Skip to main content
CVE-2013-1892 MEDIUM POC THREAT This Month

MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMonkey, which allows remote authenticated users to cause a denial of service. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 53.5%.

Denial Of Service RCE MongoDB Enterprise Mrg
NVD Exploit-DB
CVSS 2.0
6.0
EPSS
53.5%
Threat
4.3
CVE-2013-3969 MEDIUM POC This Month

The find prototype in scripting/engine_v8.h in MongoDB 2.4.0 through 2.4.4 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and server crash) or. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service RCE MongoDB
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
8.2%
CVE-2013-3539 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in the command/user.cgi in Sony SNC CH140, SNC CH180, SNC CH240, SNC CH280, SNC DH140, SNC DH140T, SNC DH180, SNC DH240, SNC DH240T, SNC DH280, and. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Airlive Wl2600Cam Snc Ch140 Snc Ch180 Snc Ch240 +7
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
1.4%
CVE-2013-3690 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in cgi-bin/users.cgi in Brickcom FB-100Ap, WCB-100Ap, MD-100Ap, WFB-100Ap, OB-100Ae, OSD-040E, and possibly other camera models with firmware 3.1.0.8. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF 100Ap Device Firmware Fb 100Ap Md 100Ap Ob 100Ae +3
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
1.4%
CVE-2013-3963 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in goform/usermanage in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Gxv Device Firmware Gxv3500 Gxv3501 Gxv3504 +7
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.4%
CVE-2013-5725 MEDIUM POC This Month

The Metaclassy Byword app 2.x before 2.1 for iOS does not require confirmation of Replace file actions, which allows remote attackers to overwrite arbitrary files via the name and text parameters in. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Apple Byword
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2012-5627 MEDIUM POC PATCH This Month

Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Oracle MySQL MariaDB
NVD Exploit-DB
CVSS 2.0
4.0
EPSS
3.9%
CVE-2012-3323 MEDIUM This Month

IBM Maximo Asset Management 6.2 before 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.3 allows remote attackers to gain privileges via unspecified vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation IBM Maximo Asset Management
NVD
CVSS 2.0
6.8
EPSS
1.1%
CVE-2013-5381 MEDIUM This Month

IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.3 allows remote authenticated users to gain privileges via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Maximo Asset Management
NVD
CVSS 2.0
6.5
EPSS
0.5%
CVE-2013-4021 MEDIUM This Month

IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to conduct unspecified file-inclusion attacks via unknown vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Maximo Asset Management
NVD
CVSS 2.0
6.5
EPSS
0.5%
CVE-2013-3047 MEDIUM This Month

IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to gain privileges via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Maximo Asset Management
NVD
CVSS 2.0
6.5
EPSS
0.4%
CVE-2013-0451 MEDIUM This Month

SQL injection vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 7.1 through 7.1.1.12 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi IBM Maximo Asset Management
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2013-3973 MEDIUM This Month

SQL injection vulnerability in IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi IBM Maximo Asset Management
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2013-4017 MEDIUM This Month

SQL injection vulnerability in IBM Maximo Asset Management 7.1 before 7.1.1.12 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi IBM Maximo Asset Management
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2013-4027 MEDIUM This Month

IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to bypass intended access restrictions via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation IBM Maximo Asset Management
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2013-5516 MEDIUM This Month

The Media Snapshot implementation on Cisco TelePresence Multipoint Switch (CTMS) devices allows remote authenticated users to cause a denial of service (device reload) by sending many Media Snapshot. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Cisco Telepresence Multipoint Switch
NVD
CVSS 2.0
6.3
EPSS
0.5%
CVE-2012-4096 MEDIUM This Month

The local file editor in the Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) allows local users to gain privileges and modify arbitrary fabric-interconnect files, in the. Rated medium severity (CVSS 6.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cisco Unified Computing System
NVD
CVSS 2.0
6.2
EPSS
0.1%
CVE-2013-4018 MEDIUM This Month

IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to obtain sensitive information via unspecified vectors. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM Maximo Asset Management
NVD
CVSS 2.0
6.0
EPSS
0.5%
CVE-2012-2125 MEDIUM PATCH This Month

RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Information Disclosure Rubygems
NVD GitHub
CVSS 2.0
5.8
EPSS
0.6%
CVE-2013-4210 MEDIUM This Month

The org.jboss.remoting.transport.socket.ServerThread class in Red Hat JBoss Remoting for Red Hat JBoss SOA Platform 5.3.1 GA, Web Platform 5.2.0, Enterprise Application Platform 5.2.0, and other. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Denial Of Service Jboss Enterprise Application Platform Jboss Enterprise Brms Platform Jboss Enterprise Soa Platform +1
NVD
CVSS 2.0
5.0
EPSS
1.3%
CVE-2013-2269 MEDIUM This Month

The Sponsorship Confirmation functionality in Aruba Networks ClearPass 5.x, 6.0.1, and 6.0.2, and Amigopod/ClearPass Guest 3.0 through 3.9.7, allows remote attackers to bypass intended access. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Aruba Clearpass Clearpass Guest
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2013-4013 MEDIUM This Month

IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.2 allows remote attackers to obtain sensitive information via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Maximo Asset Management
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-3278 MEDIUM This Month

EMC VPLEX before VPLEX GeoSynchrony 5.2 SP1 uses cleartext for storage of the LDAP/AD bind password, which allows local users to obtain sensitive information by reading the management-server. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Geosynchrony Vplex Geo Vplex Local Vplex Metro
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2013-5580 MEDIUM PATCH This Month

The (1) Conn_StartLogin and (2) cb_Read_Resolver_Result functions in conn.c in ngIRCd 18 through 20.2, when the configuration option NoticeAuth is enabled, does not properly handle the return code. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Denial Of Service Ngircd
NVD
CVSS 2.0
4.3
EPSS
0.8%
CVE-2013-5975 MEDIUM This Month

The access policy logon page (logon.inc) in F5 BIG-IP APM 11.1.0 through 11.2.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Big Ip Access Policy Manager
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-5976 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the access policy logout page (logout.inc) in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.1.0 through 11.3.0 allows remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Big Ip Access Policy Manager
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-4014 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Maximo Asset Management
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-2126 MEDIUM PATCH This Month

RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Rubygems
NVD GitHub
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-3964 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Samsung SHR-5162, SHR-5082, and possibly other models, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Samsung XSS Shr 5082 Shr 5162
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-3962 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Gxv Device Firmware Gxv3500 Gxv3501 Gxv3504 +7
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-3041 MEDIUM This Month

The Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to obtain sensitive information from the client-server data stream. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM Rational Clearquest
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-5383 MEDIUM This Month

IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to gain privileges via unspecified vectors, a different vulnerability than. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation IBM Maximo Asset Management
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-5382 MEDIUM This Month

IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to gain privileges via unspecified vectors, a different vulnerability than. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Maximo Asset Management
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-4708 MEDIUM This Month

The PPP Access Concentrator (PPPAC) in Internet Initiative Japan Inc. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Seil 2Fx1 Firmware Seil X1 Seil 2Fb1 Firmware Seil B1 +8
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-3972 MEDIUM This Month

IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to obtain sensitive information via unspecified vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Maximo Asset Management
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-4020 MEDIUM This Month

IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.3 allows remote authenticated users to bypass intended access restrictions via unspecified vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass IBM Maximo Asset Management
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-3971 MEDIUM This Month

IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation IBM Maximo Asset Management
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-3049 MEDIUM This Month

IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass IBM Maximo Asset Management
NVD
CVSS 2.0
4.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy