Skip to main content
CVE-2013-2160 MEDIUM POC PATCH THREAT This Month

The streaming XML parser in Apache CXF 2.5.x before 2.5.10, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to cause a denial of service (CPU and memory consumption) via crafted. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.3%.

Denial Of Service Apache Cxf
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
12.3%
CVE-2013-4881 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/create.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to hijack the authentication of administrators for. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF PHP Bigtree Cms
NVD GitHub Exploit-DB
CVSS 2.0
6.8
EPSS
0.3%
CVE-2013-5313 MEDIUM POC PATCH This Month

Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/update.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to hijack the authentication of administrators for. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

CSRF PHP Bigtree Cms
NVD GitHub
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-5312 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Vastal I-Tech phpVID 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) n parameter to browse_videos.php or the (2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Phpvid
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
6.3%
CVE-2013-5029 MEDIUM POC PATCH This Month

phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the clickjacking protection mechanism via certain vectors related to Header.class.php. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

PHP Authentication Bypass Opensuse Phpmyadmin
NVD GitHub
CVSS 2.0
4.3
EPSS
1.7%
CVE-2013-5314 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in serendipity_admin_image_selector.php in Serendipity 1.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Serendipity
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
0.8%
CVE-2013-2145 MEDIUM POC PATCH This Month

The cpansign verify functionality in the Module::Signature module before 0.72 for Perl allows attackers to bypass the signature check and execute arbitrary code via a SIGNATURE file with a "special. Rated medium severity (CVSS 4.4). Public exploit code available.

RCE Ubuntu Linux Opensuse Module
NVD GitHub
CVSS 2.0
4.4
EPSS
0.2%
CVE-2013-4174 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Scald module 7.x-1.x before 7.x-1.1 for Drupal allow remote attackers to inject arbitrary web script or HTML via the (1) flash_uri, (2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Scald
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2012-5575 MEDIUM PATCH This Month

Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Apache Information Disclosure Cxf Jboss Enterprise Application Platform Jboss Enterprise Portal Platform +3
NVD
CVSS 2.0
6.4
EPSS
9.5%
CVE-2013-4852 MEDIUM This Month

Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service RCE Winscp Debian Linux +2
NVD
CVSS 2.0
6.8
EPSS
1.8%
CVE-2013-4206 MEDIUM PATCH This Month

Heap-based buffer underflow in the modmul function in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) and possibly trigger memory corruption or code. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service RCE Putty
NVD
CVSS 2.0
6.8
EPSS
1.1%
CVE-2013-1872 MEDIUM This Month

The Intel drivers in Mesa 8.0.x and 9.0.x allow context-dependent attackers to cause a denial of service (reachable assertion and crash) and possibly execute arbitrary code via vectors involving 3d. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Intel Denial Of Service RCE Mesa +3
NVD
CVSS 2.0
6.8
EPSS
1.1%
CVE-2013-2136 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Apache CloudStack before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Physical network name to the Zone. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apache XSS Cloudstack
NVD
CVSS 2.0
4.3
EPSS
6.7%
CVE-2013-2175 MEDIUM PATCH This Month

HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdr_ip or other "hdr_*" functions with a negative occurrence count, allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Debian Linux Ubuntu Linux Enterprise Linux Load Balancer Haproxy
NVD
CVSS 2.0
5.0
EPSS
0.1%
CVE-2013-4207 MEDIUM This Month

Buffer overflow in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) via an invalid DSA signature that is not properly handled during computation of a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Putty
NVD
CVSS 2.0
4.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy