Skip to main content
CVE-2013-3724 MEDIUM POC This Month

The mk_request_header_process function in mk_request.c in Monkey 1.1.1 allows remote attackers to cause a denial of service (thread crash and service outage) via a '\0' character in an HTTP request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Monkey
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
8.9%
CVE-2013-4911 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP1 allows remote attackers to hijack the authentication of unspecified victims by leveraging. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Siemens Wincc
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2013-4651 MEDIUM This Month

Siemens Scalance W7xx devices with firmware before 4.5.4 use the same hardcoded X.509 certificate across different customers' installations, which makes it easier for remote attackers to conduct. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Siemens Authentication Bypass Scalance W700 Series Firmware Scalance W744 1 Scalance W744 1Pro +14
NVD
CVSS 2.0
6.6
EPSS
0.3%
CVE-2013-4673 MEDIUM This Month

The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 does not properly implement RADIUS authentication, which allows remote attackers to execute arbitrary code by. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Web Gateway Web Gateway Appliance 8450 Web Gateway Appliance 8490
NVD
CVSS 2.0
5.8
EPSS
3.3%
CVE-2013-2994 MEDIUM This Month

IBM WebSphere Commerce 7.0 Feature Pack 4 and Feature Pack 5 incorrectly maintains a valid session after unspecified interaction with REST services, which allows remote attackers to issue REST. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Websphere Commerce
NVD
CVSS 2.0
6.4
EPSS
0.2%
CVE-2013-4671 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote authenticated users to hijack the authentication of. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Web Gateway Web Gateway Appliance 8450 Web Gateway Appliance 8490
NVD
CVSS 2.0
6.0
EPSS
1.3%
CVE-2013-4912 MEDIUM This Month

Open redirect vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks by leveraging improper. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Siemens Open Redirect Wincc
NVD
CVSS 2.0
5.8
EPSS
0.5%
CVE-2013-2993 MEDIUM This Month

IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.7 does not properly perform authentication for unspecified web services, which allows remote attackers to issue requests in the. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

IBM Authentication Bypass Websphere Commerce
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2012-3913 MEDIUM This Month

The Cisco VC220 and VC240 cameras allow remote attackers to cause a denial of service (WebUI outage) via crafted packets, aka Bug IDs CSCtf73188, CSCtf88059, CSCtf87951, CSCtf87908, and CSCtf88019. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Vc240 Network Bullet Camera Video Surveillance Vc220 Network Dome Camera
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2013-4670 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allow remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Web Gateway Web Gateway Appliance 8450 Web Gateway Appliance 8490
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2012-5460 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Juniper XSS Ive Os Secure Access Virtual Appliance Fips Secure Access 4000 +14
NVD
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy