Skip to main content
CVE-2013-4172 HIGH This Week

The Red Hat CloudForms Management Engine 5.1 allow remote administrators to execute arbitrary Ruby code via unspecified vectors. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Code Injection RCE Cloudforms Management Engine
NVD
CVSS 2.0
8.5
EPSS
0.7%
CVE-2013-1434 HIGH PATCH This Week

Multiple SQL injection vulnerabilities in (1) api_poller.php and (2) utility.php in Cacti before 0.8.8b allow remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

PHP SQLi Cacti
NVD
CVSS 2.0
7.5
EPSS
1.1%
CVE-2013-1435 HIGH PATCH This Week

(1) snmp.php and (2) rrd.php in Cacti before 0.8.8b allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

PHP Code Injection RCE Cacti
NVD
CVSS 2.0
7.5
EPSS
1.0%
CVE-2013-5569 HIGH This Week

SQL injection vulnerability in the Slideshare extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Slideshare
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2013-3370 MEDIUM PATCH This Month

Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 does not properly restrict access to private callback components, which allows remote attackers to have an unspecified impact via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Privilege Escalation Rt
NVD
CVSS 2.0
6.8
EPSS
1.1%
CVE-2013-2196 MEDIUM PATCH This Month

Multiple unspecified vulnerabilities in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel,. Rated medium severity (CVSS 6.9).

Information Disclosure Xen
NVD
CVSS 2.0
6.9
EPSS
0.0%
CVE-2013-2195 MEDIUM PATCH This Month

The Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel, related to "pointer dereferences". Rated medium severity (CVSS 6.9).

Information Disclosure Xen
NVD
CVSS 2.0
6.9
EPSS
0.0%
CVE-2013-2194 MEDIUM This Month

Multiple integer overflows in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel. Rated medium severity (CVSS 6.9). No vendor patch available.

Buffer Overflow Xen
NVD
CVSS 2.0
6.9
EPSS
0.0%
CVE-2013-3369 MEDIUM PATCH This Month

Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote authenticated users with the permissions to view the administration pages to execute arbitrary private components via. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.

Information Disclosure Rt
NVD
CVSS 2.0
6.0
EPSS
0.6%
CVE-2012-4733 MEDIUM PATCH This Month

Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the DeleteTicket and "custom lifecycle transition" permission, which allows remote authenticated users with the ModifyTicket. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.

Authentication Bypass Rt
NVD
CVSS 2.0
6.0
EPSS
0.6%
CVE-2013-1909 MEDIUM PATCH This Month

The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Python Apache Information Disclosure Enterprise Mrg Qpid
NVD
CVSS 2.0
5.8
EPSS
0.8%
CVE-2013-3373 MEDIUM PATCH This Month

CRLF injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection RCE Rt
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2013-3374 MEDIUM PATCH This Month

Unspecified vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13, when using the Apache::Session::File session store, allows remote attackers to obtain sensitive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Apache Information Disclosure Rt
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2013-3372 MEDIUM PATCH This Month

Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject multiple Content-Disposition HTTP headers and possibly conduct cross-site scripting (XSS) attacks. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Rt
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-3371 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 3.8.3 through 3.8.16 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary web script or HTML via the filename of an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Rt
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-5570 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Javascript and CSS Optimizer extension before 1.1.14 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Js Css Optimizer
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-3368 LOW PATCH Monitor

bin/rt in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with predictable name. Rated low severity (CVSS 3.3).

Information Disclosure Rt
NVD
CVSS 2.0
3.3
EPSS
0.0%
CVE-2013-5587 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.13, when MakeClicky is configured, allows remote attackers to inject arbitrary web script or HTML via a URL in a. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable.

XSS Rt
NVD
CVSS 2.0
2.6
EPSS
0.4%
CVE-2012-6583 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the Imagemenu module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the "administer imagemenu" permission to inject arbitrary web. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable.

XSS Imagemenu
NVD
CVSS 2.0
2.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy