Skip to main content
CVE-2013-2628 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in action.php in Leed (Light Feed), possibly before 1.5 Stable, allow remote attackers to hijack the authentication of administrators for. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF PHP Leed
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-6162 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Code-Crafters Ability Mail Server 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the body of an email. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Ability Mail Server
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-7002 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in mobile/php/translation/index.php in LiveZilla before 5.1.1.0 allows remote attackers to inject arbitrary web script or HTML via the g_language parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Livezilla
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-7191 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Tenmiles Helpdesk Pilot allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI for a ticket. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Helpdesk Pilot
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-5409 MEDIUM This Month

Multiple SQL injection vulnerabilities in IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi IBM Sterling B2b Integrator Sterling File Gateway
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2013-4046 MEDIUM This Month

Open redirect vulnerability in IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote attackers to redirect users to arbitrary web sites and conduct. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Open Redirect IBM Spss Collaboration And Deployment Services
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2013-4069 MEDIUM This Month

The Portal application in IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote attackers to read arbitrary files via an XML external entity. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure XXE IBM Spss Collaboration And Deployment Services
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-4070 MEDIUM This Month

The Portal application in IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote attackers to discover an internal password via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Spss Collaboration And Deployment Services
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-5407 MEDIUM This Month

IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 do not properly restrict use of FRAME elements, which allows remote authenticated users to bypass intended access restrictions or obtain. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM Sterling B2b Integrator Sterling File Gateway
NVD
CVSS 2.0
4.9
EPSS
0.2%
CVE-2013-2822 MEDIUM This Month

NovaTech Orion Substation Automation Platform OrionLX DNP Master 1.27.38 and DNP Slave 1.23.10 and earlier and Orion5/Orion5r DNP Master 1.27.38 and DNP Slave 1.23.10 and earlier allow physically. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Orion5 Dnp Master Orion5 Dnp Slave Orion5R Dnp Master Orion5R Dnp Slave +2
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2012-4131 MEDIUM This Month

Directory traversal vulnerability in tar in Cisco NX-OS allows local users to access arbitrary files via crafted command-line arguments, aka Bug IDs CSCty07157, CSCty07159, CSCty07162, and CSCty07164. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Cisco Nx Os
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2012-4135 MEDIUM This Month

Directory traversal vulnerability in filesys in Cisco NX-OS 6.1(2) and earlier allows local users to access arbitrary files via crafted command-line arguments during a delete action, aka Bug IDs. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Cisco Nx Os
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2013-7076 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Extension Manager in TYPO3 4.5.x before 4.5.32 and 4.7.x before 4.7.17 allows remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Typo3
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-7077 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Backend User Administration Module in TYPO3 6.0.x before 6.0.12 and 6.1.x before 6.1.7 allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Typo3
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-7082 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the errorAction method in the ActionController base class in TYPO3 Flow (formerly FLOW3) 1.1.x before 1.1.1 and 2.0.x before 2.0.1 allows remote attackers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Flow
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-4045 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Portal application in IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Spss Collaboration And Deployment Services
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-5413 MEDIUM This Month

IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 do not invalidate a session upon a logout action, which allows remote attackers to bypass authentication by leveraging an unattended. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Authentication Bypass Sterling B2b Integrator Sterling File Gateway
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-5411 MEDIUM This Month

IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote attackers to inject links and trigger unintended navigation or actions via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection IBM Sterling B2b Integrator Sterling File Gateway
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-4063 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1 allows remote attackers to inject arbitrary web script or HTML via active content in an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Lotus Domino Lotus Inotes
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-6978 MEDIUM This Month

The disaster recovery system (DRS) component in Cisco Unified Communications Manager (UCM) 9.1(1) and earlier allows remote authenticated users to obtain sensitive device information by reading. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cisco Unified Communications Manager
NVD
CVSS 2.0
4.0
EPSS
0.5%
CVE-2013-4044 MEDIUM This Month

IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote authenticated users to read application log files via a direct HTTP request. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Spss Collaboration And Deployment Services
NVD
CVSS 2.0
4.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy