Skip to main content
CVE-2013-4049 HIGH This Week

Unrestricted file upload vulnerability in IBM SPSS Analytical Decision Management 6.1 before IF1, 6.2 before IF1, and 7.0 before FP1 IF6 allows remote authenticated users to execute arbitrary code by. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

RCE File Upload IBM Spss Analytical Decision Management
NVD
CVSS 2.0
8.5
EPSS
2.6%
CVE-2013-4809 HIGH This Week

Multiple SQL injection vulnerabilities in GetEventsServlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 allow remote attackers to execute. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi HP Identity Driven Manager Procurve Manager
NVD
CVSS 2.0
7.5
EPSS
0.9%
CVE-2013-4182 HIGH PATCH This Week

app/controllers/api/v1/hosts_controller.rb in Foreman before 1.2.2 does not properly restrict access to hosts, which allows remote attackers to access arbitrary hosts via an API request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Openstack Foreman
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2013-5674 HIGH PATCH This Week

badges/external.php in Moodle 2.5.x before 2.5.2 does not properly handle an object obtained by unserializing a description of an external badge, which allows remote attackers to conduct PHP object. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

PHP Code Injection RCE Moodle
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2013-4313 HIGH PATCH This Week

Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 does not prevent use of '\0' characters in query strings, which might allow remote attackers to conduct SQL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Microsoft Moodle
NVD
CVSS 2.0
7.5
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy