Skip to main content
CVE-2013-4660 MEDIUM POC PATCH THREAT This Month

The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, which allows remote attackers to execute arbitrary code via a crafted string that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 64.5%.

Node.js RCE Js Yaml
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
64.5%
Threat
4.8
CVE-2013-4096 CRITICAL POC Act Now

ServerAdmin/TestTelnetConnection.jsp in DS3 Authentication Server allows remote authenticated users to execute arbitrary commands via shell metacharacters in the HOST_NAME field. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Authentication Server
NVD Exploit-DB
CVSS 2.0
9.0
EPSS
4.0%
CVE-2013-4091 HIGH POC This Week

The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 does not have an off autocomplete attribute for the password (aka j_password) field on the secsphLogin.jsp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Securesphere
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
3.5%
CVE-2013-4095 MEDIUM POC This Month

plain/actionsets.html in the SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to execute arbitrary commands via a task with a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Securesphere
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
3.7%
CVE-2013-4094 MEDIUM POC This Month

The Key Management feature in the SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to upload executable files via the (1). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Securesphere
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
2.9%
CVE-2013-4092 MEDIUM POC This Month

The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows context-dependent attackers to obtain sensitive information by leveraging the presence of (1) a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Securesphere
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
6.0%
CVE-2013-4097 MEDIUM POC This Month

ServerAdmin/TestDRConnection.jsp in DS3 Authentication Server allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in a -REG-E-OPEN error. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Authentication Server
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
5.3%
CVE-2013-4093 MEDIUM POC This Month

The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote attackers to obtain sensitive information via (1) a direct request to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Securesphere
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
5.0%
CVE-2013-4098 MEDIUM POC This Month

ServerAdmin/ErrorViewer.jsp in DS3 Authentication Server allow remote attackers to inject arbitrary error-page text via the message parameter. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Authentication Server
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
4.9%
CVE-2013-2323 MEDIUM This Month

HP SQL/MX 3.0 through 3.2 on NonStop servers, when SQL/MP Objects are used, allows remote authenticated users to bypass intended access restrictions and modify data via unspecified vectors, aka the. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation HP Nonstop Sql Mx
NVD
CVSS 2.0
6.0
EPSS
0.2%
CVE-2013-3649 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in KENT-WEB CLIP-MAIL before 3.4, when Internet Explorer 7 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Clip Mail
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-3648 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in KENT-WEB POST-MAIL before 6.7, when Internet Explorer 7 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Post Mail
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-2322 LOW Monitor

HP SQL/MX 3.2 and earlier on NonStop servers, when SQL/MP Objects are used, allows remote authenticated users to obtain sensitive information via unspecified vectors, aka the "SQL/MP index" issue. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure HP Nonstop Sql Mx
NVD
CVSS 2.0
3.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy