Skip to main content
CVE-2013-7097 MEDIUM POC THREAT This Month

Directory traversal vulnerability in 7 Media Web Solutions eduTrac before 1.1.2 allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 14.7%.

PHP Path Traversal Edutrac
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
14.7%
CVE-2013-7278 HIGH POC This Week

SQL injection vulnerability in Naxtech CMS Afroditi 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to default.asp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cms Afroditi
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.6%
CVE-2013-7280 MEDIUM POC THREAT This Month

Buffer overflow in HansoTools Hanso Player 2.1.0, 2.5.0, and earlier allows remote attackers to cause a denial of service (crash) via a long string in a .m3u file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 13.7%.

Buffer Overflow Denial Of Service Hanso Player
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
13.7%
CVE-2014-0621 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to hijack the authentication of administrators for requests that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Tc7200 Firmware Tc7200
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.4%
CVE-2014-0620 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to inject arbitrary web script or HTML via the (1) ADDNewDomain. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Tc7200 Firmware Tc7200
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
0.8%
CVE-2013-7277 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Andy's PHP Knowledgebase (Aphpkb) before 0.95.8 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP Referer header to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

PHP XSS Aphpkb
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-7275 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via the editor parameter in a smilie. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

PHP XSS Mybb
NVD GitHub
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-7276 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in inc/raf_form.php in the Recommend to a friend plugin 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the current_url. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress PHP XSS Recommend To A Friend
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-7274 LOW POC Monitor

Cross-site scripting (XSS) vulnerability in Wallpaper Script 3.5.0082 allows remote authenticated users to inject arbitrary web script or HTML via the title field in a wallpaper file upload. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

File Upload XSS Wallpaperscript
NVD Exploit-DB
CVSS 2.0
3.5
EPSS
0.6%
CVE-2014-0651 MEDIUM This Month

The administrative interface in Cisco Context Directory Agent (CDA) does not properly enforce authorization requirements, which allows remote authenticated users to obtain administrative access by. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Cisco Context Directory Agent
NVD
CVSS 2.0
4.9
EPSS
0.4%
CVE-2013-7281 MEDIUM This Month

The dgram_recvmsg function in net/ieee802154/dgram.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Linux Linux Kernel
NVD GitHub
CVSS 2.0
4.9
EPSS
0.0%
CVE-2013-6982 MEDIUM This Month

The BGP implementation in Cisco NX-OS 6.2(2a) and earlier does not properly handle the interaction of UPDATE messages with IPv6, VPNv4, and VPNv6 labeled unicast-address families, which allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Cisco Nx Os
NVD
CVSS 2.0
4.3
EPSS
1.3%
CVE-2014-0654 MEDIUM This Month

Cisco Context Directory Agent (CDA) allows remote attackers to modify the cache via a replay attack involving crafted RADIUS accounting messages, aka Bug ID CSCuj45383. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Cisco Context Directory Agent
NVD
CVSS 2.0
4.3
EPSS
0.8%
CVE-2014-0653 MEDIUM This Month

The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to trigger authentication-state modifications via a crafted NetBIOS logout probe. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Cisco Adaptive Security Appliance
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2014-0655 MEDIUM This Month

The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to change the user-cache contents via a replay attack involving crafted RADIUS. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Cisco Adaptive Security Appliance
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-0652 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Mappings page in Cisco Context Directory Agent (CDA) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco XSS Context Directory Agent
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-7279 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in views/video-management/preview_video.php in the S3 Video plugin before 0.983 for WordPress allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

WordPress PHP XSS S3 Video
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-1232 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Foliopress WYSIWYG plugin before 2.6.8.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

WordPress XSS Foliopress Wysiwyg
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-0657 MEDIUM This Month

The administration portal in Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier does not properly handle role restrictions, which allows remote authenticated users to bypass. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Unified Communications Manager
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2014-0656 MEDIUM This Month

Cisco Context Directory Agent (CDA) allows remote authenticated users to trigger the omission of certain user-interface data via crafted field values, aka Bug ID CSCuj45353. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cisco Context Directory Agent
NVD
CVSS 2.0
4.0
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy