Skip to main content
CVE-2013-6040 HIGH POC This Week

MW6 Aztec, DataMatrix, and MaxiCode ActiveX controls before version 4.0 vulnerable to arbitrary code via a crafted HTML document. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Aztec Activex Control Datamatrix Activex Control Maxicode Activex Control
NVD Exploit-DB
CVSS 3.1
8.1
EPSS
7.1%
CVE-2014-1618 HIGH POC This Week

Multiple SQL injection vulnerabilities in UAEPD Shopping Cart Script allow remote attackers to execute arbitrary SQL commands via the (1) cat_id or (2) p_id parameter to products.php or id parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Shopping Cart Script
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
3.6%
CVE-2013-2594 HIGH POC This Week

SQL injection vulnerability in reports/calldiary.php in Hornbill Supportworks ITSM 1.0.0 through 3.4.14 allows remote attackers to execute arbitrary SQL commands via the callref parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Supportworks Itsm
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
3.2%
CVE-2014-1619 HIGH POC This Week

Multiple SQL injection vulnerabilities in Cubic CMS 5.1.1, 5.1.2, and 5.2 allow remote attackers to execute arbitrary SQL commands via the (1) resource_id or (2) version_id parameter to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Cubic Cms
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.6%
CVE-2013-7219 HIGH POC This Week

SQL injection vulnerability in vote.php in the 2Glux Sexy Polling (com_sexypolling) component before 1.0.9 for Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Com Sexypolling
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.2%
CVE-2013-0339 MEDIUM POC This Month

libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Privilege Escalation Denial Of Service XXE Libxml2 Ubuntu Linux +2
NVD
CVSS 2.0
6.8
EPSS
1.8%
CVE-2013-6922 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the Seagate BlackArmor NAS 220 devices with firmware sg2000-2000.1331 allow remote attackers to hijack the authentication of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF PHP Blackarmor Nas 220 Firmware Blackarmor Nas 220
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.7%
CVE-2013-4200 MEDIUM POC PATCH This Month

The isURLInPortal method in the URLTool class in in_portal.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 treats URLs starting with a space as a relative URL, which allows. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available.

Privilege Escalation Plone
NVD Exploit-DB
CVSS 2.0
5.8
EPSS
5.3%
CVE-2013-6872 MEDIUM POC PATCH This Month

SQL injection vulnerability in managetimetracker.php in Collabtive before 1.2 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a projectpdf action. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP SQLi Collabtive
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
1.7%
CVE-2013-0340 MEDIUM POC This Month

expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service XXE Libexpat Python Ipados +4
NVD GitHub
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-1361 CRITICAL Act Now

Untrusted search path vulnerability in Lenovo Thinkpad Bluetooth with Enhanced Data Rate Software 6.4.0.2900 and earlier allows local users, and possibly remote attackers, to execute arbitrary code. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Lenovo RCE Thinkpad Bluetooth With Enhanced Data Rate Software
NVD
CVSS 2.0
9.3
EPSS
5.4%
CVE-2013-0485 CRITICAL Act Now

Unspecified vulnerability in IBM Java SDK 7 before SR4-FP1, 6 before SR13-FP1, 5.0 before SR16-FP1, and 1.4.2 before SR13-FP16 has unknown impact and attack vectors related to Class Libraries. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Information Disclosure IBM
NVD
CVSS 2.0
10.0
EPSS
1.2%
CVE-2013-5986 CRITICAL Act Now

Unspecified vulnerability in NVIDIA graphics driver Release 331, 325, 319, 310, and 304 has unknown impact and attack vectors, a different vulnerability than CVE-2013-5987. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nvidia Information Disclosure Gpu Driver
NVD
CVSS 2.0
10.0
EPSS
0.6%
CVE-2012-2997 MEDIUM POC This Month

XML External Entity (XXE) vulnerability in sam/admin/vpe2/public/php/server.php in F5 BIG-IP 10.0.0 through 10.2.4 and 11.0.0 through 11.2.1 allows remote authenticated users to read arbitrary files. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure XXE Big Ip Configuration Utility
NVD Exploit-DB
CVSS 2.0
4.0
EPSS
8.8%
CVE-2013-4884 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in McAfee SuperScan 4.0 allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded sequences in a server response, which is not properly. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Superscan
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
2.6%
CVE-2014-0753 HIGH PATCH This Week

Stack-based buffer overflow in the SCADA server in Ecava IntegraXor before 4.1.4390 allows remote attackers to cause a denial of service (system crash) by triggering access to DLL code located in the. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity.

Stack Overflow Buffer Overflow Denial Of Service Integraxor
NVD
CVSS 2.0
7.8
EPSS
3.1%
CVE-2014-1620 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in add.php in HIOX Guest Book (HGB) 5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name1, (2) email, or (3) cmt. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Hiox Guest Book
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-5987 HIGH This Week

Unspecified vulnerability in NVIDIA graphics driver Release 331, 325, 319, 310, and 304 allows local users to bypass intended access restrictions for the GPU and gain privileges via unknown vectors. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Authentication Bypass Gpu Driver Mac Os X
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2013-2151 HIGH This Week

Unquoted Windows search path vulnerability in Red Hat Enterprise Virtualization (RHEV) 3 and 3.2 allows local users to gain privileges via a crafted application in an unspecified folder. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Information Disclosure Microsoft Enterprise Virtualization
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2013-2152 HIGH This Week

Unquoted Windows search path vulnerability in the SPICE service, as used in Red Hat Enterprise Virtualization (RHEV) 3.2, allows local users to gain privileges via a crafted application in an. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Information Disclosure Microsoft Enterprise Virtualization
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2012-6634 MEDIUM This Month

wp-admin/media-upload.php in WordPress before 3.3.3 allows remote attackers to obtain sensitive information or bypass intended media-attachment restrictions via a post_id value. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Privilege Escalation PHP
NVD
CVSS 2.0
6.4
EPSS
0.8%
CVE-2014-1452 MEDIUM This Month

Stack-based buffer overflow in lib/snmpagent.c in bsnmpd, as used in FreeBSD 8.3 through 10.0, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service RCE Freebsd
NVD
CVSS 2.0
5.8
EPSS
0.6%
CVE-2013-2104 MEDIUM PATCH This Month

python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Folsom), does not properly check expiry for PKI tokens, which allows remote authenticated users to (1) retain use of a token after. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Python Privilege Escalation Python Keystoneclient
NVD
CVSS 2.0
5.5
EPSS
0.8%
CVE-2013-4160 MEDIUM This Month

Little CMS (lcms2) before 2.5, as used in OpenJDK 7 and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to (1). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Little Cms Color Engine
NVD GitHub
CVSS 2.0
5.0
EPSS
1.1%
CVE-2013-1769 MEDIUM PATCH This Month

A certain hashing algorithm in Telepathy Gabble 0.16.x before 0.16.5 and 0.17.x before 0.17.3 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Telepathy Gabble
NVD
CVSS 2.0
5.0
EPSS
0.9%
CVE-2012-6633 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php in WordPress before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via an editable slug field. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

WordPress PHP XSS
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-4030 MEDIUM This Month

Integrated Management Module (IMM) 2 1.00 through 2.00 on IBM System X and Flex System servers supports SSL cipher suites with short keys, which makes it easier for remote attackers to defeat. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM Integrated Management Module 2 Bladecenter Flex System Manager Node 7955 +28
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-6305 MEDIUM This Month

IBM Platform Symphony 5.2 before build 229037 and 6.1.0.1 before build 229073 uses the same credentials encryption key across different customers' installations, which makes it easier for. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM Platform Symphony
NVD
CVSS 2.0
4.3
EPSS
0.1%
CVE-2012-6635 MEDIUM This Month

wp-admin/includes/class-wp-posts-list-table.php in WordPress before 3.3.3 does not properly restrict excerpt-view access, which allows remote authenticated users to obtain sensitive information by. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Privilege Escalation PHP
NVD
CVSS 2.0
4.0
EPSS
0.7%
CVE-2013-1923 LOW Monitor

rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for server names during GSSAPI authentication, which might allow remote attackers to read otherwise-restricted files via DNS. Rated low severity (CVSS 3.2). No vendor patch available.

Information Disclosure Nfs Utils
NVD
CVSS 2.0
3.2
EPSS
0.4%
CVE-2013-5429 LOW Monitor

The Risk Based Access functionality in IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 before FP9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.2 before FP9 does not prevent. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.

IBM Authentication Bypass Tivoli Federated Identity Manager
NVD
CVSS 2.0
2.1
EPSS
0.2%
CVE-2013-0157 LOW Monitor

(a) mount and (b) umount in util-linux 2.14.1, 2.17.2, and probably other versions allow local users to determine the existence of restricted directories by (1) using the --guess-fstype command-line. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Util Linux
NVD
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy