Skip to main content
CVE-2013-1349 HIGH POC THREAT Act Now

Eval injection vulnerability in ajax.php in openSIS 4.5 through 5.2 allows remote attackers to execute arbitrary PHP code via the modname parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 70.9%.

PHP Code Injection RCE Opensis
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
70.9%
Threat
5.1
CVE-2013-6985 HIGH POC This Week

SQL injection vulnerability in m_worklog/log_searchday.jsp in Enorth Webpublisher CMS, possibly 5.0 and earlier, allows remote attackers to execute arbitrary SQL commands via the thisday parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Webpublisher Cms
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.4%
CVE-2013-7021 MEDIUM POC PATCH This Month

The filter_frame function in libavfilter/vf_fps.c in FFmpeg before 2.1 does not properly ensure the availability of FIFO content, which allows remote attackers to cause a denial of service (double. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Ffmpeg
NVD GitHub
CVSS 2.0
6.8
EPSS
1.4%
CVE-2013-7019 MEDIUM POC PATCH This Month

The get_cox function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not properly validate the reduction factor, which allows remote attackers to cause a denial of service (out-of-bounds array. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Ffmpeg
NVD GitHub
CVSS 2.0
6.8
EPSS
1.4%
CVE-2013-7012 MEDIUM POC PATCH This Month

The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not prevent attempts to use non-zero image offsets, which allows remote attackers to cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Denial Of Service Ffmpeg
NVD GitHub
CVSS 2.0
6.8
EPSS
1.4%
CVE-2013-7011 MEDIUM POC PATCH This Month

The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not prevent changes to global parameters, which allows remote attackers to cause a denial of service (out-of-bounds array. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Denial Of Service Ffmpeg
NVD GitHub
CVSS 2.0
6.8
EPSS
1.4%
CVE-2013-7009 MEDIUM POC PATCH This Month

The rpza_decode_stream function in libavcodec/rpza.c in FFmpeg before 2.1 does not properly maintain a pointer to pixel data, which allows remote attackers to cause a denial of service (out-of-bounds. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Denial Of Service Apple Ffmpeg
NVD GitHub
CVSS 2.0
6.8
EPSS
1.4%
CVE-2013-7008 MEDIUM POC PATCH This Month

The decode_slice_header function in libavcodec/h264.c in FFmpeg before 2.1 incorrectly relies on a certain droppable field, which allows remote attackers to cause a denial of service (deadlock) or. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Ffmpeg
NVD GitHub
CVSS 2.0
6.8
EPSS
1.4%
CVE-2013-7014 MEDIUM POC PATCH This Month

Integer signedness error in the add_bytes_l2_c function in libavcodec/pngdsp.c in FFmpeg before 2.1 allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Ffmpeg
NVD GitHub
CVSS 2.0
6.8
EPSS
1.4%
CVE-2013-7022 MEDIUM POC PATCH This Month

The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before 2.1 does not properly allocate memory for tiles, which allows remote attackers to cause a denial of service (out-of-bounds array. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Denial Of Service Ffmpeg
NVD GitHub
CVSS 2.0
6.8
EPSS
1.3%
CVE-2013-7018 MEDIUM POC PATCH This Month

libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not ensure the use of valid code-block dimension values, which allows remote attackers to cause a denial of service (out-of-bounds array access) or. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Denial Of Service Ffmpeg
NVD GitHub
CVSS 2.0
6.8
EPSS
1.2%
CVE-2013-7016 MEDIUM POC PATCH This Month

The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not ensure the expected sample separation, which allows remote attackers to cause a denial of service (out-of-bounds array. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Denial Of Service Ffmpeg
NVD GitHub
CVSS 2.0
6.8
EPSS
1.2%
CVE-2013-7015 MEDIUM POC PATCH This Month

The flashsv_decode_frame function in libavcodec/flashsv.c in FFmpeg before 2.1 does not properly validate a certain height value, which allows remote attackers to cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Ffmpeg
NVD GitHub
CVSS 2.0
6.8
EPSS
1.2%
CVE-2013-7013 MEDIUM POC PATCH This Month

The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before 2.1 uses an incorrect ordering of arithmetic operations, which allows remote attackers to cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Ffmpeg
NVD GitHub
CVSS 2.0
6.8
EPSS
1.2%
CVE-2013-7023 MEDIUM POC PATCH This Month

The ff_combine_frame function in libavcodec/parser.c in FFmpeg before 2.1 does not properly handle certain memory-allocation errors, which allows remote attackers to cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Denial Of Service Ffmpeg
NVD GitHub
CVSS 2.0
6.8
EPSS
1.0%
CVE-2013-7010 MEDIUM POC PATCH This Month

Multiple integer signedness errors in libavcodec/dsputil.c in FFmpeg before 2.1 allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Ffmpeg
NVD GitHub
CVSS 2.0
6.8
EPSS
0.9%
CVE-2013-7024 MEDIUM POC PATCH This Month

The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not consider the component number in certain calculations, which allows remote attackers to cause a denial of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Denial Of Service Ffmpeg
NVD GitHub
CVSS 2.0
6.8
EPSS
0.9%
CVE-2013-7017 MEDIUM POC PATCH This Month

libavcodec/jpeg2000.c in FFmpeg before 2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via crafted JPEG2000 data. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Ffmpeg
NVD GitHub
CVSS 2.0
6.8
EPSS
0.8%
CVE-2013-6427 MEDIUM POC This Month

upgrade.py in the hp-upgrade service in HP Linux Imaging and Printing (HPLIP) 3.x through 3.13.11 launches a program from an http URL, which allows man-in-the-middle attackers to execute arbitrary. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Code Injection HP RCE Linux Imaging And Printing Project
NVD
CVSS 2.0
6.8
EPSS
0.8%
CVE-2013-7027 MEDIUM POC PATCH This Month

The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 2.0
6.1
EPSS
0.3%
CVE-2013-6431 MEDIUM POC PATCH This Month

The fib6_add function in net/ipv6/ip6_fib.c in the Linux kernel before 3.11.5 does not properly implement error-code encoding, which allows local users to cause a denial of service (NULL pointer. Rated medium severity (CVSS 4.7). Public exploit code available.

Privilege Escalation Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 2.0
4.7
EPSS
0.0%
CVE-2013-7026 MEDIUM POC PATCH This Month

Multiple race conditions in ipc/shm.c in the Linux kernel before 3.12.2 allow local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via. Rated medium severity (CVSS 4.7). Public exploit code available.

Denial Of Service Linux Race Condition Linux Kernel
NVD GitHub
CVSS 2.0
4.7
EPSS
0.0%
CVE-2013-6432 MEDIUM POC PATCH This Month

The ping_recvmsg function in net/ipv4/ping.c in the Linux kernel before 3.12.4 does not properly interact with read system calls on ping sockets, which allows local users to cause a denial of service. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 2.0
4.6
EPSS
0.0%
CVE-2013-7025 LOW POC Monitor

Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Dell Sonicwall XSS Analyzer Global Management System +1
NVD Exploit-DB
CVSS 2.0
3.5
EPSS
3.1%
CVE-2013-6404 MEDIUM POC PATCH This Month

Quassel core (server daemon) in Quassel IRC before 0.9.2 does not properly verify the user ID when accessing user backlogs, which allows remote authenticated users to read other users' backlogs via. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation PostgreSQL Quassel Irc
NVD GitHub
CVSS 2.0
4.0
EPSS
0.4%
CVE-2013-4376 HIGH This Week

The setgid wrapper libx2go-server-db-sqlite3-wrapper.c in X2Go Server before 4.0.0.2 allows remote attackers to execute arbitrary code via unspecified vectors, related to the path to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE X2Go Server
NVD
CVSS 2.0
7.5
EPSS
2.0%
CVE-2013-4270 LOW POC PATCH Monitor

The net_ctl_permissions function in net/sysctl_net.c in the Linux kernel before 3.11.5 does not properly determine uid and gid values, which allows local users to bypass intended /proc/sys/net. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. Public exploit code available.

Linux Authentication Bypass Linux Kernel
NVD GitHub
CVSS 2.0
3.6
EPSS
0.0%
CVE-2013-5354 HIGH This Week

Multiple SQL injection vulnerabilities in Sharetronix 3.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) fb_user_id or (2) tw_user_id parameter to signup. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Sharetronix
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2013-4400 HIGH PATCH This Week

virt-login-shell in libvirt 1.1.2 through 1.1.3 allows local users to overwrite arbitrary files and possibly gain privileges via unspecified environment variables or command-line arguments. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Privilege Escalation Libvirt
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2013-7020 MEDIUM PATCH This Month

The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not properly enforce certain bit-count and colorspace constraints, which allows remote attackers to cause a denial of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Ffmpeg Debian Linux
NVD GitHub
CVSS 2.0
6.8
EPSS
1.5%
CVE-2013-1953 MEDIUM This Month

Integer underflow in the input_bmp_reader function in input-bmp.c in AutoTrace 0.31.1 allows context-dependent attackers to have an unspecified impact via a small value in the biSize field in the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Autotrace
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2013-6180 MEDIUM This Month

EMC RSA Security Analytics (SA) 10.x before 10.3, and RSA NetWitness NextGen 9.8, does not ensure that SA Core requests originate from the SA REST UI, which allows remote attackers to bypass intended. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Rsa Netwitness Nextgen Rsa Security Analytics
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2013-5355 MEDIUM This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Sharetronix 3.1.1 allow remote attackers to hijack the authentication of administrators for requests that (1) change configuration. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Sharetronix
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-6171 MEDIUM PATCH This Month

checkpassword-reply in Dovecot before 2.2.7 performs setuid operations to a user who is authenticating, which allows local users to bypass authentication and access virtual email accounts by. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Dovecot
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2013-6039 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in NagiosQL 3.2 SP2 allow remote attackers to inject arbitrary web script or HTML via the txtSearch parameter to (1) admin/hostdependencies.php,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

PHP XSS Nagiosql
NVD
CVSS 2.0
4.3
EPSS
1.4%
CVE-2013-2930 LOW Monitor

The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Linux Linux Kernel
NVD GitHub
CVSS 2.0
3.6
EPSS
0.0%
CVE-2013-2929 LOW Monitor

The Linux kernel before 3.12.2 does not properly use the get_dumpable function, which allows local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch. Rated low severity (CVSS 3.3). No vendor patch available.

Privilege Escalation Linux Linux Kernel
NVD GitHub
CVSS 2.0
3.3
EPSS
0.0%
CVE-2013-3929 LOW Monitor

Cross-site scripting (XSS) vulnerability in admin/editevent.php in CMS Made Simple (CMSMS) 1.11.9 allows remote authenticated users with the "Modify Events" permission to inject arbitrary web script. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.

PHP XSS Cms Made Simple
NVD
CVSS 2.0
2.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy