Skip to main content
CVE-2013-1616 HIGH POC THREAT Act Now

The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote attackers to execute arbitrary commands by injecting a command into an application script. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 15.7%.

Command Injection Web Gateway Web Gateway Appliance 8450 Web Gateway Appliance 8490
NVD Exploit-DB
CVSS 2.0
8.3
EPSS
15.7%
CVE-2013-4652 CRITICAL Act Now

Unspecified vulnerability in the command-line management interface on Siemens Scalance W7xx devices with firmware before 4.5.4 allows remote attackers to bypass authentication and execute arbitrary. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Siemens RCE Scalance W700 Series Firmware Scalance W744 1 Scalance W744 1Pro +14
NVD
CVSS 2.0
10.0
EPSS
9.7%
CVE-2013-3443 CRITICAL Act Now

The web service framework in Cisco WAAS Software 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1 in a Central Manager (CM) configuration allows remote attackers to execute. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cisco Wide Area Application Services
NVD
CVSS 2.0
10.0
EPSS
7.9%
CVE-2013-3724 MEDIUM POC This Month

The mk_request_header_process function in mk_request.c in Monkey 1.1.1 allows remote attackers to cause a denial of service (thread crash and service outage) via a '\0' character in an HTTP request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Monkey
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
8.9%
CVE-2013-3444 CRITICAL Act Now

The web framework in Cisco WAAS Software before 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1; Cisco ACNS Software 4.x and 5.x before 5.5.29.2; Cisco ECDS Software 2.x before. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Cisco Wide Area Application Services Application And Content Networking System Software Enterprise Content Delivery Network Software +5
NVD
CVSS 2.0
9.0
EPSS
2.6%
CVE-2013-1617 HIGH This Week

Multiple SQL injection vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allow remote authenticated administrators to execute arbitrary SQL commands. Rated high severity (CVSS 7.4). No vendor patch available.

SQLi Web Gateway Web Gateway Appliance 8450 Web Gateway Appliance 8490
NVD
CVSS 2.0
7.4
EPSS
1.4%
CVE-2013-4672 HIGH This Week

The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 has an incorrect sudoers file, which allows local users to bypass intended access restrictions via a command. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Web Gateway Web Gateway Appliance 8450 Web Gateway Appliance 8490
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2013-4911 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP1 allows remote attackers to hijack the authentication of unspecified victims by leveraging. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Siemens Wincc
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2013-4651 MEDIUM This Month

Siemens Scalance W7xx devices with firmware before 4.5.4 use the same hardcoded X.509 certificate across different customers' installations, which makes it easier for remote attackers to conduct. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Siemens Authentication Bypass Scalance W700 Series Firmware Scalance W744 1 Scalance W744 1Pro +14
NVD
CVSS 2.0
6.6
EPSS
0.3%
CVE-2013-4673 MEDIUM This Month

The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 does not properly implement RADIUS authentication, which allows remote attackers to execute arbitrary code by. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Web Gateway Web Gateway Appliance 8450 Web Gateway Appliance 8490
NVD
CVSS 2.0
5.8
EPSS
3.3%
CVE-2013-2994 MEDIUM This Month

IBM WebSphere Commerce 7.0 Feature Pack 4 and Feature Pack 5 incorrectly maintains a valid session after unspecified interaction with REST services, which allows remote attackers to issue REST. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Websphere Commerce
NVD
CVSS 2.0
6.4
EPSS
0.2%
CVE-2013-4671 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote authenticated users to hijack the authentication of. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Web Gateway Web Gateway Appliance 8450 Web Gateway Appliance 8490
NVD
CVSS 2.0
6.0
EPSS
1.3%
CVE-2013-4912 MEDIUM This Month

Open redirect vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks by leveraging improper. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Siemens Open Redirect Wincc
NVD
CVSS 2.0
5.8
EPSS
0.5%
CVE-2013-2993 MEDIUM This Month

IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.7 does not properly perform authentication for unspecified web services, which allows remote attackers to issue requests in the. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

IBM Authentication Bypass Websphere Commerce
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2012-3913 MEDIUM This Month

The Cisco VC220 and VC240 cameras allow remote attackers to cause a denial of service (WebUI outage) via crafted packets, aka Bug IDs CSCtf73188, CSCtf88059, CSCtf87951, CSCtf87908, and CSCtf88019. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Vc240 Network Bullet Camera Video Surveillance Vc220 Network Dome Camera
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2013-4670 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allow remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Web Gateway Web Gateway Appliance 8450 Web Gateway Appliance 8490
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2012-5460 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Juniper XSS Ive Os Secure Access Virtual Appliance Fips Secure Access 4000 +14
NVD
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy