Skip to main content
CVE-2013-2121 MEDIUM POC THREAT This Month

Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 60.9%.

Code Injection RCE Openstack Foreman
NVD Exploit-DB
CVSS 2.0
6.0
EPSS
60.9%
Threat
4.5
CVE-2013-2113 MEDIUM POC THREAT This Month

The create method in app/controllers/users_controller.rb in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create or edit other users to gain privileges by (1). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 47.4%.

Privilege Escalation Openstack Foreman
NVD Exploit-DB
CVSS 2.0
6.0
EPSS
47.4%
Threat
4.1
CVE-2013-2174 MEDIUM POC PATCH This Month

Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Denial Of Service RCE Curl Libcurl +3
NVD GitHub
CVSS 2.0
6.8
EPSS
3.2%
CVE-2013-5006 MEDIUM POC This Month

main_internet.php on the Western Digital My Net N600 and N750 with firmware 1.03.12 and 1.04.16, and the N900 and N900C with firmware 1.05.12, 1.06.18, and 1.06.28, allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP Authentication Bypass My Net N900 My Net N900C My Net N750
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
8.3%
CVE-2013-5020 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in bb_admin.php in MiniBB before 3.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) forum_name, (2) forum_group, (3). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

PHP XSS Minibb
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
1.0%
CVE-2013-2209 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the auto-complete widget in htdocs/media/rb/js/reviews.js in Review Board 1.6.x before 1.6.17 and 1.7.x before 1.7.10 allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Review Board
NVD GitHub
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-4156 MEDIUM This Month

Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Apache Memory Corruption Openoffice
NVD
CVSS 2.0
6.8
EPSS
1.2%
CVE-2013-2189 MEDIUM PATCH This Month

Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Denial Of Service Apache Memory Corruption Openoffice
NVD
CVSS 2.0
6.8
EPSS
1.2%
CVE-2013-5003 MEDIUM This Month

Multiple SQL injection vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote authenticated users to execute arbitrary SQL commands via (1) the scale parameter to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Phpmyadmin
NVD
CVSS 2.0
6.5
EPSS
0.4%
CVE-2013-2881 MEDIUM This Month

Google Chrome before 28.0.1500.95 does not properly handle frames, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Google Chrome Debian Linux
NVD
CVSS 2.0
5.8
EPSS
0.4%
CVE-2013-1968 MEDIUM This Month

Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a newline character in a file name. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Subversion Ubuntu Linux Opensuse
NVD
CVSS 2.0
5.5
EPSS
1.2%
CVE-2013-2056 MEDIUM This Month

The Inter-Satellite Sync (ISS) operation in Red Hat Network (RHN) Satellite 5.3, 5.4, and 5.5 does not properly check client "authenticity," which allows remote attackers to obtain channel content by. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Authentication Bypass Satellite
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-5000 MEDIUM This Month

phpMyAdmin 3.5.x before 3.5.8.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to config.default.php. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure Phpmyadmin
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-4999 MEDIUM This Month

phpMyAdmin 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to Error.class.php and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure Phpmyadmin
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-4998 MEDIUM This Month

phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure Phpmyadmin
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-0943 MEDIUM This Month

EMC NetWorker 7.6.x and 8.x before 8.1 allows local users to obtain sensitive configuration information by leveraging operating-system privileges to perform decryption with nsradmin. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Networker
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2013-4674 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Web Email Protection component in Symantec Encryption Management Server (formerly Symantec PGP Universal Server) before 3.3.0 MP2 allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Encryption Management Server Pgp Universal Server
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-4996 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Phpmyadmin
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-4997 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a JavaScript event in (1) an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

PHP XSS Phpmyadmin
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-2630 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in CA Service Desk Manager 12.5 through 12.7 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Service Desk Manager
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-4131 MEDIUM This Month

The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Apache Subversion
NVD
CVSS 2.0
4.0
EPSS
0.7%
CVE-2013-3425 MEDIUM This Month

The Meeting Center component in Cisco WebEx 11 generates different error messages for invalid file-access attempts depending on whether a file exists, which allows remote authenticated users to. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Webex
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-2219 MEDIUM This Month

The Red Hat Directory Server before 8.2.11-13 and 389 Directory Server do not properly restrict access to entity attributes, which allows remote authenticated users to obtain sensitive information. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Privilege Escalation 389 Directory Server Directory Server
NVD
CVSS 2.0
4.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy