Skip to main content
CVE-2013-0232 HIGH POC THREAT Act Now

includes/functions.php in ZoneMinder Video Server 1.24.0, 1.25.0, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) runState parameter in the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 78.2%.

PHP Information Disclosure Zoneminder
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
78.2%
Threat
5.3
CVE-2013-0332 MEDIUM POC THREAT This Month

Multiple directory traversal vulnerabilities in ZoneMinder 1.24.x before 1.24.4 allow remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 31.1%.

Path Traversal Zoneminder
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
31.1%
CVE-2013-0714 CRITICAL Act Now

IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote attackers to execute arbitrary code or cause a denial of service (daemon hang) via a crafted public-key authentication. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service RCE Vxworks
NVD
CVSS 2.0
10.0
EPSS
9.3%
CVE-2013-2615 HIGH POC This Week

lib/entry_controller.rb in the fastreader Gem 1.0.8 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Fastreader
NVD
CVSS 2.0
7.5
EPSS
1.0%
CVE-2013-1750 CRITICAL Act Now

Heap-based buffer overflow in RealNetworks RealPlayer before 16.0.1.18 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a malformed MP4 file. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow RCE Realplayer Realplayer Sp
NVD
CVSS 2.0
9.3
EPSS
7.1%
CVE-2013-1640 CRITICAL Act Now

The (1) template and (2) inline_template functions in the master server in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Puppet Puppet Enterprise Ubuntu Linux
NVD
CVSS 2.0
9.0
EPSS
1.9%
CVE-2013-0711 HIGH This Week

IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote attackers to cause a denial of service (daemon outage) via a crafted authentication request. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Vxworks
NVD
CVSS 2.0
7.8
EPSS
1.9%
CVE-2013-1842 HIGH PATCH This Week

SQL injection vulnerability in the Extbase Framework in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to execute arbitrary SQL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi Typo3
NVD
CVSS 2.0
7.5
EPSS
3.3%
CVE-2013-2617 HIGH This Week

lib/curl.rb in the Curl Gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Curl
NVD
CVSS 2.0
7.5
EPSS
1.4%
CVE-2013-2616 HIGH PATCH This Week

lib/mini_magick.rb in the MiniMagick Gem 1.3.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection RCE Mini Magick
NVD
CVSS 2.0
7.5
EPSS
0.9%
CVE-2013-1875 HIGH This Week

command_wrap.rb in the command_wrap Gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL or filename. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Command Wrap
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2013-1655 HIGH PATCH This Week

Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to "serialized attributes.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

RCE Puppet Puppet Enterprise
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2013-1653 HIGH This Week

Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, when listening for incoming connections is enabled and allowing access to. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

RCE Puppet Puppet Enterprise Ubuntu Linux
NVD
CVSS 2.0
7.1
EPSS
2.0%
CVE-2013-0981 HIGH This Week

The IOUSBDeviceFamily driver in the USB implementation in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 accesses pipe object pointers that originated in userspace, which allows local. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Iphone Os Tvos
NVD
CVSS 2.0
7.2
EPSS
0.0%
CVE-2012-5938 HIGH This Week

The installation process in IBM InfoSphere Information Server 8.1, 8.5, 8.7, and 9.1 on UNIX and Linux sets incorrect permissions and ownerships for unspecified files, which allows local users to. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation IBM Infosphere Information Server
NVD
CVSS 2.0
7.2
EPSS
0.0%
CVE-2013-0712 MEDIUM This Month

IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote authenticated users to cause a denial of service (daemon outage) via a crafted packet. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Vxworks
NVD
CVSS 2.0
6.8
EPSS
0.8%
CVE-2013-0713 MEDIUM This Month

IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote authenticated users to cause a denial of service (daemon outage) via a crafted pty request. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Vxworks
NVD
CVSS 2.0
6.8
EPSS
0.7%
CVE-2013-2274 MEDIUM This Month

Puppet 2.6.x before 2.6.18 and Puppet Enterprise 1.2.x before 1.2.7 allows remote authenticated users to execute arbitrary code on the puppet master, or an agent with puppet kick enabled, via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Puppet Puppet Enterprise
NVD
CVSS 2.0
6.5
EPSS
1.9%
CVE-2013-1843 MEDIUM PATCH This Month

Open redirect vulnerability in the Access tracking mechanism in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to redirect users to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Open Redirect Typo3
NVD
CVSS 2.0
6.4
EPSS
0.6%
CVE-2013-0716 MEDIUM This Month

The web server in Wind River VxWorks 5.5 through 6.9 allows remote attackers to cause a denial of service (daemon crash) via a crafted URI. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Vxworks
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2013-1654 MEDIUM This Month

Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, and Puppet Enterprise 2.7.x before 2.7.2, does not properly negotiate the SSL protocol between client and master, which allows remote attackers to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Puppet Puppet Enterprise Ubuntu Linux
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2013-1652 MEDIUM This Month

Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users with a valid certificate and private key. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Puppet Puppet Enterprise Ubuntu Linux
NVD
CVSS 2.0
4.9
EPSS
0.4%
CVE-2013-0977 MEDIUM This Month

dyld in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not properly manage the state of file loading for Mach-O executable files, which allows local users to bypass intended code-signing. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass Iphone Os Tvos
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2013-0715 MEDIUM This Month

The WebCLI component in Wind River VxWorks 5.5 through 6.9 allows remote authenticated users to cause a denial of service (CLI session crash) via a crafted command string. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Vxworks
NVD
CVSS 2.0
4.0
EPSS
0.6%
CVE-2013-2275 MEDIUM This Month

The default configuration for puppet masters 0.25.0 and later in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, allows. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Puppet Puppet Enterprise Ubuntu Linux
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2013-1766 LOW Monitor

libvirt 1.0.2 and earlier sets the group owner to kvm for device files, which allows local users to write to these files via unspecified vectors. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Libvirt
NVD
CVSS 2.0
3.6
EPSS
0.1%
CVE-2013-0978 LOW Monitor

The ARM prefetch abort handler in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not ensure that it has been invoked in an abort context, which makes it easier for local users to. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Iphone Os Tvos
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2013-0980 LOW Monitor

The Passcode Lock implementation in Apple iOS before 6.1.3 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple Iphone Os
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2013-0979 LOW Monitor

lockdownd in Lockdown in Apple iOS before 6.1.3 does not properly consider file types during the permission-setting step of a backup restoration, which allows local users to change the permissions of. Rated low severity (CVSS 1.9). No vendor patch available.

Privilege Escalation Apple Iphone Os
NVD
CVSS 2.0
1.9
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy