Skip to main content
CVE-2013-6955 CRITICAL POC THREAT Emergency

webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 83.3%.

Privilege Escalation Synology RCE Diskstation Manager
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
83.3%
Threat
6.0
CVE-2013-6462 CRITICAL POC THREAT Emergency

Stack-based buffer overflow in the bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont 1.1 through 1.4.6 allows remote attackers to cause a denial of service (crash) or possibly execute. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 12.0%.

Buffer Overflow Denial Of Service RCE Libxfont
NVD
CVSS 2.0
9.3
EPSS
12.0%
CVE-2013-7283 CRITICAL POC PATCH Act Now

Race condition in the libreswan.spec files for Red Hat Enterprise Linux (RHEL) and Fedora packages in libreswan 3.6 has unspecified impact and attack vectors, involving the /var/tmp/libreswan-nss-pwd. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available.

Red Hat Information Disclosure Race Condition Libreswan
NVD GitHub
CVSS 2.0
9.3
EPSS
0.3%
CVE-2013-7139 HIGH POC This Week

SQL injection vulnerability in download.php in Horizon Quick Content Management System (QCMS) 4.0 and earlier allows remote to execute arbitrary SQL commands via the category parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Horizon Quick Content Management System
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.3%
CVE-2013-6923 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Seagate BlackArmor NAS 220 devices with firmware sg2000-2000.1331 allow remote attackers to inject arbitrary web script or HTML via the (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Blackarmor Nas 220 Firmware Blackarmor Nas 220
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
5.4%
CVE-2013-7138 MEDIUM POC This Month

Directory traversal vulnerability in lib/functions/d-load.php in Horizon Quick Content Management System (QCMS) 4.0 and earlier allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Horizon Quick Content Management System
NVD
CVSS 2.0
5.0
EPSS
0.1%
CVE-2013-4353 MEDIUM This Month

The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 22.5% and no vendor patch available.

OpenSSL Denial Of Service
NVD
CVSS 2.0
4.3
EPSS
22.5%
CVE-2013-7174 HIGH This Week

Absolute path traversal vulnerability in cgi-bin/jc.cgi in QNAP QTS before 4.1.0 allows remote attackers to read arbitrary files via a full pathname in the f parameter. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Path Traversal Qts
NVD
CVSS 2.0
7.8
EPSS
1.4%
CVE-2014-0752 HIGH PATCH This Week

The SCADA server in Ecava IntegraXor before 4.1.4369 allows remote attackers to read arbitrary project backup files via a crafted URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Integraxor
NVD
CVSS 2.0
7.5
EPSS
2.6%
CVE-2013-5359 HIGH This Week

Stack-based buffer overflow in Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 might allow remote attackers to execute arbitrary code via a crafted RAW file, as demonstrated using a KDC file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Google RCE Picasa
NVD
CVSS 2.0
7.5
EPSS
2.6%
CVE-2013-5357 HIGH This Week

Integer overflow in Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 allows remote attackers to execute arbitrary code via a long TIFF tag that triggers a heap-based buffer overflow, as. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Google RCE Picasa
NVD
CVSS 2.0
7.5
EPSS
2.6%
CVE-2013-5349 HIGH This Week

Integer underflow in Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 allows remote attackers to execute arbitrary code via a crafted JPEG tag that triggers a heap-based buffer overflow, as. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Google RCE Picasa
NVD
CVSS 2.0
7.5
EPSS
2.6%
CVE-2013-5358 HIGH This Week

Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 allows remote attackers to trigger memory corruption via a crafted TIFF tag, as demonstrated using a KDC file with a DSLR-A100 model and certain. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Google Picasa
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2013-6997 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange (OX) AppSuite 7.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an HTML email with crafted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft XSS Open Xchange Appsuite
NVD
CVSS 2.0
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy