Skip to main content
CVE-2013-3029 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.7, and 8.5 before. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF XSS IBM Websphere Application Server
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2013-4230 MEDIUM PATCH This Month

The mm_webform submodule in the Monster Menus module 6.x-6.x before 6.x-6.61 and 7.x-1.x before 7.x-1.13 for Drupal does not properly restrict access to webform submissions, which allows remote. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.

Privilege Escalation Monster Menus
NVD
CVSS 2.0
6.0
EPSS
0.8%
CVE-2013-4700 MEDIUM This Month

The Yahoo!. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Google Japan Shopping
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2013-4699 MEDIUM This Month

The Yahoo!. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Google Information Disclosure Apple Yafuoku
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2013-3016 MEDIUM This Month

IBM WebSphere Portal 6.1, 7.0, and 8.0 allows remote attackers to access the user directory via a crafted request for a servlet, related to the serveServletsByClassnameEnabled setting. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation IBM Websphere Portal
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-2905 MEDIUM This Month

The SharedMemory::Create function in memory/shared_memory_posix.cc in Google Chrome before 29.0.1547.57 uses weak permissions under /dev/shm/, which allows attackers to obtain sensitive information. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Google Debian Linux Chrome
NVD
CVSS 2.0
5.0
EPSS
0.1%
CVE-2013-2967 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Websphere Application Server
NVD
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy