Skip to main content
CVE-2013-1899 MEDIUM POC THREAT This Month

Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 81.1%.

Code Injection Denial Of Service PostgreSQL RCE Ubuntu Linux
NVD
CVSS 2.0
6.5
EPSS
81.1%
Threat
5.2
CVE-2013-0663 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Schneider Electric Modicon Quantum Plc Modicon M340 Modicon Premium
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.4%
CVE-2013-1903 CRITICAL Act Now

PostgreSQL, possibly 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, 8.4.x before 8.4.17, and 8.3.x before 8.3.23 incorrectly provides the superuser password to scripts related to. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation PostgreSQL
NVD
CVSS 2.0
10.0
EPSS
0.5%
CVE-2013-1902 CRITICAL Act Now

PostgreSQL, 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, 8.4.x before 8.4.17, and 8.3.x before 8.3.23 generates insecure temporary files with predictable filenames, which has. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PostgreSQL
NVD
CVSS 2.0
10.0
EPSS
0.5%
CVE-2013-2762 CRITICAL Act Now

The Schneider Electric Magelis XBT HMI controller has a default password for authentication of configuration uploads, which makes it easier for remote attackers to bypass intended access restrictions. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Schneider Electric Authentication Bypass Magelis Xbt Hmi
NVD
CVSS 2.0
10.0
EPSS
0.1%
CVE-2012-4710 CRITICAL Act Now

Invensys Wonderware Win-XML Exporter 1522.148.0.0 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption). Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service XXE Wonderware Win Xml Exporter
NVD
CVSS 2.0
9.3
EPSS
0.5%
CVE-2013-0125 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in fileview.asp in C2 WebResource allows remote attackers to inject arbitrary web script or HTML via the File parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS C2 Webresource
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
2.4%
CVE-2013-0664 HIGH This Week

The FactoryCast service on the Schneider Electric Quantum 140NOE77111 and 140NWM10000, M340 BMXNOE0110x, and Premium TSXETY5103 PLC modules allows remote authenticated users to send Modbus messages,. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Schneider Electric RCE Modicon Quantum Plc Modicon M340 Modicon Premium
NVD
CVSS 2.0
8.5
EPSS
1.2%
CVE-2013-1900 HIGH This Week

PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

OpenSSL Information Disclosure PostgreSQL Ubuntu Linux
NVD
CVSS 2.0
8.5
EPSS
0.6%
CVE-2013-2763 MEDIUM This Month

The Schneider Electric M340 PLC modules allow remote attackers to cause a denial of service (resource consumption) via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Schneider Electric Modicon M340 Bmx Noc 0401 Firmware Modicon M340 Bmx Noe 0100 Firmware Modicon M340 Bmx Noe 0100H Firmware +9
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2013-0128 MEDIUM This Month

The Contact Customer Support feature in the TigerText Free Private Texting app before 3.1.402 for iOS sends a log-file e-mail message with unencrypted credentials, which allows remote attackers to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Authentication Bypass Tigertext
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-2761 MEDIUM This Month

The Schneider Electric M340 BMXNOE01xx and BMXP3420xx PLC modules allow remote authenticated users to cause a denial of service (module crash) via crafted FTP traffic, as demonstrated by the. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Schneider Electric Modicon M340
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2013-1901 MEDIUM This Month

PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1). Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation PostgreSQL Ubuntu Linux
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-2302 LOW Monitor

TransWARE Active!. Rated low severity (CVSS 1.9). No vendor patch available.

Information Disclosure Active Mail
NVD
CVSS 2.0
1.9
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy