Skip to main content
CVE-2013-0625 CRITICAL POC KEV THREAT Emergency

Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, as exploited. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Adobe Authentication Bypass RCE
NVD Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
78.1%
Threat
7.3
CVE-2013-0629 HIGH POC KEV THREAT Act Now

Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10, when a password is not configured, allows attackers to access restricted directories via unspecified vectors, as exploited in the wild in January 2013. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Adobe Information Disclosure
NVD Exploit-DB VulDB
CVSS 3.1
7.5
EPSS
84.0%
Threat
7.0
CVE-2013-0631 HIGH KEV THREAT Act Now

Adobe ColdFusion 9.0, 9.0.1, and 9.0.2 allows attackers to obtain sensitive information via unspecified vectors, as exploited in the wild in January 2013. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 83.3%.

Adobe Information Disclosure
NVD VulDB
CVSS 3.1
7.5
EPSS
83.3%
Threat
5.5
CVE-2013-0006 HIGH Act Now

Microsoft XML Core Services (aka MSXML) 3.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML Integer. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 68.3% and no vendor patch available.

Microsoft RCE Xml Core Services Windows 7 Windows 8 +12
NVD
CVSS 3.1
8.8
EPSS
68.3%
CVE-2013-0003 CRITICAL Emergency

Buffer overflow in a System.DirectoryServices.Protocols (S.DS.P) namespace method in Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 61.3% and no vendor patch available.

Buffer Overflow Microsoft RCE Net Framework
NVD
CVSS 2.0
9.3
EPSS
61.3%
CVE-2013-0002 CRITICAL Emergency

Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 61.2% and no vendor patch available.

Buffer Overflow Microsoft RCE Net Framework
NVD
CVSS 2.0
9.3
EPSS
61.2%
CVE-2013-0005 HIGH Act Now

The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012,. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 65.3% and no vendor patch available.

Denial Of Service Microsoft Net Framework Management Odata Iis Extension
NVD
CVSS 2.0
7.8
EPSS
65.3%
CVE-2013-0008 HIGH POC THREAT Act Now

win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 17.6%.

Privilege Escalation Microsoft Windows Vista Windows Server 2008 Windows 7 +3
NVD Exploit-DB
CVSS 2.0
7.2
EPSS
17.6%
CVE-2013-0011 CRITICAL Emergency

The Print Spooler in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 36.3% and no vendor patch available.

Buffer Overflow Denial Of Service Microsoft RCE Windows 7 +1
NVD
CVSS 2.0
10.0
EPSS
36.3%
CVE-2013-0007 CRITICAL Act Now

Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML XSLT. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 24.2% and no vendor patch available.

Code Injection Microsoft RCE Xml Core Services Windows 7 +13
NVD
CVSS 2.0
9.3
EPSS
24.2%
CVE-2013-0004 CRITICAL Act Now

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate the permissions of objects in memory, which allows remote attackers to execute arbitrary. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft RCE Net Framework
NVD
CVSS 2.0
9.3
EPSS
8.7%
CVE-2013-0010 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 24.9% and no vendor patch available.

Microsoft XSS System Center Operations Manager
NVD
CVSS 2.0
4.3
EPSS
24.9%
CVE-2013-0009 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 24.9% and no vendor patch available.

Microsoft XSS System Center Operations Manager
NVD
CVSS 2.0
4.3
EPSS
24.9%
CVE-2013-0013 MEDIUM This Month

The SSL provider component in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Epss exploitation probability 15.8% and no vendor patch available.

Privilege Escalation Microsoft Windows 7 Windows 8 Windows Rt +3
NVD
CVSS 2.0
5.8
EPSS
15.8%
CVE-2013-0001 MEDIUM This Month

The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 15.0% and no vendor patch available.

Information Disclosure Microsoft Net Framework
NVD
CVSS 2.0
4.3
EPSS
15.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy