Skip to main content
CVE-2013-4557 HIGH POC THREAT Act Now

The Security Screen (_core_/securite/ecran_securite.php) before 1.1.8 for SPIP, as used in SPIP 3.0.x before 3.0.12, allows remote attackers to execute arbitrary PHP via the connect parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 69.5%.

PHP Code Injection RCE Spip
NVD
CVSS 2.0
7.5
EPSS
69.5%
Threat
5.1
CVE-2013-6801 HIGH POC THREAT Act Now

Microsoft Word 2003 SP2 and SP3 on Windows XP SP3 allows remote attackers to cause a denial of service (CPU consumption) via a malformed .doc file containing an embedded image, as demonstrated by. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 21.1%.

Denial Of Service Microsoft Word
NVD
CVSS 2.0
7.1
EPSS
21.1%
CVE-2013-4510 HIGH POC PATCH This Week

Directory traversal vulnerability in the client in Tryton 3.0.0, as distributed before 20131104 and earlier, allows remote servers to write arbitrary files via path separators in the extension of a. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Tryton
NVD
CVSS 2.0
7.8
EPSS
0.8%
CVE-2013-6632 CRITICAL Act Now

Integer overflow in Google Chrome before 31.0.1650.57 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as demonstrated. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 13.2% and no vendor patch available.

Buffer Overflow Denial Of Service Google RCE Chrome +1
NVD
CVSS 2.0
9.3
EPSS
13.2%
CVE-2013-4555 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in ecrire/action/logout.php in SPIP before 2.1.24 allows remote attackers to hijack the authentication of arbitrary users for requests that logout the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF PHP Spip
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2013-3694 MEDIUM POC This Month

BlackBerry Link before 1.2.1.31 on Windows and before 1.1.1 build 39 on Mac OS X does not require authentication for remote file-access folders, which allows remote attackers to read or create. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Microsoft Blackberry Link
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-4034 MEDIUM POC This Month

IBM Cognos Business Intelligence 8.4.1 before IF3, 10.1.0 before IF4, 10.1.1 before IF4, 10.2.0 before IF4, 10.2.1 before IF2, and 10.2.1.1 before IF1 allows remote authenticated users to read. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation XXE IBM Cognos Business Intelligence
NVD Exploit-DB
CVSS 2.0
4.0
EPSS
8.7%
CVE-2013-6799 MEDIUM POC This Month

Apple Mac OS X 10.9 allows local users to cause a denial of service (memory corruption or panic) by creating a hard link to a directory. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Apple Mac Os X
NVD Exploit-DB
CVSS 2.0
4.7
EPSS
0.6%
CVE-2013-1057 MEDIUM POC This Month

Untrusted search path vulnerability in maas-import-pxe-files in MAAS before 13.10 allows local users to execute arbitrary code via a Trojan horse import_pxe_files configuration file in the current. Rated medium severity (CVSS 4.4). Public exploit code available and no vendor patch available.

RCE Ubuntu Linux Maas
NVD
CVSS 2.0
4.4
EPSS
0.1%
CVE-2013-5605 HIGH PATCH This Week

Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid handshake. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Mozilla Network Security Services
NVD
CVSS 2.0
7.5
EPSS
2.8%
CVE-2013-1741 HIGH This Week

Integer overflow in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large size value. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Network Security Services
NVD
CVSS 2.0
7.5
EPSS
2.6%
CVE-2013-4480 HIGH PATCH This Week

Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Red Hat Information Disclosure Network Satellite Satellite Satellite With Embedded Oracle +2
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2013-3876 HIGH This Week

DirectAccess in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Microsoft Windows 7 Windows 8 Windows 8 1 +7
NVD
CVSS 2.0
7.1
EPSS
2.0%
CVE-2013-5972 HIGH PATCH This Week

VMware Workstation 9.x before 9.0.3 and VMware Player 5.x before 5.0.3 on Linux do not properly handle shared libraries, which allows host OS users to gain host OS privileges via unspecified vectors. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Privilege Escalation VMware Workstation Player
NVD
CVSS 2.0
7.2
EPSS
0.0%
CVE-2013-2114 MEDIUM PATCH This Month

Unrestricted file upload vulnerability in the chunk upload API in MediaWiki 1.19 through 1.19.6 and 1.20.x before 1.20.6 allows remote attackers to execute arbitrary code by uploading a file with an. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

File Upload RCE Mediawiki
NVD
CVSS 2.0
6.8
EPSS
1.4%
CVE-2013-6686 MEDIUM This Month

The SSL VPN implementation in Cisco IOS 15.3(1)T2 and earlier allows remote authenticated users to cause a denial of service (interface queue wedge) via crafted DTLS packets in an SSL session, aka. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Apple Cisco iOS
NVD
CVSS 2.0
6.8
EPSS
0.8%
CVE-2013-6689 MEDIUM This Month

Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier allows local users to bypass file permissions, and read, modify, or create arbitrary files, via an "overload" of the command-line. Rated medium severity (CVSS 6.9). No vendor patch available.

Authentication Bypass Cisco Unified Communications Manager
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2013-2061 LOW POC PATCH Monitor

The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. Public exploit code available.

Information Disclosure Oracle Openvpn Openvpn Access Server Opensuse
NVD GitHub
CVSS 2.0
2.6
EPSS
1.5%
CVE-2013-4843 MEDIUM This Month

Unspecified vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1.32 allows remote authenticated users to obtain sensitive information via unknown vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure HP Integrated Lights Out Firmware Integrated Lights Out 4
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2013-3406 MEDIUM This Month

The "Files Available for Download" implementation in the Cisco Intelligent Automation for Cloud component in Cisco Services Portal 9.4(1) allows remote authenticated users to read arbitrary files via. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cisco Service Portal
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2013-5556 MEDIUM This Month

The license-installation module on the Cisco Nexus 1000V switch 4.2(1)SV1(5.2b) and earlier for VMware vSphere, Cisco Nexus 1000V switch 5.2(1)SM1(5.1) for Microsoft Hyper-V, and Cisco Virtual. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware Microsoft Cisco Nexus 1000V
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-6688 MEDIUM This Month

Directory traversal vulnerability in the license-upload interface in the Enterprise License Manager (ELM) component in Cisco Unified Communications Manager 9.1(1) and earlier allows remote. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal Cisco Unified Communications Manager
NVD
CVSS 2.0
6.3
EPSS
0.3%
CVE-2013-5606 MEDIUM This Month

The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Mozilla Network Security Services
NVD
CVSS 2.0
5.8
EPSS
0.7%
CVE-2013-6798 MEDIUM This Month

BlackBerry Link before 1.2.1.31 on Windows and before 1.1.1 build 39 on Mac OS X does not properly determine the user account for execution of Peer Manager in certain situations involving successive. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Microsoft Blackberry Link
NVD
CVSS 2.0
5.8
EPSS
0.5%
CVE-2013-6802 MEDIUM PATCH This Month

Google Chrome before 31.0.1650.57 allows remote attackers to bypass intended sandbox restrictions by leveraging access to a renderer process, as demonstrated during a Mobile Pwn2Own competition at. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Privilege Escalation Google Chrome
NVD
CVSS 2.0
5.8
EPSS
0.4%
CVE-2013-1418 MEDIUM PATCH This Month

The setup_server_realm function in main.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.7, when multiple realms are configured, allows remote attackers to cause a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Kerberos 5 Debian Linux Opensuse
NVD GitHub
CVSS 2.0
4.3
EPSS
7.7%
CVE-2013-4551 MEDIUM This Month

Xen 4.2.x and 4.3.x, when nested virtualization is disabled, does not properly check the emulation paths for (1) VMLAUNCH and (2) VMRESUME, which allows local HVM guest users to cause a denial of. Rated medium severity (CVSS 5.7). No vendor patch available.

Denial Of Service Xen
NVD
CVSS 2.0
5.7
EPSS
0.4%
CVE-2013-3030 MEDIUM This Month

The servlet gateway in IBM Cognos Business Intelligence 8.4.1 before IF3, 10.1.0 before IF4, 10.1.1 before IF4, 10.2.0 before IF4, 10.2.1 before IF2, and 10.2.1.1 before IF1 allows remote attackers. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service IBM Cognos Business Intelligence
NVD
CVSS 2.0
5.0
EPSS
1.2%
CVE-2013-2032 MEDIUM PATCH This Month

MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Mediawiki Fedora Linux
NVD
CVSS 2.0
5.0
EPSS
1.0%
CVE-2013-3407 MEDIUM This Month

The web interface in Cisco Server Provisioner 6.4.0 Patch 5-1301292331 and earlier does not require authentication for unspecified pages, which allows remote attackers to obtain sensitive information. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Server Provisioner
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-5193 MEDIUM This Month

The App Store component in Apple iOS before 7.0.4 does not properly enforce an intended transaction-time password requirement, which allows local users to complete a (1) App purchase or (2) In-App. Rated medium severity (CVSS 4.7). No vendor patch available.

Apple Authentication Bypass Iphone Os
NVD
CVSS 2.0
4.7
EPSS
0.0%
CVE-2013-2031 MEDIUM PATCH This Month

MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a CDATA section containing valid UTF-7 encoded sequences in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Mozilla Google XSS Linux Mediawiki +1
NVD
CVSS 2.0
4.3
EPSS
1.6%
CVE-2013-4842 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

HP XSS Integrated Lights Out Firmware Integrated Lights Out 4
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2013-4556 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the author page (prive/formulaires/editer_auteur.php) in SPIP before 2.1.24 and 3.0.x before 3.0.12 allows remote attackers to inject arbitrary web script. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

PHP XSS Spip
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-5417 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Websphere Application Server
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-4204 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in the JUnit files in the GWTTestCase in Google Web Toolkit (GWT) before 2.5.1 RC1 allow remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Google XSS Web Toolkit
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-5454 MEDIUM This Month

IBM WebSphere Portal 6.0 through 6.0.1.7, 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF25, and 8.0 through 8.0.0.1 CF08 allows remote attackers to read arbitrary. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM Websphere Portal
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-4006 MEDIUM This Month

IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before 8.5.5.1 uses weak permissions for unspecified files, which allows local users to obtain sensitive information via standard filesystem. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM Websphere Application Server
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-6800 MEDIUM PATCH This Month

An unspecified third-party database module for the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x allows remote authenticated users to cause a denial of service (NULL pointer. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Kerberos Kerberos 5
NVD GitHub
CVSS 2.0
4.0
EPSS
0.8%
CVE-2013-5425 LOW Monitor

Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Virtual Enterprise 6.1 before 6.1.1.6 and 7.0 before 7.0.0.4 allows remote authenticated users to inject. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Websphere Virtual Enterprise
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-5418 LOW Monitor

Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Websphere Application Server
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-5414 LOW Monitor

The migration functionality in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 does not properly support the distinction between the admin role. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation IBM Websphere Application Server
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-4425 LOW Monitor

The DICOM listener in OsiriX before 5.8 and before 2.5-MD, when starting up, encrypts the TLS private key file using "SuperSecretPassword" as the hardcoded password, which allows local users to. Rated low severity (CVSS 1.9). No vendor patch available.

Authentication Bypass Osirix Osirix Md
NVD
CVSS 2.0
1.9
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy