Buffer overflow in Steinberg MyMp3PRO 5.0 (Build 5.1.0.21) allows remote attackers to execute arbitrary code via a long string in a .m3u file.
Source: MITRE
Max CVSS
9.3
EPSS Score
28.32%
Published
2013-12-20
Updated
2017-08-29

CVE-2013-7102

Public exploit
Multiple unrestricted file upload vulnerabilities in (1) media-upload.php, (2) media-upload-lncthumb.php, and (3) media-upload-sq_button.php in lib/admin/ in the OptimizePress theme before 1.61 for WordPress allow remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images_comingsoon, images_lncthumbs, or images_optbuttons in wp-content/uploads/optpress/, as exploited in the wild in November 2013.
Source: Red Hat, Inc.
Max CVSS
6.8
EPSS Score
20.10%
Published
2013-12-23
Updated
2013-12-24

CVE-2013-7091

Public exploit
Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter. NOTE: this can be leveraged to execute arbitrary code by obtaining LDAP credentials and accessing the service/admin/soap API.
Source: MITRE
Max CVSS
5.0
EPSS Score
97.34%
Published
2013-12-13
Updated
2020-06-04
ack 2.00 through 2.11_02 allows remote attackers to execute arbitrary code via a (1) --pager, (2) --regex, or (3) --output option in a .ackrc file in a directory to be searched.
Source: Debian GNU/Linux
Max CVSS
6.8
EPSS Score
6.77%
Published
2013-12-14
Updated
2014-03-06
Stack-based buffer overflow in the MHD_digest_auth_check function in libmicrohttpd before 0.9.32, when MHD_OPTION_CONNECTION_MEMORY_LIMIT is set to a large value, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long URI in an authentication header.
Source: MITRE
Max CVSS
5.1
EPSS Score
3.89%
Published
2013-12-13
Updated
2014-02-21
Buffer overflow in VideoCharge Software Watermark Master 2.2.23 allows remote attackers to execute arbitrary code via a long string in the name attribute of the cols element in a .wstyle file.
Source: MITRE
Max CVSS
6.8
EPSS Score
7.89%
Published
2013-12-04
Updated
2014-01-04

CVE-2013-6935

Public exploit
Buffer overflow in VideoCharge Software Watermark Master 2.2.23 allows remote attackers to execute arbitrary code via a long string in the SourcePath value in a .wcf file.
Source: MITRE
Max CVSS
9.3
EPSS Score
88.31%
Published
2013-12-04
Updated
2016-12-08
Buffer overflow in IrfanView before 4.37, when a multibyte-character directory name is used, allows user-assisted remote attackers to execute arbitrary code via a crafted file that is incorrectly handled by the Thumbnail tooltips feature in the Thumbnails window.
Source: JPCERT/CC
Max CVSS
7.6
EPSS Score
4.67%
Published
2013-12-28
Updated
2013-12-30
Heap-based buffer overflow in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before 12.0.1.1738, allows remote attackers to execute arbitrary code via a long string in the TRACKID element of an RMP file, a different vulnerability than CVE-2013-7260.
Source: MITRE
Max CVSS
9.3
EPSS Score
75.50%
Published
2013-12-19
Updated
2016-12-31
Stack-based buffer overflow in Vortex Light Alloy before 4.7.4 allows remote attackers to execute arbitrary code via a long URL in a .m3u file.
Source: MITRE
Max CVSS
9.3
EPSS Score
1.85%
Published
2013-11-26
Updated
2013-11-27
SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka CR736689.
Source: MITRE
Max CVSS
9.0
EPSS Score
0.80%
Published
2013-11-23
Updated
2013-11-27
SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka CR732989.
Source: MITRE
Max CVSS
9.0
EPSS Score
0.80%
Published
2013-11-23
Updated
2013-11-25
Unrestricted file upload vulnerability in the SAP NetWeaver Development Infrastructure (NWDI) allows remote attackers to execute arbitrary code by uploading a file with an executable extension via unspecified vectors.
Source: MITRE
Max CVSS
9.3
EPSS Score
2.67%
Published
2013-11-20
Updated
2018-12-10
Heap-based buffer overflow in SAP Network Interface Router (SAProuter) 7.30 allows remote attackers to cause a denial of service and execute arbitrary code via crafted NI Route messages.
Source: MITRE
Max CVSS
6.8
EPSS Score
3.41%
Published
2013-11-20
Updated
2018-12-10
The server in Brocade Network Advisor before 12.1.0, as used in EMC Connectrix Manager Converged Network Edition (CMCNE), HP B-series SAN Network Advisor, and possibly other products, allows remote attackers to execute arbitrary code by using a servlet to upload an executable file.
Source: MITRE
Max CVSS
10.0
EPSS Score
93.80%
Published
2013-12-12
Updated
2017-09-16
Format string vulnerability in the client in Tftpd32 before 4.50 allows remote servers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the Remote File field.
Source: MITRE
Max CVSS
5.0
EPSS Score
0.79%
Published
2013-12-13
Updated
2017-08-29
The Updater in Rackspace Openstack Windows Guest Agent for XenServer before 1.2.6.0 allows remote attackers to execute arbitrary code via a crafted serialized .NET object to TCP port 1984, which triggers the download and extraction of a ZIP file that overwrites the Agent service binary.
Source: MITRE
Max CVSS
9.3
EPSS Score
9.55%
Published
2013-12-24
Updated
2013-12-26
Stack-based buffer overflow in pepoly.dll in Quick Heal AntiVirus Pro 7.0.0.1 allows local users to execute arbitrary code or cause a denial of service (process crash) via a long *.text value in a PE file.
Source: MITRE
Max CVSS
7.2
EPSS Score
1.39%
Published
2013-12-20
Updated
2014-03-06
The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements.
Source: Mozilla Corporation
Max CVSS
10.0
EPSS Score
2.42%
Published
2013-12-11
Updated
2020-08-12
Integer overflow in Google Chrome before 31.0.1650.57 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as demonstrated during a Mobile Pwn2Own competition at PacSec 2013.
Source: MITRE
Max CVSS
9.3
EPSS Score
2.03%
Published
2013-11-18
Updated
2018-12-13
upgrade.py in the hp-upgrade service in HP Linux Imaging and Printing (HPLIP) 3.x through 3.13.11 launches a program from an http URL, which allows man-in-the-middle attackers to execute arbitrary code by gaining control over the client-server data stream.
Source: Red Hat, Inc.
Max CVSS
6.8
EPSS Score
0.54%
Published
2013-12-09
Updated
2014-03-06
The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function.
Source: Red Hat, Inc.
Max CVSS
7.5
EPSS Score
94.98%
Published
2013-12-17
Updated
2018-10-30
The Groovy script console in VMware Hyperic HQ 4.6.6 allows remote authenticated administrators to execute arbitrary code via a Runtime.getRuntime().exec call.
Source: MITRE
Max CVSS
6.5
EPSS Score
0.64%
Published
2013-11-04
Updated
2013-11-07
Unspecified vulnerability in the Statutory Reporting for Insurance (FS_SR) component in the Financial Services module for SAP ERP Central Component (ECC) allows attackers to execute arbitrary code via unspecified vectors, related to a "code injection vulnerability."
Source: MITRE
Max CVSS
7.5
EPSS Score
0.38%
Published
2013-10-26
Updated
2013-10-28
VideoLAN VLC Media Player 2.0.8 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a URL in a m3u file.
Source: MITRE
Max CVSS
7.5
EPSS Score
12.84%
Published
2013-10-25
Updated
2017-09-19
879 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!