Skip to main content
CVE-2013-5211 MEDIUM POC PATCH THREAT This Month

The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 92.1%.

Denial Of Service Opensuse Ntp Linux
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
92.1%
Threat
5.3
CVE-2013-7223 MEDIUM POC PATCH This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Fat Free CRM before 0.12.1 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, related to the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

CSRF Fat Free Crm
NVD GitHub
CVSS 2.0
6.8
EPSS
0.3%
CVE-2013-7251 MEDIUM POC PATCH This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in ProjectForge before 5.3 allow remote attackers to hijack the authentication of arbitrary users via vectors related to (1) web/admin/, (2). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

CSRF Projectforge
NVD GitHub
CVSS 2.0
6.8
EPSS
0.2%
CVE-2013-7225 MEDIUM POC PATCH This Month

Multiple SQL injection vulnerabilities in app/controllers/home_controller.rb in Fat Free CRM before 0.12.1 allow remote authenticated users to execute arbitrary SQL commands via (1) the homepage. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Fat Free Crm
NVD GitHub
CVSS 2.0
6.5
EPSS
0.5%
CVE-2013-5385 HIGH This Week

The OSPF implementation in IBM i 6.1 and 7.1, in z/OS on zSeries servers, and in Networking Operating System (aka NOS, formerly BLADE Operating System) does not properly validate Link State. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service IBM Z Os
NVD
CVSS 2.0
8.5
EPSS
4.7%
CVE-2013-7249 MEDIUM POC PATCH This Month

Fat Free CRM before 0.12.1 does not restrict XML serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.xml, a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Fat Free Crm
NVD GitHub
CVSS 2.0
5.0
EPSS
0.6%
CVE-2013-7222 MEDIUM POC PATCH This Month

config/initializers/secret_token.rb in Fat Free CRM before 0.12.1 has a fixed FatFreeCRM::Application.config.secret_token value, which makes it easier for remote attackers to spoof signed cookies by. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Fat Free Crm
NVD GitHub
CVSS 2.0
5.0
EPSS
0.6%
CVE-2013-7224 MEDIUM POC PATCH This Month

Fat Free CRM before 0.12.1 does not restrict JSON serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.json. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Fat Free Crm
NVD GitHub
CVSS 2.0
5.0
EPSS
0.6%
CVE-2013-7250 LOW POC PATCH Monitor

Cross-site scripting (XSS) vulnerability in the JsonBuilder implementation in ProjectForge before 5.3 allows remote authenticated users to inject arbitrary web script or HTML via an autocompletion. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

Java XSS Projectforge
NVD GitHub
CVSS 2.0
3.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy