Skip to main content
CVE-2013-3631 MEDIUM POC THREAT This Month

NAS4Free 9.1.0.1.804 and earlier allows remote authenticated users to execute arbitrary PHP code via a request to exec.php, aka the "Advanced | Execute Command" feature. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 49.4%.

PHP Code Injection RCE Nas4Free
NVD Exploit-DB
CVSS 2.0
6.0
EPSS
49.4%
Threat
4.2
CVE-2013-3617 LOW POC THREAT Monitor

The XML API in Openbravo ERP 2.5, 3.0, and earlier allows remote authenticated users to read arbitrary files via an XML document with an external entity declaration in conjunction with an entity. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 56.7%.

Privilege Escalation XXE Openbravo Erp
NVD Exploit-DB
CVSS 2.0
3.5
EPSS
56.7%
CVE-2013-6023 HIGH POC THREAT Act Now

Directory traversal vulnerability in the TVT TD-2308SS-B DVR with firmware 3.2.0.P-3520A-00 and earlier allows remote attackers to read arbitrary files via .. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 18.1%.

Path Traversal Dvr Dvr Firmware
NVD Exploit-DB
CVSS 2.0
7.8
EPSS
18.1%
CVE-2013-2065 MEDIUM POC This Month

(1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Opensuse Ruby
NVD
CVSS 2.0
6.4
EPSS
0.5%
CVE-2013-6345 CRITICAL Act Now

Unspecified vulnerability in the ZCC page in Novell ZENworks Configuration Management (ZCM) before 11.2.4 has unknown impact and attack vectors related to an "Application Exception.". Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Zenworks Configuration Management
NVD
CVSS 2.0
10.0
EPSS
0.2%
CVE-2013-4282 MEDIUM POC This Month

Stack-based buffer overflow in the reds_handle_ticket function in server/reds.c in SPICE 0.12.0 allows remote attackers to cause a denial of service (crash) via a long password in a SPICE ticket. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Spice Enterprise Virtualization Enterprise Linux
NVD
CVSS 2.0
5.0
EPSS
1.5%
CVE-2013-6348 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.3.15.3 allow remote attackers to inject arbitrary web script or HTML via the namespace parameter to (1) actionNames.action and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Apache XSS Struts
NVD
CVSS 2.0
4.3
EPSS
2.8%
CVE-2013-4401 HIGH PATCH This Week

The virConnectDomainXMLToNative API function in libvirt 1.1.0 through 1.1.3 checks for the connect:read permission instead of the connect:write permission, which allows attackers to gain domain:write. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable.

Privilege Escalation Libvirt
NVD
CVSS 2.0
8.5
EPSS
1.5%
CVE-2013-6349 HIGH This Week

McAfee Email Gateway (MEG) 7.0 before 7.0.4 and 7.5 before 7.5.1 allows remote authenticated users to execute arbitrary commands via unspecified vectors. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection RCE Email Gateway
NVD
CVSS 2.0
8.5
EPSS
0.7%
CVE-2013-2652 MEDIUM POC This Month

CRLF injection vulnerability in help/help_language.php in WebCollab 3.30 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the item. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Webcollab
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-4477 LOW POC PATCH Monitor

The LDAP backend in OpenStack Identity (Keystone) Grizzly and Havana, when removing a role on a tenant for a user who does not have that role, adds the role to the user, which allows local users to. Rated low severity (CVSS 3.3). Public exploit code available.

Privilege Escalation Grizzly Havana
NVD
CVSS 2.0
3.3
EPSS
0.2%
CVE-2013-6347 MEDIUM This Month

Session fixation vulnerability in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows remote attackers to hijack web sessions via unspecified vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Zenworks Configuration Management
NVD
CVSS 2.0
6.8
EPSS
2.4%
CVE-2013-6346 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the ZCC page in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows remote attackers to hijack the authentication of unspecified. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Zenworks Configuration Management
NVD
CVSS 2.0
6.8
EPSS
0.9%
CVE-2013-4457 MEDIUM PATCH This Month

The Cocaine gem 0.4.0 through 0.5.2 for Ruby allows context-dependent attackers to execute arbitrary commands via a crafted has object, related to recursive variable interpolation. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Cocaine
NVD GitHub
CVSS 2.0
6.8
EPSS
0.4%
CVE-2013-1084 MEDIUM This Month

Directory traversal vulnerability in the GetFle method in the umaninv service in Novell ZENworks Configuration Management (ZCM) 11.2.3 allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Zenworks Configuration Management
NVD
CVSS 2.0
5.0
EPSS
4.7%
CVE-2013-4469 LOW POC PATCH Monitor

OpenStack Compute (Nova) Folsom, Grizzly, and Havana, when use_cow_images is set to False, does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service. Rated low severity (CVSS 1.9). Public exploit code available.

Denial Of Service Folsom Grizzly Havana
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2013-4494 MEDIUM This Month

Xen before 4.1.x, 4.2.x, and 4.3.x does not take the page_alloc_lock and grant_table.lock in the same order, which allows local guest administrators with access to multiple vcpus to cause a denial of. Rated medium severity (CVSS 5.2). No vendor patch available.

Denial Of Service Xen Debian Linux
NVD
CVSS 2.0
5.2
EPSS
0.3%
CVE-2013-4416 MEDIUM This Month

The Ocaml xenstored implementation (oxenstored) in Xen 4.1.x, 4.2.x, and 4.3.x allows local guest domains to cause a denial of service (domain shutdown) via a large message reply. Rated medium severity (CVSS 5.2). No vendor patch available.

Buffer Overflow Denial Of Service Xen
NVD
CVSS 2.0
5.2
EPSS
0.3%
CVE-2013-6076 MEDIUM PATCH This Month

strongSwan 5.0.2 through 5.1.0 allows remote attackers to cause a denial of service (NULL pointer dereference and charon daemon crash) via a crafted IKEv1 fragmentation packet. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Strongswan
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2013-6075 MEDIUM PATCH This Month

The compare_dn function in utils/identification.c in strongSwan 4.3.3 through 5.1.1 allows (1) remote attackers to cause a denial of service (out-of-bounds read, NULL pointer dereference, and daemon. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Strongswan
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-6344 MEDIUM This Month

The ZCC page in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows attackers to conduct cross-frame scripting attacks via unknown vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Zenworks Configuration Management
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2013-6111 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.x, 1.0.22.7, 1.1.x, 1.24.1, 1.3.25.1 through 1.3.25.4, 1.4.26.1 through 1.4.26.4, 1.5.27.1 through 1.5.27.3, and 1.6.29.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apache XSS Mod Pagespeed
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-3285 LOW Monitor

The NetWorker Management Console (NMC) in EMC NetWorker 8.0.x before 8.0.2.3, when using Active Directory/LDAP for authentication, allows remote authenticated users to discover cleartext. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Networker
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-3287 LOW Monitor

EMC Unisphere for VMAX before 1.6.1.6, when using an unspecified level of debug logging in LDAP configurations, allows local users to discover the cleartext LDAP bind password by reading the console. Rated low severity (CVSS 1.9). No vendor patch available.

Information Disclosure Emc Unisphere
NVD
CVSS 2.0
1.9
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy