Skip to main content
CVE-2013-5447 MEDIUM POC THREAT This Month

Stack-based buffer overflow in IBM Forms Viewer 4.x before 4.0.0.3 and 8.x before 8.0.1.1 allows remote attackers to execute arbitrary code via an XFDL form with a long fontname value. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 68.3%.

Buffer Overflow RCE IBM Forms Viewer
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
68.3%
Threat
4.9
CVE-2013-6224 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) a name in the call administrator feature, (2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Livezilla
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-6840 MEDIUM This Month

Siemens COMOS before 9.2.0.8.1, 10.0 before 10.0.3.1.40, and 10.1 before 10.1.0.0.2 allows local users to gain database privileges via unspecified vectors. Rated medium severity (CVSS 6.9). No vendor patch available.

Privilege Escalation Siemens Comos
NVD
CVSS 2.0
6.9
EPSS
0.0%
CVE-2013-6708 MEDIUM This Month

Cisco Cloud Portal 9.4 allows remote attackers to read files of unspecified types via a direct request, aka Bug IDs CSCuj08426 and CSCui60889. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Cloud Portal
NVD
CVSS 2.0
5.0
EPSS
1.0%
CVE-2013-7042 MEDIUM This Month

SUSE Lifecycle Management Server (SLMS) before 1.3.7 uses world-readable permissions for the secret keys, which allows local users to gain privileges via unspecified vectors. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Suse Lifecycle Management Server
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2013-3710 MEDIUM This Month

SUSE Lifecycle Management Server (SLMS) before 1.3.7 does not generate a new secret key when the service starts, which allows remote attackers to defeat intended cryptographic protection mechanisms. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Suse Lifecycle Management Server
NVD
CVSS 2.0
4.3
EPSS
1.4%
CVE-2012-3047 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the web-wizard setup page on Cisco Scientific Atlanta D20 and D30 cable modems allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco XSS Scientific Atlanta Dpc Epc 3208 Scientific Atlanta Dpc Epc2100 Scientific Atlanta Dpc Epc2202 +34
NVD
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy