Skip to main content
CVE-2013-0251 CRITICAL Act Now

Stack-based buffer overflow in llogincircuit.cc in latd 1.25 through 1.30 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service RCE Latd
NVD
CVSS 2.0
10.0
EPSS
8.0%
CVE-2013-0329 HIGH PATCH This Week

Unspecified vulnerability in Jenkins before 1.502 and LTS before 1.480.3 allows remote attackers to bypass the CSRF protection mechanism via unknown attack vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

CSRF Jenkins
NVD
CVSS 2.0
7.5
EPSS
0.2%
CVE-2013-0327 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in Jenkins master in Jenkins before 1.502 and LTS before 1.480.3 allows remote attackers to hijack the authentication of users via unknown vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Jenkins
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2013-0717 MEDIUM This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the web-based management utility on the NEC AtermWR9500N, AtermWR8600N, AtermWR8370N, AtermWR8160N, AtermWM3600R, and AtermWM3450RN. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Atermwm3450Rn Atermwm3600R Atermwr8160N Atermwr8370N +2
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2013-0205 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the RESTful Web Services (restws) module 7.x-1.x before 7.x-1.2 and 7.x-2.x before 7.x-2.0-alpha4 for Drupal allows remote attackers to hijack the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Restful Web Services
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2013-0207 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the Mark Complete module 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Mark Complete
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-0206 MEDIUM PATCH This Month

Unrestricted file upload vulnerability in the Live CSS module 6.x-2.x before 6.x-2.1 and 7.x-2.x before 7.x-2.7 for Drupal allows remote authenticated users with the "administer CSS" permissions to. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.

File Upload RCE Live Css
NVD
CVSS 2.0
6.0
EPSS
1.5%
CVE-2013-0226 MEDIUM This Month

The Keyboard Shortcut Utility module 7.x-1.x before 7.x-1.1 for Drupal does not properly check node restrictions, which allows (1) remote authenticated users with the "view shortcuts" permission to. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Keyboard Shortcut Utility
NVD
CVSS 2.0
6.0
EPSS
0.4%
CVE-2013-1863 MEDIUM PATCH This Month

Samba 4.x before 4.0.4, when configured as an Active Directory domain controller, uses world-writable permissions on non-default CIFS shares, which allows remote authenticated users to read, modify,. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.

Privilege Escalation Samba
NVD
CVSS 2.0
6.0
EPSS
0.3%
CVE-2013-1856 MEDIUM PATCH This Month

The ActiveSupport::XmlMini_JDOM backend in lib/active_support/xml_mini/jdom.rb in the Active Support component in Ruby on Rails 3.0.x and 3.1.x before 3.1.12 and 3.2.x before 3.2.13, when JRuby is. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Denial Of Service Rails Ruby On Rails
NVD
CVSS 2.0
5.8
EPSS
0.7%
CVE-2013-0505 MEDIUM This Month

IBM Sterling Order Management 8.0 before HF127, 8.5 before HF89, 9.0 before HF69, 9.1.0 before FP41, and 9.2.0 before FP13 allows remote authenticated users to conduct XPath injection attacks, and. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection IBM Sterling Multi Channel Fulfillment Solution Sterling Selling And Fulfillment Foundation
NVD
CVSS 2.0
5.5
EPSS
0.2%
CVE-2013-1854 MEDIUM PATCH This Month

The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Rails Ruby On Rails Enterprise Linux
NVD
CVSS 2.0
5.0
EPSS
1.8%
CVE-2013-2263 MEDIUM This Month

Unspecified vulnerability in Citrix Access Gateway Standard Edition 5.0.x before 5.0.4.223524 allows remote attackers to access network resources via unknown attack vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Citrix Access Gateway
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2013-1857 MEDIUM PATCH This Month

The sanitize helper in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Enterprise Linux Rails Ruby On Rails
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2013-0224 MEDIUM PATCH This Month

The Video module 7.x-2.x before 7.x-2.9 for Drupal, when using the FFmpeg transcoder, allows local users to execute arbitrary PHP code by modifying a temporary PHP file. Rated medium severity (CVSS 4.4).

PHP RCE Video
NVD
CVSS 2.0
4.4
EPSS
0.1%
CVE-2013-1855 MEDIUM PATCH This Month

The sanitize_css method in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Rails Ruby On Rails Enterprise Linux
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-0506 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM Sterling Order Management 8.0 before HF127, 8.5 before HF89, 9.0 before HF69, 9.1.0 before FP41, and 9.2.0 before FP13 allows remote authenticated. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Sterling Multi Channel Fulfillment Solution Sterling Selling And Fulfillment Foundation
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-0328 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Jenkins before 1.502 and LTS before 1.480.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Jenkins XSS
NVD
CVSS 2.0
4.3
EPSS
0.1%
CVE-2013-0331 MEDIUM PATCH This Month

Jenkins before 1.502 and LTS before 1.480.3 allows remote authenticated users with write access to cause a denial of service via a crafted payload. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Jenkins
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2013-0330 MEDIUM PATCH This Month

Unspecified vulnerability in Jenkins before 1.502 and LTS before 1.480.3 allows remote authenticated users with write access to build arbitrary jobs via unknown attack vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Jenkins
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2013-0225 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the User Relationships module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.0-alpha5 for Drupal allows remote authenticated users with the "administer. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable.

XSS User Relationships
NVD
CVSS 2.0
2.1
EPSS
0.3%
CVE-2013-0227 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the Search API Sorts module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain roles to inject arbitrary web script or HTML. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable.

XSS Search Api Sorts
NVD
CVSS 2.0
2.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy