CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In January 2013 (CVSS score >= 6)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2012-6530 119 2 Exec Code Overflow 2013-01-31 2013-01-31
7.1
None Remote High ??? Complete Complete Complete
Stack-based buffer overflow in Sysax Multi Server before 5.52, when HTTP is enabled, allows remote authenticated users with the create folder permission to execute arbitrary code via a crafted request.
2 CVE-2012-6519 89 2 Exec Code Sql 2013-01-24 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in modules/poll/index.php in DIY-CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the start parameter to mod.php.
3 CVE-2012-6518 352 2 CSRF 2013-01-24 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in mod.php in DiY-CMS 1.0 allows remote attackers to hijack the authentication of administrators for requests that create a poll via an add action to the poll module.
4 CVE-2012-6096 119 2 Exec Code Overflow 2013-01-22 2013-06-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before 1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow remote attackers to execute arbitrary code via a long (1) host_name variable (host parameter) or (2) svc_description variable.
5 CVE-2010-5287 89 2 Exec Code Sql 2013-01-31 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in default.php in Cornerstone Technologies webConductor allows remote attackers to execute arbitrary SQL commands via the id parameter.
6 CVE-2013-0928 78 1 Exec Code 2013-01-21 2015-10-13
9.3
None Remote Medium Not required Complete Complete Complete
The NetWorker command processor in rrobotd.exe in the Device Manager in EMC AlphaStor 4.0 before build 800 allows remote attackers to execute arbitrary commands via a DCP "run command" operation.
7 CVE-2013-0632 200 1 Exec Code Bypass +Info 2013-01-17 2014-01-17
10.0
None Remote Low Not required Complete Complete Complete
administrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication and possibly execute arbitrary code by logging in to the RDS component using the default empty password and leveraging this session to access the administrative web interface, as exploited in the wild in January 2013.
8 CVE-2013-0008 264 1 +Priv 2013-01-09 2020-09-28
7.2
None Local Low Not required Complete Complete Complete
win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle window broadcast messages, which allows local users to gain privileges via a crafted application, aka "Win32k Improper Message Handling Vulnerability."
9 CVE-2012-6529 89 1 Exec Code Sql 2013-01-31 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Marinet CMS allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) galleryphoto.php or (2) gallery.php; or the roomid parameter to (3) room.php or (4) room2.php.
10 CVE-2012-6526 89 1 Exec Code Sql 2013-01-31 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in show_code.php in Vastal I-Tech Freelance Zone allows remote attackers to execute arbitrary SQL commands via the code_id parameter.
11 CVE-2012-6525 89 1 Exec Code Sql 2013-01-31 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in members.php in PHPBridges allows remote attackers to execute arbitrary SQL commands via the id parameter.
12 CVE-2012-6524 89 1 Exec Code Sql 2013-01-31 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in kommentar.php in pGB 2.12 allows remote attackers to execute arbitrary SQL commands via the id parameter.
13 CVE-2012-6516 89 1 Exec Code Sql 2013-01-24 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in PHP Ticket System Beta 1 allows remote attackers to execute arbitrary SQL commands via the q parameter to index.php.
14 CVE-2012-6509 1 Exec Code 2013-01-24 2013-01-29
7.5
None Remote Low Not required Partial Partial Partial
Unrestricted file upload vulnerability in NetArt Media Car Portal 3.0 allows remote attackers to execute arbitrary PHP code by uploading a file a double extension, as demonstrated by .php%00.jpg.
15 CVE-2012-6508 352 1 CSRF 2013-01-24 2013-01-29
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in NetArt Media Car Portal 3.0 allow remote attackers to hijack the authentication of administrators for requests that (1) change arbitrary user passwords via a nouveau action in the security module to cars/ADMIN/index.php; (2) create a user or (3) create a sub user via a sub_accounts action in the home module to USERS/index.php; or (4) change profile information via an edit action in the profile module to USERS/index.php.
16 CVE-2012-6507 89 1 Exec Code Sql 2013-01-24 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in admin.php in ChurchCMS 0.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) uname or (2) pass parameters in a login action.
17 CVE-2012-6504 89 1 Exec Code Sql 2013-01-24 2013-01-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in mods/hours/data/get_hours.php in PHP Volunteer Management 1.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
18 CVE-2012-6434 352 1 Sql CSRF 2013-01-03 2013-01-07
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in e107_admin/download.php in e107 1.0.2 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) download_url, (2) download_url_extended, (3) download_author_email, (4) download_author_website, (5) download_image, (6) download_thumb, (7) download_visible, or (8) download_class parameter.
19 CVE-2012-6433 352 1 XSS CSRF 2013-01-03 2013-01-07
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in e107_admin/newspost.php in e107 1.0.1 allows remote attackers to hijack the authentication of administrators for requests that conduct XSS attacks via the news_title parameter in a create action.
20 CVE-2012-6081 1 Exec Code 2013-01-03 2013-12-13
6.0
None Remote Medium ??? Partial Partial Partial
Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as exploited in the wild in July 2012.
21 CVE-2012-5874 89 1 Exec Code Sql 2013-01-12 2013-01-21
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the (1) update_whosonline_reg and (2) update_whosonline_guest functions in Elite Bulletin Board before 2.1.22 allow remote attackers to execute arbitrary SQL commands via the PATH_INFO to (a) checkuser.php, (b) groups.php, (c) index.php, (d) login.php, (e) quicklogin.php, (f) register.php, (g) Search.php, (h) viewboard.php, or (i) viewtopic.php.
22 CVE-2009-5134 119 1 DoS Exec Code Overflow 2013-01-18 2017-09-19
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the "create torrent dialog" functionality in uTorrent 1.8.3 build 15772, and possibly other versions before 1.8.3 (Build 16010), allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a text file containing a large string. NOTE: some of these details are obtained from third party information.
23 CVE-2013-1591 189 Overflow 2013-01-31 2019-05-22
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4 and possibly other products, has unspecified impact and context-dependent attack vectors. NOTE: this issue might be resultant from an integer overflow in the fast_composite_scaled_bilinear function in pixman-inlines.h, which triggers an infinite loop.
24 CVE-2013-1489 Exec Code Bypass 2013-01-31 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 10 and Update 11, when running on Windows using Internet Explorer, Firefox, Opera, and Google Chrome, allows remote attackers to bypass the "Very High" security level of the Java Control Panel and execute unsigned Java code without prompting the user via unknown vectors, aka "Issue 53" and the "Java Security Slider" vulnerability.
25 CVE-2013-1462 189 DoS 2013-01-31 2015-10-08
7.8
None Remote Low Not required None None Complete
Integer signedness error in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to cause a denial of service (incorrect memory copy) via a SOAPAction header that lacks a " (double quote) character, a different vulnerability than CVE-2013-0230.
26 CVE-2013-1461 DoS 2013-01-31 2015-10-08
7.8
None Remote Low Not required None None Complete
The ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to cause a denial of service (NULL pointer dereference and service crash) via a SOAPAction header that lacks a # (pound sign) character, a different vulnerability than CVE-2013-0230.
27 CVE-2013-1109 352 CSRF 2013-01-17 2013-02-02
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in testingLibraryAction.do in the Training Center testing library in Cisco WebEx Training Center allows remote attackers to hijack the authentication of arbitrary users for requests that delete tests, aka Bug ID CSCzu81067.
28 CVE-2013-1105 264 Bypass 2013-01-24 2017-08-29
9.0
None Remote Low ??? Complete Complete Complete
Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.3, 7.1 and 7.2 before 7.2.111.3, and 7.3 before 7.3.101.0 allow remote authenticated users to bypass wireless-management settings and read or modify the device configuration via an SNMP request, aka Bug ID CSCua60653.
29 CVE-2013-1104 Exec Code 2013-01-24 2017-08-29
9.0
None Remote Low ??? Complete Complete Complete
The HTTP Profiling functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.3.101.0 allows remote authenticated users to execute arbitrary code via a crafted HTTP User-Agent header, aka Bug ID CSCuc15636.
30 CVE-2013-1103 DoS 2013-01-24 2013-02-02
7.8
None Remote Low Not required None None Complete
Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allow remote attackers to cause a denial of service (Access Point reload) via crafted SIP packets, aka Bug ID CSCts87659.
31 CVE-2013-1102 DoS 2013-01-24 2013-02-02
7.8
None Remote Low Not required None None Complete
The Wireless Intrusion Prevention System (wIPS) component on Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.0, 7.1 and 7.2 before 7.2.110.0, and 7.3 before 7.3.101.0 allows remote attackers to cause a denial of service (device reload) via crafted IP packets, aka Bug ID CSCtx80743.
32 CVE-2013-0968 119 DoS Exec Code Overflow Mem. Corr. 2013-01-29 2013-02-05
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
33 CVE-2013-0959 119 DoS Exec Code Overflow Mem. Corr. 2013-01-29 2013-03-16
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
34 CVE-2013-0958 119 DoS Exec Code Overflow Mem. Corr. 2013-01-29 2013-03-16
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
35 CVE-2013-0956 119 DoS Exec Code Overflow Mem. Corr. 2013-01-29 2013-03-16
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
36 CVE-2013-0955 119 DoS Exec Code Overflow Mem. Corr. 2013-01-29 2013-03-16
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
37 CVE-2013-0954 119 DoS Exec Code Overflow Mem. Corr. 2013-01-29 2013-03-16
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
38 CVE-2013-0953 119 DoS Exec Code Overflow Mem. Corr. 2013-01-29 2013-03-16
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
39 CVE-2013-0952 119 DoS Exec Code Overflow Mem. Corr. 2013-01-29 2013-03-16
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
40 CVE-2013-0951 119 DoS Exec Code Overflow Mem. Corr. 2013-01-29 2013-03-16
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
41 CVE-2013-0950 119 DoS Exec Code Overflow Mem. Corr. 2013-01-29 2013-03-16
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
42 CVE-2013-0949 119 DoS Exec Code Overflow Mem. Corr. 2013-01-29 2013-03-16
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
43 CVE-2013-0948 119 DoS Exec Code Overflow Mem. Corr. 2013-01-29 2013-03-16
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
44 CVE-2013-0930 119 Exec Code Overflow 2013-01-31 2014-05-05
7.6
None Remote High Not required Complete Complete Complete
Buffer overflow in Drive Control Program (DCP) in EMC AlphaStor 4.0 before build 814 allows remote attackers to execute arbitrary code via vectors involving a new device name.
45 CVE-2013-0929 134 Exec Code 2013-01-21 2016-08-18
7.6
None Remote High Not required Complete Complete Complete
Format string vulnerability in the _vsnsprintf function in rrobotd.exe in the Device Manager in EMC AlphaStor 4.0 before build 800 allows remote attackers to execute arbitrary code via format string specifiers in a command.
46 CVE-2013-0843 119 DoS Overflow Mem. Corr. 2013-01-24 2013-01-30
7.5
None Remote Low Not required Partial Partial Partial
content/renderer/media/webrtc_audio_renderer.cc in Google Chrome before 24.0.1312.56 on Mac OS X does not use an appropriate buffer size for the 96 kHz sampling rate, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a web site that provides WebRTC audio.
47 CVE-2013-0842 2013-01-24 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 24.0.1312.56 does not properly handle %00 characters in pathnames, which has unspecified impact and attack vectors.
48 CVE-2013-0841 20 DoS 2013-01-24 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
Array index error in the content-blocking functionality in Google Chrome before 24.0.1312.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
49 CVE-2013-0840 2013-01-24 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 24.0.1312.56 does not validate URLs during the opening of new windows, which has unspecified impact and remote attack vectors.
50 CVE-2013-0839 399 DoS 2013-01-24 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 24.0.1312.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of fonts in CANVAS elements.
Total number of vulnerabilities : 227   Page : 1 (This Page)2 3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.