Skip to main content
CVE-2013-6357 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Apache Tomcat
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
1.3%
CVE-2013-2653 MEDIUM POC PATCH This Month

security/MemberLoginForm.php in SilverStripe 3.0.3 supports login using a GET request, which makes it easier for remote attackers to conduct phishing attacks without detection by the victim. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available.

PHP Information Disclosure Silverstripe
NVD GitHub Exploit-DB
CVSS 2.0
5.8
EPSS
5.7%
CVE-2013-3908 MEDIUM This Month

Microsoft Internet Explorer 6 through 10 allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information from any visited document via a crafted web page that. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 32.4% and no vendor patch available.

Information Disclosure Microsoft Internet Explorer
NVD
CVSS 2.0
4.3
EPSS
32.4%
CVE-2013-6627 MEDIUM POC This Month

net/http/http_stream_parser.cc in Google Chrome before 31.0.1650.48 does not properly process HTTP Informational (aka 1xx) status codes, which allows remote web servers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Google Chrome
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
6.9%
CVE-2013-6789 MEDIUM POC PATCH This Month

security/MemberLoginForm.php in SilverStripe 3.0.3 supports credentials in a GET request, which allows remote or local attackers to obtain sensitive information by reading web-server access logs,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Information Disclosure Silverstripe
NVD GitHub
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-3909 MEDIUM This Month

Microsoft Internet Explorer 6 through 8 allows remote attackers to read content from a different (1) domain or (2) zone via crafted characters in Cascading Style Sheets (CSS) token sequences, aka. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 22.5% and no vendor patch available.

Information Disclosure Microsoft Internet Explorer
NVD
CVSS 2.0
4.3
EPSS
22.5%
CVE-2013-6780 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Yui
NVD
CVSS 2.0
4.3
EPSS
0.8%
CVE-2013-3905 MEDIUM This Month

Microsoft Outlook 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT does not properly expand metadata contained in S/MIME certificates, which allows remote attackers to obtain sensitive network. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 14.7% and no vendor patch available.

Information Disclosure Microsoft Outlook
NVD
CVSS 2.0
5.0
EPSS
14.7%
CVE-2013-6622 MEDIUM This Month

Use-after-free vulnerability in the HTMLMediaElement::didMoveToNewDocument function in core/html/HTMLMediaElement.cpp in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Google Chrome
NVD
CVSS 2.0
6.8
EPSS
1.6%
CVE-2013-6625 MEDIUM This Month

Use-after-free vulnerability in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers to cause a denial of service or possibly have unspecified. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Google Chrome
NVD
CVSS 2.0
6.8
EPSS
1.5%
CVE-2013-3869 MEDIUM PATCH This Month

Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Microsoft Windows 7 Windows 8 Windows 8 1 +7
NVD
CVSS 2.0
5.0
EPSS
9.5%
CVE-2013-6684 MEDIUM This Month

The web framework on Cisco Wireless LAN Controller (WLC) devices does not properly validate configuration parameters, which allows remote authenticated users to cause a denial of service via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Wireless Lan Controller
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-6685 MEDIUM This Month

The firmware on Cisco Unified IP phones 8961, 9951, and 9971 uses weak permissions for memory block devices, which allows local users to gain privileges by mounting a device with a setuid file in its. Rated medium severity (CVSS 6.6). No vendor patch available.

Privilege Escalation Cisco Unified Ip Phone Firmware Unified Ip Phone 8961 Unified Ip Phone 9951 +1
NVD
CVSS 2.0
6.6
EPSS
0.1%
CVE-2013-6682 MEDIUM This Month

The phone-proxy implementation in Cisco Adaptive Security Appliance (ASA) Software 9.0.3.6 and earlier does not properly validate X.509 certificates, which allows remote attackers to cause a denial. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software
NVD
CVSS 2.0
6.4
EPSS
0.2%
CVE-2013-5552 MEDIUM This Month

Cisco IOS 12.4(24)MDB9 and earlier on Content Services Gateway (CSG) devices does not properly implement the "parse error drop" feature, which allows remote attackers to bypass intended access. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Apple Cisco iOS Content Services Gateway
NVD
CVSS 2.0
6.4
EPSS
0.2%
CVE-2013-6683 MEDIUM This Month

The IPv6 implementation in Cisco NX-OS does not properly handle neighbor-table adjacencies, which allows remote attackers to cause a denial of service (NS processing outage) via a series of malformed. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Cisco Nx Os
NVD
CVSS 2.0
6.1
EPSS
0.8%
CVE-2013-5560 MEDIUM This Month

The IPv6 implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1.3 and earlier, when NAT64 or NAT66 is enabled, does not properly process NAT rules, which allows remote attackers to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software
NVD
CVSS 2.0
5.4
EPSS
0.6%
CVE-2013-4475 MEDIUM This Month

Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfs_streams_depot or vfs_streams_xattr is enabled, allows remote attackers to bypass intended file. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Samba Debian Linux Ubuntu Linux
NVD
CVSS 2.0
4.0
EPSS
6.9%
CVE-2013-3887 MEDIUM This Month

The Ancillary Function Driver (AFD) in afd.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1,. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 7 Windows 8 Windows Server 2003 +4
NVD
CVSS 2.0
4.9
EPSS
0.5%
CVE-2013-6623 MEDIUM This Month

The SVG implementation in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers to cause a denial of service (out-of-bounds read) by leveraging the use of tree order, rather. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Google Chrome
NVD
CVSS 2.0
4.3
EPSS
1.6%
CVE-2013-6626 MEDIUM This Month

The WebContentsImpl::AttachInterstitialPage function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 31.0.1650.48 does not cancel JavaScript dialogs upon generating an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Google Chrome
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2013-6628 MEDIUM This Month

net/socket/ssl_client_socket_nss.cc in the TLS implementation in Google Chrome before 31.0.1650.48 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Google Chrome
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-5442 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Local Management Interface (LMI) in IBM Security Network Protection on XGS 5100 devices with firmware 5.1 before 5.1.0.6 and 5.1.1 before 5.1.1.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Security Network Protection Firmware Security Network Protection Xgs 5100
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-5450 MEDIUM This Month

IBM Security AppScan Enterprise 8.5 through 8.7.0.1, when Jazz authentication is enabled, allows man-in-the-middle attackers to obtain sensitive information or modify data by leveraging an improperly. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. No vendor patch available.

IBM Authentication Bypass Security Appscan
NVD
CVSS 2.0
4.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy