2013 CVEs

6830 CVEs published in 2013. 156 critical, 269 high. Browse by vendor, severity, or with PoCs.

Top CVEs published in 2013
CVESeverityScorePublishedSummary
CVE-2013-3542Critical10.02019-12-11Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models w…
CVE-2013-3960Critical9.92020-01-24Easytime Studio Easy File Manager 1.1 has a HTTP request security bypass
CVE-2013-10069Critical9.82025-08-05The web interface of multiple D-Link routers, including DIR-600 rev B (≤2.14b01) and DIR-300 rev B (≤2.13), contains an unauthenticated OS command injection vu…
CVE-2013-10051Critical9.82025-08-01A remote PHP code execution vulnerability exists in InstantCMS version 1.6 and earlier due to unsafe use of eval() within the search view handler. Specifically…
CVE-2013-10048Critical9.82025-08-01An OS command injection vulnerability exists in various legacy D-Link routers—including DIR-300 rev B and DIR-600 (firmware ≤ 2.13 and ≤ 2.14b01, respectively)…
CVE-2013-10042Critical9.82025-07-31A stack-based buffer overflow vulnerability exists in freeFTPd version 1.0.10 and earlier in the handling of the FTP PASS command. When an attacker sends a spe…
CVE-2013-10040Critical9.82025-07-31ClipBucket version 2.6 and earlier contains a critical vulnerability in the ofc_upload_image.php script located at /admin_area/charts/ofc-library/. This endpoi…
CVE-2013-2513Critical9.82023-12-12The flash_tool gem through 0.6.0 for Ruby allows command execution via shell metacharacters in the name of a downloaded file.
CVE-2013-4144Critical9.82022-06-30There is an object injection vulnerability in swfupload plugin for wordpress.
CVE-2013-20004Critical9.82022-02-06A flaw was found in StarWind iSCSI target. StarWind service does not limit client connections and allocates memory on each connection attempt. An attacker coul…
CVE-2013-6276Critical9.82021-08-09QNAP F_VioCard 2312 and F_VioGate 2308 have hardcoded entries in authorized_keys files. NOTE: 1. All active models are not affected. The last affected model wa…
CVE-2013-20002Critical9.82021-06-17Elemin allows remote attackers to upload and execute arbitrary PHP code via the Themify framework (before 1.2.2) wp-content/themes/elemin/themify/themify-ajax…
CVE-2013-2512Critical9.82021-01-26The ftpd gem 0.2.1 for Ruby allows remote attackers to execute arbitrary OS commands via shell metacharacters in a LIST or NLST command argument within FTP pro…
CVE-2013-7487Critical9.82020-03-21On Swann DVR04B, DVR08B, DVR-16CIF, and DVR16B devices, raysharpdvr application has a vulnerable call to “system”, which allows remote attackers to execute arb…
CVE-2013-2018Critical9.82020-02-20Multiple SQL injection vulnerabilities in BOINC allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-6295Critical9.82020-02-18PrestaShop 1.5.5 vulnerable to privilege escalation via a Salesman account via upload module
CVE-2013-3323Critical9.82020-02-18A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure…
CVE-2013-3738Critical9.82020-02-17A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequate sanitization of request strings in CGI scripts, which could let a remote malicious user…
CVE-2013-4211Critical9.82020-02-14A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, which could let a remote malicious user e…
CVE-2013-7287Critical9.82020-02-13MobileIron VSP < 5.9.1 and Sentry < 5.0 has an insecure encryption scheme.