Skip to main content
CVE-2013-3522 MEDIUM POC THREAT This Month

SQL injection vulnerability in index.php/ajax/api/reputation/vote in vBulletin 5.0.0 Beta 11, 5.0.0 Beta 28, and earlier allows remote authenticated users to execute arbitrary SQL commands via the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 56.3%.

PHP SQLi Vbulletin
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
56.3%
Threat
4.5
CVE-2013-2977 MEDIUM This Month

Integer overflow in IBM Notes 8.5.x before 8.5.3 FP4 Interim Fix 1 and 9.x before 9.0 Interim Fix 1 on Windows, and 8.5.x before 8.5.3 FP5 and 9.x before 9.0.1 on Linux, allows remote attackers to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 16.1% and no vendor patch available.

RCE Microsoft IBM Lotus Notes
NVD
CVSS 2.0
6.8
EPSS
16.1%
CVE-2013-3526 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in js/ta_loaded.js.php in the Traffic Analyzer plugin, possibly 3.3.2 and earlier, for WordPress allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress PHP XSS Trafficanalyzer
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
8.2%
CVE-2013-3529 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in user/obits.php in the WP FuneralPress plugin before 1.1.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress PHP XSS Wp Funeral Press
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
4.7%
CVE-2013-2707 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the Login With Ajax plugin before 3.1 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that modify. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF WordPress Login With Ajax
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-0939 MEDIUM This Month

EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allow remote attackers to obtain sensitive. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Documentum Records Manager Documentum Taskspace Documentum Wdk Documentum Webtop
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2013-0937 MEDIUM This Month

Session fixation vulnerability in EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allows remote. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Documentum Records Manager Documentum Taskspace Documentum Wdk Documentum Webtop
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2013-1242 MEDIUM This Month

Memory leak in the web framework in the server in Cisco Unified Presence (CUP) allows remote attackers to cause a denial of service (memory consumption) via malformed TCP packets, aka Bug ID. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Unified Presence Server
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2013-0519 MEDIUM This Month

IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 provides web-server version data in (1) an unspecified page. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Sterling Secure Proxy
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-3254 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in the WP Photo Album Plus plugin before 5.0.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

WordPress PHP XSS Wp Photo Album Plus
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-0938 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Documentum Records Manager Documentum Taskspace Documentum Wdk Documentum Webtop
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-0518 MEDIUM This Month

IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 does not refuse to be rendered in different-origin frames,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM Sterling Secure Proxy
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-0520 MEDIUM This Month

IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 allows remote authenticated users to obtain sensitive Java. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Information Disclosure IBM Sterling Secure Proxy
NVD
CVSS 2.0
4.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy