Skip to main content
CVE-2013-0233 MEDIUM POC PATCH THREAT This Month

Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certain databases, does not properly perform type conversion when performing. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 68.8%.

Authentication Bypass Devise Opensuse
NVD GitHub
CVSS 2.0
6.8
EPSS
68.8%
Threat
4.9
CVE-2013-1949 MEDIUM POC This Month

Social Media Widget (social-media-widget) plugin 4.0 for WordPress contains an externally introduced modification (Trojan Horse), which allows remote attackers to force the upload of arbitrary files. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Social Media Widget
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2013-1215 MEDIUM This Month

The vpnclient program in the Easy VPN component on Cisco Adaptive Security Appliances (ASA) 5505 devices allows local users to gain privileges via unspecified vectors, aka Bug ID CSCuf85295. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cisco Adaptive Security Appliance Software 5500 Series Adaptive Security Appliance Asa 5500
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2013-3269 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in Cybozu Office before 8.1.6 and 9.x before 9.3.0 allows remote attackers to hijack the authentication of arbitrary users for requests that change. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Microsoft Cybozu Office
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2013-2305 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in Cybozu Office before 8.1.6 and 9.x before 9.3.0, Cybozu Dezie before 8.0.7, and Cybozu Mailwise before 5.0.4 allows remote attackers to hijack the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Microsoft Cybozu Office Cybozu Dezie Mailwise
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-2696 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the All in One Webmaster plugin before 8.2.4 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF WordPress XSS All In On Webmaster
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-2767 MEDIUM This Month

Unspecified vulnerability in Citrix NetScaler Access Gateway Enterprise Edition (AGEE) before 9.3.62.4 and 10.x through 10.0.74.4, and NetScaler AGEE Common Criteria build before 9.3.53.6, allows. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. No vendor patch available.

Citrix Authentication Bypass Netscaler Access Gateway Firmware Netscaler Access Gateway
NVD
CVSS 2.0
5.4
EPSS
0.3%
CVE-2012-4466 MEDIUM This Month

Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Ruby
NVD
CVSS 2.0
5.0
EPSS
1.2%
CVE-2012-4464 MEDIUM This Month

Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the (1) exc_to_s or (2). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Ruby
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2013-0338 MEDIUM This Month

libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Libxml2 Ubuntu Linux Opensuse
NVD
CVSS 2.0
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy