Skip to main content
CVE-2013-5486 CRITICAL POC THREAT Emergency

Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to write arbitrary files via the. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 88.7%.

Command Injection Path Traversal Cisco Prime Data Center Network Manager
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
88.7%
Threat
6.2
CVE-2013-5696 MEDIUM POC PATCH THREAT This Month

inc/central.class.php in GLPI before 0.84.2 does not attempt to make install/install.php unavailable after an installation is completed, which allows remote attackers to conduct cross-site request. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 64.0%.

CSRF SQLi PHP Glpi
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
64.0%
Threat
4.8
CVE-2013-5917 HIGH POC This Week

SQL injection vulnerability in wp-comments-post.php in the NOSpam PTI plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the comment_post_ID parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Nospam Pti
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
1.6%
CVE-2013-5931 HIGH POC This Week

SQL injection vulnerability in property_listings_detail.php in Real Estate PHP Script allows remote attackers to execute arbitrary SQL commands via the listingid parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Real Estate Php Script
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2013-5932 CRITICAL Act Now

Unspecified vulnerability in WebAdmin in Sophos UTM (aka Astaro Security Gateway) before 9.105 has unknown impact and attack vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Unified Threat Management Software
NVD
CVSS 2.0
10.0
EPSS
1.4%
CVE-2012-5338 MEDIUM POC This Month

Open redirect vulnerability in JForum 2.1.9 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the returnPath parameter in a validateLogin. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Open Redirect Jforum
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2013-5930 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in search_residential.php in Real Estate PHP Script allows remote attackers to inject arbitrary web script or HTML via the bos parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Real Estate Php Script
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-5918 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in platinum_seo_pack.php in the Platinum SEO plugin before 1.3.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress PHP XSS Platinum Seo Plugin
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-5490 HIGH This Week

Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary text files via an XML external entity declaration in conjunction with an entity reference,. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure XXE Cisco Prime Data Center Network Manager
NVD
CVSS 2.0
7.8
EPSS
0.6%
CVE-2013-5487 HIGH This Week

DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary files via unspecified vectors, aka Bug ID CSCue77029. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cisco Prime Data Center Network Manager
NVD
CVSS 2.0
7.8
EPSS
0.4%
CVE-2013-4325 MEDIUM This Month

The check_permission_v1 function in base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.9 does not properly use D-Bus for communication with a polkit authority, which allows local. Rated medium severity (CVSS 6.9). No vendor patch available.

Privilege Escalation HP Linux Imaging And Printing Project
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2013-5691 MEDIUM PATCH This Month

The (1) IPv6 and (2) ATM ioctl request handlers in the kernel in FreeBSD 8.3 through 9.2-STABLE do not validate SIOCSIFADDR, SIOCSIFBRDADDR, SIOCSIFDSTADDR, and SIOCSIFNETMASK requests, which allows. Rated medium severity (CVSS 6.9).

Privilege Escalation Denial Of Service Freebsd
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2013-1431 MEDIUM PATCH This Month

The Wocky module in Telepathy Gabble before 0.16.6 and 0.17.x before 0.17.4, when connecting to a "legacy Jabber server," does not properly enforce the WockyConnector:tls-required flag, which allows. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Authentication Bypass Telepathy Gabble
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2013-5119 MEDIUM This Month

Zimbra Collaboration Suite (ZCS) 6.0.16 and earlier allows man-in-the-middle attackers to obtain access by sniffing the network and replaying the ZM_AUTH_TOKEN token. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Zimbra Collaboration Suite
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2013-1443 MEDIUM PATCH This Month

The authentication framework (django.contrib.auth) in Django 1.4.x before 1.4.8, 1.5.x before 1.5.4, and 1.6.x before 1.6 beta 4 allows remote attackers to cause a denial of service (CPU consumption). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Python Denial Of Service Authentication Bypass Django
NVD
CVSS 2.0
5.0
EPSS
1.0%
CVE-2013-4294 MEDIUM PATCH This Month

The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Keystone
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2013-4818 MEDIUM This Month

Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall SSO Agent Option 8.0 through 10.0, IceWall SSO Smart Device Option 10.0, and IceWall File Manager 3.0 through SP4 allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure HP Icewall Smart Device Option Icewall File Manager Icewall Sso Agent +1
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2013-4817 MEDIUM This Month

Unspecified vulnerability in HP IceWall SSO Agent Option 8.0 through 10.0 allows remote attackers to obtain sensitive information via unknown vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure HP Icewall Sso Agent Option
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2013-5502 MEDIUM This Month

The web interface in Cisco MediaSense does not properly protect the client-server communication channel, which allows remote attackers to obtain sensitive query string or cookie information via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Mediasense
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-5666 MEDIUM This Month

The sendfile system-call implementation in sys/kern/uipc_syscalls.c in the kernel in FreeBSD 9.2-RC1 and 9.2-RC2 does not properly pad transmissions, which allows local users to obtain sensitive. Rated medium severity (CVSS 4.7). No vendor patch available.

Information Disclosure Freebsd
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2012-2624 MEDIUM This Month

Stack-based buffer overflow in Logica HotScan allows remote attackers to cause a denial of service (crash) via a crafted packet. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Hotscan
NVD
CVSS 2.0
4.3
EPSS
1.0%
CVE-2013-4814 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in HP XP P9000 Command View Advanced Edition Suite Software 7.x before 7.5.0-02 allows remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

HP XSS Xp 9000 Command View
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2013-4821 MEDIUM This Month

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service HP System Management Homepage
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2013-5710 LOW Monitor

The nullfs implementation in sys/fs/nullfs/null_vnops.c in the kernel in FreeBSD 8.3 through 9.2 allows local users with certain permissions to bypass access restrictions via a hardlink in a nullfs. Rated low severity (CVSS 3.7). No vendor patch available.

Privilege Escalation Freebsd
NVD
CVSS 2.0
3.7
EPSS
0.1%
CVE-2013-4819 LOW Monitor

Unspecified vulnerability in HP IceWall SSO Agent Option 8.0 through 10.0 allows remote authenticated users to obtain sensitive information via unknown vectors. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure HP Icewall Sso Agent Option
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-4820 LOW Monitor

Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall SSO Agent Option 8.0 through 10.0, IceWall SSO Smart Device Option 10.0, IceWall SSO SAML2 Agent Option 8.0, IceWall SSO JAVA. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.

Java HP Information Disclosure Icewall Smart Device Option Icewall Sso Agent +5
NVD
CVSS 2.0
2.1
EPSS
0.2%
CVE-2013-2217 LOW PATCH Monitor

cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name. Rated low severity (CVSS 1.2).

Information Disclosure Suds Opensuse Enterprise Linux
NVD
CVSS 2.0
1.2
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy