Skip to main content
CVE-2013-4986 MEDIUM POC This Month

Stack-based buffer overflow in PDFAX0722_IconCool.dll 7.22.1125.2121 in IconCool PDFCool Studio 3.32 Build 130330 and earlier allows remote attackers to execute arbitrary code via a crafted PDF file. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Pdfcool Studio
NVD
CVSS 2.0
6.8
EPSS
8.0%
CVE-2013-2222 MEDIUM POC PATCH This Month

Multiple stack-based buffer overflows in GNU ZRTPCPP before 3.2.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ZRTP Hello packet to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Denial Of Service RCE Zrtpcpp
NVD GitHub
CVSS 2.0
6.8
EPSS
3.5%
CVE-2013-3540 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in cgi-bin/admin/usrgrp.cgi in AirLive POE2600HD, POE250HD, POE200HD, OD-325HD, OD-2025HD, OD-2060HD, POE100HD, and possibly other camera models allows. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Airlive Od 2025Hd Airlive Od 2060Hd Airlive Poe100Hd Airlive Poe200Hd +2
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.4%
CVE-2013-2223 MEDIUM POC PATCH This Month

GNU ZRTPCPP before 3.2.0 allows remote attackers to obtain sensitive information (uninitialized heap memory) or cause a denial of service (out-of-bounds read) via a crafted packet, as demonstrated by. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Denial Of Service Zrtpcpp
NVD GitHub
CVSS 2.0
5.8
EPSS
4.1%
CVE-2013-4788 MEDIUM POC This Month

The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Buffer Overflow Glibc Eglibc
NVD Exploit-DB
CVSS 2.0
5.1
EPSS
7.6%
CVE-2013-5091 MEDIUM POC PATCH This Month

SQL injection vulnerability in CalendarCommon.php in vTiger CRM 5.4.0 and possibly earlier allows remote authenticated users to execute arbitrary SQL commands via the onlyforuser parameter in an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP SQLi Vtiger Crm
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
0.4%
CVE-2013-4330 MEDIUM PATCH This Month

{}" in a CamelFileName. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 18.0%.

Code Injection Apache RCE Camel
NVD
CVSS 2.0
6.8
EPSS
18.0%
CVE-2013-4249 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget widget in contrib/admin/widgets.py in Django 1.5.x before 1.5.2 and 1.6.x before 1.6 beta 2 allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Python XSS Django
NVD GitHub
CVSS 2.0
4.3
EPSS
0.8%
CVE-2013-4758 MEDIUM PATCH This Month

Double free vulnerability in the writeDataError function in the ElasticSearch plugin (omelasticsearch) in rsyslog before 7.4.2 and before 7.5.2 devel, when errorfile is set to local logging, allows. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Denial Of Service Elastic RCE Rsyslog
NVD
CVSS 2.0
6.8
EPSS
1.2%
CVE-2013-5419 MEDIUM This Month

Multiple buffer overflows in (1) mkque and (2) mkquedev in bos.rte.printers in IBM AIX 6.1 and 7.1 allow local users to gain privileges by leveraging printq group membership. Rated medium severity (CVSS 6.9). No vendor patch available.

Buffer Overflow IBM Aix
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2013-5163 MEDIUM This Month

Directory Services in Apple Mac OS X before 10.8.5 Supplemental Update allows local users to bypass password-based authentication and modify arbitrary Directory Services records via unspecified. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass Mac Os X
NVD
CVSS 2.0
6.6
EPSS
0.0%
CVE-2013-6044 MEDIUM PATCH This Month

The is_safe_url function in utils/http.py in Django 1.4.x before 1.4.6, 1.5.x before 1.5.2, and 1.6 before beta 2 treats a URL's scheme as safe even if it is not HTTP or HTTPS, which might introduce. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Python XSS Django
NVD GitHub
CVSS 2.0
4.3
EPSS
4.1%
CVE-2013-5915 MEDIUM This Month

The RSA-CRT implementation in PolarSSL before 1.2.9 does not properly perform Montgomery multiplication, which might allow remote attackers to conduct a timing side-channel attack and retrieve RSA. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Polarssl
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2013-4828 MEDIUM This Month

HP LaserJet M4555, M525, and M725; LaserJet flow MFP M525c; LaserJet Enterprise color flow MFP M575c; Color LaserJet CM4540, M575, and M775; and ScanJet Enterprise 8500fn1 FutureSmart devices do not. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure HP Color Laserjet Cm4540 Color Laserjet Cm4540F Color Laserjet Cm4540Fskm +17
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2013-4711 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Accela BizSearch 3.2 on Linux and Solaris allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Bizsearch
NVD
CVSS 2.0
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy