Skip to main content
CVE-2013-6420 HIGH POC PATCH THREAT Act Now

The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 40.2%.

Denial Of Service Buffer Overflow PHP OpenSSL RCE +2
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
40.2%
Threat
4.2
CVE-2013-6883 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in CRU Ditto Forensic FieldStation with firmware before 2013Oct15a allows remote attackers to hijack the authentication of administrators for requests. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Ditto Forensic Fieldstation Firmware Ditto Forensic Fieldstation
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
3.8%
CVE-2013-6882 MEDIUM POC THREAT This Month

Multiple cross-site scripting (XSS) vulnerabilities in CRU Ditto Forensic FieldStation with firmware 2013Oct15a and earlier allow (1) remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 11.3%.

XSS Ditto Forensic Fieldstation Firmware Ditto Forensic Fieldstation
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
11.3%
CVE-2013-6038 MEDIUM This Month

Stack-based buffer overflow in Trimble SketchUp Viewer 13.0.4124 allows remote attackers to execute arbitrary code via a crafted .SKP file. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow RCE Sketchup Viewer
NVD
CVSS 2.0
6.8
EPSS
8.1%
CVE-2013-6925 HIGH This Week

The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 allows remote attackers to hijack web sessions by predicting a session id value. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable. No vendor patch available.

Siemens Information Disclosure Ruggedcom Rugged Operating System
NVD
CVSS 2.0
8.3
EPSS
0.6%
CVE-2013-7129 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in ThemeBeans Blooog theme 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the jQuery parameter to assets/js/jplayer.swf. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress XSS Blooog Theme
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-6329 HIGH PATCH This Week

IBM Global Security Kit (aka GSKit), as used in Content Manager OnDemand 8.5 and 9.0 and other products, allows remote attackers to cause a denial of service via a crafted handshake during resumption. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service IBM Content Manager Ondemand For Multiplatforms Global Security Kit Security Access Manager For Web
NVD
CVSS 2.0
7.8
EPSS
2.4%
CVE-2013-6926 HIGH This Week

The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 allows remote authenticated users to bypass intended restrictions on administrative actions by leveraging access to a (1) guest or. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Siemens Authentication Bypass Ruggedcom Rugged Operating System
NVD
CVSS 2.0
8.0
EPSS
0.3%
CVE-2013-2814 HIGH This Week

Cooper Power Systems Cybectec DNP3 Master OPC Server allows remote attackers to cause a denial of service (unhandled exception and process crash) via unspecified vectors. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Dnp3 Master Opc Server
NVD
CVSS 2.0
7.1
EPSS
0.5%
CVE-2013-2813 HIGH This Week

The DNP3 component in Cooper Power Systems SMP 4, 4/DP, and 16 gateways allows remote attackers to cause a denial of service (reboot or link outage) via a crafted DNP3 TCP packet. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Smp 16 Gateway Data Concentrator Smp 4 Dp Gateway Data Concentrator Smp 4 Gateway Data Concentrator
NVD
CVSS 2.0
7.1
EPSS
0.5%
CVE-2013-6192 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in HP Operations Orchestration before 9 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF HP Operations Orchestration
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-6966 MEDIUM This Month

Open redirect vulnerability in Cisco WebEx Training Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul36031. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Open Redirect Cisco Webex Training Center
NVD
CVSS 2.0
5.8
EPSS
0.5%
CVE-2013-6193 MEDIUM This Month

Unspecified vulnerability on HP LaserJet M1522n and M2727; LaserJet Pro 100, 300, 400, CM1415fnw, CP1*, M121*, M1536dnf, and P1*; Color LaserJet CM* and CP*; and TopShot LaserJet Pro M275 printers. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service HP Color Laserjet Cm1312Nfi Multifunction Printer Color Laserjet Cm2320N Multifunction Printer Color Laserjet Cp1515 +22
NVD
CVSS 2.0
5.0
EPSS
1.3%
CVE-2013-2816 MEDIUM This Month

The DNP3 component in Cooper Power Systems SMP 4, 4/DP, and 16 gateways allows physically proximate attackers to cause a denial of service (reboot or link outage) via crafted input over a serial line. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Smp 16 Gateway Data Concentrator Smp 4 Dp Gateway Data Concentrator Smp 4 Gateway Data Concentrator
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2013-6191 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in HP Operations Orchestration before 9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

HP XSS Operations Orchestration
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2013-6733 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Web Application in the Classic Meeting Server in IBM Sametime 7.5.1.2 through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Sametime
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-6327 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the HTTP Option in IBM Sterling Connect:Enterprise 1.3 before 1.3.0.2 iFix 1 and 1.4 before 1.4.0.0 iFix 1 allows remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Sterling Connect Enterprise Http Option
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-6721 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x before 7.5.0.4 and 8.x through 8.0.0.2 allows remote authenticated users to inject arbitrary web. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

IBM XSS Websphere Service Registry And Repository
NVD
CVSS 2.0
3.5
EPSS
0.3%
CVE-2013-7127 LOW Monitor

Apple Safari 6.0.5 on Mac OS X 10.7.5 and 10.8.5 stores cleartext credentials in LastSession.plist, which allows local users to obtain sensitive information by reading this file. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Safari Mac Os X
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2013-7128 LOW Monitor

Valve Bug Reporter in the valve-bugreporter package 2.10+bsos1 in Valve SteamOS Beta stores cleartext credentials in a .valve-bugreporter.cfg file upon a Remember Credentials action, which allows. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Steamos
NVD GitHub
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy