Skip to main content
CVE-2013-6932 HIGH Act Now

Buffer overflow in IrfanView before 4.37, when a multibyte-character directory name is used, allows user-assisted remote attackers to execute arbitrary code via a crafted file that is incorrectly. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. Epss exploitation probability 15.0% and no vendor patch available.

Buffer Overflow RCE Irfanview
NVD
CVSS 2.0
7.6
EPSS
15.0%
CVE-2013-6808 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in lib/NSSDropoff.php in ZendTo before 4.11-13 allows remote attackers to inject arbitrary web script or HTML via a modified emailAddr field to pickup.php. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Zendto
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-7149 HIGH This Week

SQL injection vulnerability in www/delivery/axmlrpc.php (aka the XML-RPC delivery invocation script) in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Openx Revive Adserver
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2013-6182 HIGH This Week

Unquoted Windows search path vulnerability in EMC Replication Manager before 5.5 allows local users to gain privileges via a crafted application in a parent directory of an intended directory. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Replication Manager
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2013-6886 HIGH This Week

RealVNC VNC 5.0.6 on Mac OS X, Linux, and UNIX allows local users to gain privileges via a crafted argument to the (1) vncserver, (2) vncserver-x11, or (3) Xvnc helper. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Realvnc
NVD
CVSS 2.0
7.2
EPSS
0.0%
CVE-2013-6929 MEDIUM This Month

SQL injection vulnerability in Cybozu Garoon 3.7 SP2 and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted API input. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Garoon
NVD
CVSS 2.0
6.5
EPSS
0.4%
CVE-2013-6981 MEDIUM This Month

Cisco IOS XE 3.7S(.1) and earlier allows remote attackers to cause a denial of service (Packet Processor crash) via fragmented MPLS IP packets, aka Bug ID CSCul00709. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Cisco Ios Xe
NVD
CVSS 2.0
5.4
EPSS
2.8%
CVE-2013-6006 MEDIUM This Month

Cybozu Garoon 3.5 through 3.7 SP2 allows remote attackers to bypass Keitai authentication via a modified user ID in a request. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Garoon
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2013-6812 MEDIUM This Month

The ONEDC app before 1.7 for iOS does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Apple Onedc
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2013-1096 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Roles Based Provisioning Module 4.0.2 before Field Patch D for Novell Identity Manager (aka IDM) allows remote attackers to inject arbitrary web script. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Identity Manager Roles Based Provisioning Module
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2013-6181 LOW Monitor

EMC Watch4Net before 6.3 stores cleartext polled-device passwords in the installation repository, which allows local users to obtain sensitive information by leveraging repository privileges. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Watch4Net
NVD
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy