CVE-2013-1312
published 2013-05-15CVE-2013-1312: Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers…
PriorityP353critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
20.64%
97.2th percentile
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability."
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | httpd | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_apache9.8LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gcx2-xqvg-96fr: Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that tri
ghsa_unreviewed·2022-05-14
CVE-2013-1312 [HIGH] CWE-416 GHSA-gcx2-xqvg-96fr: Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that tri
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability."
Apache
Apache httpd: CVE-2018-1312
vendor_apache·CVSS 9.8
CVE-2018-1312 [LOW] Apache httpd: CVE-2018-1312
Apache httpd: CVE-2018-1312
When generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection. Acknowledgements: The issue was discovered by Nicolas Daniels. Reported to security team 2013-03-05 Issue public 2018-03-21 Update 2.4.33 released 2018-03-21 Affects 2.4.29, 2.4.28, 2.4.27, 2.4.26, 2.4.25, 2.4.23, 2.4.20, 2.4.18, 2.4.17, 2.4.16, 2.4.12, 2.4.10, 2.4.9, 2.4.7, 2.4.6, 2.4.4, 2.4.3, 2.4.2, 2.4.1
Severity: low
No detection rules found.
Exploit-DB
Open-Xchange Server 6 - Multiple Vulnerabilities
exploitdb·2013-03-15·CVSS 4.3
CVE-2013-1651 [MEDIUM] Open-Xchange Server 6 - Multiple Vulnerabilities
Open-Xchange Server 6 - Multiple Vulnerabilities
---
Multiple security issues for Open-Xchange Server have been discovered and fixed. The vendor has chosen responsible full disclosure to publish security issue details. Users of the software have already been provided with patched versions.
Proof regarding authenticity can be obtained from the published release notes:
http://software.open-xchange.com/OX6/6.20/doc/Release_Notes_for_Public_Patch_Release_1310_6.20.7_Rev14_2013-02-28.pdf
http://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Public_Patch_Release_1311_6.22.0_Rev13_2013-02-28.pdf
http://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Public_Patch_Release_1312_6.22.1_Rev14_2013-02-28.pdf
Product: Open-Xchange Server 6
Vendor: Open-Xchange GmbH
Internal refe
Exploit-DB
Google Chrome - Silent HTTP Authentication
exploitdb·2013-02-11
Google Chrome - Silent HTTP Authentication
Google Chrome - Silent HTTP Authentication
---
# Exploit Title: [Google Chrome Silent HTTP Authentication]
# Date: [2-5-2013]
# Exploit Author: [T355]
# Vendor Homepage: [http://www.google.com/chrome]
# Version: [24.0.1312.57]
# Tested on: [Tested on: Windows 7 & Mac OSX Mountain Lion]
# CVE : [n/a]
VULNERABILITY DETAILS
The latest version of Google Chrome (Tested on Version 24.0.1312.57)
fails to properly recognize HTTP Basic Authentication when injected in
various HTML tags. As a result of this behavior Chrome will not alert
the user when HTTP Basic Authentication is taking place or when
credentials are rejected. This behavior is particularly concerning
with respect to small office and home routers. Such devices are easily
brute forced using this method. Many of these devices have the
Zscaler
Zscaler found Multiple Security Vulnerabilities | 05-14-2013
blogs_zscaler·CVSS 4.3
[MEDIUM] Zscaler found Multiple Security Vulnerabilities | 05-14-2013
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
Bugzilla
CVE-2013-0836 v8: DoS due to improperly implemented garbage collection
bugzilla·2013-01-16·CVSS 6.8
CVE-2013-0836 [MEDIUM] CVE-2013-0836 v8: DoS due to improperly implemented garbage collection
CVE-2013-0836 v8: DoS due to improperly implemented garbage collection
Common Vulnerabilities and Exposures assigned an identifier CVE-2013-0836 to
the following vulnerability:
Name: CVE-2013-0836
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0836
Assigned: 20130107
Reference: http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html
Reference: https://code.google.com/p/chromium/issues/detail?id=150545
Google V8 before 3.14.5.3, as used in Google Chrome before
24.0.1312.52, does not properly implement garbage collection, which
allows remote attackers to cause a denial of service (application
crash) or possibly have unspecified other impact via crafted
JavaScript code.
Discussion:
Created v8 tracking bugs for this issue
Affects: fedora-all [bug 896273]
Bugzilla
CVE-2012-5153 v8: DoS due to crafted JavaScript code that causes out-of-bounds access to stack memory
bugzilla·2013-01-16·CVSS 7.5
CVE-2012-5153 [HIGH] CVE-2012-5153 v8: DoS due to crafted JavaScript code that causes out-of-bounds access to stack memory
CVE-2012-5153 v8: DoS due to crafted JavaScript code that causes out-of-bounds access to stack memory
Common Vulnerabilities and Exposures assigned an identifier CVE-2012-5153 to
the following vulnerability:
Name: CVE-2012-5153
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5153
Assigned: 20120924
Reference: http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html
Reference: https://code.google.com/p/chromium/issues/detail?id=164565
Google V8 before 3.14.5.3, as used in Google Chrome before
24.0.1312.52, allows remote attackers to cause a denial of service or
possibly have unspecified other impact via crafted JavaScript code
that triggers an out-of-bounds access to stack memory.
Discussion:
Created v8 tracking bugs for this issue
Affects: fedora-all [b
http://www.us-cert.gov/ncas/alerts/TA13-134Ahttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-037https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16328http://www.us-cert.gov/ncas/alerts/TA13-134Ahttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-037https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16328
2013-05-15
Published