Skip to main content
CVE-2013-4900 MEDIUM POC THREAT This Month

Directory traversal vulnerability in DeWeS web server 0.4.2 and possibly earlier, as used in Twilight CMS, allows remote attackers to read arbitrary files via a ..%5c (dot dot encoded backslash) in a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 22.2%.

Path Traversal Twilight Cms
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
22.2%
CVE-2013-5716 MEDIUM POC This Month

Gretech GOM Media Player 2.2.53.5169 and possibly earlier allows remote attackers to cause a denial of service (application crash) via a crafted WAV file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Gom Player
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
9.3%
CVE-2013-5715 CRITICAL PATCH Act Now

Buffer overflow in Gretech GOM Media Player before 2.2.53.5169 has unspecified impact and attack vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Gom Player
NVD
CVSS 2.0
10.0
EPSS
0.3%
CVE-2013-2803 CRITICAL Act Now

ProSoft RadioLinx ControlScape before 6.00.040 uses a deficient PRNG algorithm and seeding strategy for passphrases, which makes it easier for remote attackers to obtain access via a brute-force. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Radiolinx Controlscape
NVD
CVSS 2.0
9.3
EPSS
0.6%
CVE-2013-5714 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in ls/htmlchat.php in the VideoWhisper Live Streaming Integration plugin 4.25.3 and possibly earlier for WordPress allow remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress PHP XSS Videowhisper Live Streaming Integration
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-4899 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Twilight CMS 5.17 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the gallery/ page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Twilight Cms
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-2793 HIGH This Week

Triangle MicroWorks SCADA Data Gateway 2.50.0309 through 3.00.0616, DNP3 .NET Protocol components 3.06.0.171 through 3.15.0.369, and DNP3 C libraries 3.06.0000 through 3.15.0000 allow remote. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Net Communication Protocol Components Ansi C Source Code Libraries Scada Data Gateway
NVD
CVSS 2.0
7.8
EPSS
0.5%
CVE-2013-2791 HIGH This Week

MatrikonOPC SCADA DNP3 OPC Server 1.2.0 allows remote attackers to cause a denial of service (master-station daemon crash) via a malformed DNP3 TCP packet from the IP address of an outstation. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Scada Dnp3 Opc Server
NVD
CVSS 2.0
7.1
EPSS
0.5%
CVE-2013-4062 MEDIUM This Month

IBM Rational Policy Tester 8.5 before 8.5.0.5 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof Jazz Team servers, obtain sensitive information,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM Rational Policy Tester
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2013-5642 MEDIUM PATCH This Month

The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.x before 1.8.23.1, 10.x before 10.12.3, and 11.x before 11.5.1; Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Asterisk Asterisk Digiumphones Certified Asterisk
NVD
CVSS 2.0
5.0
EPSS
5.1%
CVE-2013-5641 MEDIUM PATCH This Month

The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.17.x through 1.8.22.x, 1.8.23.x before 1.8.23.1, and 11.x before 11.5.1 and Certified Asterisk 1.8.15 before 1.8.15-cert3 and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Asterisk Certified Asterisk
NVD
CVSS 2.0
5.0
EPSS
4.1%
CVE-2013-2794 MEDIUM This Month

Triangle MicroWorks SCADA Data Gateway 2.50.0309 through 3.00.0616, DNP3 .NET Protocol components 3.06.0.171 through 3.15.0.369, and DNP3 C libraries 3.06.0000 through 3.15.0000 allow physically. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Ansi C Source Code Libraries Net Communication Protocol Components Scada Data Gateway
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2013-2992 MEDIUM This Month

The Search component in IBM WebSphere Commerce 7.0 FP4 through FP6, in certain search-term association configurations, allows remote attackers to cause a denial of service via a crafted query. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service IBM Websphere Commerce
NVD
CVSS 2.0
4.3
EPSS
1.1%
CVE-2013-4061 MEDIUM This Month

IBM Rational Policy Tester 8.5 before 8.5.0.5 does not properly check authorization for changes to the set of authentication hosts, which allows remote authenticated users to perform spoofing attacks. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Rational Policy Tester
NVD
CVSS 2.0
4.0
EPSS
0.1%
CVE-2013-3031 LOW Monitor

A SQL stored procedure in the Universal Cache component in IBM solidDB 6.0.x before 6.0.1070, 6.3.x before 6.3.0.56, 6.5.x before 6.5.0.12, and 7.0.x before 7.0.0.4 allows remote authenticated users. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service IBM Soliddb
NVD
CVSS 2.0
3.5
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy