Skip to main content
CVE-2013-4212 MEDIUM POC PATCH THREAT This Month

Certain getText methods in the ActionSupport controller in Apache Roller before 5.0.2 allow remote attackers to execute arbitrary OGNL expressions via the first or second parameter, as demonstrated. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 87.0%.

Code Injection Apache RCE Roller
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
87.0%
Threat
5.5
CVE-2013-6397 MEDIUM POC PATCH THREAT This Month

Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 90.9%.

Apache Path Traversal XXE Solr
NVD
CVSS 2.0
4.3
EPSS
90.9%
Threat
5.1
CVE-2013-6414 MEDIUM POC PATCH THREAT This Month

actionpack/lib/action_view/lookup_context.rb in Action View in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to cause a denial of service (memory consumption) via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 70.8%.

Denial Of Service Rails Ruby On Rails
NVD
CVSS 2.0
5.0
EPSS
70.8%
Threat
4.6
CVE-2013-4479 MEDIUM POC PATCH This Month

lib/sup/message_chunks.rb in Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the content_type of an email attachment. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Code Injection RCE Sup
NVD GitHub
CVSS 2.0
6.8
EPSS
0.5%
CVE-2013-4478 MEDIUM POC PATCH This Month

Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an email attachment. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Code Injection RCE Sup
NVD GitHub
CVSS 2.0
6.8
EPSS
0.4%
CVE-2013-6408 MEDIUM PATCH This Month

The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 11.4%.

Apache XXE Solr
NVD
CVSS 2.0
6.4
EPSS
11.4%
CVE-2013-6407 MEDIUM PATCH This Month

The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 11.4%.

Apache XXE Solr
NVD
CVSS 2.0
6.4
EPSS
11.4%
CVE-2013-6999 MEDIUM POC This Month

The IsHandleEntrySecure function in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 SP2 does not properly validate the tagPROCESSINFO pW32Job field, which allows local users to. Rated medium severity (CVSS 4.0). Public exploit code available and no vendor patch available.

Denial Of Service Microsoft Windows Server 2008
NVD
CVSS 2.0
4.0
EPSS
0.5%
CVE-2013-6634 MEDIUM PATCH This Month

The OneClickSigninHelper::ShowInfoBarIfPossible function in browser/ui/sync/one_click_signin_helper.cc in Google Chrome before 31.0.1650.63 uses an incorrect URL during realm validation, which allows. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Google Authentication Bypass Chrome
NVD
CVSS 2.0
6.8
EPSS
1.3%
CVE-2013-6635 MEDIUM PATCH This Month

Use-after-free vulnerability in the editing implementation in Blink, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service or possibly have unspecified. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Denial Of Service Google Chrome
NVD
CVSS 2.0
6.8
EPSS
1.2%
CVE-2013-4446 MEDIUM PATCH This Month

The _json_decode function in plugins/context_reaction_block.inc in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal, when using a version of PHP that does not support. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

PHP Code Injection RCE Context
NVD
CVSS 2.0
6.8
EPSS
1.1%
CVE-2013-6386 MEDIUM PATCH This Month

Drupal 6.x before 6.29 and 7.x before 7.24 uses the PHP mt_rand function to generate random numbers, which uses predictable seeds and allows remote attackers to predict security strings and bypass. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

PHP Authentication Bypass Drupal
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2013-6417 MEDIUM PATCH This Month

actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Rails Ruby On Rails
NVD
CVSS 2.0
6.4
EPSS
0.5%
CVE-2013-6409 MEDIUM This Month

Debian adequate before 0.8.1, when run by root with the --user option, allows local users to hijack the tty and possibly gain privileges via the TIOCSTI ioctl. Rated medium severity (CVSS 6.2). No vendor patch available.

Privilege Escalation Debian Adequate
NVD
CVSS 2.0
6.2
EPSS
0.0%
CVE-2013-6389 MEDIUM PATCH This Month

Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.24 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Open Redirect Drupal
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2013-6385 MEDIUM PATCH This Month

The form API in Drupal 6.x before 6.29 and 7.x before 7.24, when used with unspecified third-party modules, performs form validation even when CSRF validation has failed, which might allow remote. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

CSRF Code Injection RCE Drupal
NVD
CVSS 2.0
5.1
EPSS
2.5%
CVE-2013-4445 MEDIUM PATCH This Month

The json rendering functionality in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal uses Drupal's token scheme to restrict access to blocks, which makes it easier for. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable.

Privilege Escalation Context
NVD
CVSS 2.0
4.9
EPSS
0.6%
CVE-2013-5455 MEDIUM This Month

IBM SmartCloud Provisioning 2.1 before FP3 IF0001 allows remote authenticated users to modify virtual-system deployment via deployer.virtualsystems CLI commands, as demonstrated by a deletion using a. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation IBM Smartcloud Provisioning
NVD
CVSS 2.0
4.9
EPSS
0.3%
CVE-2013-4171 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to the search results in the (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Apache XSS Roller
NVD
CVSS 2.0
4.3
EPSS
2.0%
CVE-2013-6415 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the number_to_currency helper in actionpack/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Rails Ruby On Rails
NVD
CVSS 2.0
4.3
EPSS
1.5%
CVE-2013-6707 MEDIUM This Month

Memory leak in the connection-manager implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to cause a denial of service (multi-protocol. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software
NVD
CVSS 2.0
4.3
EPSS
1.3%
CVE-2013-6636 MEDIUM PATCH This Month

The FrameLoader::notifyIfInitialDocumentAccessed function in core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 31.0.1650.63, makes an incorrect check for an empty document during. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Google Chrome
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2013-4491 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/translation_helper.rb in the internationalization component in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Rails Ruby On Rails
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2013-7001 MEDIUM This Month

The Multimedia Messaging Centre (MMSC) in NowSMS Now SMS & MMS Gateway before 2013.11.15 allows remote attackers to cause a denial of service via a malformed MM1 message that is routed to a (1) MM4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Now Sms Mms Gateway
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-7000 MEDIUM This Month

The Multimedia Messaging Centre (MMSC) in NowSMS Now SMS & MMS Gateway 2013.09.26 allows remote attackers to cause a denial of service via a malformed message to a MM4 connection. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Now Sms Mms Gateway
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-4492 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in exceptions.rb in the i18n gem before 0.6.6 for Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS I18N
NVD GitHub
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-6050 MEDIUM This Month

Integer overflow in Links before 2.8 allows remote attackers to cause a denial of service (crash) via crafted HTML tables. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Links
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-6416 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the simple_format helper in actionpack/lib/action_view/helpers/text_helper.rb in Ruby on Rails 4.x before 4.0.2 allows remote attackers to inject arbitrary. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Rails
NVD
CVSS 2.0
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy