Skip to main content
CVE-2013-1296 CRITICAL Emergency

The Remote Desktop ActiveX control in mstscax.dll in Microsoft Remote Desktop Connection Client 6.1 and 7.0 does not properly handle objects in memory, which allows remote attackers to execute. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 54.0% and no vendor patch available.

Code Injection Microsoft RCE Remote Desktop Connection
NVD
CVSS 2.0
9.3
EPSS
54.0%
CVE-2013-1304 CRITICAL Emergency

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 36.8% and no vendor patch available.

Denial Of Service Microsoft RCE Internet Explorer
NVD
CVSS 2.0
9.3
EPSS
36.8%
CVE-2013-1303 CRITICAL Emergency

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 33.5% and no vendor patch available.

Denial Of Service Microsoft RCE Internet Explorer
NVD
CVSS 2.0
9.3
EPSS
33.5%
CVE-2013-1282 MEDIUM This Month

The LDAP service in Microsoft Active Directory, Active Directory Application Mode (ADAM), Active Directory Lightweight Directory Service (AD LDS), and Active Directory Services allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 45.2% and no vendor patch available.

Denial Of Service Microsoft Active Directory Active Directory Application Mode Active Directory Lightweight Directory Service +1
NVD
CVSS 2.0
5.0
EPSS
45.2%
CVE-2013-1289 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 45.0% and no vendor patch available.

Microsoft XSS Groove Server Infopath Office Web Apps +2
NVD
CVSS 2.0
4.3
EPSS
45.0%
CVE-2013-0135 HIGH POC This Week

Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Php Address Book
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
3.5%
CVE-2013-1801 HIGH POC PATCH This Week

The httparty gem 0.9.0 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Denial Of Service RCE Httparty
NVD GitHub
CVSS 2.0
7.5
EPSS
3.0%
CVE-2013-1802 HIGH POC PATCH This Week

The extlib gem 0.9.15 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Denial Of Service RCE Extlib
NVD GitHub
CVSS 2.0
7.5
EPSS
1.7%
CVE-2013-1800 HIGH POC PATCH This Week

The crack gem 0.3.1 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Denial Of Service RCE Crack
NVD GitHub
CVSS 2.0
7.5
EPSS
1.7%
CVE-2013-1788 MEDIUM POC This Month

poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger an "invalid memory access" in (1). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service RCE Poppler
NVD
CVSS 2.0
6.8
EPSS
4.1%
CVE-2013-1790 MEDIUM POC This Month

poppler/Stream.cc in poppler before 0.22.1 allows context-dependent attackers to have an unspecified impact via vectors that trigger a read of uninitialized memory by the CCITTFaxStream::lookChar. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Buffer Overflow Poppler
NVD
CVSS 2.0
6.8
EPSS
2.8%
CVE-2013-1291 HIGH Act Now

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 Gold and SP1, and Windows 8 allows local users to. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Epss exploitation probability 17.2% and no vendor patch available.

Denial Of Service Microsoft Windows 7 Windows 8 Windows Server 2003 +3
NVD
CVSS 2.0
7.1
EPSS
17.2%
CVE-2013-1821 MEDIUM PATCH This Month

lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 20.7%.

Denial Of Service Ruby
NVD VulDB
CVSS 2.0
5.0
EPSS
20.7%
CVE-2013-1789 MEDIUM POC This Month

splash/Splash.cc in poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to the (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Poppler
NVD
CVSS 2.0
4.3
EPSS
2.8%
CVE-2013-0285 HIGH PATCH This Week

The nori gem 2.0.x before 2.0.2, 1.1.x before 1.1.4, and 1.0.x before 1.0.3 for Ruby does not properly restrict casts of string values, which allows remote attackers to conduct object-injection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service RCE Nori Gem
NVD
CVSS 2.0
7.5
EPSS
1.5%
CVE-2013-1898 HIGH This Week

lib/thumbshooter.rb in the Thumbshooter 0.1.5 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Thumbshooter
NVD
CVSS 2.0
7.5
EPSS
1.0%
CVE-2013-2778 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in addressbook/register/delete_user.php in PHP Address Book 8.2.5 allows remote attackers to hijack the authentication of administrators for requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF PHP Php Address Book
NVD
CVSS 2.0
7.5
EPSS
0.1%
CVE-2013-1292 HIGH This Week

Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Race Condition Microsoft Windows 7 Windows 8 +4
NVD
CVSS 3.1
7.4
EPSS
0.5%
CVE-2013-0078 HIGH This Week

The Microsoft Antimalware Client in Windows Defender on Windows 8 and Windows RT uses an incorrect pathname for MsMpEng.exe, which allows local users to gain privileges via a crafted application, aka. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows Defender
NVD
CVSS 2.0
7.2
EPSS
0.9%
CVE-2013-1295 HIGH This Week

The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 does not properly handle objects in memory, which allows local users. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Windows Server 2003 Windows Server 2008 Windows Vista +1
NVD
CVSS 2.0
7.2
EPSS
0.8%
CVE-2013-1293 MEDIUM This Month

The NTFS kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service. Rated medium severity (CVSS 6.9). No vendor patch available.

Denial Of Service Microsoft Windows 7 Windows Server 2008 Windows Vista
NVD
CVSS 2.0
6.9
EPSS
0.8%
CVE-2013-1294 HIGH This Week

Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Race Condition Microsoft Windows 7 Windows 8 +6
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2013-1283 MEDIUM This Month

Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and. Rated medium severity (CVSS 6.9). No vendor patch available.

Information Disclosure Race Condition Microsoft Windows 7 Windows 8 +6
NVD
CVSS 2.0
6.9
EPSS
0.6%
CVE-2012-6134 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the omniauth-oauth2 gem 1.1.1 and earlier for Ruby allows remote attackers to hijack the authentication of users for requests that modify session. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Omniauth Oauth2
NVD GitHub
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-1290 LOW Monitor

Microsoft SharePoint Server 2013, in certain configurations involving legacy My Sites, does not properly establish default access controls for a SharePoint list, which allows remote authenticated. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Epss exploitation probability 13.3% and no vendor patch available.

Privilege Escalation Information Disclosure Microsoft Sharepoint Server
NVD
CVSS 2.0
3.5
EPSS
13.3%
CVE-2013-0253 MEDIUM PATCH This Month

The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Apache Information Disclosure Maven
NVD
CVSS 2.0
5.8
EPSS
0.7%
CVE-2013-0284 MEDIUM PATCH This Month

Ruby agent 3.2.0 through 3.5.2 serializes sensitive data when communicating with servers operated by New Relic, which allows remote attackers to obtain sensitive information (database credentials and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ruby Agent New Relic
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-1284 MEDIUM This Month

Race condition in the kernel in Microsoft Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Race Condition Microsoft Windows 8 Windows Rt +1
NVD
CVSS 2.0
4.9
EPSS
0.3%
CVE-2013-0134 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the web interface in AirDroid allows remote attackers to inject arbitrary web script or HTML via a crafted text message that is transmitted by a managed. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Airdroid
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2012-6097 MEDIUM This Month

File descriptor leak in cronie 1.4.8, when running in certain environments, might allow local users to read restricted files, as demonstrated by reading /etc/crontab. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Cronie
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-5635 LOW Monitor

The GlusterFS functionality in Red Hat Storage Management Console 2.0, Native Client, and Server 2.0 allows local users to overwrite arbitrary files via a symlink attack on multiple temporary files. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Glusterfs Storage Management Console Storage Native Client +1
NVD
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy