Skip to main content
CVE-2013-6852 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in html/json.html on HP 2620 switches allows remote attackers to hijack the authentication of administrators for requests that change an administrative. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF HP 2620 24 Poe Switch
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.3%
CVE-2013-6342 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the Tweet Blender plugin before 4.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tb_tab_index parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

WordPress PHP XSS Tweet Blender
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-5998 HIGH This Week

Unspecified vulnerability in the Web manager implementation on D-Link Japan DES-3800 devices with firmware before R4.50B58 allows remote attackers to cause a denial of service (device hang) via. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service D-Link Des 3800 Firmware Des 3800
NVD
CVSS 2.0
7.8
EPSS
1.8%
CVE-2013-2811 HIGH This Week

The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE Intelligent Platforms Proficy DNP3 I/O driver before 7.20k, as used in DNPDrv.exe (aka the DNP master station server) in GE Intelligent. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Catapult Dnp3 I O Driver Intelligent Platforms Proficy Dnp3 I O Driver Intelligent Platforms Proficy Hmi Scada Cimplicity Intelligent Platforms Proficy Hmi Scada Ifix
NVD
CVSS 2.0
7.1
EPSS
1.3%
CVE-2013-5997 MEDIUM This Month

Unspecified vulnerability in the SSH implementation on D-Link Japan DES-3800 devices with firmware before R4.50B58 allows remote authenticated users to cause a denial of service (device hang) via. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service D-Link Des 3800 Firmware Des 3800
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-6692 MEDIUM This Month

Cisco IOS XE 3.8S(.2) and earlier does not properly use a DHCP pool during assignment of an IP address, which allows remote authenticated users to cause a denial of service (device reload) via an AAA. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Cisco Ios Xe
NVD
CVSS 2.0
6.3
EPSS
0.3%
CVE-2013-5999 MEDIUM This Month

Kingsoft KDrive Personal before 1.21.0.1880 on Windows does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Microsoft Kdrive
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2013-6693 MEDIUM This Month

The MLDP implementation in Cisco IOS 15.3(3)S and earlier on 7600 routers, when many VRFs are configured, allows remote attackers to cause a denial of service (chunk corruption and device reload) by. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Apple Cisco iOS +1
NVD
CVSS 2.0
5.4
EPSS
0.4%
CVE-2013-6699 MEDIUM This Month

The Control and Provisioning of Wireless Access Points (CAPWAP) protocol implementation on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Cisco Wireless Lan Controller
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2013-6312 MEDIUM This Month

Unspecified vulnerability in IBM Rational Service Tester 8.3.x and 8.5.x before 8.5.1 and Rational Performance Tester 8.3.x and 8.5.x before 8.5.1 allows remote attackers to read arbitrary files via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Rational Performance Tester Rational Service Tester
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-2823 MEDIUM This Month

The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE Intelligent Platforms Proficy DNP3 I/O driver before 7.20k, as used in DNPDrv.exe (aka the DNP master station server) in GE Intelligent. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Catapult Dnp3 I O Driver Intelligent Platforms Proficy Dnp3 I O Driver Intelligent Platforms Proficy Hmi Scada Cimplicity Intelligent Platforms Proficy Hmi Scada Ifix
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2013-6694 MEDIUM This Month

The IPSec implementation in Cisco IOS allows remote attackers to cause a denial of service (MTU change and tunnel-session drop) via crafted ICMP packets, aka Bug ID CSCul29918. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Cisco iOS
NVD
CVSS 2.0
4.3
EPSS
1.0%
CVE-2013-3288 MEDIUM This Month

Cross-site scripting (XSS) vulnerability on the EMC RSA Data Protection Manager (DPM) appliance 3.2.x before 3.2.4.2 and 3.5.x before 3.5.1 allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Rsa Data Protection Manager Appliance
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-6698 MEDIUM This Month

The web interface on Cisco Wireless LAN Controller (WLC) devices does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Cisco Wireless Lan Controller
NVD
CVSS 2.0
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy