Skip to main content
CVE-2013-7242 MEDIUM POC This Month

SQL injection vulnerability in zp-core/zp-extensions/wordpress_import.php in Zenphoto before 1.4.5.4 allows remote authenticated administrators to execute arbitrary SQL commands via the tableprefix. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Zenphoto
NVD
CVSS 2.0
6.5
EPSS
0.7%
CVE-2013-5573 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the default markup formatter in Jenkins 1.523 allows remote attackers to inject arbitrary web script or HTML via the Description field in the user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Jenkins XSS
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
1.6%
CVE-2013-7241 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the export function in zp-core/zp-extensions/mergedRSS.php in Zenphoto before 1.4.5.4 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Zenphoto
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2012-0263 MEDIUM POC This Month

monitor/index.php in op5 Monitor and op5 Appliance before 5.5.1 allows remote authenticated users to obtain sensitive information such as database and user credentials via error messages that are. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Monitor
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2013-6983 MEDIUM This Month

SQL injection vulnerability in the web interface in Cisco Unified Presence Server allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuh35615. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cisco Unified Presence Server
NVD
CVSS 2.0
6.5
EPSS
0.7%
CVE-2013-3667 MEDIUM This Month

The software update mechanism as used in Bare Bones Software Yojimbo before 4.0, TextWrangler before 4.5.3, and BBEdit before 10.5.5 does not properly download and verify updates before installation,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Textwrangler Bbedit Yojimbo
NVD
CVSS 2.0
6.4
EPSS
0.4%
CVE-2013-3572 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the administer interface in the UniFi Controller in Ubiquiti Networks UniFi 2.3.5 and earlier allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ubiquiti XSS Unifi Controller
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2013-6459 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the will_paginate gem before 3.0.5 for Ruby allows remote attackers to inject arbitrary web script or HTML via vectors involving generated pagination links. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Will Paginate
NVD GitHub
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy