Skip to main content
CVE-2013-4615 MEDIUM POC THREAT This Month

The Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers allow remote attackers to cause a denial of service (device hang) via a crafted LAN_TXT24 parameter to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 63.3%.

Denial Of Service Authentication Bypass Mg3100 Printer Mg5300 Printer Mg6100 Printer +6
NVD GitHub
CVSS 2.0
5.0
EPSS
63.3%
Threat
4.4
CVE-2013-2173 MEDIUM POC This Month

wp-includes/class-phpass.php in WordPress 3.5.1, when a password-protected post exists, allows remote attackers to cause a denial of service (CPU consumption) via a crafted value of a certain. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress PHP Denial Of Service
NVD GitHub
CVSS 2.0
4.3
EPSS
1.7%
CVE-2013-4635 MEDIUM This Month

Integer overflow in the SdnToJewish function in jewish.c in the Calendar component in PHP before 5.3.26 and 5.4.x before 5.4.16 allows context-dependent attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 13.1% and no vendor patch available.

PHP Denial Of Service
NVD
CVSS 2.0
5.0
EPSS
13.1%
CVE-2013-3250 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the WP Maintenance Mode plugin before 1.8.8 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF WordPress Wp Maintenance Mode Plugin
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-2110 MEDIUM This Month

Heap-based buffer overflow in the php_quot_print_encode function in ext/standard/quot_print.c in PHP before 5.3.26 and 5.4.x before 5.4.16 allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Buffer Overflow Denial Of Service
NVD
CVSS 2.0
5.0
EPSS
8.5%
CVE-2013-2960 MEDIUM This Month

Buffer overflow in KDSMAIN in the Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as used in IBM Application. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service IBM Tivoli Monitoring Application Manager For Smart Business
NVD
CVSS 2.0
5.0
EPSS
2.9%
CVE-2013-0551 MEDIUM This Month

The Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as used in IBM Application Manager for Smart Business. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service IBM Tivoli Monitoring Application Manager For Smart Business
NVD
CVSS 2.0
5.0
EPSS
1.3%
CVE-2013-0529 MEDIUM This Month

The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation IBM Sterling Connect Direct User Interface
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2012-6572 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the phptemplate_preprocess_node function in template.php in the Inf08 theme 6.x-1.x before 6.x-1.10 for Drupal allows remote authenticated users with the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

PHP XSS Inf08
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-0548 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Tivoli Monitoring Application Manager For Smart Business
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-4636 MEDIUM This Month

The mget function in libmagic/softmagic.c in the Fileinfo component in PHP 5.4.x before 5.4.16 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

PHP Denial Of Service
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-2961 MEDIUM This Month

The internal web server in the Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as used in IBM Application. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass IBM Tivoli Monitoring Application Manager For Smart Business
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-0523 MEDIUM This Month

IBM WebSphere Commerce Enterprise 5.6.x through 5.6.1.5, 6.0.x through 6.0.0.11, and 7.0.x through 7.0.0.7 does not use a suitable encryption algorithm for storefront web requests, which allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Oracle IBM Websphere Commerce
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-3392 MEDIUM This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco WebEx Social allow remote attackers to hijack the authentication of arbitrary users via unspecified vectors, aka Bug IDs CSCuh10405. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Cisco Webex Social
NVD
CVSS 2.0
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy