Skip to main content
CVE-2013-6283 HIGH POC This Week

VideoLAN VLC Media Player 2.0.8 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a URL in a m3u file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service RCE Vlc Media Player
NVD Exploit-DB VulDB
CVSS 2.0
7.5
EPSS
9.8%
CVE-2013-6128 MEDIUM POC PATCH This Month

The KCHARTXYLib.KChartXY ActiveX control in KChartXY.ocx before 65.30.30000.10002 in WellinTech KingView before 6.53 does not properly restrict SaveToFile method calls, which allows remote attackers. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available.

Privilege Escalation Path Traversal Kingview
NVD Exploit-DB
CVSS 2.0
5.8
EPSS
10.0%
CVE-2013-6127 MEDIUM POC This Month

The SUPERGRIDLib.SuperGrid ActiveX control in SuperGrid.ocx before 65.30.30000.10002 in WellinTech KingView before 6.53 does not properly restrict ReplaceDBFile method calls, which allows remote. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Path Traversal Kingview
NVD Exploit-DB
CVSS 2.0
5.8
EPSS
4.2%
CVE-2013-4421 MEDIUM PATCH This Month

The buf_decompress function in packet.c in Dropbear SSH Server before 2013.59 allows remote attackers to cause a denial of service (memory consumption) via a compressed packet that has a large size. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 25.9%.

Denial Of Service Dropbear Ssh
NVD
CVSS 2.0
5.0
EPSS
25.9%
CVE-2013-5530 CRITICAL Act Now

The web framework in Cisco Identity Services Engine (ISE) 1.0 and 1.1.0 before 1.1.0.665-5, 1.1.1 before 1.1.1.268-7, 1.1.2 before 1.1.2.145-10, 1.1.3 before 1.1.3.124-7, 1.1.4 before 1.1.4.218-7,. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Cisco Identity Services Engine Software
NVD
CVSS 2.0
9.0
EPSS
0.2%
CVE-2013-6281 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in codebase/spreadsheet.php in the Spreadsheet (dhtmlxSpreadsheet) plugin 2.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress PHP XSS Dhtmlxspreadsheet
NVD
CVSS 2.0
4.3
EPSS
2.9%
CVE-2013-3280 HIGH This Week

EMC RSA Authentication Agent 7.1.x before 7.1.2 for Web for Internet Information Services has a fail-open design, which allows remote attackers to bypass intended access restrictions via vectors that. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Rsa Authentication Agent
NVD
CVSS 2.0
7.5
EPSS
0.3%
CVE-2013-5549 HIGH This Week

Cisco IOS XR 3.8.1 through 4.2.0 does not properly process fragmented packets within the RP-A, RP-B, PRP, and DRP-B route-processor components, which allows remote attackers to cause a denial of. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Cisco Ios Xr
NVD
CVSS 2.0
7.1
EPSS
0.4%
CVE-2013-4957 MEDIUM This Month

The dashboard report in Puppet Enterprise before 3.0.1 allows attackers to execute arbitrary YAML code via a crafted report-specific type. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection RCE Puppet Enterprise
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2013-5424 MEDIUM This Month

IBM Flex System Manager (FSM) 1.3.0 allows remote attackers to bypass intended access restrictions, and create new user accounts or execute tasks, by leveraging an expired password for the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation IBM Flex System Manager
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2013-5522 MEDIUM This Month

Cisco IOS on Catalyst 3750X switches has default Service Module credentials, which makes it easier for local users to gain privileges via a Service Module login, aka Bug ID CSCue92286. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple Cisco iOS Catalyst 3750 X
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-4434 MEDIUM PATCH This Month

Dropbear SSH Server before 2013.59 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Dropbear Ssh
NVD
CVSS 2.0
5.0
EPSS
1.9%
CVE-2013-4965 MEDIUM This Month

Puppet Enterprise before 3.1.0 does not properly restrict the number of authentication attempts by a console account, which makes it easier for remote attackers to bypass intended access restrictions. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Puppet Enterprise
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2013-5521 MEDIUM This Month

Cisco Identity Services Engine does not properly restrict the creation of guest accounts, which allows remote attackers to cause a denial of service (exhaustion of the account supply) via a series of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Denial Of Service Cisco Identity Services Engine Software
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2013-5531 MEDIUM This Month

Cisco Identity Services Engine (ISE) 1.x before 1.1.1 allows remote attackers to bypass authentication, and read support-bundle configuration and credentials data, via a crafted session on TCP port. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Identity Services Engine Software
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-1067 MEDIUM This Month

Apport 2.12.5 and earlier uses weak permissions for core dump files created by setuid binaries, which allows local users to obtain sensitive information by reading the file. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ubuntu Linux
NVD
CVSS 2.0
4.9
EPSS
0.0%
CVE-2013-4465 MEDIUM This Month

Unrestricted file upload vulnerability in the avatar upload functionality in Simple Machines Forum before 2.0.6 and 2.1 allows remote authenticated users to execute arbitrary code by uploading a file. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable. No vendor patch available.

File Upload RCE Simple Machines Forum
NVD GitHub
CVSS 2.0
4.6
EPSS
1.1%
CVE-2013-6280 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Social Sharing Toolkit plugin before 2.1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

WordPress XSS Social Sharing Toolkit Plugin
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-3989 LOW Monitor

IBM Security AppScan Enterprise 8.x before 8.8 sends a cleartext AppScan Source database password in a response, which allows remote authenticated users to obtain sensitive information, and. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM Security Appscan
NVD
CVSS 2.0
3.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy