Skip to main content
CVE-2013-5730 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DSL-2740B Gateway with firmware EU_1.00 allow remote attackers to hijack the authentication of administrators for requests that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF D-Link Dsl 2740B Firmware Dsl 2740B
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
7.1%
CVE-2013-4579 MEDIUM POC THREAT This Month

The ath9k_htc_set_bssid_mask function in drivers/net/wireless/ath/ath9k/htc_drv_main.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC addresses on which a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 15.3%.

Linux Information Disclosure Linux Kernel
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
15.3%
CVE-2013-3095 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR865L router (Rev. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF D-Link Dir865L Firmware Dir865L
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.9%
CVE-2013-6826 MEDIUM POC This Month

cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrf_token parameter, which allows remote attackers to perform cross-site. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Fortinet Fortianalyzer Firmware Fortianalyzer 1000D Fortianalyzer 2000B +4
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.4%
CVE-2013-4591 MEDIUM POC PATCH This Month

Buffer overflow in the __nfs4_get_acl_uncached function in fs/nfs/nfs4proc.c in the Linux kernel before 3.7.2 allows local users to cause a denial of service (memory corruption and system crash) or. Rated medium severity (CVSS 6.2). Public exploit code available.

Buffer Overflow Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 2.0
6.2
EPSS
0.0%
CVE-2013-4487 MEDIUM POC PATCH This Month

Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service (memory corruption) via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Gnutls Opensuse
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-5215 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the web interface "WiFi scan" option in FOSCAM Wireless IP Cameras allows remote attackers to inject arbitrary web script or HTML via the SSID. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Wireless Ip Camera
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-4592 MEDIUM POC PATCH This Month

Memory leak in the __kvm_set_memory_region function in virt/kvm/kvm_main.c in the Linux kernel before 3.9 allows local users to cause a denial of service (memory consumption) by leveraging certain. Rated medium severity (CVSS 4.0). Public exploit code available.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 2.0
4.0
EPSS
0.1%
CVE-2013-6817 MEDIUM This Month

Heap-based buffer overflow in SAP Network Interface Router (SAProuter) 7.30 allows remote attackers to cause a denial of service and execute arbitrary code via crafted NI Route messages. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service SAP RCE Network Interface Router
NVD
CVSS 2.0
6.8
EPSS
1.6%
CVE-2013-6828 MEDIUM This Month

admin/management.html in PineApp Mail-SeCure allows remote attackers to bypass authentication and perform a sys_usermng operation via the it parameter. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mail Secure
NVD
CVSS 2.0
6.4
EPSS
0.2%
CVE-2013-6818 MEDIUM This Month

SAP NetWeaver Logviewer 6.30, when running on Windows, allows remote attackers to bypass intended access restrictions via unspecified vectors. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Privilege Escalation Microsoft Netweaver Logviewer
NVD
CVSS 2.0
6.4
EPSS
0.2%
CVE-2013-6823 MEDIUM This Month

GRMGApp in SAP NetWeaver allows remote attackers to bypass intended access restrictions via unspecified vectors. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation SAP Netweaver
NVD
CVSS 2.0
6.4
EPSS
0.2%
CVE-2013-4560 MEDIUM This Month

Use-after-free vulnerability in lighttpd before 1.4.33 allows remote attackers to cause a denial of service (segmentation fault and crash) via unspecified vectors that trigger FAMMonitorDirectory. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Use After Free Lighttpd Debian Linux +1
NVD
CVSS 2.0
5.0
EPSS
6.8%
CVE-2013-6814 MEDIUM This Month

The J2EE Engine in SAP NetWeaver 6.40, 7.02, and earlier allows remote attackers to redirect users to arbitrary web sites, conduct phishing attacks, and obtain sensitive information (cookies and. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure SAP Netweaver
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2013-6815 MEDIUM This Month

The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS ABAP) in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service XXE SAP Netweaver
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2013-4466 MEDIUM PATCH This Month

Buffer overflow in the dane_query_tlsa function in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.15 and 3.2.x before 3.2.5 allows remote servers to cause a denial of service (memory. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Denial Of Service Gnutls
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2013-6827 MEDIUM This Month

Absolute path traversal vulnerability in admin/viewmsg.php in PineApp Mail-SeCure allows remote attackers to read arbitrary files via a full pathname in the msg parameter. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Path Traversal Mail Secure
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-6821 MEDIUM This Month

Directory traversal vulnerability in the Exportability Check Service in SAP NetWeaver allows remote attackers to read arbitrary files via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal SAP Netweaver
NVD
CVSS 2.0
5.0
EPSS
0.1%
CVE-2013-6074 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14 allows remote attackers to inject arbitrary web script or HTML via an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-6816 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the (1) JavaDumpService and (2) DataCollector servlets in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

SAP XSS Netweaver
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-5966 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in ZK Framework before 5.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Zk Framework
NVD GitHub
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-4507 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in CollectiveAccess Providence and Pawtucket before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Pawtucket Providence
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-6819 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Performance Provider in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

SAP XSS Netweaver
NVD
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy