Skip to main content
CVE-2012-6303 MEDIUM POC THREAT This Month

Heap-based buffer overflow in the GetWavHeader function in generic/jkSoundFile.c in the Snack Sound Toolkit, as used in WaveSurfer 1.8.8p4, allows remote attackers to cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 22.6%.

Buffer Overflow Denial Of Service RCE Snack Sound Toolkit Wavesurfer +1
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
22.6%
CVE-2013-3243 MEDIUM POC This Month

Unspecified vulnerability in OpenText/IXOS ECM for SAP NetWeaver allows remote attackers to execute arbitrary ABAP code via unknown vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

SAP RCE Opentext Ixos Ecm For Sap Netweaver
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2013-5744 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Feng Office 2.3.2-rc and earlier allows remote attackers to inject arbitrary web script or HTML via an arbitrary ref_XXX parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Microsoft XSS Feng Office
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-0825 MEDIUM This Month

Drupal 6.x before 6.23 and 7.x before 7.11 does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Microsoft Drupal
NVD
CVSS 2.0
6.8
EPSS
0.7%
CVE-2013-2208 MEDIUM This Month

tpp 1.3.1 allows remote attackers to execute arbitrary commands via a --exec command in a TPP template file. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection RCE Tpp
NVD GitHub
CVSS 2.0
6.8
EPSS
0.6%
CVE-2012-0826 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the Aggregator module in Drupal 6.x before 6.23 and 7.x before 7.11 allows remote attackers to hijack the authentication of unspecified victims for. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Denial Of Service Drupal
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-6018 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in login.jsp in Tyler Technologies TaxWeb 3.13.3.1 allows remote attackers to hijack the authentication of arbitrary users for requests that change a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Taxweb
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-4402 MEDIUM This Month

The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote attackers to cause a denial of service (infinite recursion) via a crafted OpenPGP message. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gnupg Ubuntu Linux
NVD
CVSS 2.0
5.0
EPSS
4.7%
CVE-2013-4394 MEDIUM PATCH This Month

The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change the group permissions on the X Keyboard Extension (XKB) layouts description, allows local users in the. Rated medium severity (CVSS 5.9). This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Systemd Debian Linux
NVD
CVSS 2.0
5.9
EPSS
0.1%
CVE-2013-6020 MEDIUM This Month

passwordRequestPOST.jsp in Tyler Technologies TaxWeb 3.13.3.1 sends different HTTP status codes for invalid password-recovery requests depending on whether the user account exists, which allows. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Taxweb
NVD
CVSS 2.0
5.8
EPSS
0.5%
CVE-2013-5430 MEDIUM This Month

The Jazz Team Server component in IBM Security AppScan Enterprise 8.x before 8.8 has a default username and password, which makes it easier for remote authenticated users to obtain unspecified access. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Security Appscan
NVD
CVSS 2.0
5.5
EPSS
0.2%
CVE-2013-6285 MEDIUM This Month

The search component in the Treasurer application in Tyler Technologies TaxWeb 3.13.3.1 allows remote attackers to obtain sensitive query-structure information via an invalid search request, a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Taxweb
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2013-4392 MEDIUM This Month

systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Systemd
NVD
CVSS 3.1
5.0
EPSS
0.0%
CVE-2013-6019 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Tyler Technologies TaxWeb 3.13.3.1 allows remote attackers to inject arbitrary web script or HTML via the accountNum parameter to an unspecified component. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Taxweb
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2012-4529 MEDIUM This Month

The org.apache.catalina.connector.Response.encodeURL method in Red Hat JBoss Web 7.1.x and earlier, when the tracking mode is set to COOKIE, sends the jsessionid in the URL of the first response of a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Apache Information Disclosure Jboss Community Application Server Jboss Enterprise Application Platform
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2013-3704 MEDIUM This Month

The RPM GPG key import and handling feature in libzypp 12.15.0 and earlier reports a different key fingerprint than the one used to sign a repository when multiple key blobs are used, which might. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Libzypp
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-6289 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Apache Solr for TYPO3 (solr) extension before 2.8.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Apache XSS Apache Solr
NVD
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy