Skip to main content
CVE-2013-6877 CRITICAL POC THREAT Emergency

Heap-based buffer overflow in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before 12.0.1.1738, allows remote attackers to execute arbitrary code via a long string in the. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 35.0%.

Buffer Overflow Microsoft RCE Realplayer
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
35.0%
Threat
4.4
CVE-2013-4776 HIGH POC THREAT Act Now

NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier, GS748Tv4 5.4.1.14, and GS510TP 5.0.4.4 allows remote attackers to cause a denial of service (reboot or crash) via a crafted. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 38.0%.

Denial Of Service Netgear Prosafe Firmware Prosafe Gs748T Prosafe Gs510Tp +2
NVD Exploit-DB
CVSS 2.0
7.8
EPSS
38.0%
Threat
4.2
CVE-2013-7136 CRITICAL POC THREAT Emergency

The UPC Ireland Cisco EPC 2425 router (aka Horizon Box) does not have a sufficiently large number of possible WPA-PSK passphrases, which makes it easier for remote attackers to obtain access via a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 15.5%.

Information Disclosure Cisco Ireland Cisco Epc2425
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
15.5%
CVE-2013-5946 CRITICAL POC Act Now

The runShellCmd function in systemCheck.htm in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link Dsr 500 Firmware Dsr 500 Dsr 150N Firmware +12
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
6.3%
CVE-2013-4775 HIGH POC THREAT Act Now

NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier; GS748Tv4 with firmware 5.4.1.14; GS510TP with firmware 5.4.0.6; GS752TPS, GS728TPS, GS728TS, and GS725TS with firmware. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 11.6%.

Information Disclosure Netgear Prosafe Firmware Prosafe Gs725Ts Prosafe Gs728Tps +8
NVD Exploit-DB
CVSS 2.0
7.8
EPSS
11.6%
CVE-2013-7086 HIGH POC This Week

The message function in lib/webbynode/notify.rb in the Webbynode gem 1.0.5.3 and earlier for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Webbynode
NVD GitHub
CVSS 2.0
7.5
EPSS
2.1%
CVE-2013-7004 HIGH POC This Week

D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dsr 500 Firmware Dsr 500 Dsr 150N Firmware +12
NVD Exploit-DB
CVSS 2.0
7.8
EPSS
0.3%
CVE-2013-6824 HIGH POC PATCH This Week

Zabbix before 1.8.19rc1, 2.0 before 2.0.10rc1, and 2.2 before 2.2.1rc1 allows remote Zabbix servers and proxies to execute arbitrary commands via a newline in a flexible user parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Code Injection RCE Zabbix
NVD
CVSS 2.0
7.5
EPSS
1.5%
CVE-2013-6976 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in goform/Quick_setup on Cisco EPC3925 devices allows remote attackers to hijack the authentication of administrators for requests that change a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Cisco Epc3925
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.8%
CVE-2013-7100 MEDIUM POC PATCH This Month

Buffer overflow in the unpacksms16 function in apps/app_sms.c in Asterisk Open Source 1.8.x before 1.8.24.1, 10.x before 10.12.4, and 11.x before 11.6.1; Asterisk with Digiumphones 10.x-digiumphones. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Asterisk Asterisk Digiumphones Certified Asterisk
NVD
CVSS 2.0
5.0
EPSS
2.6%
CVE-2013-7112 MEDIUM POC PATCH This Month

The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 does not check for empty lines, which allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Wireshark
NVD
CVSS 2.0
5.0
EPSS
1.1%
CVE-2013-7113 MEDIUM POC PATCH This Month

epan/dissectors/packet-bssgp.c in the BSSGP dissector in Wireshark 1.10.x before 1.10.4 incorrectly relies on a global variable, which allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Wireshark
NVD
CVSS 2.0
5.0
EPSS
1.0%
CVE-2013-7005 MEDIUM POC This Month

D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link Dsr 150 Firmware Dsr 150 Dsr 250 Firmware +12
NVD Exploit-DB
CVSS 2.0
4.9
EPSS
0.0%
CVE-2013-6836 MEDIUM POC This Month

Heap-based buffer overflow in the ms_escher_get_data function in plugins/excel/ms-escher.c in GNOME Office Gnumeric before 1.12.9 allows remote attackers to cause a denial of service (crash) via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Microsoft Gnumeric
NVD
CVSS 2.0
4.3
EPSS
1.2%
CVE-2013-6837 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the setTimeout function in js/jquery.prettyPhoto.js in prettyPhoto 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Prettyphoto
NVD GitHub
CVSS 2.0
4.3
EPSS
0.6%
CVE-2013-7067 MEDIUM PATCH This Month

The OG Features module 6.x-1.x before 6.x-1.4 for Drupal does not properly override pages that have an access callback set to false, which allows remote attackers to bypass intended access. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Privilege Escalation Og Features
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2013-7114 MEDIUM PATCH This Month

Multiple buffer overflows in the create_ntlmssp_v2_key function in epan/dissectors/packet-ntlmssp.c in the NTLMSSP v2 dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 allow remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Denial Of Service Wireshark
NVD
CVSS 2.0
5.0
EPSS
1.0%
CVE-2013-5426 MEDIUM This Month

Session fixation vulnerability in IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1 IF5 and 11.0 before IF1 and InfoSphere Master Data Management Server for Product. Rated medium severity (CVSS 4.9). No vendor patch available.

IBM Authentication Bypass Infosphere Master Data Management Collaboration Server Infosphere Master Data Management Server For Product Information Management
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2013-5462 MEDIUM This Month

IBM/ECMClient/configure/explodedformat/navigator/header.jsp in IBM Content Navigator 2.0.0, 2.0.1 before 2.0.1.2-ICN-FP002, and 2.0.2 before 2.0.2.1-ICN-FP001 allows remote attackers to conduct. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM Content Navigator
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-6717 MEDIUM This Month

The OLAP query engine in IBM DB2 and DB2 Connect 9.7 through FP9, 9.8 through FP5, 10.1 through FP3, and 10.5 through FP2, and the DB2 pureScale Feature 9.8 for Enterprise Server Edition, allows. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service IBM Db2 Db2 Connect Db2 Purescale Feature 9 8
NVD
CVSS 2.0
4.0
EPSS
1.7%
CVE-2013-5422 MEDIUM This Month

The Web Client in IBM Rational ClearQuest 7.1 through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2, when a multi-database dataset exists, allows remote attackers to read database. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM Rational Clearcase
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-6178 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer GRC 5.x before 5.4 SP1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Rsa Archer Egrc
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-5452 LOW Monitor

IBM FileNet Business Process Framework 4.1.0 allows remote authenticated users to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure XXE IBM Filenet Business Process Framework
NVD
CVSS 2.0
3.5
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy