Skip to main content
CVE-2013-5696 MEDIUM POC PATCH THREAT This Month

inc/central.class.php in GLPI before 0.84.2 does not attempt to make install/install.php unavailable after an installation is completed, which allows remote attackers to conduct cross-site request. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 64.0%.

CSRF SQLi PHP Glpi
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
64.0%
Threat
4.8
CVE-2012-5338 MEDIUM POC This Month

Open redirect vulnerability in JForum 2.1.9 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the returnPath parameter in a validateLogin. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Open Redirect Jforum
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2013-5930 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in search_residential.php in Real Estate PHP Script allows remote attackers to inject arbitrary web script or HTML via the bos parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Real Estate Php Script
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-5918 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in platinum_seo_pack.php in the Platinum SEO plugin before 1.3.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress PHP XSS Platinum Seo Plugin
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-4325 MEDIUM This Month

The check_permission_v1 function in base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.9 does not properly use D-Bus for communication with a polkit authority, which allows local. Rated medium severity (CVSS 6.9). No vendor patch available.

Privilege Escalation HP Linux Imaging And Printing Project
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2013-5691 MEDIUM PATCH This Month

The (1) IPv6 and (2) ATM ioctl request handlers in the kernel in FreeBSD 8.3 through 9.2-STABLE do not validate SIOCSIFADDR, SIOCSIFBRDADDR, SIOCSIFDSTADDR, and SIOCSIFNETMASK requests, which allows. Rated medium severity (CVSS 6.9).

Privilege Escalation Denial Of Service Freebsd
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2013-1431 MEDIUM PATCH This Month

The Wocky module in Telepathy Gabble before 0.16.6 and 0.17.x before 0.17.4, when connecting to a "legacy Jabber server," does not properly enforce the WockyConnector:tls-required flag, which allows. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Authentication Bypass Telepathy Gabble
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2013-5119 MEDIUM This Month

Zimbra Collaboration Suite (ZCS) 6.0.16 and earlier allows man-in-the-middle attackers to obtain access by sniffing the network and replaying the ZM_AUTH_TOKEN token. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Zimbra Collaboration Suite
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2013-1443 MEDIUM PATCH This Month

The authentication framework (django.contrib.auth) in Django 1.4.x before 1.4.8, 1.5.x before 1.5.4, and 1.6.x before 1.6 beta 4 allows remote attackers to cause a denial of service (CPU consumption). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Python Denial Of Service Authentication Bypass Django
NVD
CVSS 2.0
5.0
EPSS
1.0%
CVE-2013-4294 MEDIUM PATCH This Month

The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Keystone
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2013-4818 MEDIUM This Month

Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall SSO Agent Option 8.0 through 10.0, IceWall SSO Smart Device Option 10.0, and IceWall File Manager 3.0 through SP4 allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure HP Icewall Smart Device Option Icewall File Manager Icewall Sso Agent +1
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2013-4817 MEDIUM This Month

Unspecified vulnerability in HP IceWall SSO Agent Option 8.0 through 10.0 allows remote attackers to obtain sensitive information via unknown vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure HP Icewall Sso Agent Option
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2013-5502 MEDIUM This Month

The web interface in Cisco MediaSense does not properly protect the client-server communication channel, which allows remote attackers to obtain sensitive query string or cookie information via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Mediasense
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-5666 MEDIUM This Month

The sendfile system-call implementation in sys/kern/uipc_syscalls.c in the kernel in FreeBSD 9.2-RC1 and 9.2-RC2 does not properly pad transmissions, which allows local users to obtain sensitive. Rated medium severity (CVSS 4.7). No vendor patch available.

Information Disclosure Freebsd
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2012-2624 MEDIUM This Month

Stack-based buffer overflow in Logica HotScan allows remote attackers to cause a denial of service (crash) via a crafted packet. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Hotscan
NVD
CVSS 2.0
4.3
EPSS
1.0%
CVE-2013-4814 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in HP XP P9000 Command View Advanced Edition Suite Software 7.x before 7.5.0-02 allows remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

HP XSS Xp 9000 Command View
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2013-4821 MEDIUM This Month

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service HP System Management Homepage
NVD
CVSS 2.0
4.0
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy