Skip to main content
CVE-2013-0135 HIGH POC This Week

Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Php Address Book
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
3.5%
CVE-2013-1801 HIGH POC PATCH This Week

The httparty gem 0.9.0 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Denial Of Service RCE Httparty
NVD GitHub
CVSS 2.0
7.5
EPSS
3.0%
CVE-2013-1802 HIGH POC PATCH This Week

The extlib gem 0.9.15 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Denial Of Service RCE Extlib
NVD GitHub
CVSS 2.0
7.5
EPSS
1.7%
CVE-2013-1800 HIGH POC PATCH This Week

The crack gem 0.3.1 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Denial Of Service RCE Crack
NVD GitHub
CVSS 2.0
7.5
EPSS
1.7%
CVE-2013-1291 HIGH Act Now

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 Gold and SP1, and Windows 8 allows local users to. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Epss exploitation probability 17.2% and no vendor patch available.

Denial Of Service Microsoft Windows 7 Windows 8 Windows Server 2003 +3
NVD
CVSS 2.0
7.1
EPSS
17.2%
CVE-2013-0285 HIGH PATCH This Week

The nori gem 2.0.x before 2.0.2, 1.1.x before 1.1.4, and 1.0.x before 1.0.3 for Ruby does not properly restrict casts of string values, which allows remote attackers to conduct object-injection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service RCE Nori Gem
NVD
CVSS 2.0
7.5
EPSS
1.5%
CVE-2013-1898 HIGH This Week

lib/thumbshooter.rb in the Thumbshooter 0.1.5 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Thumbshooter
NVD
CVSS 2.0
7.5
EPSS
1.0%
CVE-2013-2778 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in addressbook/register/delete_user.php in PHP Address Book 8.2.5 allows remote attackers to hijack the authentication of administrators for requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF PHP Php Address Book
NVD
CVSS 2.0
7.5
EPSS
0.1%
CVE-2013-1292 HIGH This Week

Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Race Condition Microsoft Windows 7 Windows 8 +4
NVD
CVSS 3.1
7.4
EPSS
0.5%
CVE-2013-0078 HIGH This Week

The Microsoft Antimalware Client in Windows Defender on Windows 8 and Windows RT uses an incorrect pathname for MsMpEng.exe, which allows local users to gain privileges via a crafted application, aka. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows Defender
NVD
CVSS 2.0
7.2
EPSS
0.9%
CVE-2013-1295 HIGH This Week

The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 does not properly handle objects in memory, which allows local users. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Windows Server 2003 Windows Server 2008 Windows Vista +1
NVD
CVSS 2.0
7.2
EPSS
0.8%
CVE-2013-1294 HIGH This Week

Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Race Condition Microsoft Windows 7 Windows 8 +6
NVD
CVSS 3.1
7.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy