LiveActive security incident?Get immediate response
CVE archive

September 2013

Browse CVE records published in September 2013, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 450 matching CVEs · Page 2 of 9.

Unknown · CVSS Not scored

CVE-2013-5706: Multiple cross-site scripting (XSS) vulnerabilities in Coursemill Learning Management System (LMS) 6.8 allo...

Multiple cross-site scripting (XSS) vulnerabilities in Coursemill Learning Management System (LMS) 6.8 allow remote attackers to inject arbitrary web script or HTML via vectors related to error messages and (1) crafted event attributes or (2) > (greater than) characters that are optional within a browser's HTML implementation, a different issue than CVE-2013-3603.

Published Sep 6, 2013 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2013-1119: Buffer overflow in Cisco WebEx Recording Format (WRF) player T27 LD before SP32 EP16, T27 L10N before SP32_...

Buffer overflow in Cisco WebEx Recording Format (WRF) player T27 LD before SP32 EP16, T27 L10N before SP32_ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted DHT index value in JPEG data within a WRF file, aka Bug ID CSCuc24503.

Published Sep 6, 2013 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2013-1646: Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Server before 6.20.7 rev14, 6.22.0 befo...

Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allow remote attackers to inject arbitrary web script or HTML via (1) invalid JSON data in a mail-sending POST request, (2) an arbitrary parameter to servlet/TestServlet, (3) a javascript: URL in a standalone-mode action to a UWA module, (4) an infostore attachment, (5) JavaScript code in a contact image, (6) an RSS feed, or (7) a signature.

Published Sep 5, 2013 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2013-5698: Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite and Server before 6.22.0 rev16, 6.22.1 be...

Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite and Server before 6.22.0 rev16, 6.22.1 before rev19, 7.0.1 before rev7, 7.0.2 before rev11, and 7.2.0 before rev8 allows remote authenticated users to inject arbitrary web script or HTML via a delivery=view action, aka Bug ID 26373, a different vulnerability than CVE-2013-3106.

Published Sep 5, 2013 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2013-5679: The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Sec...

The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API (ESAPI) for Java 2.x before 2.1.0 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryptographic protection mechanisms via an attack against authenticity in the default configuration, involving a null MAC and a zero MAC length.

Published Sep 30, 2013 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2013-1648: The Subscriptions feature in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 befor...

The Subscriptions feature in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not properly validate the publication-source URL, which allows remote authenticated users to trigger arbitrary outbound TCP traffic via a crafted Source field, as demonstrated by (1) an ftp: URL, (2) a gopher: URL, or (3) an http://127.0.0.1/ URL, related to a "Server-side request forging (SSRF)" issue.

Published Sep 5, 2013 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2013-5740: Unspecified vulnerability in the Intel Trusted Execution Technology (TXT) SINIT Authenticated Code Modules...

Unspecified vulnerability in the Intel Trusted Execution Technology (TXT) SINIT Authenticated Code Modules (ACM) before 1.2, as used by the Intel QM77, QS77, Q77 Express, C216, Q67 Express, C202, C204, and C206 chipsets and Mobile Intel QM67 and QS67 chipsets, when the measured launch environment (MLE) is invoked, allows local users to bypass the Trusted Execution Technology protection mechanism and perform other unspecified SINIT ACM functions via unspecified vectors.

Published Sep 12, 2013 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2013-1115: Buffer overflow in Cisco WebEx Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T27 L10N bef...

Buffer overflow in Cisco WebEx Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T27 L10N before SP32_ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted ARF file, aka Bug IDs CSCue74118, CSCub28371, CSCud23401, and CSCud31109.

Published Sep 6, 2013 · Updated Sep 16, 2024