning Management System (LMS) 6.6 allows remote authenticated users to gain privileges via a modified userid value to unspecified functions.
270 CVE-2013-3599 20 +Priv 2013-09-06 2013-09-06
9.3
None Remote Medium Not required Complete Complete Complete
userlogin.jsp in Coursemill Learning Management System (LMS) 6.6 and 6.8 allows remote attackers to gain privileges via a modified user-role value to home.html.
271 CVE-2013-3596 264 +Info 2013-09-08 2013-09-11
4.0
None Remote Low Single system Partial None None
AdvancePro Advanceware allows remote authenticated users to obtain sensitive information about arbitrary customers' orders via a modified id parameter.
272 CVE-2013-3589 79 XSS 2013-09-24 2013-09-25
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the login page in the Administrative Web Interface on Dell iDRAC6 monolithic devices with firmware before 1.96 and iDRAC7 devices with firmware before 1.46.45 allows remote attackers to inject arbitrary web script or HTML via the ErrorMsg parameter.
273 CVE-2013-3479 352 CSRF 2013-09-04 2013-09-26
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the ShareThis plugin before 7.0.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify this plugin's settings.
274 CVE-2013-3473 287 2013-09-20 2013-09-23
7.8
None Remote Low Not required Complete None None
The web framework in Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance before 9.1.1 does not properly determine the existence of an authenticated session, which allows remote attackers to discover usernames and passwords via an HTTP request, aka Bug ID CSCud32600.
275 CVE-2013-3469 200 +Info 2013-09-03 2016-11-04
5.0
None Remote Low Not required Partial None None
Cisco Mobility Services Engine does not properly set up the Oracle SSL service, which allows remote attackers to obtain an unauthenticated session to the database-replication port, and consequently obtain sensitive information, via an SSL connection, aka Bug ID CSCue50794.
276 CVE-2013-3458 119 DoS Overflow 2013-09-07 2013-09-18
7.1
None Remote Medium Not required None None Complete
Cisco Adaptive Security Appliances (ASA) devices, when SMP is used, do not properly process X.509 certificates, which allows remote attackers to cause a denial of service (device crash) via a large volume of (1) SSL or (2) TLS traffic, aka Bug ID CSCuh19462.
277 CVE-2013-3446 20 2013-09-12 2013-09-13
5.8
None Remote Medium Not required Partial Partial None
Open redirect vulnerability in the login page in Cisco Digital Media Manager (DMM) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCub23849.
278 CVE-2013-3417 287 2013-09-30 2013-10-10
5.0
None Remote Low Not required Partial None None
The administrative web interface in Cisco Video Surveillance Operations Manager does not properly perform authentication, which allows remote attackers to watch video feeds via a crafted URL, aka Bug ID CSCtg72262.
279 CVE-2013-3363 119 DoS Exec Code Overflow Mem. Corr. 2013-09-12 2018-12-13
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows and Mac OS X, before 11.2.202.310 on Linux, before 11.1.111.73 on Android 2.x and 3.x, and before 11.1.115.81 on Android 4.x; Adobe AIR before 3.8.0.1430; and Adobe AIR SDK & Compiler before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3361, CVE-2013-3362, and CVE-2013-5324.
280 CVE-2013-3362 119 DoS Exec Code Overflow Mem. Corr. 2013-09-12 2018-12-13
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows and Mac OS X, before 11.2.202.310 on Linux, before 11.1.111.73 on Android 2.x and 3.x, and before 11.1.115.81 on Android 4.x; Adobe AIR before 3.8.0.1430; and Adobe AIR SDK & Compiler before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3361, CVE-2013-3363, and CVE-2013-5324.
281 CVE-2013-3361 119 DoS Exec Code Overflow Mem. Corr. 2013-09-12 2018-12-13
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows and Mac OS X, before 11.2.202.310 on Linux, before 11.1.111.73 on Android 2.x and 3.x, and before 11.1.115.81 on Android 4.x; Adobe AIR before 3.8.0.1430; and Adobe AIR SDK & Compiler before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3362, CVE-2013-3363, and CVE-2013-5324.
282 CVE-2013-3360 119 DoS Exec Code Overflow Mem. Corr. 2013-09-12 2013-09-12
10.0
None Remote Low Not required Complete Complete Complete
Adobe Shockwave Player before 12.0.4.144 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3359.
283 CVE-2013-3359 119 DoS Exec Code Overflow Mem. Corr. 2013-09-12 2013-09-12
10.0
None Remote Low Not required Complete Complete Complete
Adobe Shockwave Player before 12.0.4.144 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3360.
284 CVE-2013-3358 189 Exec Code Overflow 2013-09-12 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-3357.
285 CVE-2013-3357 189 Exec Code Overflow 2013-09-12 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-3358.
286 CVE-2013-3356 119 Exec Code Overflow 2013-09-12 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-3353.
287 CVE-2013-3355 119 DoS Exec Code Overflow Mem. Corr. 2013-09-12 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3352 and CVE-2013-3354.
288 CVE-2013-3354 119 DoS Exec Code Overflow Mem. Corr. 2013-09-12 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3352 and CVE-2013-3355.
289 CVE-2013-3353 119 Exec Code Overflow 2013-09-12 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-3356.
290 CVE-2013-3352 119 DoS Exec Code Overflow Mem. Corr. 2013-09-12 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3354 and CVE-2013-3355.
291 CVE-2013-3351 119 Exec Code Overflow 2013-09-12 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allow attackers to execute arbitrary code via unspecified vectors.
292 CVE-2013-3278 255 +Info 2013-09-30 2013-10-02
4.9
None Local Low Not required Complete None None
EMC VPLEX before VPLEX GeoSynchrony 5.2 SP1 uses cleartext for storage of the LDAP/AD bind password, which allows local users to obtain sensitive information by reading the management-server configuration file.
293 CVE-2013-3277 20 2013-09-05 2013-09-18
5.8
None Remote Medium Not required Partial Partial None
Open redirect vulnerability in EMC RSA Archer GRC 5.x before 5.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
294 CVE-2013-3276 264 Bypass 2013-09-05 2013-09-26
6.0
None Remote Medium Single system Partial Partial Partial
EMC RSA Archer GRC 5.x before 5.4 allows remote authenticated users to bypass intended access restrictions and complete a login by leveraging a deactivated account.
295 CVE-2013-3209 119 DoS Exec Code Overflow Mem. Corr. 2013-09-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3201, CVE-2013-3203, CVE-2013-3206, and CVE-2013-3207.
296 CVE-2013-3208 119 DoS Exec Code Overflow Mem. Corr. 2013-09-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
297 CVE-2013-3207 119 DoS Exec Code Overflow Mem. Corr. 2013-09-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3201, CVE-2013-3203, CVE-2013-3206, and CVE-2013-3209.
298 CVE-2013-3206 119 DoS Exec Code Overflow Mem. Corr. 2013-09-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3201, CVE-2013-3203, CVE-2013-3207, and CVE-2013-3209.
299 CVE-2013-3205 119 DoS Exec Code Overflow Mem. Corr. 2013-09-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
300 CVE-2013-3204 119 DoS Exec Code Overflow Mem. Corr. 2013-09-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
Total number of vulnerabilities : 464   Page : 1 2 3 4 5 6 (This Page)7 8 9 10
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.