Skip to main content
CVE-2013-0431 MEDIUM POC KEV THREAT This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Java Oracle Authentication Bypass
NVD Exploit-DB VulDB
CVSS 3.1
5.3
EPSS
91.6%
Threat
6.8
CVE-2012-6522 MEDIUM POC THREAT This Month

Directory traversal vulnerability in the getContent function in codes/wcms.php in w-CMS 2.01 allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 19.5%.

PHP Path Traversal W Cms
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
19.5%
CVE-2012-6528 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in ATutor before 2.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Atutor
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
6.3%
CVE-2012-6523 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in w-CMS 2.01 allow remote attackers to inject arbitrary web script or HTML via (1) the p parameter in the getMenus function in codes/wcms.php; or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS W Cms
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
0.9%
CVE-2012-0701 MEDIUM This Month

The client applications in the DataStage Administrator client in InfoSphere DataStage in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 rely on client-side access control, which. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation IBM Infosphere Datastage Infosphere Information Server
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2012-0205 MEDIUM This Month

InfoSphere Metadata Workbench (MWB) 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly restrict use of the troubleshooting feature, which allows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Denial Of Service IBM Infosphere Information Server Infosphere Metadata Workbench
NVD
CVSS 2.0
6.5
EPSS
0.2%
CVE-2012-0703 MEDIUM This Month

Open redirect vulnerability in Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 allows remote attackers to redirect users to arbitrary web sites. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Open Redirect IBM Infosphere Information Server Infosphere Information Server Information Services Framework
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2013-1112 MEDIUM This Month

Cisco Carrier Routing System (CRS) allows remote attackers to cause a denial of service (packet loss) via short malformed packets that trigger inefficient processing, aka Bug ID CSCud79136. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Carrier Routing System
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2013-1490 MEDIUM This Month

Unspecified vulnerability in Oracle Java SE 7 Update 11 (JRE 1.7.0_11-b21) allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors, aka "Issue 51," a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Java Oracle Authentication Bypass Jdk Jre
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-1113 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager allows remote attackers to inject arbitrary web script or HTML via a crafted parameter value, aka Bug ID. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco XSS Unified Communications Domain Manager
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-6350 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Web component in IBM Cognos TM1 before 9.5.2 FP3 and 10.1 before 10.1 FP1 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Cognos Tm1
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2012-6029 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the web-authentication function on the Cisco NAC Appliance 4.9.2 and earlier allow remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco XSS Nac Appliance
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2012-4819 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in InfoSphere Business Glossary 8.1.1 and 8.1.2, InfoSphere DataStage Operation Console, InfoSphere Administration, and Reporting and Repository Management. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Infosphere Business Glossary Infosphere Information Server
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2012-0203 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in InfoSphere Metadata Workbench (MWB) 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Infosphere Information Server Infosphere Metadata Workbench
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2012-0702 MEDIUM This Month

Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly determine authorization, which allows remote authenticated users to gain. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Infosphere Information Server Infosphere Information Server Information Services Framework
NVD
CVSS 2.0
4.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy