CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2013

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
351 CVE-2013-4249 79 XSS 2013-10-04 2017-08-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget widget in contrib/admin/widgets.py in Django 1.5.x before 1.5.2 and 1.6.x before 1.6 beta 2 allows remote attackers to inject arbitrary web script or HTML via a URLField.
352 CVE-2013-4237 119 DoS Exec Code Overflow 2013-10-09 2017-07-01
6.8
None Remote Medium Not required Partial Partial Partial
sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted (1) NTFS or (2) CIFS image.
353 CVE-2013-4221 16 Exec Code 2013-10-10 2016-12-07
7.5
None Remote Low Not required Partial Partial Partial
The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources using the Java XMLDecoder, which allows remote attackers to execute arbitrary Java code via crafted XML.
354 CVE-2013-4210 DoS 2013-10-01 2013-10-31
5.0
None Remote Low Not required None None Partial
The org.jboss.remoting.transport.socket.ServerThread class in Red Hat JBoss Remoting for Red Hat JBoss SOA Platform 5.3.1 GA, Web Platform 5.2.0, Enterprise Application Platform 5.2.0, and other products allows remote attackers to cause a denial of service (file descriptor consumption) via unspecified vectors.
355 CVE-2013-4203 94 Exec Code 2013-10-11 2013-10-15
7.5
None Remote Low Not required Partial Partial Partial
The self.run_gpg function in lib/rgpg/gpg_helper.rb in the rgpg gem before 0.2.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors.
356 CVE-2013-4185 310 DoS 2013-10-29 2018-11-15
4.0
None Remote Low ??? None None Partial
Algorithmic complexity vulnerability in OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service (nova-network consumption) via a large number of server-creation operations, which triggers a large number of update requests.
357 CVE-2013-4173 22 Dir. Trav. 2013-10-11 2013-10-15
5.0
None Remote Low Not required None None Partial
Directory traversal vulnerability in the trend-data daemon (xymond_rrd) in Xymon 4.x before 4.3.12 allows remote attackers to delete arbitrary files via a .. (dot dot) in the host name in a "drophost" command.
358 CVE-2013-4167 79 XSS 2013-10-11 2013-10-15
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) before 1.11.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
359 CVE-2013-4157 59 2013-10-04 2013-10-07
3.6
None Local Low Not required None Partial Partial
Red Hat Storage 2.0 allows local users to overwrite arbitrary files via a symlink attack on the (1) e, (2) local-bricks.list, (3) bricks.err, or (4) limits.conf files in /tmp.
360 CVE-2013-4137 89 Exec Code Sql 2013-10-11 2013-10-15
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in StatusNet 1.0 before 1.0.2 and 1.1.0 allow remote attackers to execute arbitrary SQL commands via vectors related to user lists and "a particular tag format."
361 CVE-2013-4122 189 DoS 2013-10-27 2016-12-08
4.3
None Remote Medium Not required None None Partial
Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers to cause a denial of service (thread crash and consumption) via (1) an invalid salt or, when FIPS-140 is enabled, a (2) DES or (3) MD5 encrypted password, which triggers a NULL pointer dereference.
362 CVE-2013-4067 264 2013-10-02 2017-08-29
5.8
None Remote Medium Not required Partial Partial None
IBM InfoSphere Information Server 8.0, 8.1, 8.5 through FP3, 8.7, and 9.1 allows remote attackers to hijack sessions and read cookie values, or conduct phishing attacks to capture credentials, via unspecified vectors.
363 CVE-2013-4066 20 2013-10-02 2017-08-29
4.3
None Remote Medium Not required None Partial None
IBM InfoSphere Information Server 8.0, 8.1, 8.5 through FP3, 8.7, and 9.1 allows remote attackers to conduct clickjacking attacks by creating an overlay interface on top of the Web Console interface.
364 CVE-2013-4056 352 CSRF 2013-10-13 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the Data Quality Console and Information Analyzer components in IBM InfoSphere Information Server 8.7 through FP2 and 9.1 through 9.1.2.0 allows remote attackers to hijack the authentication of arbitrary users.
365 CVE-2013-4042 Exec Code 2013-10-01 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in IBM SPSS Collaboration and Deployment Services 4.2.1 and 5.0 through FP2 allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2013-5370.
366 CVE-2013-4032 20 DoS 2013-10-02 2017-08-29
5.0
None Remote Low Not required None None Partial
The Fast Communications Manager (FCM) in IBM DB2 Enterprise Server Edition and Advanced Enterprise Server Edition 10.1 before FP3 and 10.5, when a multi-node configuration is used, allows remote attackers to cause a denial of service via vectors involving arbitrary data.
367 CVE-2013-4027 264 Bypass 2013-10-01 2017-08-29
6.5
None Remote Low ??? Partial Partial Partial
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
368 CVE-2013-4021 File Inclusion 2013-10-01 2017-08-29
6.5
None Remote Low ??? Partial Partial Partial
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to conduct unspecified file-inclusion attacks via unknown vectors.
369 CVE-2013-4020 Bypass 2013-10-01 2017-08-29
4.0
None Remote Low ??? Partial None None
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.3 allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
370 CVE-2013-4019 79 XSS 2013-10-01 2017-08-29
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 7.1 before 7.1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
371 CVE-2013-4018 +Info 2013-10-01 2017-08-29
6.0
None Remote Medium ??? Partial Partial Partial
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to obtain sensitive information via unspecified vectors.
372 CVE-2013-4017 89 Exec Code Sql 2013-10-01 2017-08-29
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in IBM Maximo Asset Management 7.1 before 7.1.1.12 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
373 CVE-2013-4014 79 XSS 2013-10-01 2017-08-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
374 CVE-2013-4013 +Info 2013-10-01 2017-08-29
5.0
None Remote Low Not required Partial None None
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.2 allows remote attackers to obtain sensitive information via unspecified vectors.
375 CVE-2013-3989 310 +Info 2013-10-25 2017-08-29
3.5
None Remote Medium ??? Partial None None
IBM Security AppScan Enterprise 8.x before 8.8 sends a cleartext AppScan Source database password in a response, which allows remote authenticated users to obtain sensitive information, and subsequently conduct man-in-the-middle attacks, by examining the response content.
376 CVE-2013-3973 89 Exec Code Sql 2013-10-01 2017-08-29
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
377 CVE-2013-3972 200 +Info 2013-10-01 2017-08-29
4.0
None Remote Low ??? Partial None None
IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to obtain sensitive information via unspecified vectors.
378 CVE-2013-3971 264 Bypass 2013-10-01 2017-08-29
4.0
None Remote Low ??? Partial None None
IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2013-3049.
379 CVE-2013-3969 399 DoS Exec Code 2013-10-01 2013-10-02
6.5
None Remote Low ??? Partial Partial Partial
The find prototype in scripting/engine_v8.h in MongoDB 2.4.0 through 2.4.4 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and server crash) or possibly execute arbitrary code via an invalid RefDB object.
380 CVE-2013-3964 79 XSS 2013-10-01 2013-10-02
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Samsung SHR-5162, SHR-5082, and possibly other models, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
381 CVE-2013-3963 352 CSRF 2013-10-01 2013-10-02
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in goform/usermanage in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models allows remote attackers to hijack the authentication of unspecified victims for requests that add users.
382 CVE-2013-3962 79 XSS 2013-10-01 2013-10-02
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models before firmware 1.0.4.44, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
383 CVE-2013-3897 399 DoS Exec Code Mem. Corr. 2013-10-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the CDisplayPointer class in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted JavaScript code that uses the onpropertychange event handler, as exploited in the wild in September and October 2013, aka "Internet Explorer Memory Corruption Vulnerability."
384 CVE-2013-3896 20 +Info 2013-10-09 2018-10-12
4.3
None Remote Medium Not required Partial None None
Microsoft Silverlight 5 before 5.1.20913.0 does not properly validate pointers during access to Silverlight elements, which allows remote attackers to obtain sensitive information via a crafted Silverlight application, aka "Silverlight Vulnerability."
385 CVE-2013-3895 264 2013-10-09 2018-10-12
6.8
None Remote Medium Not required Partial Partial Partial
Microsoft SharePoint Server 2007 SP3 and 2010 SP1 and SP2 allows remote attackers to conduct clickjacking attacks via a crafted web page, aka "Parameter Injection Vulnerability."
386 CVE-2013-3894 94 Exec Code 2013-10-09 2020-09-28
9.3
None Remote Medium Not required Complete Complete Complete
The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted CMAP table in a TrueType font (TTF) file, aka "TrueType Font CMAP Table Vulnerability."
387 CVE-2013-3892 119 Exec Code Overflow Mem. Corr. 2013-10-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Memory Corruption Vulnerability."
388 CVE-2013-3891 119 Exec Code Overflow Mem. Corr. 2013-10-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Word 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Memory Corruption Vulnerability."
389 CVE-2013-3890 119 Exec Code Overflow Mem. Corr. 2013-10-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel 2007 SP3, Excel Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Excel Memory Corruption Vulnerability."
390 CVE-2013-3889 119 Exec Code Overflow Mem. Corr. 2013-10-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; Office Compatibility Pack SP3; and Excel Services and Word Automation Services in SharePoint Server 2013 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Excel Memory Corruption Vulnerability."
391 CVE-2013-3888 399 +Priv 2013-10-09 2020-09-28
7.2
None Local Low Not required Complete Complete Complete
dxgkrnl.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka "DirectX Graphics Kernel Subsystem Double Fetch Vulnerability."
392 CVE-2013-3886 119 DoS Exec Code Overflow Mem. Corr. 2013-10-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
393 CVE-2013-3885 119 DoS Exec Code Overflow Mem. Corr. 2013-10-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3872, CVE-2013-3873, and CVE-2013-3882.
394 CVE-2013-3882 119 DoS Exec Code Overflow Mem. Corr. 2013-10-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3872, CVE-2013-3873, and CVE-2013-3885.
395 CVE-2013-3881 399 +Priv 2013-10-09 2020-09-28
7.2
None Local Low Not required Complete Complete Complete
win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 allows local users to gain privileges via a crafted application, aka "Win32k NULL Page Vulnerability."
396 CVE-2013-3880 264 Bypass +Info 2013-10-09 2018-10-12
3.5
None Remote Medium ??? Partial None None
The App Container feature in the kernel-mode drivers in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to bypass intended access restrictions and obtain sensitive information from a different container via a Trojan horse application, aka "App Container Elevation of Privilege Vulnerability."
397 CVE-2013-3879 399 +Priv 2013-10-09 2020-09-28
7.2
None Local Low Not required Complete Complete Complete
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
398 CVE-2013-3875 119 DoS Exec Code Overflow Mem. Corr. 2013-10-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
399 CVE-2013-3874 119 DoS Exec Code Overflow Mem. Corr. 2013-10-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
400 CVE-2013-3873 119 DoS Exec Code Overflow Mem. Corr. 2013-10-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3872, CVE-2013-3882, and CVE-2013-3885.
Total number of vulnerabilities : 583   Page : 1 2 3 4 5 6 7 8 (This Page)9 10 11 12
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.