Skip to main content
CVE-2013-4782 CRITICAL POC THREAT Emergency

The Supermicro BMC implementation allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 64.1%.

Authentication Bypass Bmc
NVD
CVSS 2.0
10.0
EPSS
64.1%
Threat
5.4
CVE-2013-4786 HIGH POC THREAT Act Now

The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 67.8%.

Microsoft Authentication Bypass Fujitsu M10 Firmware Intelligent Platform Management Interface
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
67.8%
Threat
5.0
CVE-2013-0235 MEDIUM POC THREAT This Month

The XMLRPC API in WordPress before 3.5.1 allows remote attackers to send HTTP requests to intranet servers, and conduct port-scanning attacks, by specifying a crafted source URL for a pingback,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 58.4%.

WordPress SSRF
NVD
CVSS 2.0
6.4
EPSS
58.4%
Threat
4.5
CVE-2013-4784 CRITICAL Emergency

The HP Integrated Lights-Out (iLO) BMC implementation allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 50.7% and no vendor patch available.

HP Authentication Bypass Integrated Lights Out Bmc
NVD
CVSS 2.0
10.0
EPSS
50.7%
CVE-2013-4783 CRITICAL Act Now

The Dell iDRAC6 with firmware 1.x before 1.92 and 2.x and 3.x before 3.42, and iDRAC7 with firmware before 1.23.23, allows remote attackers to bypass authentication and execute arbitrary IPMI. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Authentication Bypass Idrac6 Bmc
NVD
CVSS 2.0
10.0
EPSS
3.6%
CVE-2013-4785 CRITICAL Act Now

The web interface on the Dell iDRAC6 with firmware before 1.95 allows remote attackers to modify the CLP interface for arbitrary users and possibly have other impact via a request to an unspecified. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Information Disclosure Idrac6 Firmware
NVD
CVSS 2.0
10.0
EPSS
2.0%
CVE-2013-1414 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Fortinet FortiOS on FortiGate firewall devices before 4.3.13 and 5.x before 5.0.2 allow remote attackers to hijack the authentication of. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Fortinet Fortios Fortigate 1000C Fortigate 100D +27
NVD Exploit-DB
CVSS 2.0
5.1
EPSS
0.4%
CVE-2013-2204 MEDIUM POC PATCH This Month

moxieplayer.as in Moxiecode moxieplayer, as used in the TinyMCE Media plugin in WordPress before 3.5.2 and other products, does not consider the presence of a # (pound sign) character during. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

WordPress RCE Media
NVD GitHub
CVSS 2.0
4.3
EPSS
0.7%
CVE-2013-0237 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode plupload before 1.5.5, as used in WordPress before 3.5.1 and other products, allows remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

WordPress XSS Plupload Fedora
NVD GitHub
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-0236 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) gallery shortcodes or (2) the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

WordPress XSS
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-1059 HIGH This Week

net/ceph/auth_none.c in the Linux kernel through 3.10 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Linux Null Pointer Dereference Linux Kernel Ubuntu Linux
NVD
CVSS 2.0
7.8
EPSS
1.1%
CVE-2013-1613 MEDIUM This Month

SQL injection vulnerability in the management console (aka Java console) on the Symantec Security Information Manager (SSIM) appliance 4.7.x and 4.8.x before 4.8.1 allows remote authenticated users. Rated medium severity (CVSS 4.7), this vulnerability is low attack complexity. No vendor patch available.

SQLi Java Security Information Manager Security Information Manager Appliance
NVD
CVSS 2.0
4.7
EPSS
0.5%
CVE-2013-2202 MEDIUM This Month

WordPress before 3.5.2 allows remote attackers to read arbitrary files via an oEmbed XML provider response containing an external entity declaration in conjunction with an entity reference, related. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

WordPress Information Disclosure XXE
NVD
CVSS 2.0
4.3
EPSS
1.4%
CVE-2013-2203 MEDIUM This Month

WordPress before 3.5.2, when the uploads directory forbids write access, allows remote attackers to obtain sensitive information via an invalid upload request, which reveals the absolute path in an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

WordPress Privilege Escalation
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2013-2199 MEDIUM This Month

The HTTP API in WordPress before 3.5.2 allows remote attackers to send HTTP requests to intranet servers via unspecified vectors, related to a Server-Side Request Forgery (SSRF) issue, a similar. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

WordPress Privilege Escalation SSRF
NVD
CVSS 2.0
4.3
EPSS
0.8%
CVE-2013-2201 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) uploads of media files, (2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

WordPress XSS
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2013-2205 MEDIUM This Month

The default configuration of SWFUpload in WordPress before 3.5.2 has an unrestrictive security.allowDomain setting, which allows remote attackers to bypass the Same Origin Policy and conduct. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

WordPress XSS
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2013-1614 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the management console (aka Java console) on the Symantec Security Information Manager (SSIM) appliance 4.7.x and 4.8.x before 4.8.1 allow. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Java XSS Security Information Manager Security Information Manager Appliance
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-2200 MEDIUM This Month

WordPress before 3.5.2 does not properly check the capabilities of roles, which allows remote authenticated users to bypass intended restrictions on publishing and authorship reassignment via. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Privilege Escalation
NVD
CVSS 2.0
4.0
EPSS
1.4%
CVE-2013-1615 LOW Monitor

The management console (aka Java console) on the Symantec Security Information Manager (SSIM) appliance 4.7.x and 4.8.x before 4.8.1 allows remote attackers to obtain sensitive information via. Rated low severity (CVSS 2.9). No vendor patch available.

Information Disclosure Java Security Information Manager Security Information Manager Appliance
NVD
CVSS 2.0
2.9
EPSS
0.1%
CVE-2013-3272 LOW Monitor

EMC Replication Manager (RM) before 5.4.4 places encoded passwords in application log files, which makes it easier for local users to obtain sensitive information by reading a file and conducting an. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Replication Manager
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2013-3273 LOW Monitor

EMC RSA Authentication Manager 8.0 before P2 and 7.1 before SP4 P26, as used in Appliance 3.0, does not omit the cleartext administrative password from trace logging in custom SDK applications, which. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Rsa Authentication Manager Authentication Manager
NVD
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy