Skip to main content
CVE-2013-3537 HIGH POC This Week

Multiple SQL injection vulnerabilities in todooforum.php in Todoo Forum 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) id_post or (2) pg parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Todoo Forum
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.5%
CVE-2013-3536 HIGH POC This Week

SQL injection vulnerability in the gp_LoadUserFromHash function in functions_hash.php in the Group Pay module 1.5 and earlier for WHMCS allows remote attackers to execute arbitrary SQL commands via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Group Pay
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.5%
CVE-2013-3535 MEDIUM POC THREAT This Month

Multiple cross-site scripting (XSS) vulnerabilities in CMSLogik 1.2.0 and 1.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_email, (2) header_title, (3) site_title. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 12.3%.

CSRF XSS Cmslogik
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
12.3%
CVE-2013-3538 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in todooforum.php in Todoo Forum 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id_post or (2) pg parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Todoo Forum
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
3.5%
CVE-2013-2020 MEDIUM PATCH This Month

Integer underflow in the cli_scanpe function in pe.c in ClamAV before 0.97.8 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Denial Of Service Ubuntu Linux Linux Enterprise Server Clamav
NVD GitHub
CVSS 2.0
5.0
EPSS
7.7%
CVE-2013-2021 MEDIUM This Month

pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted length value in an encrypted PDF file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Ubuntu Linux Linux Enterprise Server Clamav
NVD GitHub
CVSS 2.0
4.3
EPSS
8.7%
CVE-2013-1918 MEDIUM This Month

Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and earlier are not preemptible, which allows local PV kernels to cause a denial of service via vectors related to "deep page table. Rated medium severity (CVSS 4.7). No vendor patch available.

Buffer Overflow Denial Of Service Xen
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2013-1919 MEDIUM This Month

Xen 4.2.x and 4.1.x does not properly restrict access to IRQs, which allows local stub domain clients to gain access to IRQs and cause a denial of service via vectors related to "passed-through IRQs. Rated medium severity (CVSS 4.7). No vendor patch available.

Privilege Escalation Denial Of Service Xen
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2013-1136 MEDIUM This Month

The crypto engine process in Cisco IOS on Aggregation Services Router (ASR) Route Processor 2 does not properly manage memory, which allows local users to cause a denial of service (route processor. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Apple Cisco iOS
NVD
CVSS 2.0
4.6
EPSS
0.0%
CVE-2013-3534 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the aiContactSafe component before 2.0.21 for Joomla!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Aicontactsafe
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-1922 LOW Monitor

qemu-nbd in QEMU, as used in Xen 4.2.x, determines the format of a raw disk image based on the header, which allows local guest OS administrators to read arbitrary files on the host by modifying the. Rated low severity (CVSS 3.3). No vendor patch available.

Privilege Escalation Xen
NVD
CVSS 2.0
3.3
EPSS
0.1%
CVE-2013-1897 LOW Monitor

The do_search function in ldap/servers/slapd/search.c in 389 Directory Server 1.2.x before 1.2.11.20 and 1.3.x before 1.3.0.5 does not properly restrict access to entries when the. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation 389 Directory Server
NVD
CVSS 2.0
2.6
EPSS
0.4%
CVE-2013-1940 LOW Monitor

X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not properly restrict access to input events when adding a new hot-plug device, which might allow physically proximate attackers to obtain. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation X Org Xserver Ubuntu Linux
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2013-1917 LOW Monitor

Xen 3.1 through 4.x, when running 64-bit hosts on Intel CPUs, does not clear the NT flag when using an IRET after a SYSENTER instruction, which allows PV guest users to cause a denial of service. Rated low severity (CVSS 1.9). No vendor patch available.

Intel Denial Of Service Xen
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2013-1952 LOW Monitor

Xen 4.x, when using Intel VT-d for a bus mastering capable PCI device, does not properly check the source when accessing a bridge device's interrupt remapping table entries for MSI interrupts, which. Rated low severity (CVSS 1.9). No vendor patch available.

Intel Denial Of Service Xen
NVD
CVSS 2.0
1.9
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy