Skip to main content
CVE-2013-6765 HIGH POC This Week

OpenVAS Manager 3.0 before 3.0.7 and 4.0 before 4.0.4 allows remote attackers to bypass the OMP authentication restrictions and execute OMP commands via a crafted OMP request for version information,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Openvas Manager
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
4.5%
CVE-2014-3411 CRITICAL Act Now

Unspecified vulnerability in the NSM XDB service in Juniper NSM before 2012.2R8 allows remote attackers to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Juniper RCE Network And Security Manager Software Nsm3000 Nsmexpress
NVD
CVSS 2.0
10.0
EPSS
6.7%
CVE-2013-7385 MEDIUM POC This Month

LiveZilla 5.1.2.1 and earlier includes the MD5 hash of the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which allows remote attackers to obtain sensitive. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Livezilla
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2014-0012 MEDIUM POC PATCH This Month

FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary directories, which allows local users to gain privileges by pre-creating a temporary directory with a user's uid. Rated medium severity (CVSS 4.4). Public exploit code available.

Privilege Escalation Jinja2
NVD GitHub
CVSS 2.0
4.4
EPSS
0.1%
CVE-2014-3735 MEDIUM POC This Month

ir41_32.ax 4.51.16.3 for Intel Indeo Video 4.5 allows remote attackers to cause a denial of service (crash) via a crafted .avi file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Intel Buffer Overflow Indeo Video
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-7033 MEDIUM POC This Month

LiveZilla before 5.1.2.1 includes the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which might allow remote attackers to obtain sensitive information and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Livezilla
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-6766 HIGH This Week

OpenVAS Administrator 1.2 before 1.2.2 and 1.3 before 1.3.2 allows remote attackers to bypass the OAP authentication restrictions and execute OAP commands via a crafted OAP request for version. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Openvas Administrator
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2013-6806 MEDIUM This Month

OpenText Exceed OnDemand (EoD) 8 allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information via a crafted string in a response, which triggers a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Exceed Ondemand
NVD GitHub
CVSS 2.0
6.8
EPSS
0.2%
CVE-2013-6807 MEDIUM This Month

The client in OpenText Exceed OnDemand (EoD) 8 supports anonymous ciphers by default, which allows man-in-the-middle attackers to bypass server certificate validation, redirect a connection, and. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Exceed Ondemand
NVD GitHub
CVSS 2.0
6.8
EPSS
0.2%
CVE-2013-6994 MEDIUM This Month

OpenText Exceed OnDemand (EoD) 8 transmits the session ID in cleartext, which allows remote attackers to perform session fixation attacks by sniffing the network. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Exceed Ondemand
NVD GitHub
CVSS 2.0
6.4
EPSS
0.2%
CVE-2013-4431 MEDIUM This Month

Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 does not properly prevent access to blocks, which allows remote authenticated users to modify arbitrary blocks via the bock id in an. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Mahara
NVD
CVSS 2.0
5.5
EPSS
0.6%
CVE-2013-7384 MEDIUM This Month

UnrealIRCd 3.2.10 before 3.2.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors, related to SSL. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Unrealircd
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2013-6413 MEDIUM This Month

Use-after-free vulnerability in UnrealIRCd 3.2.10 before 3.2.10.2 allows remote attackers to cause a denial of service (crash) via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Unrealircd
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2013-4406 MEDIUM PATCH This Month

The Quick Tabs module 6.x-2.x before 6.x-2.2, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.6 for Drupal does not properly check block permissions, which allows remote attackers to obtain. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Quicktabs
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-3787 MEDIUM This Month

SAP NetWeaver 7.20 and earlier allows remote attackers to read arbitrary SAP Central User Administration (SAP CUA) tables via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Netweaver
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-6805 MEDIUM This Month

OpenText Exceed OnDemand (EoD) 8 uses weak encryption for passwords, which makes it easier for (1) remote attackers to discover credentials by sniffing the network or (2) local users to discover. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Exceed Ondemand
NVD GitHub
CVSS 2.0
5.0
EPSS
0.1%
CVE-2014-1402 MEDIUM PATCH This Month

The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file. Rated medium severity (CVSS 4.4).

Privilege Escalation Jinja2
NVD
CVSS 2.0
4.4
EPSS
0.1%
CVE-2013-7040 MEDIUM This Month

Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Python Mac Os X
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-4430 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 allows remote attackers to inject arbitrary web script or HTML via the Host header to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Mahara
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-4429 MEDIUM This Month

Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 does not properly restrict access to artefacts, which allows remote authenticated users to read arbitrary artefacts via the (1). Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Mahara
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2013-4432 MEDIUM This Month

Mahara before 1.5.13, 1.6.x before 1.6.8, and 1.7.x before 1.7.4 does not properly restrict access to folders, which allows remote authenticated users to read arbitrary folders (1) by leveraging an. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Privilege Escalation Mahara
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-4426 LOW Monitor

pyxtrlock before 0.1 uses an incorrect variable name, which allows physically proximate attackers to bypass the lock screen via multiple failed authentication attempts, which trigger a crash. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Pyxtrlock
NVD GitHub
CVSS 2.0
3.6
EPSS
0.1%
CVE-2014-3717 LOW PATCH Monitor

Xen 4.4.x does not properly validate the load address for 64-bit ARM guest kernels, which allows local users to read system memory or cause a denial of service (crash) via a crafted kernel, which. Rated low severity (CVSS 3.3).

Denial Of Service Buffer Overflow Xen
NVD
CVSS 2.0
3.3
EPSS
0.2%
CVE-2014-3715 LOW PATCH Monitor

Buffer overflow in Xen 4.4.x allows local users to read system memory or cause a denial of service (crash) via a crafted 32-bit guest kernel, related to searching for an appended DTB. Rated low severity (CVSS 3.3).

Denial Of Service Buffer Overflow Xen
NVD
CVSS 2.0
3.3
EPSS
0.2%
CVE-2014-3714 LOW PATCH Monitor

The ARM image loading functionality in Xen 4.4.x does not properly validate kernel length, which allows local users to read system memory or cause a denial of service (crash) via a crafted 32-bit ARM. Rated low severity (CVSS 3.3).

Denial Of Service Buffer Overflow Xen
NVD
CVSS 2.0
3.3
EPSS
0.2%
CVE-2013-4427 LOW Monitor

pyxtrlock before 0.2 does not properly check the return values of the (1) xcb_grab_pointer and (2) xcb_grab_keyboard XCB library functions, which allows physically proximate attackers to gain access. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Pyxtrlock
NVD GitHub
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-3716 LOW PATCH Monitor

Xen 4.4.x does not properly check alignment, which allows local users to cause a denial of service (crash) via an unspecified field in a DTB header in a 32-bit guest kernel. Rated low severity (CVSS 1.9).

Denial Of Service Xen
NVD
CVSS 2.0
1.9
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy