Skip to main content
CVE-2013-3543 HIGH POC THREAT Act Now

The AXIS Media Control (AMC) ActiveX control (AxisMediaControlEmb.dll) 6.2.10.11 for AXIS network cameras allows remote attackers to create or overwrite arbitrary files via a file path to the (1). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 15.3%.

Privilege Escalation Media Control Activex Control
NVD Exploit-DB
CVSS 2.0
8.8
EPSS
15.3%
CVE-2013-3541 HIGH POC THREAT Act Now

Directory traversal vulnerability in cgi-bin/admin/fileread in AirLive WL2600CAM and possibly other camera models allows remote attackers to read arbitrary files via a .. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 13.0%.

Path Traversal Airlive Wl2600Cam
NVD Exploit-DB
CVSS 2.0
7.8
EPSS
13.0%
CVE-2013-4986 MEDIUM POC This Month

Stack-based buffer overflow in PDFAX0722_IconCool.dll 7.22.1125.2121 in IconCool PDFCool Studio 3.32 Build 130330 and earlier allows remote attackers to execute arbitrary code via a crafted PDF file. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Pdfcool Studio
NVD
CVSS 2.0
6.8
EPSS
8.0%
CVE-2013-2221 HIGH POC PATCH This Week

Heap-based buffer overflow in the ZRtp::storeMsgTemp function in GNU ZRTPCPP before 3.2.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service RCE Zrtpcpp
NVD GitHub
CVSS 2.0
7.5
EPSS
3.2%
CVE-2013-2222 MEDIUM POC PATCH This Month

Multiple stack-based buffer overflows in GNU ZRTPCPP before 3.2.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ZRTP Hello packet to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Denial Of Service RCE Zrtpcpp
NVD GitHub
CVSS 2.0
6.8
EPSS
3.5%
CVE-2013-3540 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in cgi-bin/admin/usrgrp.cgi in AirLive POE2600HD, POE250HD, POE200HD, OD-325HD, OD-2025HD, OD-2060HD, POE100HD, and possibly other camera models allows. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Airlive Od 2025Hd Airlive Od 2060Hd Airlive Poe100Hd Airlive Poe200Hd +2
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.4%
CVE-2013-2223 MEDIUM POC PATCH This Month

GNU ZRTPCPP before 3.2.0 allows remote attackers to obtain sensitive information (uninitialized heap memory) or cause a denial of service (out-of-bounds read) via a crafted packet, as demonstrated by. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Denial Of Service Zrtpcpp
NVD GitHub
CVSS 2.0
5.8
EPSS
4.1%
CVE-2013-4788 MEDIUM POC This Month

The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Buffer Overflow Glibc Eglibc
NVD Exploit-DB
CVSS 2.0
5.1
EPSS
7.6%
CVE-2013-5091 MEDIUM POC PATCH This Month

SQL injection vulnerability in CalendarCommon.php in vTiger CRM 5.4.0 and possibly earlier allows remote authenticated users to execute arbitrary SQL commands via the onlyforuser parameter in an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP SQLi Vtiger Crm
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
0.4%
CVE-2013-4330 MEDIUM PATCH This Month

{}" in a CamelFileName. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 18.0%.

Code Injection Apache RCE Camel
NVD
CVSS 2.0
6.8
EPSS
18.0%
CVE-2013-4249 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget widget in contrib/admin/widgets.py in Django 1.5.x before 1.5.2 and 1.6.x before 1.6 beta 2 allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Python XSS Django
NVD GitHub
CVSS 2.0
4.3
EPSS
0.8%
CVE-2013-6011 HIGH This Week

Citrix NetScaler Application Delivery Controller (ADC) 10.0 before 10.0-76.7 allows remote attackers to cause a denial of service (nsconfigd crash and appliance reboot) via a crafted request. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Denial Of Service Netscaler Application Delivery Controller Firmware Netscaler Application Delivery Controller
NVD
CVSS 2.0
7.8
EPSS
0.6%
CVE-2013-3689 HIGH This Week

Brickcom FB-100Ap, WCB-100Ap, MD-100Ap, WFB-100Ap, OB-100Ae, OSD-040E, and possibly other camera models with firmware 3.0.6.16C1 and earlier, do not properly restrict access to configfile.dump, which. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation 100Ap Device Firmware Fb 100Ap Md 100Ap Ob 100Ae +3
NVD
CVSS 2.0
7.8
EPSS
0.5%
CVE-2013-4344 HIGH This Week

Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qemu Opensuse Enterprise Linux Desktop Enterprise Linux Server +3
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2013-2964 HIGH This Week

Buffer overflow in dsmtca in IBM Tivoli Storage Manager (TSM) through 5.5.4.0, 6.1.0 through 6.1.5.4, 6.2.0 through 6.2.4.7, and 6.3.0 through 6.3.0.17 on UNIX and Linux allows local users to gain. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow IBM Tivoli Storage Manager
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2013-4758 MEDIUM PATCH This Month

Double free vulnerability in the writeDataError function in the ElasticSearch plugin (omelasticsearch) in rsyslog before 7.4.2 and before 7.5.2 devel, when errorfile is set to local logging, allows. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Denial Of Service Elastic RCE Rsyslog
NVD
CVSS 2.0
6.8
EPSS
1.2%
CVE-2013-5419 MEDIUM This Month

Multiple buffer overflows in (1) mkque and (2) mkquedev in bos.rte.printers in IBM AIX 6.1 and 7.1 allow local users to gain privileges by leveraging printq group membership. Rated medium severity (CVSS 6.9). No vendor patch available.

Buffer Overflow IBM Aix
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2013-5163 MEDIUM This Month

Directory Services in Apple Mac OS X before 10.8.5 Supplemental Update allows local users to bypass password-based authentication and modify arbitrary Directory Services records via unspecified. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass Mac Os X
NVD
CVSS 2.0
6.6
EPSS
0.0%
CVE-2013-6044 MEDIUM PATCH This Month

The is_safe_url function in utils/http.py in Django 1.4.x before 1.4.6, 1.5.x before 1.5.2, and 1.6 before beta 2 treats a URL's scheme as safe even if it is not HTTP or HTTPS, which might introduce. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Python XSS Django
NVD GitHub
CVSS 2.0
4.3
EPSS
4.1%
CVE-2013-5915 MEDIUM This Month

The RSA-CRT implementation in PolarSSL before 1.2.9 does not properly perform Montgomery multiplication, which might allow remote attackers to conduct a timing side-channel attack and retrieve RSA. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Polarssl
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2013-4828 MEDIUM This Month

HP LaserJet M4555, M525, and M725; LaserJet flow MFP M525c; LaserJet Enterprise color flow MFP M575c; Color LaserJet CM4540, M575, and M775; and ScanJet Enterprise 8500fn1 FutureSmart devices do not. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure HP Color Laserjet Cm4540 Color Laserjet Cm4540F Color Laserjet Cm4540Fskm +17
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2013-4711 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Accela BizSearch 3.2 on Linux and Solaris allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Bizsearch
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-4157 LOW PATCH Monitor

Red Hat Storage 2.0 allows local users to overwrite arbitrary files via a symlink attack on the (1) e, (2) local-bricks.list, (3) bricks.err, or (4) limits.conf files in /tmp. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity.

Red Hat Information Disclosure Storage Server
NVD
CVSS 2.0
3.6
EPSS
0.0%
CVE-2013-4829 LOW Monitor

HP LaserJet M4555, M525, and M725; LaserJet flow MFP M525c; LaserJet Enterprise color flow MFP M575c; Color LaserJet CM4540, M575, and M775; and ScanJet Enterprise 8500fn1 FutureSmart devices allow. Rated low severity (CVSS 1.5). No vendor patch available.

Information Disclosure HP Color Laserjet Cm4540 Color Laserjet Cm4540F Color Laserjet Cm4540Fskm +17
NVD
CVSS 2.0
1.5
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy