Skip to main content
CVE-2013-3522 MEDIUM POC THREAT This Month

SQL injection vulnerability in index.php/ajax/api/reputation/vote in vBulletin 5.0.0 Beta 11, 5.0.0 Beta 28, and earlier allows remote authenticated users to execute arbitrary SQL commands via the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 56.3%.

PHP SQLi Vbulletin
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
56.3%
Threat
4.5
CVE-2013-0946 CRITICAL POC THREAT Emergency

Buffer overflow in the Library Control Program (LCP) in EMC AlphaStor 4.0 before build 910 allows remote attackers to execute arbitrary code via crafted commands. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 56.4%.

Buffer Overflow RCE Alphastor
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
56.4%
Threat
5.1
CVE-2013-3528 HIGH POC PATCH This Week

Unspecified vulnerability in the update check in Vanilla Forums before 2.0.18.8 has unspecified impact and remote attack vectors, related to "object injection.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Code Injection Vanilla
NVD Exploit-DB GitHub
CVSS 2.0
7.5
EPSS
4.5%
CVE-2013-3527 HIGH POC This Week

Multiple SQL injection vulnerabilities in Vanilla Forums before 2.0.18.8 allow remote attackers to execute arbitrary SQL commands via the parameter name in the Form/Email array to (1) entry/signin or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Vanilla
NVD Exploit-DB GitHub
CVSS 2.0
7.5
EPSS
3.6%
CVE-2013-3532 HIGH POC This Week

SQL injection vulnerability in settings.php in the Web Dorado Spider Video Player plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the theme parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Spider Video Player
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
3.3%
CVE-2013-3524 HIGH POC This Week

SQL injection vulnerability in popupnewsitem/ in the Pop Up News module 2.0 and possibly earlier for phpVMS allows remote attackers to execute arbitrary SQL commands via the itemid parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Pop Up News
NVD Exploit-DB GitHub
CVSS 2.0
7.5
EPSS
1.6%
CVE-2013-3525 HIGH POC This Week

SQL injection vulnerability in Approvals/ in Request Tracker (RT) 4.0.10 and earlier allows remote attackers to execute arbitrary SQL commands via the ShowPending parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Request Tracker
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
1.5%
CVE-2013-3530 HIGH POC This Week

SQL injection vulnerability in playlist.php in the Spiffy XSPF Player plugin 0.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the playlist_id parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Xspf Player Plugin
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.9%
CVE-2013-3533 HIGH POC This Week

Multiple SQL injection vulnerabilities in Virtual Access Monitor 3.10.17 and earlier allow attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Virtual Access Monitor
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2013-3531 HIGH POC This Week

SQL injection vulnerability in meneger.php in RadioCMS 2.2 allows remote attackers to execute arbitrary SQL commands via the playlist_id parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Radiocms
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.4%
CVE-2012-6552 CRITICAL Act Now

Unspecified vulnerability in admin/action.php in phpVMS 2.1.x before 2.1.935 has unknown impact and attack vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure Phpvms
NVD GitHub
CVSS 2.0
10.0
EPSS
0.3%
CVE-2013-2977 MEDIUM This Month

Integer overflow in IBM Notes 8.5.x before 8.5.3 FP4 Interim Fix 1 and 9.x before 9.0 Interim Fix 1 on Windows, and 8.5.x before 8.5.3 FP5 and 9.x before 9.0.1 on Linux, allows remote attackers to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 16.1% and no vendor patch available.

RCE Microsoft IBM Lotus Notes
NVD
CVSS 2.0
6.8
EPSS
16.1%
CVE-2013-3526 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in js/ta_loaded.js.php in the Traffic Analyzer plugin, possibly 3.3.2 and earlier, for WordPress allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress PHP XSS Trafficanalyzer
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
8.2%
CVE-2013-3529 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in user/obits.php in the WP FuneralPress plugin before 1.1.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress PHP XSS Wp Funeral Press
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
4.7%
CVE-2013-3523 HIGH This Week

SQL injection vulnerability in This HTML Is Simple (THIS) before 1.2.4 allows remote to execute arbitrary SQL commands via vectors related to op=page&id= in the URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi This
NVD
CVSS 2.0
7.5
EPSS
0.2%
CVE-2013-2707 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the Login With Ajax plugin before 3.1 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that modify. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF WordPress Login With Ajax
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-0939 MEDIUM This Month

EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allow remote attackers to obtain sensitive. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Documentum Records Manager Documentum Taskspace Documentum Wdk Documentum Webtop
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2013-0937 MEDIUM This Month

Session fixation vulnerability in EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allows remote. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Documentum Records Manager Documentum Taskspace Documentum Wdk Documentum Webtop
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2013-1242 MEDIUM This Month

Memory leak in the web framework in the server in Cisco Unified Presence (CUP) allows remote attackers to cause a denial of service (memory consumption) via malformed TCP packets, aka Bug ID. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Unified Presence Server
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2013-0519 MEDIUM This Month

IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 provides web-server version data in (1) an unspecified page. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Sterling Secure Proxy
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-3254 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in the WP Photo Album Plus plugin before 5.0.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

WordPress PHP XSS Wp Photo Album Plus
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-0938 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Documentum Records Manager Documentum Taskspace Documentum Wdk Documentum Webtop
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-0518 MEDIUM This Month

IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 does not refuse to be rendered in different-origin frames,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM Sterling Secure Proxy
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-0520 MEDIUM This Month

IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 allows remote authenticated users to obtain sensitive Java. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Information Disclosure IBM Sterling Secure Proxy
NVD
CVSS 2.0
4.0
EPSS
0.1%
CVE-2013-0578 LOW Monitor

The Sterling Order Management APIs in IBM Sterling Multi-Channel Fulfillment Solution 8.0 before HF128 and IBM Sterling Selling and Fulfillment Foundation 8.5 before HF93, 9.0 before HF73, 9.1.0. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Authentication Bypass Sterling Multi Channel Fulfillment Solution Sterling Selling And Fulfillment Foundation
NVD
CVSS 2.0
3.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy