Skip to main content
CVE-2013-0126 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in index.cgi on the Verizon FIOS Actiontec MI424WR-GEN3I router with firmware 40.19.36 allow remote attackers to hijack the authentication. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Fios Actiontec Mi424Wr Gen31 Router Firmware Fios Actiontec Mi424Wr Gen31 Router
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.9%
CVE-2013-2632 MEDIUM POC This Month

Google V8 before 3.17.13, as used in Google Chrome before 27.0.1444.3, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Google Chrome V8
NVD
CVSS 2.0
6.8
EPSS
0.5%
CVE-2013-0123 HIGH This Week

Multiple SQL injection vulnerabilities in the administration interface in ASKIA askiaweb allow remote attackers to execute arbitrary SQL commands via (1) the nHistoryId parameter to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Askiaweb
NVD
CVSS 2.0
7.5
EPSS
1.2%
CVE-2013-2279 HIGH This Week

CA SiteMinder Federation (FSS) 12.5, 12.0, and r6; Federation (Standalone) 12.1 and 12.0; Agent for SharePoint 2010; and SiteMinder for Secure Proxy Server 6.0, 12.0, and 12.5 does not properly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft 2010 12 0 12 1 +3
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2013-0674 MEDIUM This Month

Buffer overflow in the RegReader ActiveX control in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to execute arbitrary code via a long. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Siemens RCE Simatic Pcs7 Wincc
NVD
CVSS 2.0
6.8
EPSS
2.7%
CVE-2013-1052 HIGH This Week

pam-xdg-support, as used in Ubuntu 12.10, does not properly handle the PATH environment variable, which allows local users to gain privileges via unspecified vectors related to sudo. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ubuntu Ubuntu Linux
NVD
CVSS 2.0
7.2
EPSS
0.2%
CVE-2013-0665 MEDIUM This Month

Schweitzer Engineering Laboratories (SEL) AcSELerator QuickSet before 5.12.0.1 uses weak permissions for its Program Files directory, which allows local users to replace executable files, and. Rated medium severity (CVSS 6.2). No vendor patch available.

Privilege Escalation Acselerator Quickset
NVD
CVSS 2.0
6.2
EPSS
0.1%
CVE-2013-0675 MEDIUM This Month

Buffer overflow in CCEServer (aka the central communications component) in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to cause a. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Siemens Denial Of Service Simatic Pcs7 Wincc
NVD
CVSS 2.0
6.1
EPSS
0.1%
CVE-2013-0677 MEDIUM This Month

The web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to obtain sensitive information or cause a denial of service via a. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Siemens Information Disclosure Denial Of Service Simatic Pcs7 Wincc
NVD
CVSS 2.0
5.8
EPSS
0.5%
CVE-2013-2633 MEDIUM PATCH This Month

Piwik before 1.11 accepts input from a POST request instead of a GET request in unspecified circumstances, which might allow attackers to obtain sensitive information by leveraging the logging of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Matomo
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-0287 MEDIUM PATCH This Month

The Simple Access Provider in System Security Services Daemon (SSSD) 1.9.0 through 1.9.4, when the Active Directory provider is used, does not properly enforce the simple_deny_groups option, which. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable.

Privilege Escalation Sssd
NVD
CVSS 2.0
4.9
EPSS
0.5%
CVE-2013-0124 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in ASKIA askiaweb allow remote attackers to inject arbitrary web script or HTML via the (1) Number or (2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Askiaweb
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2013-0668 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the HMI web application in Siemens WinCC (TIA Portal) 11 allow remote attackers to inject arbitrary web script or HTML via a crafted URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Siemens XSS Wincc Tia Portal
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-0667 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the HMI web application in Siemens WinCC (TIA Portal) 11 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Siemens XSS Wincc Tia Portal
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-0670 MEDIUM This Month

CRLF injection vulnerability in the HMI web application in Siemens WinCC (TIA Portal) 11 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Siemens Code Injection Wincc Tia Portal
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-5757 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Web Client in IBM Rational ClearQuest 7.1.x before 7.1.2.10 and 8.x before 8.0.0.6 allows remote attackers to inject arbitrary web script or HTML via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Rational Clearquest
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-1844 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Piwik before 1.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Matomo
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-1051 MEDIUM This Month

apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Advanced Package Tool Apt Ubuntu Linux
NVD
CVSS 2.0
4.3
EPSS
0.1%
CVE-2013-0679 MEDIUM This Month

Directory traversal vulnerability in the web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote authenticated users to read arbitrary files. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Siemens Path Traversal Simatic Pcs7 Wincc
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2013-0678 MEDIUM This Month

Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly represent WebNavigator credentials in a database, which makes it easier for remote authenticated. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Siemens Authentication Bypass Simatic Pcs7 Wincc
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-0676 MEDIUM This Month

Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly assign privileges for the database containing WebNavigator credentials, which allows remote. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Siemens Simatic Pcs7 Wincc
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-0671 MEDIUM This Month

Directory traversal vulnerability in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to read HMI web-application source code and user-defined scripts via a crafted URL. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Siemens Path Traversal Wincc Tia Portal
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-0669 MEDIUM This Month

The HMI web application in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to cause a denial of service (daemon crash) via a crafted HTTP request. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Siemens Denial Of Service Wincc Tia Portal
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-0672 LOW Monitor

Cross-site scripting (XSS) vulnerability in the HMI web application in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to inject arbitrary web script or HTML via unspecified data. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Siemens XSS Wincc Tia Portal
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-0453 LOW Monitor

Cross-site scripting (XSS) vulnerability in Web Reports in IBM Tivoli Endpoint Manager (TEM) before 8.2.1372 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Tivoli Endpoint Manager
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-1427 LOW Monitor

The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP. Rated low severity (CVSS 1.9). No vendor patch available.

PHP Debian Authentication Bypass Lighttpd
NVD
CVSS 2.0
1.9
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy