Skip to main content
CVE-2013-7102 MEDIUM POC THREAT This Month

Multiple unrestricted file upload vulnerabilities in (1) media-upload.php, (2) media-upload-lncthumb.php, and (3) media-upload-sq_button.php in lib/admin/ in the OptimizePress theme before 1.61 for. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 63.3%.

WordPress PHP File Upload RCE Optimizepress
NVD
CVSS 2.0
6.8
EPSS
63.3%
Threat
4.8
CVE-2013-6449 MEDIUM This Month

The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 47.0% and no vendor patch available.

OpenSSL Denial Of Service
NVD
CVSS 2.0
4.3
EPSS
47.0%
CVE-2013-6890 MEDIUM POC THREAT This Month

denyhosts 2.6 uses an incorrect regular expression when analyzing authentication logs, which allows remote attackers to cause a denial of service (incorrect block of IP addresses) via crafted login. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 11.0%.

Denial Of Service Authentication Bypass Debian Linux Fedora Denyhosts
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
11.0%
CVE-2013-4405 MEDIUM This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allow remote attackers to hijack the authentication of cumin users for. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Red Hat Enterprise Mrg
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-7075 MEDIUM PATCH This Month

The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated backend users to unserialize. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

PHP Deserialization Typo3
NVD
CVSS 2.0
6.5
EPSS
0.4%
CVE-2013-4404 MEDIUM This Month

cumin in Red Hat Enterprise MRG Grid 2.4 does not properly enforce user roles, which allows remote authenticated users to bypass intended role restrictions and obtain sensitive information or perform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Enterprise Mrg
NVD
CVSS 2.0
6.5
EPSS
0.2%
CVE-2013-4549 MEDIUM This Month

QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Qt
NVD
CVSS 2.0
5.0
EPSS
5.2%
CVE-2013-7079 MEDIUM PATCH This Month

Open redirect vulnerability in the OpenID extension in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote attackers to redirect users to. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Open Redirect Typo3
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2013-7080 MEDIUM PATCH This Month

The creating record functionality in Extension table administration library (feuser_adminLib.inc) in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, and 6.0.0 through 6.0.11 allows remote attackers. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Information Disclosure Typo3
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2013-6979 MEDIUM This Month

The VTY authentication implementation in Cisco IOS XE 03.02.xxSE and 03.03.xxSE incorrectly relies on the Linux-IOS internal-network configuration, which allows remote attackers to bypass. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. No vendor patch available.

Apple Cisco Authentication Bypass Ios Xe
NVD
CVSS 2.0
5.4
EPSS
0.3%
CVE-2013-2629 MEDIUM This Month

Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers to bypass authorization via vectors related to the (1) importForm, (2) importFeed, (3) addFavorite, or (4) removeFavorite. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Authentication Bypass Leed
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2013-7081 MEDIUM PATCH This Month

The (old) Form Content Element component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated editors to generate arbitrary. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable.

Privilege Escalation Typo3
NVD
CVSS 2.0
4.9
EPSS
0.2%
CVE-2013-7049 MEDIUM This Month

Stack-based buffer overflow in fish.cpp in the Fish plugin for ZNC, as used in ZNC for Windows (znc-msvc) 0.206 and earlier, allows remote attackers to cause a denial of service (crash) via a long. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Microsoft Znc Msvc
NVD
CVSS 2.0
4.3
EPSS
1.1%
CVE-2013-5973 MEDIUM This Month

VMware ESXi 4.0 through 5.5 and ESX 4.0 and 4.1 allow local users to read or modify arbitrary files by leveraging the Virtual Machine Power User or Resource Pool Administrator role for a vCenter. Rated medium severity (CVSS 4.4). No vendor patch available.

Privilege Escalation VMware Esx ESXi
NVD
CVSS 2.0
4.4
EPSS
0.0%
CVE-2013-4414 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows remote attackers to inject arbitrary web script or HTML via the "Max allowance" field. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat XSS Enterprise Mrg
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-4424 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the GateIn Portal component in Red Hat JBoss Portal 6.1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat XSS Jboss Enterprise Portal Platform
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-7073 MEDIUM PATCH This Month

The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Typo3
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2013-6422 MEDIUM This Month

The GnuTLS backend in libcurl 7.21.4 through 7.33.0, when disabling digital signature verification (CURLOPT_SSL_VERIFYPEER), also disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Debian Linux Ubuntu Linux Libcurl
NVD
CVSS 2.0
4.0
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy