Skip to main content
CVE-2013-4988 CRITICAL POC THREAT Emergency

Stack-based buffer overflow in IcoFX 2.5 and earlier allows remote attackers to execute arbitrary code via a long idCount value in an ICONDIR structure in an ICO file. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 80.6%.

Buffer Overflow RCE Icofx
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
80.6%
Threat
5.8
CVE-2013-7091 MEDIUM POC THREAT This Month

Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 92.4%.

Path Traversal RCE Zimbra Collaboration Suite
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
92.4%
Threat
5.3
CVE-2012-6151 MEDIUM POC THREAT This Month

Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 27.4%.

Denial Of Service Mac Os X Ubuntu Linux Net Snmp
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
27.4%
CVE-2013-6839 HIGH POC PATCH This Week

SQL injection vulnerability in InstantSoft InstantCMS 1.10.3 and earlier allows remote attackers to execute arbitrary SQL commands via the orderby parameter to catalog/[id]. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Instantcms
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.5%
CVE-2013-7092 MEDIUM POC This Month

Multiple SQL injection vulnerabilities in /admin/cgi-bin/rpc/doReport/18 in McAfee Email Gateway 7.6 allow remote authenticated users to execute arbitrary SQL commands via the (1) events_col, (2). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Email Gateway
NVD
CVSS 2.0
6.5
EPSS
0.5%
CVE-2013-7095 CRITICAL Act Now

The XML parser (crm_flex_data) in SAP Customer Relationship Management (CRM) 7.02 EHP 2 has unknown impact and attack vectors related to an XML External Entity (XXE) issue. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE SAP Customer Relationship Management
NVD
CVSS 2.0
10.0
EPSS
1.3%
CVE-2013-6809 MEDIUM POC This Month

Format string vulnerability in the client in Tftpd32 before 4.50 allows remote servers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service RCE Tftpd32
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2013-5676 MEDIUM POC This Month

The Jenkins Plugin for SonarQube 3.7 and earlier allows remote authenticated users to obtain sensitive information (cleartext passwords) by reading the value in the sonar.sonarPassword parameter from. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jenkins Jenkins Plugin
NVD Exploit-DB
CVSS 2.0
4.0
EPSS
5.3%
CVE-2013-7094 HIGH This Week

SQL injection vulnerability in the RSDDCVER_COUNT_TAB_COLS function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi SAP Netweaver
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2013-7096 HIGH This Week

Multiple SQL injection vulnerabilities in SAP EMR Unwired allow remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi SAP Emr Unwired
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2013-6958 HIGH This Week

Juniper NetScreen Firewall running ScreenOS 5.4, 6.2, or 6.3, when the Ping of Death screen is disabled, allows remote attackers to cause a denial of service via a crafted packet. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Juniper Screenos Netscreen 5200 Netscreen 5400
NVD
CVSS 2.0
7.1
EPSS
0.7%
CVE-2013-7050 MEDIUM PATCH This Month

The get_main_source_dir function in scripts/uscan.pl in devscripts before 2.13.8, when using USCAN_EXCLUSION, allows remote attackers to execute arbitrary commands via shell metacharacters in a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection RCE Devscripts
NVD
CVSS 2.0
6.8
EPSS
0.8%
CVE-2013-6400 MEDIUM This Month

Xen 4.2.x and 4.3.x, when using Intel VT-d and a PCI device has been assigned, does not clear the flag that suppresses IOMMU TLB flushes when unspecified errors occur, which causes the TLB entries to. Rated medium severity (CVSS 6.8). No vendor patch available.

Privilege Escalation Intel Denial Of Service Xen
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2012-5394 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the CentralAuth extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to hijack the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Mediawiki
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2013-7038 MEDIUM This Month

The MHD_http_unescape function in libmicrohttpd before 0.9.32 might allow remote attackers to obtain sensitive information or cause a denial of service (crash) via unspecified vectors that trigger an. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Libmicrohttpd
NVD
CVSS 2.0
6.4
EPSS
0.9%
CVE-2013-7039 MEDIUM This Month

Stack-based buffer overflow in the MHD_digest_auth_check function in libmicrohttpd before 0.9.32, when MHD_OPTION_CONNECTION_MEMORY_LIMIT is set to a large value, allows remote attackers to cause a. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service RCE Libmicrohttpd
NVD
CVSS 2.0
5.1
EPSS
2.4%
CVE-2013-6048 MEDIUM PATCH This Month

The get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin before 2.0.18 allows remote nodes to cause a denial of service (infinite loop and memory consumption in the munin-html process). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Munin
NVD GitHub
CVSS 2.0
5.0
EPSS
0.5%
CVE-2013-7093 MEDIUM This Month

SAP Network Interface Router (SAProuter) 39.3 SP4 allows remote attackers to bypass authentication and modify the configuration via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Network Interface Router
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-6359 MEDIUM PATCH This Month

Munin::Master::Node in Munin before 2.0.18 allows remote attackers to cause a denial of service (abort data collection for node) via a plugin that uses "multigraph" as a multigraph service name. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Denial Of Service Munin
NVD GitHub
CVSS 2.0
4.3
EPSS
0.7%
CVE-2013-4568 MEDIUM This Month

Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting (XSS). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Mediawiki
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-6005 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Cybozu Dezie before 8.1.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to the Cancel button. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Dezie
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-4567 MEDIUM This Month

Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting (XSS). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Mediawiki
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-4569 MEDIUM This Month

The CleanChanges extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3, when "Group changes by page in recent changes and watchlist" is enabled, allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Mediawiki
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-6957 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the web administrative component in Juniper IDP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to the ACM web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Juniper XSS Idp250 Idp75 Idp800 +1
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-6956 LOW Monitor

Cross-site scripting (XSS) vulnerability in the Secure Access Service Web rewriting feature in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r17, 7.3 before 7.3r8, 7.4. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.

Ivanti Juniper XSS Ive Os
NVD
CVSS 2.0
2.1
EPSS
0.2%
CVE-2013-6394 LOW PATCH Monitor

Percona XtraBackup before 2.1.6 uses a constant string for the initialization vector (IV), which makes it easier for local users to defeat cryptographic protection mechanisms and conduct plaintext. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Information Disclosure Xtrabackup Opensuse
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2013-0348 LOW PATCH Monitor

thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readable permissions for /var/log/thttpd.log, which allows local users to obtain sensitive information by reading the file. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Privilege Escalation Sthttpd Fedora Linux Opensuse +1
NVD
CVSS 2.0
2.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy