Skip to main content
CVE-2013-6618 CRITICAL POC Act Now

jsdm/ajax/port.php in J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1 before 12.1R5, 12.2 before 12.2R3, and 12.3 before 12.3R1 allows remote authenticated users to execute arbitrary. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Juniper Information Disclosure Junos
NVD Exploit-DB
CVSS 2.0
9.0
EPSS
8.6%
CVE-2013-5694 HIGH POC This Week

SQL injection vulnerability in status/service/acknowledge in Opsview before 4.4.1 allows remote attackers to execute arbitrary SQL commands via the service_selection parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Opsview
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
1.9%
CVE-2013-6617 CRITICAL PATCH Act Now

The salt master in Salt (aka SaltStack) 0.11.0 through 0.17.0 does not properly drop group privileges, which makes it easier for remote attackers to gain privileges. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Salt
NVD
CVSS 2.0
10.0
EPSS
1.7%
CVE-2013-4437 CRITICAL PATCH Act Now

Unspecified vulnerability in salt-ssh in Salt (aka SaltStack) 0.17.0 has unspecified impact and vectors related to "insecure Usage of /tmp.". Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Salt
NVD
CVSS 2.0
10.0
EPSS
0.7%
CVE-2013-5688 MEDIUM POC PATCH This Month

Multiple directory traversal vulnerabilities in index.php in AjaXplorer 5.0.2 and earlier allow remote authenticated users to read arbitrary files via a ../%00 (dot dot backslash encoded null byte). Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Path Traversal Ajaxplorer
NVD Exploit-DB
CVSS 2.0
5.5
EPSS
3.0%
CVE-2013-4436 CRITICAL PATCH Act Now

The default configuration for salt-ssh in Salt (aka SaltStack) 0.17.0 does not validate the SSH host key of requests, which allows remote attackers to have unspecified impact via a man-in-the-middle. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable.

Information Disclosure Salt
NVD
CVSS 2.0
9.3
EPSS
0.7%
CVE-2013-5695 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Opsview before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/auditlog/, (2) PATH_INFO to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Opsview
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-6172 HIGH PATCH This Week

steps/utils/save_pref.inc in Roundcube webmail before 0.8.7 and 0.9.x before 0.9.5 allows remote attackers to modify configuration settings via the _session parameter, which can be leveraged to read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi RCE Webmail
NVD
CVSS 2.0
7.5
EPSS
1.1%
CVE-2013-4438 HIGH PATCH This Week

Salt (aka SaltStack) before 0.17.1 allows remote attackers to execute arbitrary YAML code via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection RCE Salt
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2013-4419 MEDIUM PATCH This Month

The guestfish command in libguestfs 1.20.12, 1.22.7, and earlier, when using the --remote or --listen option, does not properly check the ownership of /tmp/.guestfish-$UID/ when creating a temporary. Rated medium severity (CVSS 6.8).

Privilege Escalation Libguestfs Suse Linux Enterprise Software Development Kit Suse Linux Enterprise Server
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-3264 MEDIUM This Month

The WP Ultimate Email Marketer plugin 1.1.0 and possibly earlier for Wordpress does not properly restrict access to (1) list/edit.php and (2) campaign/editCampaign.php, which allows remote attackers. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Privilege Escalation PHP Wp Ultimate Email Marketer Plugin
NVD
CVSS 2.0
6.4
EPSS
0.7%
CVE-2013-4497 MEDIUM PATCH This Month

The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Havana Grizzly Folsom
NVD
CVSS 2.0
6.4
EPSS
0.1%
CVE-2013-4435 MEDIUM PATCH This Month

Salt (aka SaltStack) 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Salt
NVD
CVSS 2.0
6.0
EPSS
0.3%
CVE-2013-6077 MEDIUM This Month

Citrix XenDesktop 7.0, when upgraded from XenDesktop 5.x, does not properly enforce policy rule permissions, which allows remote attackers to bypass intended restrictions. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Citrix Xendesktop
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2012-4502 MEDIUM PATCH This Month

Multiple integer overflows in pktlength.c in Chrony before 1.29 allow remote attackers to cause a denial of service (crash) via a crafted (1) REQ_SUBNETS_ACCESSED or (2) REQ_CLIENT_ACCESSES command. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Denial Of Service Chrony
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2012-4503 MEDIUM PATCH This Month

cmdmon.c in Chrony before 1.29 allows remote attackers to obtain potentially sensitive information from stack memory via vectors related to (1) an invalid subnet in a RPY_SUBNETS_ACCESSED command to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Chrony
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2013-4439 MEDIUM PATCH This Month

Salt (aka SaltStack) before 0.15.0 through 0.17.0 allows remote authenticated minions to impersonate arbitrary minions via a crafted minion with a valid key. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable.

Privilege Escalation Salt
NVD GitHub
CVSS 2.0
4.9
EPSS
0.2%
CVE-2013-4453 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in templates/login.php in LDAP Account Manager (LAM) 4.3 and 4.2.1 allows remote attackers to inject arbitrary web script or HTML via the language parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

PHP XSS Ldap Account Manager
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-5670 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in spell-check-savedicts.php in the htmlarea SpellChecker module, as used in Serendipity before 1.7.3 and possibly other products, allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

PHP XSS Serendipity
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-4135 MEDIUM This Month

The vos command in OpenAFS 1.6.x before 1.6.5, when using the -encrypt option, only enables integrity protection and sends data in cleartext, which allows remote attackers to obtain sensitive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Openafs Debian Linux
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-3263 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the WP Ultimate Email Marketer plugin 1.1.0 and possibly earlier for Wordpress allow remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

WordPress PHP XSS Wp Ultimate Email Marketer Plugin
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-4134 MEDIUM This Month

OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 uses weak encryption (DES) for Kerberos keys, which makes it easier for remote attackers to obtain the service key. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Openafs Debian Linux
NVD
CVSS 2.0
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy