Skip to main content
CVE-2013-7193 HIGH POC This Week

Multiple SQL injection vulnerabilities in C2C Forward Auction Creator 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) pa parameter to auction/asp/list.asp, or the (2) UserID. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi C2C Forward Auction Creator
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
2.0%
CVE-2013-7192 HIGH POC This Week

Multiple SQL injection vulnerabilities in Dynamic Biz Website Builder (QuickWeb) allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to apps/news-events/newdetail.asp,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Dynamic Biz Website Builder Quickweb
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.5%
CVE-2013-2627 HIGH POC This Week

SQL injection vulnerability in action.php in Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers to execute arbitrary SQL commands via the id parameter in a removeFolder action. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Leed
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.4%
CVE-2013-2628 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in action.php in Leed (Light Feed), possibly before 1.5 Stable, allow remote attackers to hijack the authentication of administrators for. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF PHP Leed
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-6162 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Code-Crafters Ability Mail Server 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the body of an email. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Ability Mail Server
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-7002 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in mobile/php/translation/index.php in LiveZilla before 5.1.1.0 allows remote attackers to inject arbitrary web script or HTML via the g_language parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Livezilla
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-7191 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Tenmiles Helpdesk Pilot allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI for a ticket. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Helpdesk Pilot
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-7194 LOW POC Monitor

Multiple cross-site scripting (XSS) vulnerabilities in www/administrator.php in eFront 3.6.14 (build 18012) allow remote authenticated administrators to inject arbitrary web script or HTML via the. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Efront
NVD Exploit-DB
CVSS 2.0
3.5
EPSS
0.4%
CVE-2013-2821 HIGH This Week

NovaTech Orion Substation Automation Platform OrionLX DNP Master 1.27.38 and DNP Slave 1.23.10 and earlier and Orion5/Orion5r DNP Master 1.27.38 and DNP Slave 1.23.10 and earlier allow remote. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Orion5 Dnp Master Orion5 Dnp Slave Orion5R Dnp Master Orion5R Dnp Slave +2
NVD
CVSS 2.0
7.1
EPSS
0.5%
CVE-2013-5409 MEDIUM This Month

Multiple SQL injection vulnerabilities in IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi IBM Sterling B2b Integrator Sterling File Gateway
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2013-4046 MEDIUM This Month

Open redirect vulnerability in IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote attackers to redirect users to arbitrary web sites and conduct. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Open Redirect IBM Spss Collaboration And Deployment Services
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2013-4069 MEDIUM This Month

The Portal application in IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote attackers to read arbitrary files via an XML external entity. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure XXE IBM Spss Collaboration And Deployment Services
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-4070 MEDIUM This Month

The Portal application in IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote attackers to discover an internal password via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Spss Collaboration And Deployment Services
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-5407 MEDIUM This Month

IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 do not properly restrict use of FRAME elements, which allows remote authenticated users to bypass intended access restrictions or obtain. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM Sterling B2b Integrator Sterling File Gateway
NVD
CVSS 2.0
4.9
EPSS
0.2%
CVE-2013-2822 MEDIUM This Month

NovaTech Orion Substation Automation Platform OrionLX DNP Master 1.27.38 and DNP Slave 1.23.10 and earlier and Orion5/Orion5r DNP Master 1.27.38 and DNP Slave 1.23.10 and earlier allow physically. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Orion5 Dnp Master Orion5 Dnp Slave Orion5R Dnp Master Orion5R Dnp Slave +2
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2012-4131 MEDIUM This Month

Directory traversal vulnerability in tar in Cisco NX-OS allows local users to access arbitrary files via crafted command-line arguments, aka Bug IDs CSCty07157, CSCty07159, CSCty07162, and CSCty07164. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Cisco Nx Os
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2012-4135 MEDIUM This Month

Directory traversal vulnerability in filesys in Cisco NX-OS 6.1(2) and earlier allows local users to access arbitrary files via crafted command-line arguments during a delete action, aka Bug IDs. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Cisco Nx Os
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2013-7076 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Extension Manager in TYPO3 4.5.x before 4.5.32 and 4.7.x before 4.7.17 allows remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Typo3
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-7077 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Backend User Administration Module in TYPO3 6.0.x before 6.0.12 and 6.1.x before 6.1.7 allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Typo3
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-7082 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the errorAction method in the ActionController base class in TYPO3 Flow (formerly FLOW3) 1.1.x before 1.1.1 and 2.0.x before 2.0.1 allows remote attackers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Flow
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-4045 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Portal application in IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Spss Collaboration And Deployment Services
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-5413 MEDIUM This Month

IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 do not invalidate a session upon a logout action, which allows remote attackers to bypass authentication by leveraging an unattended. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Authentication Bypass Sterling B2b Integrator Sterling File Gateway
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-5411 MEDIUM This Month

IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote attackers to inject links and trigger unintended navigation or actions via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection IBM Sterling B2b Integrator Sterling File Gateway
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-4063 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1 allows remote attackers to inject arbitrary web script or HTML via active content in an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Lotus Domino Lotus Inotes
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-6978 MEDIUM This Month

The disaster recovery system (DRS) component in Cisco Unified Communications Manager (UCM) 9.1(1) and earlier allows remote authenticated users to obtain sensitive device information by reading. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cisco Unified Communications Manager
NVD
CVSS 2.0
4.0
EPSS
0.5%
CVE-2013-4044 MEDIUM This Month

IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote authenticated users to read application log files via a direct HTTP request. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Spss Collaboration And Deployment Services
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-7074 LOW PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in Content Editing Wizards in TYPO3 4.5.x before 4.5.32, 4.7.x before 4.7.17, 6.0.x before 6.0.12, 6.1.x before 6.1.7, and the development versions. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Typo3
NVD
CVSS 2.0
3.5
EPSS
0.3%
CVE-2013-6196 LOW Monitor

Cross-site scripting (XSS) vulnerability in HP Autonomy Ultraseek 5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

HP XSS Autonomy Ultraseek
NVD
CVSS 2.0
3.5
EPSS
0.3%
CVE-2013-5406 LOW Monitor

Multiple cross-site scripting (XSS) vulnerabilities in IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote authenticated users to inject arbitrary web script or HTML via. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Microsoft XSS Sterling B2b Integrator Sterling File Gateway
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-5405 LOW Monitor

Multiple cross-site scripting (XSS) vulnerabilities in IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote authenticated users to inject arbitrary web script or HTML via. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Sterling B2b Integrator Sterling File Gateway
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-4065 LOW Monitor

Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1, when ultra-light mode is enabled, allows remote attackers to inject arbitrary web. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Lotus Domino Lotus Inotes
NVD
CVSS 2.0
2.6
EPSS
0.2%
CVE-2013-4064 LOW Monitor

Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1, when ultra-light mode is enabled, allows remote authenticated users to inject arbitrary. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Lotus Domino Lotus Inotes
NVD
CVSS 2.0
2.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy