Skip to main content
CVE-2013-5993 MEDIUM POC PATCH This Month

Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.0 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors related to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

CSRF Ec Cube
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2013-5995 MEDIUM POC This Month

data/class/helper/SC_Helper_Address.php in the front-features implementation in LOCKON EC-CUBE 2.12.3 through 2.13.0 allows remote authenticated users to obtain sensitive information via unspecified. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Ec Cube
NVD
CVSS 2.0
5.5
EPSS
0.2%
CVE-2013-5994 MEDIUM POC This Month

data/class/pages/mypage/LC_Page_Mypage_DeliveryAddr.php in LOCKON EC-CUBE 2.11.2 through 2.13.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the full. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Ec Cube
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-6834 MEDIUM POC This Month

The ql_eioctl function in sys/dev/qlxgbe/ql_ioctl.c in the kernel in FreeBSD 10 and earlier does not validate a certain size parameter, which allows local users to obtain sensitive information from. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Freebsd
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2013-6833 MEDIUM POC This Month

The qls_eioctl function in sys/dev/qlxge/qls_ioctl.c in the kernel in FreeBSD 10 and earlier does not validate a certain size parameter, which allows local users to obtain sensitive information from. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Freebsd
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2013-6832 MEDIUM POC This Month

The nand_ioctl function in sys/dev/nand/nand_geom.c in the nand driver in the kernel in FreeBSD 10 and earlier does not properly initialize a certain data structure, which allows local users to. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Freebsd
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2013-5991 MEDIUM POC This Month

The displaySystemError function in html/handle_error.php in LOCKON EC-CUBE 2.11.0 through 2.11.5 allows remote attackers to obtain sensitive information by leveraging incorrect handling of error-log. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP Information Disclosure Ec Cube
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-5996 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in shopping/payment.tpl components in LOCKON EC-CUBE 2.11.0 through 2.13.0 allow remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Ec Cube
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-5992 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the displaySystemError function in html/handle_error.php in LOCKON EC-CUBE 2.11.0 through 2.11.5 allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Ec Cube
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-6173 MEDIUM This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Document Sciences Xpression
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-6176 MEDIUM This Month

Multiple SQL injection vulnerabilities in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Document Sciences Xpression
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2013-6174 MEDIUM This Month

Multiple open redirect vulnerabilities in xAdmin in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Open Redirect Document Sciences Xpression
NVD
CVSS 2.0
5.8
EPSS
0.7%
CVE-2013-6175 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Document Sciences Xpression
NVD
CVSS 2.0
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy