Skip to main content
CVE-2013-4615 MEDIUM POC THREAT This Month

The Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers allow remote attackers to cause a denial of service (device hang) via a crafted LAN_TXT24 parameter to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 63.3%.

Denial Of Service Authentication Bypass Mg3100 Printer Mg5300 Printer Mg6100 Printer +6
NVD GitHub
CVSS 2.0
5.0
EPSS
63.3%
Threat
4.4
CVE-2013-2173 MEDIUM POC This Month

wp-includes/class-phpass.php in WordPress 3.5.1, when a password-protected post exists, allows remote attackers to cause a denial of service (CPU consumption) via a crafted value of a certain. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress PHP Denial Of Service
NVD GitHub
CVSS 2.0
4.3
EPSS
1.7%
CVE-2013-3035 HIGH This Week

The IPv6 implementation in the inet subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allows remote attackers to cause a denial of service (system hang) via a crafted packet to an IPv6. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service IBM Aix Vios
NVD
CVSS 2.0
7.1
EPSS
6.7%
CVE-2013-3379 HIGH This Week

The firewall subsystem in Cisco TelePresence TC Software before 4.2 does not properly implement rules that grant access to hosts, which allows remote attackers to obtain shell access with root. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cisco Telepresence Tc Software
NVD
CVSS 2.0
8.3
EPSS
0.2%
CVE-2013-3378 HIGH This Week

Cisco TelePresence TC Software before 6.1 and TE Software before 4.1.3 allow remote attackers to cause a denial of service (temporary device hang) via crafted SIP packets, aka Bug ID CSCuf89557. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Telepresence Tc Software Telepresence Te Software
NVD
CVSS 2.0
7.8
EPSS
0.4%
CVE-2013-3377 HIGH This Week

Cisco TelePresence TC Software before 5.1.7 and TE Software before 4.1.3 allow remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCue01743. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Telepresence Tc Software Ip Video Phone E20 Telepresence Codec C40 +11
NVD
CVSS 2.0
7.8
EPSS
0.4%
CVE-2013-4614 LOW POC Monitor

English/pages_MacUS/wls_set_content.html on the Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers shows the Wi-Fi PSK passphrase in cleartext, which allows. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mg3100 Printer Mg5300 Printer Mg6100 Printer Mp340 Printer +5
NVD GitHub
CVSS 2.0
2.1
EPSS
8.0%
CVE-2013-4635 MEDIUM This Month

Integer overflow in the SdnToJewish function in jewish.c in the Calendar component in PHP before 5.3.26 and 5.4.x before 5.4.16 allows context-dependent attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 13.1% and no vendor patch available.

PHP Denial Of Service
NVD
CVSS 2.0
5.0
EPSS
13.1%
CVE-2013-4613 HIGH This Week

The default configuration of the administrative interface on the Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers does not require authentication, which allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Mg3100 Printer Mg5300 Printer Mg6100 Printer Mp340 Printer +5
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2013-0536 HIGH This Week

ntmulti.exe in the Multi User Profile Cleanup service in IBM Notes 8.0, 8.0.1, 8.0.2, 8.5, 8.5.1, 8.5.2, 8.5.3 before FP5, and 9.0 before IF2 allows local users to gain privileges via vectors that. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation IBM Lotus Inotes Lotus Notes Lotus Notes Traveler
NVD
CVSS 2.0
7.2
EPSS
0.0%
CVE-2013-3250 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the WP Maintenance Mode plugin before 1.8.8 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF WordPress Wp Maintenance Mode Plugin
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-2110 MEDIUM This Month

Heap-based buffer overflow in the php_quot_print_encode function in ext/standard/quot_print.c in PHP before 5.3.26 and 5.4.x before 5.4.16 allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Buffer Overflow Denial Of Service
NVD
CVSS 2.0
5.0
EPSS
8.5%
CVE-2013-2960 MEDIUM This Month

Buffer overflow in KDSMAIN in the Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as used in IBM Application. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service IBM Tivoli Monitoring Application Manager For Smart Business
NVD
CVSS 2.0
5.0
EPSS
2.9%
CVE-2013-0551 MEDIUM This Month

The Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as used in IBM Application Manager for Smart Business. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service IBM Tivoli Monitoring Application Manager For Smart Business
NVD
CVSS 2.0
5.0
EPSS
1.3%
CVE-2013-0529 MEDIUM This Month

The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation IBM Sterling Connect Direct User Interface
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2012-6572 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the phptemplate_preprocess_node function in template.php in the Inf08 theme 6.x-1.x before 6.x-1.10 for Drupal allows remote authenticated users with the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

PHP XSS Inf08
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-0548 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Tivoli Monitoring Application Manager For Smart Business
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-4636 MEDIUM This Month

The mget function in libmagic/softmagic.c in the Fileinfo component in PHP 5.4.x before 5.4.16 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

PHP Denial Of Service
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-2961 MEDIUM This Month

The internal web server in the Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as used in IBM Application. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass IBM Tivoli Monitoring Application Manager For Smart Business
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-0523 MEDIUM This Month

IBM WebSphere Commerce Enterprise 5.6.x through 5.6.1.5, 6.0.x through 6.0.0.11, and 7.0.x through 7.0.0.7 does not use a suitable encryption algorithm for storefront web requests, which allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Oracle IBM Websphere Commerce
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-3392 MEDIUM This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco WebEx Social allow remote attackers to hijack the authentication of arbitrary users via unspecified vectors, aka Bug IDs CSCuh10405. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Cisco Webex Social
NVD
CVSS 2.0
4.3
EPSS
0.1%
CVE-2013-0527 LOW Monitor

The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not close pages upon the timeout of a session, which allows physically proximate attackers to obtain. Rated low severity (CVSS 1.9). No vendor patch available.

Information Disclosure IBM Sterling Connect Direct User Interface
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2013-0534 LOW Monitor

The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, and 8.5.2.1, as used in the Lotus Notes client and separately, might allow local users to obtain sensitive information by leveraging. Rated low severity (CVSS 1.9). No vendor patch available.

IBM Authentication Bypass Lotus Sametime Sametime
NVD
CVSS 2.0
1.9
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy