Skip to main content
CVE-2013-4115 HIGH PATCH Act Now

Buffer overflow in the idnsALookup function in dns_internal.cc in Squid 3.2 through 3.2.11 and 3.3 through 3.3.6 allows remote attackers to cause a denial of service (memory corruption and server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 75.1%.

Buffer Overflow Denial Of Service Opensuse Squid
NVD
CVSS 2.0
7.5
EPSS
75.1%
CVE-2013-2576 MEDIUM POC THREAT This Month

Buffer overflow in Artweaver before 3.1.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted AWD file. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 44.8%.

Buffer Overflow Denial Of Service RCE Artweaver
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
44.8%
Threat
4.2
CVE-2013-2577 CRITICAL POC PATCH THREAT Act Now

Buffer overflow in XnView before 2.04 allows remote attackers to execute arbitrary code via a crafted PCT file. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 31.8%.

Buffer Overflow RCE Xnview
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
31.8%
Threat
4.3
CVE-2013-4147 HIGH POC THREAT Act Now

Multiple format string vulnerabilities in Yet Another Radius Daemon (YARD RADIUS) 1.1.2 allow context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 10.6%.

Denial Of Service RCE Yard Radius
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
10.6%
CVE-2013-4789 HIGH POC PATCH This Week

SQL injection vulnerability in modules/rss/rss.php in Cotonti before 0.9.14 allows remote attackers to execute arbitrary SQL commands via the "c" parameter to index.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP SQLi Cotonti Siena
NVD Exploit-DB GitHub
CVSS 2.0
7.5
EPSS
1.0%
CVE-2013-3480 CRITICAL Act Now

Integer overflow in Sagelight 4.4 and earlier allows remote attackers to execute arbitrary code via crafted width and height dimensions in a BMP file, which triggers a heap-based buffer overflow. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 10.5% and no vendor patch available.

Buffer Overflow RCE Sagelight
NVD
CVSS 2.0
9.3
EPSS
10.5%
CVE-2013-3253 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in admin/setting.php in the Xhanch - My Twitter plugin before 2.7.7 for WordPress allows remote attackers to hijack the authentication of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF PHP WordPress My Twitter
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2013-4031 CRITICAL Act Now

The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Bladecenter Flex System X220 Compute Node Flex System X240 Compute Node +27
NVD
CVSS 2.0
10.0
EPSS
2.5%
CVE-2013-4759 MEDIUM POC THREAT This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Magnolia Form module 1.x before 1.4.7 and 2.x before 2.0.2 for Magnolia CMS allow remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 10.3%.

XSS Magnolia Form Module
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
10.3%
CVE-2013-3027 CRITICAL Act Now

Integer overflow in the DWA9W ActiveX control in iNotes in IBM Domino 9.0 before IF3 allows remote attackers to execute arbitrary code via a crafted web page, aka SPR PTHN97XHFW. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

RCE IBM Lotus Domino
NVD
CVSS 2.0
9.3
EPSS
4.4%
CVE-2013-4625 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in files/installer.cleanup.php in the Duplicator plugin before 0.4.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress PHP XSS Duplicator
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
6.2%
CVE-2013-0150 CRITICAL Act Now

Directory traversal vulnerability in an unspecified signed Java applet in the client-side components in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, FirePass 6.0.0 through 6.1.0 and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Java Path Traversal Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics +10
NVD
CVSS 2.0
9.3
EPSS
1.1%
CVE-2013-4620 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in interface/main/onotes/office_comments_full.php in OpenEMR 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the note parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

PHP XSS Openemr
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
1.4%
CVE-2013-3262 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in admin/admin.php in the Download Monitor plugin before 3.3.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the p. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress PHP XSS Download Monitor
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-4600 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Alkacon OpenCms before 8.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Opencms
NVD GitHub
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-4742 HIGH This Week

Buffer overflow in NetWin SurgeFTP before 23d2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string within the authentication request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service RCE Surgeftp
NVD
CVSS 2.0
7.5
EPSS
3.7%
CVE-2013-5099 LOW POC Monitor

Cross-site scripting (XSS) vulnerability in article.php in Anchor CMS 0.9.1, when comments are enabled, allows remote attackers to inject arbitrary web script or HTML via the Name field. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Anchor Cms
NVD Exploit-DB
CVSS 2.0
2.6
EPSS
5.0%
CVE-2013-4943 HIGH This Week

The client application in Siemens COMOS before 9.1 Update 458, 9.2 before 9.2.0.6.37, and 10.0 before 10.0.3.0.19 allows local users to gain privileges and bypass intended database-operation. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Siemens Comos
NVD
CVSS 2.0
7.2
EPSS
0.0%
CVE-2012-3039 HIGH This Week

Moxa OnCell Gateway G3111, G3151, G3211, and G3251 devices with firmware before 1.4 do not use a sufficient source of entropy for SSH and SSL keys, which makes it easier for remote attackers to. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Oncell Gateway Firmware Oncell Gateway G3111 Oncell Gateway G3151 Oncell Gateway G3211 +1
NVD
CVSS 2.0
7.1
EPSS
0.5%
CVE-2013-2792 HIGH This Week

Schweitzer Engineering Laboratories (SEL) SEL-2241, SEL-3505, and SEL-3530 RTAC master devices allow remote attackers to cause a denial of service (infinite loop) via a crafted DNP3 TCP packet. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Sel 2241 Sel 3505 Sel 3530 Sel 3530 4
NVD
CVSS 2.0
7.1
EPSS
0.5%
CVE-2013-2796 MEDIUM PATCH This Month

Schneider Electric Vijeo Citect 7.20 and earlier, CitectSCADA 7.20 and earlier, and PowerLogic SCADA 7.20 and earlier allow remote attackers to read arbitrary files, send HTTP requests to intranet. Rated medium severity (CVSS 6.9).

Privilege Escalation Denial Of Service Schneider Electric XXE Citectscada +2
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2013-4619 MEDIUM PATCH This Month

Multiple SQL injection vulnerabilities in OpenEMR 4.1.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) start or (2) end parameter to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

PHP SQLi Openemr
NVD
CVSS 2.0
6.5
EPSS
0.0%
CVE-2013-0494 MEDIUM This Month

IBM Sterling B2B Integrator 5.0 and 5.1 allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted HTTP (1) Range or (2) Request-Range header. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service IBM Sterling B2b Integrator
NVD
CVSS 2.0
5.0
EPSS
1.8%
CVE-2013-2798 MEDIUM This Month

Schweitzer Engineering Laboratories (SEL) SEL-2241, SEL-3505, and SEL-3530 RTAC master devices allow physically proximate attackers to cause a denial of service (infinite loop) via crafted input over. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Sel 2241 Sel 3505 Sel 3530 Sel 3530 4
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2013-5100 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Static Methods since 2007 (div2007) extension before 0.10.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Static Methods
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-2117 MEDIUM This Month

Directory traversal vulnerability in the cgit_parse_readme function in ui-summary.c in cgit before 0.9.2, when a readme file is set to a filesystem path, allows remote attackers to read arbitrary. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal Cgit
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-5098 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in admin/admin.php in the Download Monitor plugin before 3.3.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the sort. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

WordPress PHP XSS Download Monitor
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-3990 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the MIME e-mail functionality in iNotes in IBM Domino 9.0 before IF3 allows remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Lotus Domino
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-3032 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the MIME e-mail functionality in iNotes in IBM Domino 9.0 before IF3 allows remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM XSS Lotus Domino
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-6458 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the SilverStripe e-commerce module 3.0 for SilverStripe CMS allow remote attackers to inject arbitrary web script or HTML via the (1) FirstName,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

PHP XSS Silverstripe
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-4037 MEDIUM This Month

The RAKP protocol support in the Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM Bladecenter Flex System X220 Compute Node Flex System X240 Compute Node +27
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-4038 MEDIUM This Month

The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers uses cleartext. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Bladecenter Flex System X220 Compute Node Flex System X240 Compute Node +27
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-0492 LOW Monitor

Cross-site scripting (XSS) vulnerability in IBM Informix Open Admin Tool (OAT) 2.x and 3.x before 3.11.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Informix Open Admin Tool
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-3659 LOW Monitor

The NTT DOCOMO overseas usage application 2.0.0 through 2.0.4 for Android does not properly connect to Wi-Fi access points, which allows remote attackers to obtain sensitive information by leveraging. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Overseas Usage
NVD
CVSS 2.0
3.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy