Skip to main content
CVE-2013-6010 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Comment Attachment plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "Attachment field title.". Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress XSS Comment Attachment
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-4327 MEDIUM PATCH This Month

systemd does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race. Rated medium severity (CVSS 6.9).

Race Condition Authentication Bypass Systemd Debian Linux Ubuntu Linux
NVD
CVSS 2.0
6.9
EPSS
0.0%
CVE-2012-4136 MEDIUM This Month

The high-availability service in the Fabric Interconnect component in Cisco Unified Computing System (UCS) does not properly bind the cluster service to the management interface, which allows remote. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Denial Of Service Cisco Unified Computing System
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2013-4324 MEDIUM This Month

spice-gtk 0.14, and possibly other versions, invokes the polkit authority using the insecure polkit_unix_process_new API function, which allows local users to bypass intended access restrictions by. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Spice Gtk Enterprise Linux
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2013-4326 MEDIUM PATCH This Month

RealtimeKit (aka rtkit) 0.5 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity.

Privilege Escalation Rkit Enterprise Linux
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2013-1066 MEDIUM PATCH This Month

language-selector 0.110.x before 0.110.1, 0.90.x before 0.90.1, and 0.79.x before 0.79.4 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity.

Privilege Escalation Language Selector Ubuntu Linux
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2013-1061 MEDIUM PATCH This Month

dbus/SoftwarePropertiesDBus.py in Software Properties 0.92.17 before 0.92.17.3, 0.92.9 before 0.92.9.3, and 0.82.7 before 0.82.7.5 does not properly use D-Bus for communication with a polkit. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity.

Privilege Escalation Software Properties Ubuntu Linux
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2013-1064 MEDIUM PATCH This Month

apt-xapian-index before 0.45ubuntu2.1, 0.44ubuntu7.1, and 0.44ubuntu5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity.

Privilege Escalation Apt Xapian Index Ubuntu Linux
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2013-1063 MEDIUM PATCH This Month

usb-creator 0.2.47 before 0.2.47.1, 0.2.40 before 0.2.40ubuntu2, and 0.2.38 before 0.2.38.2 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity.

Privilege Escalation Ubuntu Linux Usb Creator
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2013-1065 MEDIUM PATCH This Month

backend.py in Jockey before 0.9.7-0ubuntu7.11 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity.

Privilege Escalation Jockey Ubuntu Linux
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2013-1062 MEDIUM This Month

ubuntu-system-service 0.2.4 before 0.2.4.1. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ubuntu Ubuntu Linux Ubuntu System Service
NVD
CVSS 2.0
4.6
EPSS
0.0%
CVE-2013-4311 MEDIUM PATCH This Month

libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity.

Privilege Escalation Libvirt Ubuntu Linux Enterprise Linux
NVD
CVSS 2.0
4.6
EPSS
0.0%
CVE-2013-5519 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the management interface on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco XSS Wireless Lan Controller
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-6009 MEDIUM This Month

CRLF injection vulnerability in Open-Xchange AppSuite before 7.2.2, when using AJP in certain conditions, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection RCE Open Xchange Appsuite
NVD
CVSS 2.0
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy