Skip to main content
CVE-2013-5647 HIGH POC PATCH This Week

lib/sounder/sound.rb in the sounder gem 1.0.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a filename. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Code Injection RCE Sounder
NVD
CVSS 2.0
7.5
EPSS
2.7%
CVE-2013-3466 CRITICAL Act Now

The EAP-FAST authentication module in Cisco Secure Access Control Server (ACS) 4.x before 4.2.1.15.11, when a RADIUS server configuration is enabled, does not properly parse user identities, which. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Authentication Bypass Secure Access Control Server
NVD
CVSS 2.0
9.3
EPSS
0.7%
CVE-2013-5588 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the step parameter to install/index.php or (2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Cacti Opensuse
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-5645 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Roundcube webmail before 0.9.3 allow user-assisted remote attackers to inject arbitrary web script or HTML via the body of a message visited in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Webmail
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-3468 HIGH This Week

The Cisco Unified IP Phone 8945 with software 9.3(2) allows remote attackers to cause a denial of service (device hang) via a malformed PNG file, aka Bug ID CSCud04270. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Unified Ip Phone 8945 Unified Ip Phone Firmware
NVD
CVSS 2.0
7.8
EPSS
0.9%
CVE-2013-5209 HIGH PATCH This Week

The sctp_send_initiate_ack function in sys/netinet/sctp_output.c in the SCTP implementation in the kernel in FreeBSD 8.3 through 9.2-PRERELEASE does not properly initialize the state-cookie data. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Freebsd
NVD
CVSS 2.0
7.8
EPSS
0.6%
CVE-2013-5589 HIGH PATCH This Week

SQL injection vulnerability in cacti/host.php in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

PHP SQLi Debian Linux Cacti Opensuse
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2013-5646 LOW POC Monitor

Cross-site scripting (XSS) vulnerability in Roundcube webmail 1.0-git allows remote authenticated users to inject arbitrary web script or HTML via the Name field of an addressbook group. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Webmail
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-5648 MEDIUM PATCH This Month

Absolute path traversal vulnerability in the handleStartDataFile function in DigiDocSAXParser.c in libdigidoc 3.6.0.0, as used in ID-software before 3.7.2 and other products, allows remote attackers. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Path Traversal Id Software Libdigidoc
NVD
CVSS 2.0
6.8
EPSS
0.6%
CVE-2013-3472 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the Enterprise License Manager (ELM) in Cisco Unified Communications Manager (CM) allows remote attackers to hijack the authentication of arbitrary. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Cisco Unified Communications Manager
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-3471 MEDIUM This Month

The captive portal application in Cisco Identity Services Engine (ISE) allows remote attackers to discover cleartext usernames and passwords by leveraging unspecified use of hidden form fields in an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Authentication Bypass Identity Services Engine Software
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-4003 LOW Monitor

Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3.1.1, and 8, allow remote authenticated users to inject arbitrary web script or HTML via. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Tririga Application Platform
NVD
CVSS 2.0
3.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy