Skip to main content
CVE-2013-6976 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in goform/Quick_setup on Cisco EPC3925 devices allows remote attackers to hijack the authentication of administrators for requests that change a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Cisco Epc3925
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.8%
CVE-2013-7100 MEDIUM POC PATCH This Month

Buffer overflow in the unpacksms16 function in apps/app_sms.c in Asterisk Open Source 1.8.x before 1.8.24.1, 10.x before 10.12.4, and 11.x before 11.6.1; Asterisk with Digiumphones 10.x-digiumphones. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Asterisk Asterisk Digiumphones Certified Asterisk
NVD
CVSS 2.0
5.0
EPSS
2.6%
CVE-2013-7112 MEDIUM POC PATCH This Month

The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 does not check for empty lines, which allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Wireshark
NVD
CVSS 2.0
5.0
EPSS
1.1%
CVE-2013-7113 MEDIUM POC PATCH This Month

epan/dissectors/packet-bssgp.c in the BSSGP dissector in Wireshark 1.10.x before 1.10.4 incorrectly relies on a global variable, which allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Wireshark
NVD
CVSS 2.0
5.0
EPSS
1.0%
CVE-2013-7005 MEDIUM POC This Month

D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link Dsr 150 Firmware Dsr 150 Dsr 250 Firmware +12
NVD Exploit-DB
CVSS 2.0
4.9
EPSS
0.0%
CVE-2013-6836 MEDIUM POC This Month

Heap-based buffer overflow in the ms_escher_get_data function in plugins/excel/ms-escher.c in GNOME Office Gnumeric before 1.12.9 allows remote attackers to cause a denial of service (crash) via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Microsoft Gnumeric
NVD
CVSS 2.0
4.3
EPSS
1.2%
CVE-2013-6837 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the setTimeout function in js/jquery.prettyPhoto.js in prettyPhoto 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Prettyphoto
NVD GitHub
CVSS 2.0
4.3
EPSS
0.6%
CVE-2013-7067 MEDIUM PATCH This Month

The OG Features module 6.x-1.x before 6.x-1.4 for Drupal does not properly override pages that have an access callback set to false, which allows remote attackers to bypass intended access. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Privilege Escalation Og Features
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2013-7114 MEDIUM PATCH This Month

Multiple buffer overflows in the create_ntlmssp_v2_key function in epan/dissectors/packet-ntlmssp.c in the NTLMSSP v2 dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 allow remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Denial Of Service Wireshark
NVD
CVSS 2.0
5.0
EPSS
1.0%
CVE-2013-5426 MEDIUM This Month

Session fixation vulnerability in IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1 IF5 and 11.0 before IF1 and InfoSphere Master Data Management Server for Product. Rated medium severity (CVSS 4.9). No vendor patch available.

IBM Authentication Bypass Infosphere Master Data Management Collaboration Server Infosphere Master Data Management Server For Product Information Management
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2013-5462 MEDIUM This Month

IBM/ECMClient/configure/explodedformat/navigator/header.jsp in IBM Content Navigator 2.0.0, 2.0.1 before 2.0.1.2-ICN-FP002, and 2.0.2 before 2.0.2.1-ICN-FP001 allows remote attackers to conduct. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM Content Navigator
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-6717 MEDIUM This Month

The OLAP query engine in IBM DB2 and DB2 Connect 9.7 through FP9, 9.8 through FP5, 10.1 through FP3, and 10.5 through FP2, and the DB2 pureScale Feature 9.8 for Enterprise Server Edition, allows. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service IBM Db2 Db2 Connect Db2 Purescale Feature 9 8
NVD
CVSS 2.0
4.0
EPSS
1.7%
CVE-2013-5422 MEDIUM This Month

The Web Client in IBM Rational ClearQuest 7.1 through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2, when a multi-database dataset exists, allows remote attackers to read database. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM Rational Clearcase
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-6178 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer GRC 5.x before 5.4 SP1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Rsa Archer Egrc
NVD
CVSS 2.0
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy