Skip to main content
CVE-2013-4983 CRITICAL POC THREAT Emergency

The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 92.7%.

PHP Command Injection Web Appliance Firmware
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
92.7%
Threat
6.3
CVE-2013-3934 CRITICAL POC THREAT Emergency

Stack-based buffer overflow in Kingsoft Writer 2012 8.1.0.3030, as used in Kingsoft Office 2013 before 9.1.0.4256, allows remote attackers to execute arbitrary code via a long font name in a WPS file. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 43.6%.

Buffer Overflow Microsoft RCE Office 2012 Writer 2012
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
43.6%
Threat
4.7
CVE-2013-4984 HIGH POC Act Now

The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows local users to gain privileges via shell metacharacters in the second. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Web Appliance
NVD Exploit-DB
CVSS 2.0
7.2
EPSS
7.8%
CVE-2013-5673 HIGH POC This Week

SQL injection vulnerability in testimonial.php in the IndiaNIC Testimonial plugin 2.2 for WordPress allows remote attackers to execute arbitrary SQL commands via the custom_query parameter in a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Testimonial Plugin
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
3.0%
CVE-2013-5672 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the IndiaNIC Testimonial plugin 2.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF PHP WordPress XSS Testimonial Plugin
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
1.7%
CVE-2013-4243 MEDIUM PATCH This Month

Heap-based buffer overflow in the readgifimage function in the gif2tiff tool in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 18.7%.

Buffer Overflow Denial Of Service RCE Libtiff Debian Linux
NVD
CVSS 2.0
6.8
EPSS
18.7%
CVE-2013-3658 CRITICAL Act Now

Directory traversal vulnerability in VMware ESXi 4.0 through 5.0, and ESX 4.0 and 4.1, allows remote attackers to delete arbitrary host OS files via unspecified vectors. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware Path Traversal Esx ESXi
NVD
CVSS 2.0
9.4
EPSS
0.6%
CVE-2013-4298 MEDIUM POC This Month

The ReadGIFImage function in coders/gif.c in ImageMagick before 6.7.8-8 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted comment in a GIF. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Imagemagick
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2013-3657 HIGH This Week

Buffer overflow in VMware ESXi 4.0 through 5.0, and ESX 4.0 and 4.1, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow VMware Denial Of Service RCE Esx +1
NVD
CVSS 2.0
7.5
EPSS
1.3%
CVE-2013-4232 MEDIUM PATCH This Month

Use-after-free vulnerability in the t2p_readwrite_pdf_image function in tools/tiff2pdf.c in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Denial Of Service RCE Libtiff Debian Linux
NVD
CVSS 2.0
6.8
EPSS
1.3%
CVE-2013-4169 MEDIUM PATCH This Month

GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a symlink attack on /tmp/.X11-unix/. Rated medium severity (CVSS 6.9).

Information Disclosure Gnome Display Manager
NVD
CVSS 2.0
6.9
EPSS
0.0%
CVE-2013-4283 MEDIUM PATCH This Month

ns-slapd in 389 Directory Server before 1.3.0.8 allows remote attackers to cause a denial of service (server crash) via a crafted Distinguished Name (DN) in a MOD operation request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service 389 Directory Server
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2013-5700 MEDIUM This Month

The Bloom Filter implementation in bitcoind and Bitcoin-Qt 0.8.x before 0.8.4rc1 allows remote attackers to cause a denial of service (divide-by-zero error and daemon crash) via a crafted sequence of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Bitcoin Qt Bitcoin Core
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2013-4703 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the top-page customization feature in Cybozu Office before 9.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft XSS Office
NVD
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy