Skip to main content
CVE-2013-4798 CRITICAL POC THREAT Emergency

Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1705. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 83.2%.

HP RCE Loadrunner
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
83.2%
Threat
6.0
CVE-2013-2370 HIGH POC THREAT Act Now

Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1671. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 82.0%.

HP RCE Loadrunner
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
82.0%
Threat
5.5
CVE-2013-4800 CRITICAL POC THREAT Emergency

Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1735. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 71.4%.

HP RCE Loadrunner
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
71.4%
Threat
5.5
CVE-2013-4854 HIGH POC THREAT Act Now

The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 51.1%.

Denial Of Service Bind Suse Linux Enterprise Software Development Kit Suse Linux Dnsco Bind +8
NVD
CVSS 2.0
7.8
EPSS
51.1%
Threat
4.6
CVE-2013-4799 HIGH Act Now

Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1734. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. Epss exploitation probability 29.2% and no vendor patch available.

HP RCE Loadrunner
NVD
CVSS 2.0
7.6
EPSS
29.2%
CVE-2013-4949 MEDIUM POC This Month

Unrestricted file upload vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP File Upload Machform
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
8.9%
CVE-2013-4952 HIGH POC This Week

SQL injection vulnerability in functions/global.php in Elemata CMS RC 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Elemata Cms
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
1.0%
CVE-2013-4953 HIGH POC This Week

SQL injection vulnerability in play.php in Top Games Script 1.2 allows remote attackers to execute arbitrary SQL commands via the gid parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Top Games Script
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.6%
CVE-2013-4948 HIGH POC This Week

SQL injection vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary SQL commands via the element_2 parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Machform
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.5%
CVE-2013-4945 HIGH POC This Week

Multiple SQL injection vulnerabilities in BMC Service Desk Express (SDE) 10.2.1.95 allow remote attackers to execute arbitrary SQL commands via the (1) ASPSESSIONIDASSRATTQ, (2) TABLE_WIDGET_1, (3). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Service Desk Express
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.4%
CVE-2013-0723 CRITICAL Act Now

Multiple heap-based buffer overflows in etxrw.dll in Kingsoft Spreadsheets 2012 8.1.0.3030 allow remote attackers to cause a denial of service (memory corruption and crash) or possibly execute. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service RCE Spreadsheets 2012
NVD
CVSS 2.0
9.3
EPSS
6.0%
CVE-2013-3515 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in OpenX Source 2.8.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) package parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

PHP XSS Openx
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
6.0%
CVE-2013-4950 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in view.php in Machform 2 allows remote attackers to inject arbitrary web script or HTML via the element_2 parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Machform
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
3.7%
CVE-2013-4797 HIGH This Week

Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1690. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP RCE Loadrunner
NVD
CVSS 2.0
7.5
EPSS
7.6%
CVE-2013-4801 HIGH This Week

Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1736. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP RCE Loadrunner
NVD
CVSS 2.0
7.5
EPSS
7.6%
CVE-2013-4163 MEDIUM POC PATCH This Month

The ip6_append_data_mtu function in net/ipv6/ip6_output.c in the IPv6 implementation in the Linux kernel through 3.10.3 does not properly maintain information about whether the IPV6_MTU setsockopt. Rated medium severity (CVSS 4.7). Public exploit code available.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 2.0
4.7
EPSS
0.1%
CVE-2013-4129 MEDIUM POC PATCH This Month

The bridge multicast implementation in the Linux kernel through 3.10.3 does not check whether a certain timer is armed before modifying the timeout value of that timer, which allows local users to. Rated medium severity (CVSS 4.7). Public exploit code available.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 2.0
4.7
EPSS
0.0%
CVE-2013-4127 MEDIUM POC PATCH This Month

Use-after-free vulnerability in the vhost_net_set_backend function in drivers/vhost/net.c in the Linux kernel through 3.10.3 allows local users to cause a denial of service (OOPS and system crash). Rated medium severity (CVSS 4.7). Public exploit code available.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 2.0
4.7
EPSS
0.0%
CVE-2013-2369 HIGH This Week

Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1670. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP RCE Loadrunner
NVD
CVSS 2.0
7.5
EPSS
5.9%
CVE-2013-4951 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Mintboard 0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) pass parameter in views/login.php or (3). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Mintboard
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
0.9%
CVE-2013-4946 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in BMC Service Desk Express (SDE) 10.2.1.95 allow remote attackers to inject arbitrary web script or HTML via the (1) SelTab parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Service Desk Express
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
0.6%
CVE-2013-2181 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Directory Listing plugin in Monkey HTTP Daemon (monkeyd) 1.2.2 allows attackers to inject arbitrary web script or HTML via a file name. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Monkey
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-4954 LOW POC Monitor

Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in the Genetech Solutions Pie-Register plugin before 1.31 for WordPress, when "Allow New Registrations to set their own Password". Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress PHP XSS Pie Register
NVD Exploit-DB
CVSS 2.0
2.6
EPSS
8.4%
CVE-2013-3300 MEDIUM POC PATCH This Month

The JsonParser class in json/JsonParser.scala in Lift before 2.5 interprets a certain end-index value as a length value, which allows remote authenticated users to obtain sensitive information from. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Lift
NVD GitHub
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-4947 HIGH This Week

Unspecified vulnerability in the update and build database page in Sawmill before 8.6.3 allows remote attackers to have unknown impact and attack vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sawmill
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2013-3033 MEDIUM This Month

SQL injection vulnerability in the server component in IBM Tivoli Remote Control 5.1.2 before 5.1.2-TIV-TRC512-IF0015 allows remote authenticated users to execute arbitrary SQL commands via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi IBM Tivoli Remote Control
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2013-4851 MEDIUM This Month

The vfs_hang_addrlist function in sys/kern/vfs_export.c in the NFS server implementation in the kernel in FreeBSD 8.3 and 9.x through 9.1-RELEASE-p5 controls authorization for host/subnet export. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Freebsd
NVD
CVSS 2.0
6.4
EPSS
0.2%
CVE-2013-2368 MEDIUM This Month

Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to cause a denial of service via unknown vectors, aka ZDI-CAN-1669. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service HP Loadrunner
NVD
CVSS 2.0
5.0
EPSS
2.4%
CVE-2013-3445 MEDIUM This Month

The firewall subsystem in Cisco Identity Services Engine has an incorrect rule for open ports, which allows remote attackers to cause a denial of service (CPU consumption or process crash) via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Denial Of Service Cisco Identity Services Engine
NVD
CVSS 2.0
5.0
EPSS
1.6%
CVE-2013-4162 MEDIUM This Month

The udp_v6_push_pending_frames function in net/ipv6/udp.c in the IPv6 implementation in the Linux kernel through 3.10.3 makes an incorrect function call for pending data, which allows local users to. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 2.0
4.7
EPSS
0.1%
CVE-2013-4802 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in HP Application Lifecycle Management (ALM) Quality Center before 11.51 allows remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

HP XSS Application Lifecycle Management
NVD
CVSS 2.0
4.3
EPSS
0.8%
CVE-2013-3580 MEDIUM This Month

The TrustGo Antivirus & Mobile Security application before 1.3.6 for Android allows attackers to cause a denial of service (application crash) via a crafted application that sends an intent to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Google Antivirus Mobile Security
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-4940 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Moodle Yui
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-4942 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in flashuploader.swf in the Uploader component in Yahoo!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Moodle Yui
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-4941 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Moodle Yui
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-4939 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Moodle Yui
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-2244 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in lib/conditionlib.php in Moodle 2.4.x before 2.4.5 and 2.5.x before 2.5.1 allow remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

PHP XSS Moodle
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-4938 MEDIUM This Month

The LTI (aka IMS-LTI) mod_form implementation in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not properly support the sendname,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Moodle
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-2246 MEDIUM This Month

mod/feedback/lib.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not consider the mod/feedback:view capability before displaying. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Privilege Escalation Moodle
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-2243 MEDIUM This Month

mod/lesson/pagetypes/matching.php in Moodle through 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 allows remote authenticated users to obtain sensitive answer information by. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure Moodle
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-2245 MEDIUM This Month

rss/file.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not properly implement the use of RSS tokens for impersonation, which. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Authentication Bypass Moodle
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-2242 MEDIUM This Month

mod/chat/gui_sockets/index.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not consider the mod/chat:chat capability before. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Privilege Escalation Moodle
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-4944 LOW Monitor

Cross-site scripting (XSS) vulnerability in the BuddyPress Extended Friendship Request plugin before 1.0.2 for WordPress, when the "Friend Connections" component is enabled, allows remote attackers. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

WordPress PHP XSS Buddypress Extended Frienship Request
NVD
CVSS 2.0
2.6
EPSS
0.3%
CVE-2013-4140 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the TinyBox (Simple Splash) module before 7.x-2.2 for Drupal allows remote authenticated users with the "administer tinybox" permission to inject arbitrary. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable.

XSS Tinybox
NVD
CVSS 2.0
2.1
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy