LiveActive security incident?Get immediate response
CVE archive

February 2013

Browse CVE records published in February 2013, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 570 matching CVEs · Page 2 of 12.

Unknown · CVSS Not scored

CVE-2013-0108: An ActiveX control in HscRemoteDeploy.dll in Honeywell Enterprise Buildings Integrator (EBI) R310, R400.2,...

An ActiveX control in HscRemoteDeploy.dll in Honeywell Enterprise Buildings Integrator (EBI) R310, R400.2, R410.1, and R410.2; SymmetrE R310, R410.1, and R410.2; ComfortPoint Open Manager (aka CPO-M) Station R100; and HMIWeb Browser client packages allows remote attackers to execute arbitrary code via a crafted HTML document.

Published Feb 24, 2013 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2013-1131: Cisco Small Business Wireless Access Points WAP200, WAP2000, WAP200E, and WET200 allow remote attackers to...

Cisco Small Business Wireless Access Points WAP200, WAP2000, WAP200E, and WET200 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SSID that is not properly handled during a site survey, aka Bug IDs CSCua86182, CSCua91196, CSCud36155, and CSCua86190.

Published Feb 13, 2013 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2013-1128: Multiple cross-site request forgery (CSRF) vulnerabilities in the server in Cisco Unified MeetingPlace befo...

Multiple cross-site request forgery (CSRF) vulnerabilities in the server in Cisco Unified MeetingPlace before 7.1(2.2000) allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCuc64903. NOTE: some of these details are obtained from third party information.

Published Feb 15, 2013 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2013-7447: Integer overflow in the gdk_cairo_set_source_pixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8, as use...

Integer overflow in the gdk_cairo_set_source_pixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8, as used in eom, gnome-photos, eog, gambas3, thunar, pinpoint, and possibly other applications, allows remote attackers to cause a denial of service (crash) via a large image file, which triggers a large memory allocation.

Published Feb 17, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2013-20004: A flaw was found in StarWind iSCSI target.

A flaw was found in StarWind iSCSI target. StarWind service does not limit client connections and allocates memory on each connection attempt. An attacker could create a denial of service state by trying to connect a non-existent target multiple times. This affects iSCSI SAN (Windows Native) Version 6.0, build 2013-01-16.

Published Feb 6, 2022 · Updated Aug 6, 2024

Medium · CVSS 5.5

CVE-2013-10016: fanzila WebFinance save_taxes.php sql injection

A vulnerability was found in fanzila WebFinance 0.5 and classified as critical. This issue affects some unknown processing of the file htdocs/admin/save_taxes.php. The manipulation of the argument id leads to sql injection. The patch is named 306f170ca2a8203ae3d8f51fb219ba9e05b945e1. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-220055.

Published Feb 3, 2023 · Updated Aug 6, 2024

Medium · CVSS 5.5

CVE-2013-10015: fanzila WebFinance save_Contract_Signer_Role.php sql injection

A vulnerability has been found in fanzila WebFinance 0.5 and classified as critical. This vulnerability affects unknown code of the file htdocs/admin/save_Contract_Signer_Role.php. The manipulation of the argument n/v leads to sql injection. The patch is identified as abad81af614a9ceef3f29ab22ca6bae517619e06. It is recommended to apply a patch to fix this issue. VDB-220054 is the identifier assigned to this vulnerability.

Published Feb 3, 2023 · Updated Aug 6, 2024

Medium · CVSS 5.5

CVE-2013-10017: fanzila WebFinance save_roles.php sql injection

A vulnerability was found in fanzila WebFinance 0.5. It has been classified as critical. Affected is an unknown function of the file htdocs/admin/save_roles.php. The manipulation of the argument id leads to sql injection. The name of the patch is 6cfeb2f6b35c1b3a7320add07cd0493e4f752af3. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-220056.

Published Feb 3, 2023 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2013-7326: Cross-site scripting (XSS) vulnerability in vTiger CRM 5.4.0 allows remote attackers to inject arbitrary we...

Cross-site scripting (XSS) vulnerability in vTiger CRM 5.4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) return_url parameter to modules\com_vtiger_workflow\savetemplate.php, or unspecified vectors to (2) deletetask.php, (3) edittask.php, (4) savetask.php, or (5) saveworkflow.php.

Published Feb 14, 2014 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2013-7327: The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check return values, which allow...

The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check return values, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via invalid imagecrop arguments that lead to use of a NULL pointer as a return value, a different vulnerability than CVE-2013-7226.

Published Feb 18, 2014 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2013-7328: Multiple integer signedness errors in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 all...

Multiple integer signedness errors in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allow remote attackers to cause a denial of service (application crash) or obtain sensitive information via an imagecrop function call with a negative value for the (1) x or (2) y dimension, a different vulnerability than CVE-2013-7226.

Published Feb 18, 2014 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2013-7130: The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compu...

The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not properly create all expected files, which allows attackers to obtain snapshot root disk contents of other users via ephemeral storage.

Published Feb 6, 2014 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2013-7032: Multiple cross-site scripting (XSS) vulnerabilities in the web based operator client in LiveZilla before 5....

Multiple cross-site scripting (XSS) vulnerabilities in the web based operator client in LiveZilla before 5.1.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name of an uploaded file or (2) customer name in a resource created from an uploaded file, a different vulnerability than CVE-2013-7003.

Published Feb 14, 2014 · Updated Aug 6, 2024