Skip to main content
CVE-2013-2578 CRITICAL POC THREAT Emergency

cgi-bin/admin/servetest in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 allows remote attackers to execute. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 72.3%.

Command Injection TP-Link Tl Sc3130 Tl Sc3130G Tl Sc3171 +2
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
72.3%
Threat
5.7
CVE-2013-3686 CRITICAL POC THREAT Emergency

cgi-bin/operator/param in AirLive WL2600CAM and possibly other camera models allows remote attackers to obtain the administrator password via a list action. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 39.6%.

Privilege Escalation Airlive Wl2600Cam
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
39.6%
Threat
4.7
CVE-2013-5528 MEDIUM POC THREAT This Month

Directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 61.5%.

Tomcat Path Traversal Cisco Unified Communications Manager
NVD Exploit-DB
CVSS 2.0
4.0
EPSS
61.5%
Threat
4.1
CVE-2013-2579 CRITICAL POC THREAT Emergency

TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 have an empty password for the hardcoded "qmik" account, which. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 17.8%.

TP-Link Authentication Bypass Tl Sc3130 Tl Sc3130G Tl Sc3171 +2
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
17.8%
Threat
4.0
CVE-2013-2581 HIGH POC THREAT Act Now

cgi-bin/firmwareupgrade in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 allows remote attackers to modify the. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 16.5%.

Privilege Escalation TP-Link Tl Sc3130 Tl Sc3130G Tl Sc3171 +2
NVD Exploit-DB
CVSS 2.0
7.8
EPSS
16.5%
CVE-2013-3687 HIGH POC THREAT Act Now

AirLive POE2600HD, POE250HD, POE200HD, OD-325HD, OD-2025HD, OD-2060HD, POE100HD, and possibly other camera models use cleartext to store sensitive information, which allows attackers to obtain. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 10.7%.

Information Disclosure Airlive Od 2025Hd Airlive Od 2060Hd Airlive Poe100Hd Airlive Poe200Hd +2
NVD Exploit-DB
CVSS 2.0
7.8
EPSS
10.7%
CVE-2013-2580 HIGH POC This Week

Unrestricted file upload vulnerability in cgi-bin/uploadfile in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6,. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

File Upload TP-Link Tl Sc3130 Tl Sc3130G Tl Sc3171 +2
NVD Exploit-DB
CVSS 2.0
7.1
EPSS
7.8%
CVE-2013-4203 HIGH POC PATCH This Week

The self.run_gpg function in lib/rgpg/gpg_helper.rb in the rgpg gem before 0.2.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Code Injection RCE Rgpg
NVD GitHub
CVSS 2.0
7.5
EPSS
1.4%
CVE-2013-6079 HIGH POC This Week

Buffer overflow in MostGear Soft Easy LAN Folder Share 3.2.0.100 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string in the (1). Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service RCE Easy Lan Folder Share
NVD Exploit-DB
CVSS 2.0
7.2
EPSS
1.6%
CVE-2013-5028 MEDIUM POC This Month

SQL injection vulnerability in IT/hardware-list.dll in Kwoksys Kwok Information Server before 2.8.5 allows remote authenticated users to execute arbitrary SQL commands via the (1) hardwareType, (2). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Information Server
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
0.5%
CVE-2013-4319 CRITICAL PATCH Act Now

pbs_mom in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 2.5.x, 4.x, and earlier does not properly restrict access by unprivileged ports, which allows remote. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Torque Resource Manager
NVD
CVSS 2.0
9.0
EPSS
0.8%
CVE-2013-4305 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in contrib/example.php in the SyntaxHighlight GeSHi extension for MediaWiki, possibly as downloaded before September 2013, allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

PHP XSS Mediawiki
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-3693 HIGH This Week

The BlackBerry Universal Device Service in BlackBerry Enterprise Service (BES) 10.0 through 10.1.2 does not properly restrict access to the JBoss Remote Method Invocation (RMI) interface, which. Rated high severity (CVSS 7.9). No vendor patch available.

Privilege Escalation Blackberry Enterprise Service
NVD
CVSS 2.0
7.9
EPSS
0.3%
CVE-2013-4388 MEDIUM This Month

Buffer overflow in the mp4a packetizer (modules/packetizer/mpeg4audio.c) in VideoLAN VLC Media Player before 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service RCE Vlc Media Player
NVD
CVSS 2.0
6.8
EPSS
3.9%
CVE-2013-4137 HIGH PATCH This Week

Multiple SQL injection vulnerabilities in StatusNet 1.0 before 1.0.2 and 1.1.0 allow remote attackers to execute arbitrary SQL commands via vectors related to user lists and "a particular tag format.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi Statusnet
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2013-4306 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in api/ApiQueryCheckUser.php in the CheckUser extension for MediaWiki, possibly Checkuser before 2.3, allows remote attackers to hijack the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF PHP Mediawiki
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2013-5533 MEDIUM This Month

The image-upgrade functionality on Cisco 9900 Unified IP phones allows local users to gain privileges by placing shell commands in an unspecified parameter, aka Bug ID CSCuh10334. Rated medium severity (CVSS 6.0). No vendor patch available.

Information Disclosure Cisco Unified Ip Phones 9900 Series Firmware Unified Ip Phone 9951 Unified Ip Phone 9971
NVD
CVSS 2.0
6.0
EPSS
0.3%
CVE-2013-5532 MEDIUM This Month

Buffer overflow in the web-application interface on Cisco 9900 IP phones allows remote attackers to cause a denial of service (webapp interface outage) via long values in unspecified fields, aka Bug. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Cisco Unified Ip Phones 9900 Series Firmware Unified Ip Phone 9951 +1
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2013-4173 MEDIUM PATCH This Month

Directory traversal vulnerability in the trend-data daemon (xymond_rrd) in Xymon 4.x before 4.3.12 allows remote attackers to delete arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Xymon
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2013-4167 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) before 1.11.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cms Made Simple
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-4255 LOW Monitor

The policy definition evaluator in Condor 7.5.4, 8.0.0, and earlier does not properly handle attributes in a (1) PREEMPT, (2) SUSPEND, (3) CONTINUE, (4) WANT_VACATE, or (5) KILL policy that evaluate. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Condor Enterprise Mrg
NVD
CVSS 2.0
3.5
EPSS
0.7%
CVE-2013-4377 LOW PATCH Monitor

Use-after-free vulnerability in the virtio-pci implementation in Qemu 1.4.0 through 1.6.0 allows local users to cause a denial of service (daemon crash) by "hot-unplugging" a virtio device. Rated low severity (CVSS 2.3).

Denial Of Service Qemu
NVD
CVSS 2.0
2.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy