Skip to main content
CVE-2013-0742 CRITICAL POC THREAT Emergency

Stack-based buffer overflow in Corel PDF Fusion 1.11 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long ZIP directory entry name in an XPS. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 76.1%.

Buffer Overflow Denial Of Service RCE Pdf Fusion
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
76.1%
Threat
5.6
CVE-2013-3248 CRITICAL POC THREAT Emergency

Untrusted search path vulnerability in Corel PDF Fusion 1.11 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 59.5%.

Information Disclosure Pdf Fusion
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
59.5%
Threat
5.1
CVE-2013-5701 HIGH POC This Week

Multiple untrusted search path vulnerabilities in (1) Watchguard Log Collector (wlcollector.exe) and (2) Watchguard WebBlocker Server (wbserver.exe) in WatchGuard Server Center 11.7.4, 11.7.3, and. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Server Center
NVD Exploit-DB
CVSS 2.0
7.2
EPSS
0.1%
CVE-2013-0692 CRITICAL Act Now

The kernel in ENEA OSE on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation RCE Ose Roc 800L Remote Terminal Unit Roc 800 Remote Terminal Unit +1
NVD
CVSS 2.0
10.0
EPSS
4.1%
CVE-2013-0689 CRITICAL Act Now

The TFTP server on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Ose Roc 800L Remote Terminal Unit Roc 800 Remote Terminal Unit +1
NVD
CVSS 2.0
10.0
EPSS
3.3%
CVE-2013-5944 CRITICAL Act Now

The integrated web server on Siemens SCALANCE X-200 switches with firmware before 4.5.0 and X-200IRT switches with firmware before 5.1.0 does not properly enforce authentication requirements, which. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Siemens Authentication Bypass Scalance X 200 Series Firmware Scalance X 200 Scalance X 200Irt
NVD
CVSS 2.0
10.0
EPSS
1.5%
CVE-2013-0693 CRITICAL Act Now

The kernel in ENEA OSE on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier performs. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ose Roc 800L Remote Terminal Unit Dl 8000 Remote Terminal Unit Roc 800 Remote Terminal Unit
NVD
CVSS 2.0
10.0
EPSS
0.6%
CVE-2013-0694 CRITICAL Act Now

The Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier have hardcoded credentials in a. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ose Dl 8000 Remote Terminal Unit Roc 800L Remote Terminal Unit Roc 800 Remote Terminal Unit
NVD
CVSS 2.0
9.0
EPSS
0.5%
CVE-2013-6010 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Comment Attachment plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "Attachment field title.". Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress XSS Comment Attachment
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-3624 HIGH This Week

The OS deployment feature in Baramundi Management Suite 7.5 through 8.9 stores credentials in cleartext on deployed machines, which allows remote attackers to obtain sensitive information by reading. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle Management Suite
NVD
CVSS 2.0
7.8
EPSS
0.4%
CVE-2013-3593 HIGH This Week

Baramundi Management Suite 7.5 through 8.9 uses cleartext for (1) client-server communication and (2) data storage, which allows remote attackers to obtain sensitive information by sniffing the. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Management Suite
NVD
CVSS 2.0
7.8
EPSS
0.4%
CVE-2013-3625 HIGH This Week

An unspecified DLL file in Baramundi Management Suite 7.5 through 8.9 uses a hardcoded encryption key, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Management Suite
NVD
CVSS 2.0
7.8
EPSS
0.2%
CVE-2013-4288 HIGH PATCH This Week

Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Race Condition Authentication Bypass Opensuse Polkit Ubuntu Linux +1
NVD
CVSS 2.0
7.2
EPSS
0.0%
CVE-2013-4327 MEDIUM PATCH This Month

systemd does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race. Rated medium severity (CVSS 6.9).

Race Condition Authentication Bypass Systemd Debian Linux Ubuntu Linux
NVD
CVSS 2.0
6.9
EPSS
0.0%
CVE-2012-4136 MEDIUM This Month

The high-availability service in the Fabric Interconnect component in Cisco Unified Computing System (UCS) does not properly bind the cluster service to the management interface, which allows remote. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Denial Of Service Cisco Unified Computing System
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2013-4324 MEDIUM This Month

spice-gtk 0.14, and possibly other versions, invokes the polkit authority using the insecure polkit_unix_process_new API function, which allows local users to bypass intended access restrictions by. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Spice Gtk Enterprise Linux
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2013-4326 MEDIUM PATCH This Month

RealtimeKit (aka rtkit) 0.5 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity.

Privilege Escalation Rkit Enterprise Linux
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2013-1066 MEDIUM PATCH This Month

language-selector 0.110.x before 0.110.1, 0.90.x before 0.90.1, and 0.79.x before 0.79.4 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity.

Privilege Escalation Language Selector Ubuntu Linux
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2013-1061 MEDIUM PATCH This Month

dbus/SoftwarePropertiesDBus.py in Software Properties 0.92.17 before 0.92.17.3, 0.92.9 before 0.92.9.3, and 0.82.7 before 0.82.7.5 does not properly use D-Bus for communication with a polkit. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity.

Privilege Escalation Software Properties Ubuntu Linux
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2013-1064 MEDIUM PATCH This Month

apt-xapian-index before 0.45ubuntu2.1, 0.44ubuntu7.1, and 0.44ubuntu5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity.

Privilege Escalation Apt Xapian Index Ubuntu Linux
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2013-1063 MEDIUM PATCH This Month

usb-creator 0.2.47 before 0.2.47.1, 0.2.40 before 0.2.40ubuntu2, and 0.2.38 before 0.2.38.2 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity.

Privilege Escalation Ubuntu Linux Usb Creator
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2013-1065 MEDIUM PATCH This Month

backend.py in Jockey before 0.9.7-0ubuntu7.11 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity.

Privilege Escalation Jockey Ubuntu Linux
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2013-1062 MEDIUM This Month

ubuntu-system-service 0.2.4 before 0.2.4.1. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ubuntu Ubuntu Linux Ubuntu System Service
NVD
CVSS 2.0
4.6
EPSS
0.0%
CVE-2013-4311 MEDIUM PATCH This Month

libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity.

Privilege Escalation Libvirt Ubuntu Linux Enterprise Linux
NVD
CVSS 2.0
4.6
EPSS
0.0%
CVE-2013-5519 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the management interface on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco XSS Wireless Lan Controller
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-6009 MEDIUM This Month

CRLF injection vulnerability in Open-Xchange AppSuite before 7.2.2, when using AJP in certain conditions, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection RCE Open Xchange Appsuite
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-5690 LOW Monitor

Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite before 7.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) content with the text/xml. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 2.0
3.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy