Skip to main content
CVE-2013-5311 HIGH POC This Week

Multiple SQL injection vulnerabilities in Vastal I-Tech phpVID 1.2.3 allow remote attackers to execute arbitrary SQL commands via the "n" parameter to (1) browse_videos.php or (2) members.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Phpvid
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.5%
CVE-2013-2160 MEDIUM POC PATCH THREAT This Month

The streaming XML parser in Apache CXF 2.5.x before 2.5.10, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to cause a denial of service (CPU and memory consumption) via crafted. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.3%.

Denial Of Service Apache Cxf
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
12.3%
CVE-2013-4881 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/create.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to hijack the authentication of administrators for. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF PHP Bigtree Cms
NVD GitHub Exploit-DB
CVSS 2.0
6.8
EPSS
0.3%
CVE-2013-5313 MEDIUM POC PATCH This Month

Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/update.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to hijack the authentication of administrators for. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

CSRF PHP Bigtree Cms
NVD GitHub
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-5312 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Vastal I-Tech phpVID 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) n parameter to browse_videos.php or the (2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Phpvid
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
6.3%
CVE-2013-3567 HIGH PATCH This Week

Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

RCE Puppet Ubuntu Linux Suse Linux Enterprise Desktop Suse Linux Enterprise Server +1
NVD
CVSS 2.0
7.5
EPSS
6.5%
CVE-2013-5029 MEDIUM POC PATCH This Month

phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the clickjacking protection mechanism via certain vectors related to Header.class.php. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

PHP Authentication Bypass Opensuse Phpmyadmin
NVD GitHub
CVSS 2.0
4.3
EPSS
1.7%
CVE-2013-5314 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in serendipity_admin_image_selector.php in Serendipity 1.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Serendipity
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
0.8%
CVE-2013-2145 MEDIUM POC PATCH This Month

The cpansign verify functionality in the Module::Signature module before 0.72 for Perl allows attackers to bypass the signature check and execute arbitrary code via a SIGNATURE file with a "special. Rated medium severity (CVSS 4.4). Public exploit code available.

RCE Ubuntu Linux Opensuse Module
NVD GitHub
CVSS 2.0
4.4
EPSS
0.2%
CVE-2013-4174 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Scald module 7.x-1.x before 7.x-1.1 for Drupal allow remote attackers to inject arbitrary web script or HTML via the (1) flash_uri, (2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Scald
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2012-5575 MEDIUM PATCH This Month

Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Apache Information Disclosure Cxf Jboss Enterprise Application Platform Jboss Enterprise Portal Platform +3
NVD
CVSS 2.0
6.4
EPSS
9.5%
CVE-2013-4852 MEDIUM This Month

Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service RCE Winscp Debian Linux +2
NVD
CVSS 2.0
6.8
EPSS
1.8%
CVE-2013-4206 MEDIUM PATCH This Month

Heap-based buffer underflow in the modmul function in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) and possibly trigger memory corruption or code. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service RCE Putty
NVD
CVSS 2.0
6.8
EPSS
1.1%
CVE-2013-1872 MEDIUM This Month

The Intel drivers in Mesa 8.0.x and 9.0.x allow context-dependent attackers to cause a denial of service (reachable assertion and crash) and possibly execute arbitrary code via vectors involving 3d. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Intel Denial Of Service RCE Mesa +3
NVD
CVSS 2.0
6.8
EPSS
1.1%
CVE-2013-5315 LOW POC PATCH Monitor

Cross-site scripting (XSS) vulnerability in the Resource Manager in the MEE submodule (mee.module) in the Scald module 6.x-1.x before 6.x-1.0-beta3 and 7.x-1.x before 7.x-1.1 for Drupal allows remote. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. Public exploit code available.

XSS Scald
NVD
CVSS 2.0
2.6
EPSS
0.7%
CVE-2013-2162 LOW POC Monitor

Race condition in the post-installation script (mysql-server-5.5.postinst) for MySQL Server 5.5 for Debian GNU/Linux and Ubuntu Linux creates a configuration file with world-readable permissions. Rated low severity (CVSS 1.9). Public exploit code available and no vendor patch available.

Debian Information Disclosure Race Condition Ubuntu Ubuntu Linux
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2013-2136 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Apache CloudStack before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Physical network name to the Zone. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apache XSS Cloudstack
NVD
CVSS 2.0
4.3
EPSS
6.7%
CVE-2013-2175 MEDIUM PATCH This Month

HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdr_ip or other "hdr_*" functions with a negative occurrence count, allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Debian Linux Ubuntu Linux Enterprise Linux Load Balancer Haproxy
NVD
CVSS 2.0
5.0
EPSS
0.1%
CVE-2013-4207 MEDIUM This Month

Buffer overflow in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) via an invalid DSA signature that is not properly handled during computation of a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Putty
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2013-4236 LOW Monitor

VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged guest users to cause the host to become "unavailable to the managment server" via invalid XML characters in a guest agent. Rated low severity (CVSS 2.7), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Information Disclosure Enterprise Virtualization
NVD
CVSS 2.0
2.7
EPSS
0.1%
CVE-2013-0167 LOW Monitor

VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged guest users to cause the host to become "unavailable to the managment server" via guestInfo dictionaries with "unexpected fields.". Rated low severity (CVSS 2.7), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Information Disclosure Enterprise Virtualization
NVD
CVSS 2.0
2.7
EPSS
0.1%
CVE-2013-4208 LOW Monitor

The rsa_verify function in PuTTY before 0.63 (1) does not clear sensitive process memory after use and (2) does not free certain structures containing sensitive process memory, which might allow. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Putty
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2013-4242 LOW Monitor

GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3. Rated low severity (CVSS 1.9). No vendor patch available.

Information Disclosure Ubuntu Linux Debian Linux Gnupg Libgcrypt +1
NVD
CVSS 2.0
1.9
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy