Skip to main content
CVE-2013-7260 HIGH POC THREAT Act Now

Multiple stack-based buffer overflows in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before 12.0.1.1738, allow remote attackers to execute arbitrary code via a long (1). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 79.3%.

Buffer Overflow Microsoft RCE Realplayer
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
79.3%
Threat
5.4
CVE-2013-7240 MEDIUM POC THREAT This Month

Directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 41.5%.

WordPress PHP Path Traversal Advanced Dewplayer
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
41.5%
CVE-2013-6992 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in askapache-firefox-adsense.php in the AskApache Firefox Adsense plugin 3.0 and earlier for WordPress allows remote attackers to hijack the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Mozilla WordPress XSS PHP +1
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-6991 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the WP-Cron Dashboard plugin 1.1.5 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the procname parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress PHP XSS Wp Cron Dashboard
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-6993 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Ad-minister plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the key parameter in a delete. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress PHP XSS Ad Minister
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-0791 MEDIUM This Month

Integer overflow in the license_read_scope_list function in libfreerdp/core/license.c in FreeRDP through 1.0.2 allows remote RDP servers to cause a denial of service (application crash) or possibly. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Freerdp
NVD GitHub
CVSS 2.0
6.8
EPSS
1.5%
CVE-2013-7256 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in Opsview before 4.4.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Opsview
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-7255 MEDIUM This Month

Open redirect vulnerability in Opsview before 4.4.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Open Redirect Opsview
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2013-6953 MEDIUM This Month

BlogEngine.NET 2.8.0.0 and earlier allows remote attackers to read usernames and password hashes via a request for the sioc.axd file. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Blogengine Net
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2013-2119 MEDIUM PATCH This Month

Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary "config". Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity.

Privilege Escalation Denial Of Service Passenger Openshift
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2013-7258 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in web2ldap 1.1.x before 1.1.49 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "displaying group DN and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Web2Ldap
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-7257 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Codiad 2.0.7 allows remote attackers to inject arbitrary web script or HTML via the Project Name field. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Codiad
NVD GitHub
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-7254 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Opsview before 4.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Opsview
NVD
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy