Skip to main content
CVE-2013-7091 MEDIUM POC THREAT This Month

Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 92.4%.

Path Traversal RCE Zimbra Collaboration Suite
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
92.4%
Threat
5.3
CVE-2012-6151 MEDIUM POC THREAT This Month

Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 27.4%.

Denial Of Service Mac Os X Ubuntu Linux Net Snmp
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
27.4%
CVE-2013-7092 MEDIUM POC This Month

Multiple SQL injection vulnerabilities in /admin/cgi-bin/rpc/doReport/18 in McAfee Email Gateway 7.6 allow remote authenticated users to execute arbitrary SQL commands via the (1) events_col, (2). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Email Gateway
NVD
CVSS 2.0
6.5
EPSS
0.5%
CVE-2013-6809 MEDIUM POC This Month

Format string vulnerability in the client in Tftpd32 before 4.50 allows remote servers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service RCE Tftpd32
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2013-5676 MEDIUM POC This Month

The Jenkins Plugin for SonarQube 3.7 and earlier allows remote authenticated users to obtain sensitive information (cleartext passwords) by reading the value in the sonar.sonarPassword parameter from. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jenkins Jenkins Plugin
NVD Exploit-DB
CVSS 2.0
4.0
EPSS
5.3%
CVE-2013-7050 MEDIUM PATCH This Month

The get_main_source_dir function in scripts/uscan.pl in devscripts before 2.13.8, when using USCAN_EXCLUSION, allows remote attackers to execute arbitrary commands via shell metacharacters in a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection RCE Devscripts
NVD
CVSS 2.0
6.8
EPSS
0.8%
CVE-2013-6400 MEDIUM This Month

Xen 4.2.x and 4.3.x, when using Intel VT-d and a PCI device has been assigned, does not clear the flag that suppresses IOMMU TLB flushes when unspecified errors occur, which causes the TLB entries to. Rated medium severity (CVSS 6.8). No vendor patch available.

Privilege Escalation Intel Denial Of Service Xen
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2012-5394 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the CentralAuth extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to hijack the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Mediawiki
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2013-7038 MEDIUM This Month

The MHD_http_unescape function in libmicrohttpd before 0.9.32 might allow remote attackers to obtain sensitive information or cause a denial of service (crash) via unspecified vectors that trigger an. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Libmicrohttpd
NVD
CVSS 2.0
6.4
EPSS
0.9%
CVE-2013-7039 MEDIUM This Month

Stack-based buffer overflow in the MHD_digest_auth_check function in libmicrohttpd before 0.9.32, when MHD_OPTION_CONNECTION_MEMORY_LIMIT is set to a large value, allows remote attackers to cause a. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service RCE Libmicrohttpd
NVD
CVSS 2.0
5.1
EPSS
2.4%
CVE-2013-6048 MEDIUM PATCH This Month

The get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin before 2.0.18 allows remote nodes to cause a denial of service (infinite loop and memory consumption in the munin-html process). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Munin
NVD GitHub
CVSS 2.0
5.0
EPSS
0.5%
CVE-2013-7093 MEDIUM This Month

SAP Network Interface Router (SAProuter) 39.3 SP4 allows remote attackers to bypass authentication and modify the configuration via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Network Interface Router
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-6359 MEDIUM PATCH This Month

Munin::Master::Node in Munin before 2.0.18 allows remote attackers to cause a denial of service (abort data collection for node) via a plugin that uses "multigraph" as a multigraph service name. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Denial Of Service Munin
NVD GitHub
CVSS 2.0
4.3
EPSS
0.7%
CVE-2013-4568 MEDIUM This Month

Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting (XSS). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Mediawiki
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-6005 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Cybozu Dezie before 8.1.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to the Cancel button. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Dezie
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-4567 MEDIUM This Month

Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting (XSS). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Mediawiki
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-4569 MEDIUM This Month

The CleanChanges extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3, when "Group changes by page in recent changes and watchlist" is enabled, allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Mediawiki
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-6957 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the web administrative component in Juniper IDP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to the ACM web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Juniper XSS Idp250 Idp75 Idp800 +1
NVD
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy