Skip to main content
CVE-2013-5667 CRITICAL POC Act Now

The Thecus NAS server N8800 with firmware 5.03.01 allows remote attackers to execute arbitrary commands via a get_userid action with shell metacharacters in the username parameter. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N8800 Nas Server Firmware N8800 Nas Server
NVD
CVSS 2.0
10.0
EPSS
3.0%
CVE-2013-5669 HIGH POC This Week

The Thecus NAS server N8800 with firmware 5.03.01 uses cleartext credentials for administrative authentication, which allows remote attackers to obtain sensitive information by sniffing the network. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass N8800 Nas Server Firmware N8800 Nas Server
NVD
CVSS 2.0
7.8
EPSS
1.6%
CVE-2013-5668 HIGH POC This Week

The ADS/NT Support page on the Thecus NAS server N8800 with firmware 5.03.01 allows remote attackers to discover the administrator credentials by reading this page's cleartext content. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass N8800 Nas Server Firmware N8800 Nas Server
NVD
CVSS 2.0
7.8
EPSS
1.2%
CVE-2013-7184 MEDIUM POC THREAT This Month

Gretech GOM Media Player 2.2.56.5158 and earlier allows remote attackers to cause a denial of service (memory corruption) via a crafted AVI file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 12.2%.

Buffer Overflow Denial Of Service Gom Player
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
12.2%
CVE-2013-7316 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in GitLab 6.0 and other versions before 6.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML file, as demonstrated by. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Gitlab XSS
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
1.3%
CVE-2014-1252 HIGH This Week

Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Apple Microsoft RCE Pages +2
NVD
CVSS 2.0
7.5
EPSS
4.1%
CVE-2013-1886 HIGH This Week

Format string vulnerability in the token processing system (pki-tps) in Red Hat Certificate System (RHCS) 8.1 and possibly Dogtag Certificate System 9 and 10 allows remote authenticated users to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Denial Of Service RCE Certificate System Dogtag Certificate System
NVD
CVSS 2.0
7.5
EPSS
1.7%
CVE-2014-1475 HIGH This Week

The OpenID module in Drupal 6.x before 6.30 and 7.x before 7.26 allows remote OpenID users to authenticate as other users via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Drupal
NVD
CVSS 2.0
7.5
EPSS
0.8%
CVE-2013-5350 HIGH This Week

The "Remember me" feature in the opSecurityUser::getRememberLoginCookie function in lib/user/opSecurityUser.class.php in OpenPNE 3.6.13 before 3.6.13.1 and 3.8.9 before 3.8.9.1 does not properly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP RCE Openpne
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2014-0674 MEDIUM This Month

Cisco Video Surveillance Operations Manager (VSOM) does not require authentication for MySQL database connections, which allows remote attackers to obtain sensitive information, modify data, or cause. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Cisco Authentication Bypass Video Surveillance Operations Manager
NVD
CVSS 2.0
6.8
EPSS
1.7%
CVE-2013-6458 MEDIUM This Month

Multiple race conditions in the (1) virDomainBlockStats, (2) virDomainGetBlockInf, (3) qemuDomainBlockJobImpl, and (4) virDomainGetBlockIoTune functions in libvirt before 1.2.1 do not properly verify. Rated medium severity (CVSS 6.8). No vendor patch available.

Denial Of Service Race Condition Libvirt
NVD
CVSS 2.0
6.8
EPSS
0.9%
CVE-2013-7175 MEDIUM This Month

Multiple SQL injection vulnerabilities in Avanset Visual CertExam Manager 3.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) Title, (2) File name, or (3). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Visual Certexam Manager
NVD
CVSS 2.0
6.5
EPSS
1.0%
CVE-2014-1447 LOW Monitor

Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause a denial of service (libvirtd crash) by closing a connection before a. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Epss exploitation probability 11.7% and no vendor patch available.

Denial Of Service Race Condition Libvirt
NVD
CVSS 2.0
3.3
EPSS
11.7%
CVE-2013-6457 MEDIUM This Month

The libxlDomainGetNumaParameters function in the libxl driver (libxl/libxl_driver.c) in libvirt before 1.2.1 does not properly initialize the nodemap, which allows local users to cause a denial of. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Denial Of Service RCE Libvirt
NVD
CVSS 2.0
5.2
EPSS
0.1%
CVE-2013-6030 MEDIUM This Month

Directory traversal vulnerability on the Emerson Network Power Avocent MergePoint Unity 2016 (aka MPU2016) KVM switch with firmware 1.9.16473 allows remote attackers to read arbitrary files via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Network Power Avocent Mergepoint Unity 2016 Firmware
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-7317 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in CS-Cart before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) settings_file or (2) data_file parameter to (a). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cs Cart
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2013-6434 MEDIUM This Month

The remote-viewer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.3, when using a native SPICE client invocation method, initially makes insecure connections to the SPICE server, which. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Privilege Escalation Enterprise Virtualization Manager
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-1885 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the token processing system (pki-tps) in Red Hat Certificate System (RHCS) 8.1 and possibly Dogtag Certificate System 9 and 10 allow remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat XSS Certificate System Dogtag Certificate System
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-0809 MEDIUM This Month

Directory traversal vulnerability in the Gapless Player SimZip (aka Simple Zip Viewer) application before 1.2.1 for Android allows remote attackers to overwrite or create arbitrary files via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Google Path Traversal Simzip
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-0028 MEDIUM This Month

libvirt 1.1.1 through 1.2.0 allows context-dependent attackers to bypass the domain:getattr and connect:search_domains restrictions in ACLs and obtain sensitive domain object information via a. Rated medium severity (CVSS 4.3). No vendor patch available.

Privilege Escalation Libvirt
NVD
CVSS 2.0
4.3
EPSS
0.1%
CVE-2014-1476 MEDIUM This Month

The Taxonomy module in Drupal 7.x before 7.26, when upgraded from an earlier version of Drupal, does not properly restrict access to unpublished content, which allows remote authenticated users to. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Drupal
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2013-2192 LOW PATCH Monitor

The RPC protocol implementation in Apache Hadoop 2.x before 2.0.6-alpha, 0.23.x before 0.23.9, and 1.x before 1.2.1, when the Kerberos security features are enabled, allows man-in-the-middle. Rated low severity (CVSS 3.2). This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Apache Authentication Bypass Hadoop
NVD
CVSS 2.0
3.2
EPSS
0.1%
CVE-2013-1853 LOW Monitor

Almanah Diary 0.9.0 and 0.10.0 does not encrypt the database when closed, which allows local users to obtain sensitive information by reading the database. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Almanah
NVD
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy