Skip to main content
CVE-2013-4858 MEDIUM POC THREAT This Month

Microsoft Windows Movie Maker 2.1.4026.0 on Windows XP SP3 allows remote attackers to cause a denial of service (application crash) via a crafted .wav file, as demonstrated by movieMaker.wav. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 23.4%.

Denial Of Service Microsoft Windows Movie Maker
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
23.4%
CVE-2013-7233 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in the retrospam component in wp-admin/options-discussion.php in WordPress 2.0.11 and earlier allows remote attackers to hijack the authentication of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF PHP WordPress
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.3%
CVE-2013-7209 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in admBase/login.page in the Admin module in JForum allows remote attackers to hijack the authentication of administrators for requests that change the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Jforum
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-5220 MEDIUM POC This Month

goform/login on the HOT HOTBOX router with software 2.1.11 allows remote attackers to cause a denial of service (device crash) via crafted HTTP POST data. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Hotbox Router Firmware Hotbox Router
NVD Exploit-DB
CVSS 2.0
6.1
EPSS
0.7%
CVE-2013-5038 MEDIUM POC This Month

The HOT HOTBOX router with software 2.1.11 allows remote attackers to bypass authentication by configuring a source IP address that had previously been used for an authenticated session. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Hotbox Router Firmware Hotbox Router
NVD Exploit-DB
CVSS 2.0
5.8
EPSS
0.8%
CVE-2013-5039 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in goform/wlanBasicSecurity on the HOT HOTBOX router with software 2.1.11 allows remote attackers to hijack the authentication of administrators for. Rated medium severity (CVSS 5.4). Public exploit code available and no vendor patch available.

CSRF Hotbox Router Firmware Hotbox Router
NVD Exploit-DB
CVSS 2.0
5.4
EPSS
0.1%
CVE-2013-5219 LOW POC Monitor

Directory traversal vulnerability on the HOT HOTBOX router with software 2.1.11 allows remote attackers to read arbitrary files via a .. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Hotbox Router Firmware Hotbox Router
NVD Exploit-DB
CVSS 2.0
3.3
EPSS
1.5%
CVE-2013-7232 HIGH This Week

SQL injection vulnerability in ESRI ArcGIS for Server through 10.2 allows remote attackers to execute arbitrary SQL commands via unspecified input to the map or feature service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Arcgis Server
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2013-5037 LOW POC Monitor

The HOT HOTBOX router with software 2.1.11 has a default WPS PIN of 12345670, which makes it easier for remote attackers to obtain the WPA or WPA2 pre-shared key via EAP messages. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Hotbox Router Firmware Hotbox Router
NVD Exploit-DB
CVSS 2.0
3.3
EPSS
0.7%
CVE-2013-5218 LOW POC Monitor

Cross-site scripting (XSS) vulnerability on the HOT HOTBOX router with software 2.1.11 allows remote attackers to inject arbitrary web script or HTML via a crafted DHCP Host Name option, which is not. Rated low severity (CVSS 2.9). Public exploit code available and no vendor patch available.

XSS Hotbox Router Firmware Hotbox Router
NVD Exploit-DB
CVSS 2.0
2.9
EPSS
0.8%
CVE-2013-5210 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the GUI login page in ADTRAN AOS before R10.8.1 on the NetVanta 7100 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Aos Netvanta 7060 Netvanta 7100
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-7231 LOW Monitor

Cross-site scripting (XSS) vulnerability in the Mobile Content Server in ESRI ArcGIS for Server 10.1 and 10.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS Arcgis Server
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-5222 LOW Monitor

Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Server 10.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS Arcgis Server
NVD
CVSS 2.0
3.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy