Skip to main content
CVE-2013-6129 HIGH POC THREAT Act Now

The install/upgrade.php scripts in vBulletin 4.1 and 5 allow remote attackers to create administrative accounts via the customerid, htmldata[password], htmldata[confirmpassword], and htmldata[email]. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 78.2%.

PHP Privilege Escalation Vbulletin
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
78.2%
Threat
5.3
CVE-2013-6021 CRITICAL POC PATCH THREAT Act Now

Buffer overflow in WGagent in WatchGuard WSM and Fireware before 11.8 allows remote attackers to execute arbitrary code via a long sessionid value in a cookie. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 54.0%.

Buffer Overflow RCE Fireware
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
54.0%
Threat
5.0
CVE-2013-6026 CRITICAL POC THREAT Emergency

The web interface on D-Link DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240 routers; Planex BRL-04R, BRL-04UR, and BRL-04CW routers; and Alpha Networks routers allows. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 11.4%.

Privilege Escalation D-Link Di 524Up Di 604 Di 604S +10
NVD
CVSS 2.0
10.0
EPSS
11.4%
CVE-2013-6027 HIGH POC This Week

Stack-based buffer overflow in the RuntimeDiagnosticPing function in /bin/webs on D-Link DIR-100 routers might allow remote authenticated administrators to execute arbitrary commands via a long. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Dir 100
NVD Exploit-DB
CVSS 2.0
8.5
EPSS
2.9%
CVE-2013-6025 MEDIUM POC This Month

The XMLParse procedure in SAP Sybase Adaptive Server Enterprise (ASE) 15.7 ESD 2 allows remote authenticated users to read arbitrary files via a SQL statement containing an XML document with an. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection XXE SAP RCE Adaptive Server Enterprise
NVD Exploit-DB
CVSS 2.0
4.0
EPSS
8.5%
CVE-2013-4712 MEDIUM This Month

I-O DATA DEVICE HDL-A and HDL2-A devices with firmware 1.07 and earlier do not properly manage sessions, which allows remote attackers to obtain sensitive information or modify data via unspecified. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Hdl2 A E Hdl2 Ah Hdl2 A Firmware Hdl A E +3
NVD
CVSS 2.0
6.8
EPSS
0.7%
CVE-2012-4112 MEDIUM This Month

The Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute arbitrary commands via crafted command parameters within the. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cisco Unified Computing System
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2012-4114 MEDIUM This Month

The fabric-interconnect KVM module in Cisco Unified Computing System (UCS) does not encrypt video data, which allows man-in-the-middle attackers to watch KVM display content by sniffing the network. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Cisco Unified Computing System
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2012-4117 MEDIUM This Month

The fabric-interconnect component in Cisco Unified Computing System (UCS) does not properly verify X.509 certificates, which allows man-in-the-middle attackers to watch SSL KVM video-channel traffic. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Cisco Unified Computing System
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2013-5372 MEDIUM This Month

The XML4J parser in IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.7, and 8.0 before 8.0.0.4 and IBM Integration Bus 9.0 before 9.0.0.1 allows remote attackers to cause a denial. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service IBM Websphere Message Broker
NVD
CVSS 2.0
4.3
EPSS
1.7%
CVE-2012-4113 MEDIUM This Month

The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and read arbitrary files via crafted command parameters within the command-line. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cisco Unified Computing System
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2012-4116 MEDIUM This Month

The fabric-interconnect component in Cisco Unified Computing System (UCS) does not encrypt KVM media traffic, which allows remote attackers to obtain sensitive information, and consequently complete. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Cisco Unified Computing System
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-5702 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in WebCenter in WatchGuard WSM and Fireware before 11.8 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Fireware Watchguard System Manager
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-5534 MEDIUM This Month

Directory traversal vulnerability in the attachment service in the Voice Message Web Service (aka VMWS or Cisco Unity Web Service) in Cisco Unity Connection allows remote authenticated users to. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Cisco Unity Connection
NVD
CVSS 2.0
4.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy