Skip to main content
CVE-2013-7248 CRITICAL POC THREAT Emergency

Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 has a hardcoded password for the roleDiag account, which allows remote attackers to gain root privileges,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 15.4%.

Authentication Bypass Ts 550 Evo Firmware Ts 550 Evo
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
15.4%
Threat
4.0
CVE-2013-7137 CRITICAL POC PATCH Act Now

The "remember me" functionality in login.php in Burden before 1.8.1 allows remote attackers to bypass authentication and gain privileges by setting the burden_user_rememberme cookie to 1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP Authentication Bypass Burden
NVD Exploit-DB GitHub
CVSS 3.1
9.8
EPSS
9.8%
CVE-2013-6429 MEDIUM PATCH This Month

The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 38.7%.

CSRF Denial Of Service Java XXE Spring Framework
NVD
CVSS 2.0
6.8
EPSS
38.7%
CVE-2013-7247 MEDIUM POC THREAT This Month

cgi-bin/tsaws.cgi in Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 allows remote attackers to discover sensitive information (user names and password. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 17.2%.

Privilege Escalation Ts 550 Evo Firmware Ts 550 Evo
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
17.2%
CVE-2013-4304 HIGH POC PATCH This Week

The CentralAuth extension for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 caches a valid CentralAuthUser object in the centralauth_User cookie even when a user has. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Centralauth Extension Mediawiki
NVD
CVSS 2.0
7.5
EPSS
0.3%
CVE-2014-1664 MEDIUM POC This Month

The Citrix GoToMeeting application 5.0.799.1238 for Android logs HTTP requests containing sensitive information, which allows attackers to obtain user IDs, meeting details, and authentication tokens. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Citrix Information Disclosure Google Gotomeeting
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
7.9%
CVE-2014-1671 MEDIUM POC This Month

Multiple SQL injection vulnerabilities in Dell KACE K1000 5.4.76847 and possibly earlier allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the macAddress. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Dell SQLi Kace K1000 Systems Management Appliance Software Kace K1000 Systems Management Virtual Appliance +3
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
0.3%
CVE-2014-1666 HIGH PATCH This Week

The do_physdev_op function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not properly restrict access to the (1) PHYSDEVOP_prepare_msix and (2) PHYSDEVOP_release_msix operations, which. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity.

Privilege Escalation Denial Of Service Xen
NVD
CVSS 2.0
8.3
EPSS
3.3%
CVE-2014-0794 MEDIUM POC This Month

SQL injection vulnerability in the JV Comment (com_jvcomment) component before 3.0.3 for Joomla!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP SQLi XSS Com Jvcomment
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
0.0%
CVE-2013-7296 MEDIUM This Month

The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler before 0.24.5 does not use the correct specifier within a format string, which allows context-dependent attackers to cause a denial. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Poppler
NVD
CVSS 2.0
5.0
EPSS
2.5%
CVE-2013-7298 MEDIUM This Month

query_params.cpp in cxxtools before 2.2.1 allows remote attackers to cause a denial of service (infinite recursion and crash) via an HTTP query that contains %% (double percent) characters. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cxxtools
NVD
CVSS 2.0
5.0
EPSS
1.2%
CVE-2013-6891 LOW POC Monitor

lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving. Rated low severity (CVSS 1.2). Public exploit code available and no vendor patch available.

Information Disclosure Cups Ubuntu Linux
NVD
CVSS 2.0
1.2
EPSS
0.0%
CVE-2013-6466 MEDIUM This Month

Openswan 2.6.39 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Openswan
NVD
CVSS 2.0
5.0
EPSS
1.0%
CVE-2013-6467 MEDIUM This Month

Libreswan 3.7 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Libreswan
NVD VulDB
CVSS 2.0
5.0
EPSS
0.9%
CVE-2014-1626 MEDIUM This Month

XML External Entity (XXE) vulnerability in MARC::File::XML module before 1.0.2 for Perl, as used in Evergreen, Koha, perl4lib, and possibly other products, allows context-dependent attackers to read. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation XXE Marc Xml
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2013-7299 MEDIUM PATCH This Month

framework/common/messageheaderparser.cpp in Tntnet before 2.2.1 allows remote attackers to obtain sensitive information via a header that ends in \n instead of \r\n, which prevents a null terminator. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Tntnet
NVD GitHub
CVSS 2.0
5.0
EPSS
0.6%
CVE-2014-0022 MEDIUM This Month

The installUpdates function in yum-cron/yum-cron.py in yum 3.4.3 and earlier does not properly check the return value of the sigCheckPkg function, which allows remote attackers to bypass the RMP. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Yum
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2014-1673 MEDIUM This Month

Check Point Session Authentication Agent allows remote attackers to obtain sensitive information (user credentials) via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Session Authentication Agent
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-1642 MEDIUM This Month

The IRQ setup in Xen 4.2.x and 4.3.x, when using device passthrough and configured to support a large number of CPUs, frees certain memory that may still be intended for use, which allows local guest. Rated medium severity (CVSS 4.4). No vendor patch available.

Buffer Overflow Denial Of Service RCE Xen
NVD
CVSS 2.0
4.4
EPSS
0.2%
CVE-2014-1607 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the EventCalendar module for Drupal 7.14 allows remote attackers to inject arbitrary web script or HTML via the year parameter to eventcalander/. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Drupal
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-7143 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 allows remote attackers to inject arbitrary web script or HTML via the title in a mail filter rule. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-7142 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified oAuth API functions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-7141 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to crafted "<%". Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-6853 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in clickstream.js in Y!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Microsoft XSS Toolbar
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-7140 MEDIUM This Month

XML External Entity (XXE) vulnerability in the CalDAV interface in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote authenticated users to read portions of arbitrary files via vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal XXE Open Xchange Appsuite
NVD
CVSS 2.0
4.0
EPSS
0.5%
CVE-2014-1672 MEDIUM This Month

Check Point R75.47 Security Gateway and Management Server does not properly enforce Anti-Spoofing when the routing table is modified and the "Get - Interfaces with Topology" action is performed,. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Management Server Security Gateway
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2013-5364 LOW Monitor

Secunia CSI Agent 6.0.0.15017 and earlier, 6.0.1.1007 and earlier, and 7.0.0.21 and earlier, when running on Red Hat Linux, uses world-readable and world-writable permissions for. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Csi Agent
NVD
CVSS 2.0
3.6
EPSS
0.1%
CVE-2014-0027 LOW Monitor

The play_wave_from_socket function in audio/auserver.c in Flite 1.4 allows local users to modify arbitrary files via a symlink attack on /tmp/awb.wav. Rated low severity (CVSS 3.3). No vendor patch available.

Information Disclosure Flite
NVD
CVSS 2.0
3.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy