Skip to main content
CVE-2013-5321 HIGH POC This Week

Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.1 allow remote attackers to execute arbitrary SQL commands via the (1) sensor parameter in a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Open Source Security Information Management
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.8%
CVE-2013-5318 HIGH POC This Week

SQL injection vulnerability in Ginkgo CMS 5.0 allows remote attackers to execute arbitrary SQL commands via the rang parameter to index.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Ginkgocms
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.2%
CVE-2013-5316 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in RiteCMS 1.0.0 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via an edit. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF PHP Ritecms
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.3%
CVE-2013-2153 MEDIUM POC PATCH This Month

The XML digital signature functionality (xsec/dsig/DSIGReference.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows context-dependent attackers to reuse signatures. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Apache Authentication Bypass Xml Security For C
NVD
CVSS 2.0
4.3
EPSS
0.8%
CVE-2013-5319 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in secure/admin/user/views/deleteuserconfirm.jsp in the Admin Panel in Atlassian JIRA before 6.0.5 allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Atlassian XSS Jira
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-5320 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Forums/EditPost.aspx in mojoPortal before 2.3.9.8 allows remote attackers to inject arbitrary web script or HTML via the txtSubject parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Mojoportal
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-2156 HIGH PATCH This Week

Heap-based buffer overflow in the Exclusive Canonicalization functionality (xsec/canon/XSECC14n20010315.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Denial Of Service Apache RCE Xml Security For C
NVD
CVSS 2.0
7.5
EPSS
3.2%
CVE-2013-2154 HIGH PATCH This Week

Stack-based buffer overflow in the XML Signature Reference functionality (xsec/dsig/DSIGReference.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Denial Of Service Apache RCE Xml Security For C
NVD
CVSS 2.0
7.5
EPSS
1.7%
CVE-2013-2210 HIGH This Week

Heap-based buffer overflow in the XML Signature Reference functionality in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.2 allows context-dependent attackers to cause a denial. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Apache RCE Xml Security For C
NVD
CVSS 2.0
7.5
EPSS
1.6%
CVE-2013-5322 HIGH PATCH This Week

SQL injection vulnerability in the CoolURI extension before 1.0.30 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi Cooluri
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2013-5317 LOW POC Monitor

Cross-site scripting (XSS) vulnerability in RiteCMS 1.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the mode parameter to cms/index.php. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Ritecms
NVD Exploit-DB
CVSS 2.0
3.5
EPSS
0.4%
CVE-2013-2161 HIGH PATCH This Week

XML injection vulnerability in account/utils.py in OpenStack Swift Folsom, Grizzly, and Havana allows attackers to trigger invalid or spoofed Swift responses via an account name. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection RCE Folsom Grizzly Havana +1
NVD
CVSS 2.0
7.5
EPSS
0.3%
CVE-2013-4958 MEDIUM This Month

Puppet Enterprise before 3.0.1 does not use a session timeout, which makes it easier for attackers to gain privileges by leveraging an unattended workstation. Rated medium severity (CVSS 6.9). No vendor patch available.

Authentication Bypass Puppet Enterprise
NVD
CVSS 2.0
6.9
EPSS
0.0%
CVE-2013-2155 MEDIUM PATCH This Month

Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 does not properly validate length values, which allows remote attackers to cause a denial of service or bypass the. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Denial Of Service Apache Xml Security For C
NVD
CVSS 2.0
5.8
EPSS
1.6%
CVE-2013-4962 MEDIUM This Month

The reset password page in Puppet Enterprise before 3.0.1 does not force entry of the current password, which allows attackers to modify user passwords by leveraging session hijacking, an unattended. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Puppet Enterprise
NVD
CVSS 2.0
5.8
EPSS
0.4%
CVE-2013-4762 MEDIUM This Month

Puppet Enterprise before 3.0.1 does not sufficiently invalidate a session when a user logs out, which might allow remote attackers to hijack sessions by obtaining an old session ID. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Puppet Enterprise
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2013-4955 MEDIUM This Month

Open redirect vulnerability in the login page in Puppet Enterprise before 3.0.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the service. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Open Redirect Puppet Enterprise
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2013-2172 MEDIUM PATCH This Month

jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Apache Information Disclosure Java Santuario Xml Security For Java
NVD
CVSS 2.0
4.3
EPSS
5.4%
CVE-2013-4761 MEDIUM PATCH This Month

Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable.

Information Disclosure Puppet Puppet Enterprise
NVD
CVSS 2.0
5.1
EPSS
0.6%
CVE-2013-4130 MEDIUM PATCH This Month

The (1) red_channel_pipes_add_type and (2) red_channel_pipes_add_empty_msg functions in server/red_channel.c in SPICE before 0.12.4 do not properly perform ring loops, which might allow remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Spice Ubuntu Linux
NVD
CVSS 2.0
5.0
EPSS
1.1%
CVE-2013-4967 MEDIUM This Month

Puppet Enterprise before 3.0.1 allows remote attackers to obtain the database password via vectors related to how the password is "seeded as a console parameter," External Node Classifiers, and the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Puppet Enterprise
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-4961 MEDIUM This Month

Puppet Enterprise before 3.0.1 includes version information for the Apache and Phusion Passenger products in its HTTP response headers, which allows remote attackers to obtain sensitive information. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Puppet Enterprise
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-4964 MEDIUM This Month

Puppet Enterprise before 3.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Puppet Enterprise
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-4653 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the signin functionality of ics in MyTeamwork services in Alcatel-Lucent Omnitouch 8660 My Teamwork before 6.7, Omnitouch 8670 Automated Message. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Omnitouch 8400 Instant Communications Suite Omnitouch 8460 Advanced Communication Server Omnitouch 8660 My Teamwork Omnitouch 8670 Automated Delivery Message Delivery System
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-5323 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Static Info Tables (static_info_tables) extension before 2.3.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Static Info Tables
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-2157 MEDIUM This Month

OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an empty password. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Keystone
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-4155 MEDIUM PATCH This Month

OpenStack Swift before 1.9.1 in Folsom, Grizzly, and Havana allows authenticated users to cause a denial of service ("superfluous" tombstone consumption and Swift cluster slowdown) via a DELETE. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Folsom Grizzly Havana +1
NVD
CVSS 2.0
4.0
EPSS
1.0%
CVE-2013-4956 LOW Monitor

Puppet Module Tool (PMT), as used in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, installs modules with weak permissions if. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Puppet Puppet Enterprise
NVD
CVSS 2.0
3.6
EPSS
0.1%
CVE-2012-6582 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the Spambot module 6.x-3.x before 6.x-3.2 and 7.x-1.x before 7.x-1.1 for Drupal allows certain remote attackers to inject arbitrary web script or HTML via. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable.

XSS Spambot
NVD
CVSS 2.0
2.6
EPSS
0.5%
CVE-2013-4959 LOW Monitor

Puppet Enterprise before 3.0.1 uses HTTP responses that contain sensitive information without the "no-cache" setting, which might allow local users to obtain sensitive information such as (1) host. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Puppet Enterprise
NVD
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy