Skip to main content
CVE-2013-0232 HIGH POC THREAT Act Now

includes/functions.php in ZoneMinder Video Server 1.24.0, 1.25.0, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) runState parameter in the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 78.2%.

PHP Information Disclosure Zoneminder
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
78.2%
Threat
5.3
CVE-2013-2615 HIGH POC This Week

lib/entry_controller.rb in the fastreader Gem 1.0.8 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Fastreader
NVD
CVSS 2.0
7.5
EPSS
1.0%
CVE-2013-0711 HIGH This Week

IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote attackers to cause a denial of service (daemon outage) via a crafted authentication request. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Vxworks
NVD
CVSS 2.0
7.8
EPSS
1.9%
CVE-2013-1842 HIGH PATCH This Week

SQL injection vulnerability in the Extbase Framework in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to execute arbitrary SQL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi Typo3
NVD
CVSS 2.0
7.5
EPSS
3.3%
CVE-2013-2617 HIGH This Week

lib/curl.rb in the Curl Gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Curl
NVD
CVSS 2.0
7.5
EPSS
1.4%
CVE-2013-2616 HIGH PATCH This Week

lib/mini_magick.rb in the MiniMagick Gem 1.3.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection RCE Mini Magick
NVD
CVSS 2.0
7.5
EPSS
0.9%
CVE-2013-1875 HIGH This Week

command_wrap.rb in the command_wrap Gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL or filename. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Command Wrap
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2013-1655 HIGH PATCH This Week

Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to "serialized attributes.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

RCE Puppet Puppet Enterprise
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2013-1653 HIGH This Week

Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, when listening for incoming connections is enabled and allowing access to. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

RCE Puppet Puppet Enterprise Ubuntu Linux
NVD
CVSS 2.0
7.1
EPSS
2.0%
CVE-2013-0981 HIGH This Week

The IOUSBDeviceFamily driver in the USB implementation in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 accesses pipe object pointers that originated in userspace, which allows local. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Iphone Os Tvos
NVD
CVSS 2.0
7.2
EPSS
0.0%
CVE-2012-5938 HIGH This Week

The installation process in IBM InfoSphere Information Server 8.1, 8.5, 8.7, and 9.1 on UNIX and Linux sets incorrect permissions and ownerships for unspecified files, which allows local users to. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation IBM Infosphere Information Server
NVD
CVSS 2.0
7.2
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy