Skip to main content
CVE-2013-5301 HIGH POC This Week

Directory traversal vulnerability in help.php in Trustport Webfilter 5.5.0.2232 allows remote attackers to read arbitrary files via a .. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Webfilter
NVD
CVSS 2.0
7.8
EPSS
0.2%
CVE-2013-3319 MEDIUM POC THREAT This Month

The GetComputerSystem method in the HostControl service in SAP Netweaver 7.03 allows remote attackers to obtain sensitive information via a crafted SOAP request to TCP port 1128. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 11.7%.

Information Disclosure SAP Netweaver
NVD
CVSS 2.0
5.0
EPSS
11.7%
CVE-2013-5303 CRITICAL PATCH Act Now

Unspecified vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 has unknown impact and remote attack vectors, related to "Insecure Unserialize.". Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Deserialization Locator
NVD
CVSS 2.0
10.0
EPSS
1.1%
CVE-2013-5310 HIGH PATCH This Week

SQL injection vulnerability in the DB Integration (wfqbe) extension before 2.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi Wfqbe
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2013-5304 HIGH PATCH This Week

SQL injection vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi Locator
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2013-5302 HIGH PATCH This Week

SQL injection vulnerability in the Faceted Search (ke_search) extension before 1.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi Ke Search
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2013-5306 HIGH PATCH This Week

SQL injection vulnerability in the Browser - TYPO3 without PHP (browser) extension before 4.5.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

PHP SQLi Browser
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2013-5309 LOW POC Monitor

Cross-site scripting (XSS) vulnerability in install/forum_data/src/custom_fields.inc.t in FUDforum 3.0.4.1 and earlier, when registering a new user, allows remote attackers to inject arbitrary web. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Fudforum
NVD
CVSS 2.0
2.6
EPSS
0.3%
CVE-2013-4128 MEDIUM This Month

Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by remote-naming, which allows remote attackers to hijack sessions by using a remoting client. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Information Disclosure Jboss Enterprise Application Platform
NVD
CVSS 2.0
6.4
EPSS
0.7%
CVE-2013-4213 MEDIUM This Month

Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by the EJB client API, which allows remote attackers to hijack sessions by using an EJB client. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Authentication Bypass Jboss Enterprise Application Platform
NVD
CVSS 2.0
6.4
EPSS
0.6%
CVE-2013-4114 MEDIUM This Month

The automatic update request in Nagstamont before 0.9.10 uses a cleartext base64 format for transmission of a username and password, which allows remote attackers to obtain sensitive information by. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Nagstamon
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2013-3040 MEDIUM PATCH This Month

IBM InfoSphere Information Server through 8.5 FP3, 8.7 through FP2, and 9.1 produces login-failure messages indicating whether the username or password is incorrect, which allows remote attackers to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Infosphere Information Server
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-5307 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Faceted Search (ke_search) extension before 1.4.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Ke Search
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-5305 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Locator
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-5308 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the RealURL Management (realurlmanagement) extension 0.3.4 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Realurlmanagement
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-0587 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere Portal before 8.0.0.1 CF07 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) Portal, (2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Websphere Portal
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-5095 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the web-based interface in Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Juniper XSS Junos Space Junos Space Virtual Appliance Junos Space Ja1500 Appliance
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-5096 MEDIUM This Month

Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, does not properly implement role-based access control, which allows remote authenticated users to modify. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Juniper Junos Space Junos Space Virtual Appliance Junos Space Ja1500 Appliance
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-5097 MEDIUM PATCH This Month

Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, does not properly restrict access to the list of user accounts and their MD5 password hashes, which makes. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Juniper Junos Space Junos Space Virtual Appliance Junos Space Ja1500 Appliance
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-4698 LOW Monitor

Cybozu Mailwise 5.0.4 and 5.0.5 allows remote authenticated users to obtain sensitive e-mail content intended for different persons in opportunistic circumstances by reading Subject header lines. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Mailwise
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-4007 LOW Monitor

Cross-site scripting (XSS) vulnerability in adv_sw.php in the Advanced Management Module (AMM) with firmware BBET before BBET64G and BPET before BPET64G for IBM BladeCenter systems allows remote. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

PHP IBM XSS Advanced Management Module
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-3034 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in IBM InfoSphere Information Server through 8.5 FP3, 8.7 through FP2, and 9.1 allows remote authenticated users to inject arbitrary web script or HTML via. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

IBM XSS Infosphere Information Server
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-0585 LOW PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Information Server through 8.5 FP3, 8.7 through FP2, and 9.1 allow remote authenticated users to inject arbitrary web script or. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

IBM XSS Infosphere Information Server
NVD
CVSS 2.0
3.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy