Skip to main content
CVE-2013-0318 CRITICAL Act Now

The admin page in the Banckle Chat module for Drupal does not properly restrict access, which allows remote attackers to bypass intended restrictions via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Banckle Chat
NVD
CVSS 2.0
10.0
EPSS
0.6%
CVE-2013-0487 HIGH This Week

The Java Console in IBM Domino 8.5.x allows remote authenticated users to hijack temporary credentials by leveraging knowledge of configuration details, aka SPR KLYH8TNNDN. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Java Authentication Bypass Lotus Domino
NVD
CVSS 2.0
8.5
EPSS
0.6%
CVE-2013-0258 MEDIUM PATCH This Month

The Google Authenticator login (ga_login) module 7.x before 7.x-1.3 for Drupal, when multi-factor authentication is enabled, allows remote attackers to bypass authentication for accounts without an. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Google Authentication Bypass Ga Login
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2013-1859 MEDIUM This Month

The Node Parameter Control module 6.x-1.x for Drupal does not properly restrict access to the configuration options, which allows remote attackers to read and edit configuration options via. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Node Parameter Control
NVD
CVSS 2.0
6.4
EPSS
0.3%
CVE-2013-0489 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in webadmin.nsf (aka the Web Administrator client) in IBM Domino 8.5.x allows remote authenticated users to hijack the authentication of administrators. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

CSRF IBM Lotus Domino
NVD
CVSS 2.0
6.0
EPSS
0.1%
CVE-2013-0320 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the Taxonomy Manager (taxonomy_manager) module 6.x-2.x before 6.x-2.2 and 7.x-1.x before 7.x-1.0-rc1 for Drupal allows remote attackers to hijack. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable.

CSRF Taxonomy Manager
NVD
CVSS 2.0
5.1
EPSS
0.2%
CVE-2013-0316 MEDIUM PATCH This Month

The Image module in Drupal 7.x before 7.20 allows remote attackers to cause a denial of service (CPU and disk space consumption) via a large number of new derivative requests. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Drupal
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2013-0182 MEDIUM PATCH This Month

The Payment module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict access to payments, which allows remote attackers to read arbitrary payments. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Payment
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2013-0257 MEDIUM PATCH This Month

The email2image module 6.x-1.x and 6.x-2.x for Drupal does not properly restrict access to nodes, which allows remote attackers to read images of user email addresses and email fields. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Email2Image
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-2300 MEDIUM This Month

The FlickWnn (aka OpenWnn/Flick support) application 2.02 and earlier for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Google Flickwnn
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-0720 MEDIUM This Month

The COBIME application before 0.9.4 for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application that accesses the local. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Google Cobime
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-0719 MEDIUM This Month

The ArtIME Japanese Input application 1.1.2 and earlier for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application that. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Google Artime Japanese Input
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-0718 MEDIUM This Month

The Simeji application 4.8.1 and earlier for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application that accesses the local. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Google Simeji
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-0486 MEDIUM This Month

Memory leak in the HTTP server in IBM Domino 8.5.x allows remote attackers to cause a denial of service (memory consumption and daemon crash) via GET requests, aka SPR KLYH92NKZY. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service IBM Lotus Domino
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2013-0325 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Varnish module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.0-beta2 for Drupal allow remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Varnish
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-0323 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Display Suite module 7.x-1.x before 7.x-1.7 and 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Ds
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-0319 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Yandex.Metrics module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Yandex Metrics
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-0322 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Views in the Ubercart module 7.x-3.x before 7.x-3.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via the full name field. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Ubercart
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-0321 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Views in the Ubercart Views (uc_views) module 6.x before 6.x-3.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the full. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Uc Views
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-0317 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Manager Change for Organic Groups (og_manager_change) module 7.x-2.x before 7.x-2.1 for Drupal might allow remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Og Manager Change
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-0488 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in webadmin.nsf (aka the Web Administrator client) in IBM Domino 8.5.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Lotus Domino
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-0181 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in Views in the Search API (search_api) module 7.x-1.x before 7.x-1.4 for Drupal, when using certain backends and facets, allows remote attackers to inject. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable.

XSS Search Api
NVD
CVSS 2.0
2.6
EPSS
0.5%
CVE-2013-1783 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the 3 slide gallery in page--front.tpl.php in the Business theme before 7.x-1.8 for Drupal allows remote authenticated users with the administer themes. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable.

PHP XSS Business
NVD
CVSS 2.0
2.1
EPSS
0.4%
CVE-2013-1780 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the Best Responsive Theme 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable.

XSS Best Responsive
NVD
CVSS 2.0
2.1
EPSS
0.4%
CVE-2013-1782 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the Responsive Blog Theme 7.x-1.x before 7.x-1.6 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable.

XSS Responsive Blog
NVD
CVSS 2.0
2.1
EPSS
0.3%
CVE-2013-1887 LOW PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in the Views module 7.x-3.x before 7.x-3.6 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable.

XSS Views
NVD
CVSS 2.0
2.1
EPSS
0.3%
CVE-2013-2715 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the admin view in the Search API (search_api) module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain permissions to inject. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable.

XSS Search Api
NVD
CVSS 2.0
2.1
EPSS
0.3%
CVE-2013-1786 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Company theme before 7.x-1.4 for Drupal allows remote authenticated users with the administer themes permission to inject. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable.

XSS Company
NVD
CVSS 2.0
2.1
EPSS
0.2%
CVE-2013-1785 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Premium Responsive theme before 7.x-1.6 for Drupal allows remote authenticated users with the administer themes permission to. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable.

XSS Responsive
NVD
CVSS 2.0
2.1
EPSS
0.2%
CVE-2013-1784 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Clean Theme before 7.x-1.3 for Drupal allows remote authenticated users with the administer themes permission to inject. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable.

XSS Clean Theme
NVD
CVSS 2.0
2.1
EPSS
0.2%
CVE-2013-1781 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Professional theme before 7.x-1.4 for Drupal allows remote authenticated users with the administer themes permission to inject. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable.

XSS Professional Theme
NVD
CVSS 2.0
2.1
EPSS
0.2%
CVE-2013-1787 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Simple Corporate theme before 7.x-1.4 for Drupal allows remote authenticated users with the administer themes permission to. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable.

XSS Corporate
NVD
CVSS 2.0
2.1
EPSS
0.2%
CVE-2013-1779 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Fresh theme before 7.x-1.4 for Drupal allows remote authenticated users with the administer themes permission to inject. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable.

XSS Fresh
NVD
CVSS 2.0
2.1
EPSS
0.2%
CVE-2013-1778 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the Creative Theme 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable.

XSS Creative
NVD
CVSS 2.0
2.1
EPSS
0.2%
CVE-2013-0324 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the Rendered links formatter in the Menu Reference module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the "Administer menus. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable.

XSS Menu Reference
NVD
CVSS 2.0
2.1
EPSS
0.2%
CVE-2013-0259 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the Boxes module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with administer or edit boxes permissions to inject arbitrary web. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable.

XSS Boxes
NVD
CVSS 2.0
2.1
EPSS
0.2%
CVE-2013-0260 LOW Monitor

Unspecified vulnerability in the Drush Debian Packaging module for Drupal allows local users to obtain database credentials via unknown vectors. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Debian Information Disclosure Drush Debian Packaging
NVD
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy