Skip to main content
CVE-2013-2186 HIGH PATCH Act Now

The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 87.1%.

Red Hat Apache Information Disclosure Jboss Enterprise Brms Platform Jboss Enterprise Portal Platform +3
NVD
CVSS 2.0
7.5
EPSS
87.1%
Threat
4.1
CVE-2012-6303 MEDIUM POC THREAT This Month

Heap-based buffer overflow in the GetWavHeader function in generic/jkSoundFile.c in the Snack Sound Toolkit, as used in WaveSurfer 1.8.8p4, allows remote attackers to cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 22.6%.

Buffer Overflow Denial Of Service RCE Snack Sound Toolkit Wavesurfer +1
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
22.6%
CVE-2013-4391 HIGH POC PATCH This Week

Integer overflow in the valid_user_field function in journal/journald-native.c in systemd allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow RCE Denial Of Service Integer Overflow Systemd +1
NVD
CVSS 2.0
7.5
EPSS
3.7%
CVE-2013-3243 MEDIUM POC This Month

Unspecified vulnerability in OpenText/IXOS ECM for SAP NetWeaver allows remote attackers to execute arbitrary ABAP code via unknown vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

SAP RCE Opentext Ixos Ecm For Sap Netweaver
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2013-6288 CRITICAL PATCH Act Now

Unspecified vulnerability in the Apache Solr for TYPO3 (solr) extension before 2.8.3 for TYPO3 has unknown impact and remote attack vectors, related to "Insecure Unserialize.". Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Deserialization Apache Apache Solr
NVD
CVSS 2.0
10.0
EPSS
0.6%
CVE-2013-6014 CRITICAL Act Now

Juniper Junos 10.4 before 10.4S15, 11.4 before 11.4R9, 11.4X27 before 11.4X27.44, 12.1 before 12.1R7, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D15, 12.2 before 12.2R6, 12.3 before 12.3R3,. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Information Disclosure Junos
NVD
CVSS 3.1
9.3
EPSS
0.5%
CVE-2013-6012 HIGH This Week

Juniper Junos 12.1X44 before 12.1.X44-D20 and 12.1X45 before 12.1X45-D15, when the no-validate option is enabled, does not properly handle configuration validation errors during the config commit. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Juniper Authentication Bypass Junos
NVD
CVSS 2.0
8.5
EPSS
0.1%
CVE-2013-5744 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Feng Office 2.3.2-rc and earlier allows remote attackers to inject arbitrary web script or HTML via an arbitrary ref_XXX parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Microsoft XSS Feng Office
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-0825 MEDIUM This Month

Drupal 6.x before 6.23 and 7.x before 7.11 does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Microsoft Drupal
NVD
CVSS 2.0
6.8
EPSS
0.7%
CVE-2013-2208 MEDIUM This Month

tpp 1.3.1 allows remote attackers to execute arbitrary commands via a --exec command in a TPP template file. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection RCE Tpp
NVD GitHub
CVSS 2.0
6.8
EPSS
0.6%
CVE-2012-0826 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the Aggregator module in Drupal 6.x before 6.23 and 7.x before 7.11 allows remote attackers to hijack the authentication of unspecified victims for. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Denial Of Service Drupal
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-6018 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in login.jsp in Tyler Technologies TaxWeb 3.13.3.1 allows remote attackers to hijack the authentication of arbitrary users for requests that change a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Taxweb
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-4402 MEDIUM This Month

The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote attackers to cause a denial of service (infinite recursion) via a crafted OpenPGP message. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gnupg Ubuntu Linux
NVD
CVSS 2.0
5.0
EPSS
4.7%
CVE-2013-4394 MEDIUM PATCH This Month

The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change the group permissions on the X Keyboard Extension (XKB) layouts description, allows local users in the. Rated medium severity (CVSS 5.9). This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Systemd Debian Linux
NVD
CVSS 2.0
5.9
EPSS
0.1%
CVE-2013-6020 MEDIUM This Month

passwordRequestPOST.jsp in Tyler Technologies TaxWeb 3.13.3.1 sends different HTTP status codes for invalid password-recovery requests depending on whether the user account exists, which allows. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Taxweb
NVD
CVSS 2.0
5.8
EPSS
0.5%
CVE-2013-5430 MEDIUM This Month

The Jazz Team Server component in IBM Security AppScan Enterprise 8.x before 8.8 has a default username and password, which makes it easier for remote authenticated users to obtain unspecified access. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Security Appscan
NVD
CVSS 2.0
5.5
EPSS
0.2%
CVE-2013-6285 MEDIUM This Month

The search component in the Treasurer application in Tyler Technologies TaxWeb 3.13.3.1 allows remote attackers to obtain sensitive query-structure information via an invalid search request, a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Taxweb
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2013-4392 MEDIUM This Month

systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Systemd
NVD
CVSS 3.1
5.0
EPSS
0.0%
CVE-2013-6019 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Tyler Technologies TaxWeb 3.13.3.1 allows remote attackers to inject arbitrary web script or HTML via the accountNum parameter to an unspecified component. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Taxweb
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2012-4529 MEDIUM This Month

The org.apache.catalina.connector.Response.encodeURL method in Red Hat JBoss Web 7.1.x and earlier, when the tracking mode is set to COOKIE, sends the jsessionid in the URL of the first response of a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Apache Information Disclosure Jboss Community Application Server Jboss Enterprise Application Platform
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2013-3704 MEDIUM This Month

The RPM GPG key import and handling feature in libzypp 12.15.0 and earlier reports a different key fingerprint than the one used to sign a repository when multiple key blobs are used, which might. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Libzypp
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-6289 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Apache Solr for TYPO3 (solr) extension before 2.8.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Apache XSS Apache Solr
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-4572 LOW Monitor

Red Hat JBoss Enterprise Application Platform (EAP) before 6.1.0 and JBoss Portal before 6.1.0 does not load the implementation of a custom authorization module for a new application when an. Rated low severity (CVSS 3.7). No vendor patch available.

Red Hat Privilege Escalation Jboss Enterprise Application Platform Jboss Enterprise Portal Platform
NVD
CVSS 2.0
3.7
EPSS
0.2%
CVE-2012-0827 LOW PATCH Monitor

The File module in Drupal 7.x before 7.11, when using unspecified field access modules, allows remote authenticated users to read arbitrary private files that are associated with restricted fields. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Privilege Escalation Drupal
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-2102 LOW Monitor

The default configuration of Red Hat JBoss Portal before 6.1.0 enables the JGroups diagnostics service with no authentication when a JGroups channel is started, which allows remote attackers to. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Authentication Bypass Jboss Enterprise Portal Platform
NVD
CVSS 2.0
3.3
EPSS
0.1%
CVE-2013-4393 LOW PATCH Monitor

journald in systemd, when the origin of native messages is set to file, allows local users to cause a denial of service (logging service blocking) via a crafted file descriptor. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Denial Of Service Systemd
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2013-1056 LOW Monitor

X.org X server 1.13.3 and earlier, when not run as root, allows local users to cause a denial of service (crash) or possibly gain privileges via vectors involving cached xkb files. Rated low severity (CVSS 1.9). No vendor patch available.

Denial Of Service Ubuntu Linux
NVD
CVSS 2.0
1.9
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy