LiveActive security incident?Get immediate response
CVE archive

August 2013

Browse CVE records published in August 2013, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 397 matching CVEs · Page 2 of 8.

Unknown · CVSS Not scored

CVE-2013-2123: The Node access user reference module 6.x-3.x before 6.x-3.5 and 7.x-3.x before 7.x-3.10 for Drupal does no...

The Node access user reference module 6.x-3.x before 6.x-3.5 and 7.x-3.x before 7.x-3.10 for Drupal does not properly restrict access to content containing a user reference field when the author update/delete grants are enabled and the author's user account is deleted, which allows remote attackers to modify the content via unspecified vectors.

Published Aug 28, 2013 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2013-3077: Multiple integer overflows in the IP_MSFILTER and IPV6_MSFILTER features in (1) sys/netinet/in_mcast.c and...

Multiple integer overflows in the IP_MSFILTER and IPV6_MSFILTER features in (1) sys/netinet/in_mcast.c and (2) sys/netinet6/in6_mcast.c in the multicast implementation in the kernel in FreeBSD 8.3 through 9.2-PRERELEASE allow local users to bypass intended restrictions on kernel-memory read and write operations, and consequently gain privileges, via vectors involving a large number of source-filter entries.

Published Aug 28, 2013 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2013-5321: Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4....

Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.1 allow remote attackers to execute arbitrary SQL commands via the (1) sensor parameter in a Query action to forensics/base_qry_main.php; the (2) tcp_flags[] or (3) tcp_port[0][4] parameter to forensics/base_stat_alerts.php; the (4) ip_addr[1][8] or (5) port_type parameter to forensics/base_stat_ports.php; or the (6) sortby or (7) rvalue parameter in a search action to vulnmeter/index.php.

Published Aug 20, 2013 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2013-3220: bitcoind and Bitcoin-Qt before 0.4.9rc2, 0.5.x before 0.5.8rc2, 0.6.x before 0.6.5rc2, and 0.7.x before 0.7...

bitcoind and Bitcoin-Qt before 0.4.9rc2, 0.5.x before 0.5.8rc2, 0.6.x before 0.6.5rc2, and 0.7.x before 0.7.3rc2, and wxBitcoin, do not properly consider whether a block's size could require an excessive number of database locks, which allows remote attackers to cause a denial of service (split) and enable certain double-spending capabilities via a large block that triggers incorrect Berkeley DB locking.

Published Aug 1, 2013 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2013-3453: Memory leak in Cisco Unified Communications Manager IM and Presence Service before 8.6(5)SU1 and 9.x before...

Memory leak in Cisco Unified Communications Manager IM and Presence Service before 8.6(5)SU1 and 9.x before 9.1(2), and Cisco Unified Presence, allows remote attackers to cause a denial of service (memory and CPU consumption) by making many TCP connections to port (1) 5060 or (2) 5061, aka Bug ID CSCud84959.

Published Aug 22, 2013 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2013-3590: Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 7.5 build 1 allows re...

Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 7.5 build 1 allows remote attackers to execute arbitrary code by uploading an executable file with the image/jpeg content type, and then accessing this file via unspecified vectors, as demonstrated by access to a JSP file.

Published Aug 28, 2013 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2013-2804: The DNP Master Driver in Software Toolbox TOP Server before 5.12.140.0 allows remote attackers to cause a d...

The DNP Master Driver in Software Toolbox TOP Server before 5.12.140.0 allows remote attackers to cause a denial of service (master-station infinite loop) via crafted DNP3 packets to TCP port 20000 and allows physically proximate attackers to cause a denial of service (master-station infinite loop) via crafted input over a serial line.

Published Aug 28, 2013 · Updated Sep 16, 2024