Skip to main content
CVE-2013-1839 HIGH Act Now

The strHdrAcptLangGetItem function in errorpage.cc in Squid 3.2.x before 3.2.9 and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 41.9% and no vendor patch available.

Denial Of Service Squid
NVD
CVSS 2.0
7.8
EPSS
41.9%
CVE-2013-5962 MEDIUM POC THREAT This Month

Unrestricted file upload vulnerability in frames/upload-images.php in the Complete Gallery Manager plugin before 3.3.4 rev40279 for WordPress allows remote attackers to execute arbitrary code by. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 26.6%.

WordPress PHP File Upload RCE Complete Gallery Manager Plugin
NVD Exploit-DB
CVSS 2.0
5.1
EPSS
26.6%
CVE-2013-5692 HIGH POC This Week

Directory traversal vulnerability in X2Engine X2CRM before 3.5 allows remote authenticated administrators to include and execute arbitrary local files via a .. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP Path Traversal X2Crm
NVD Exploit-DB
CVSS 2.0
8.5
EPSS
9.3%
CVE-2013-5961 MEDIUM POC This Month

Unrestricted file upload vulnerability in lazyseo.php in the Lazy SEO plugin 1.1.9 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress PHP File Upload Lazy Seo
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
7.0%
CVE-2013-5697 HIGH POC This Week

SQL injection vulnerability in mod_accounting.c in the mod_accounting module 0.5 and earlier for Apache allows remote attackers to execute arbitrary SQL commands via a Host header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Apache Mod Accounting
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
1.0%
CVE-2013-4362 HIGH POC PATCH This Week

WEB-DAV Linux File System (davfs2) 1.4.6 and 1.4.7 allow local users to gain privileges via unknown attack vectors in (1) kernel_interface.c and (2) mount_davfs.c, related to the "system" function. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Davfs2
NVD Exploit-DB
CVSS 2.0
7.2
EPSS
0.8%
CVE-2013-5963 MEDIUM POC This Month

Unrestricted file upload vulnerability in multi.php in Simple Dropbox Upload plugin before 1.8.8.1 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress PHP File Upload RCE Simple Dropbox Upload Form
NVD
CVSS 2.0
6.8
EPSS
2.7%
CVE-2013-2238 MEDIUM POC PATCH This Month

Multiple buffer overflows in the switch_perform_substitution function in switch_regex.c in FreeSWITCH 1.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Denial Of Service RCE Freeswitch
NVD
CVSS 2.0
6.8
EPSS
2.4%
CVE-2013-4316 CRITICAL PATCH Act Now

Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Apache Information Disclosure Struts Flexcube Private Banking Mysql Enterprise Monitor +1
NVD
CVSS 2.0
10.0
EPSS
6.2%
CVE-2013-2218 MEDIUM POC PATCH THREAT This Month

Double free vulnerability in the virConnectListAllInterfaces method in interface/interface_backend_netcf.c in libvirt 1.0.6 allows remote attackers to cause a denial of service (libvirtd crash) via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 10.8%.

Denial Of Service Libvirt
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
10.8%
CVE-2013-5960 MEDIUM POC PATCH This Month

The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API (ESAPI) for Java 2.x before 2.1.0.1 does not properly resist tampering with. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available.

Java Authentication Bypass Enterprise Security Api
NVD GitHub
CVSS 2.0
5.8
EPSS
0.2%
CVE-2013-4359 MEDIUM POC PATCH This Month

Integer overflow in kbdint.c in mod_sftp in ProFTPD 1.3.4d and 1.3.5r3 allows remote attackers to cause a denial of service (memory consumption) via a large response count value in an authentication. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Proftpd
NVD
CVSS 2.0
5.0
EPSS
1.4%
CVE-2013-4153 MEDIUM POC PATCH This Month

Double free vulnerability in the qemuAgentGetVCPUs function in qemu/qemu_agent.c in libvirt 1.0.6 through 1.1.0 allows remote attackers to cause a denial of service (daemon crash) via a cpu count. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Libvirt
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2013-5651 MEDIUM POC PATCH This Month

The virBitmapParse function in util/virbitmap.c in libvirt before 1.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a crafted bitmap, as. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Libvirt
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2013-4154 MEDIUM POC PATCH This Month

The qemuAgentCommand function in libvirt before 1.1.1, when a guest agent is not configured, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Libvirt
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2013-4623 MEDIUM POC PATCH This Month

The x509parse_crt function in x509.h in PolarSSL 1.1.x before 1.1.7 and 1.2.x before 1.2.8 does not properly parse certificate messages during the SSL/TLS handshake, which allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Polarssl
NVD GitHub
CVSS 2.0
4.3
EPSS
0.7%
CVE-2013-4378 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in HtmlSessionInformationsReport.java in JavaMelody 1.46 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Java XSS Javamelody
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-5693 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in X2Engine X2CRM before 3.5 allows remote attackers to inject arbitrary web script or HTML via the model parameter to index.php/admin/editor. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS X2Crm
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-4372 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Fuse Management Console in Red Hat JBoss Fuse 6.0.0 before patch 3 and JBoss A-MQ 6.0.0 before patch 3 allow remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Red Hat XSS Jboss A Mq Jboss Fuse
NVD GitHub
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-4297 MEDIUM POC This Month

The virFileNBDDeviceAssociate function in util/virfile.c in libvirt 1.1.2 and earlier allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Libvirt
NVD
CVSS 2.0
4.0
EPSS
0.6%
CVE-2013-4239 MEDIUM POC This Month

The xenDaemonListDefinedDomains function in xen/xend_internal.c in libvirt 1.1.1 allows remote authenticated users to cause a denial of service (memory corruption and crash) via vectors involving the. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Libvirt
NVD
CVSS 2.0
4.0
EPSS
0.6%
CVE-2013-4310 MEDIUM PATCH This Month

Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass access controls via a crafted action: prefix. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Privilege Escalation Apache Struts
NVD
CVSS 2.0
5.8
EPSS
8.7%
CVE-2013-4291 MEDIUM PATCH This Month

The virSecurityManagerSetProcessLabel function in libvirt 0.10.2.7, 1.0.5.5, and 1.1.1, when the domain has read an uid:gid label, does not properly set group memberships, which allows local users to. Rated medium severity (CVSS 6.9).

Privilege Escalation Libvirt
NVD
CVSS 2.0
6.9
EPSS
0.0%
CVE-2013-4222 MEDIUM This Month

OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Keystone Fedora Ubuntu Linux Openstack
NVD
CVSS 2.0
6.5
EPSS
0.6%
CVE-2013-5679 LOW POC PATCH Monitor

The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API (ESAPI) for Java 2.x before 2.1.0 does not properly resist tampering with. Rated low severity (CVSS 2.6). Public exploit code available.

Java Authentication Bypass Enterprise Security Api
NVD
CVSS 2.0
2.6
EPSS
0.1%
CVE-2013-0211 MEDIUM PATCH This Month

Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Denial Of Service Libarchive Ubuntu Linux Opensuse +2
NVD GitHub
CVSS 2.0
5.0
EPSS
1.2%
CVE-2013-5965 MEDIUM PATCH This Month

The Node View Permissions module 7.x-1.x before 7.x-1.2 for Drupal does not properly implement the hook_query_alter function, which might allow remote attackers to obtain sensitive information by. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Node View Permissions
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-3417 MEDIUM This Month

The administrative web interface in Cisco Video Surveillance Operations Manager does not properly perform authentication, which allows remote attackers to watch video feeds via a crafted URL, aka Bug. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Video Surveillance Operations Manager
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-4296 MEDIUM PATCH This Month

The remoteDispatchDomainMemoryStats function in daemon/remote.c in libvirt 0.9.1 through 0.10.1.x, 0.10.2.x before 0.10.2.8, 1.0.x before 1.0.5.6, and 1.1.x before 1.1.2 allows remote authenticated. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Libvirt Ubuntu Linux Enterprise Linux
NVD
CVSS 2.0
4.0
EPSS
3.3%
CVE-2013-5504 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Mobile Device Management (MDM) portal in Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco XSS Identity Services Engine Software
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2013-4136 MEDIUM PATCH This Month

ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a. Rated medium severity (CVSS 4.4).

Information Disclosure Passenger
NVD GitHub
CVSS 2.0
4.4
EPSS
0.0%
CVE-2013-5505 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in an administration page in Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco XSS Identity Services Engine Software
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-4314 MEDIUM PATCH This Month

The X509Extension in pyOpenSSL before 0.13.1 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Pyopenssl Ubuntu Linux
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-2230 MEDIUM PATCH This Month

The qemu driver (qemu/qemu_driver.c) in libvirt before 1.1.1 allows remote authenticated users to cause a denial of service (daemon crash) via unspecified vectors involving "multiple events. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Libvirt
NVD
CVSS 2.0
4.0
EPSS
0.6%
CVE-2013-1444 LOW Monitor

A certain Debian patch for txt2man 1.5.5, as used in txt2man 1.5.5-2, 1.5.5-4, and others, allows local users to overwrite arbitrary files via a symlink attack on /tmp/2222. Rated low severity (CVSS 3.3). No vendor patch available.

Debian Information Disclosure Txt2Man
NVD
CVSS 2.0
3.3
EPSS
0.0%
CVE-2013-5964 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the administration page in the Flag module 7.x-3.x before 7.x-3.1 for Drupal allows remote authenticated users with the "Administer flags" permission to. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable.

XSS Flag Module
NVD
CVSS 2.0
2.1
EPSS
0.2%
CVE-2013-4292 LOW Monitor

libvirt 1.1.0 and 1.1.1 allows local users to cause a denial of service (memory consumption) via a large number of domain migrate parameters in certain RPC calls in (1) daemon/remote.c and (2). Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Libvirt
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2013-1442 LOW Monitor

Xen 4.0 through 4.3.x, when using AVX or LWP capable CPUs, does not properly clear previous data from registers when using an XSAVE or XRSTOR to extend the state components of a saved or restored. Rated low severity (CVSS 1.2). No vendor patch available.

Information Disclosure Xen
NVD
CVSS 2.0
1.2
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy