Skip to main content
CVE-2012-6625 HIGH POC PATCH This Week

SQL injection vulnerability in fs-admin/fs-admin.php in the ForumPress WP Forum Server plugin before 1.7.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the groupid. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress SQLi PHP Forumpress
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
3.0%
CVE-2013-6646 HIGH POC PATCH This Week

Use-after-free vulnerability in the Web Workers implementation in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows remote attackers to cause a denial. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Google Use After Free Denial Of Service Memory Corruption Microsoft +3
NVD
CVSS 2.0
7.5
EPSS
1.8%
CVE-2013-6644 HIGH POC This Week

Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allow attackers to cause a denial of service or possibly have other. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Microsoft +3
NVD
CVSS 2.0
7.5
EPSS
1.7%
CVE-2012-6626 HIGH POC This Week

SQL injection vulnerability in verify-user.php in b2ePMS 1.0 allows remote attackers to execute arbitrary SQL commands via the username field. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Browser To Email Phone Message System
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
1.0%
CVE-2013-6641 HIGH POC PATCH This Week

Use-after-free vulnerability in the FormAssociatedElement::formRemovedFromTree function in core/html/FormAssociatedElement.cpp in Blink, as used in Google Chrome before 32.0.1700.76 on Windows and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Google Use After Free Denial Of Service Memory Corruption Microsoft +2
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2014-0648 CRITICAL Act Now

The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authentication and authorization requirements, which allows remote attackers to obtain. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Secure Access Control System
NVD
CVSS 2.0
10.0
EPSS
7.8%
CVE-2013-6643 HIGH POC PATCH This Week

The OneClickSigninBubbleView::WindowClosing function in browser/ui/views/sync/one_click_signin_bubble_view.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Google Microsoft Authentication Bypass Chrome Opensuse +1
NVD
CVSS 2.0
7.5
EPSS
0.2%
CVE-2014-0650 CRITICAL Act Now

The web interface in Cisco Secure Access Control System (ACS) 5.x before 5.4 Patch 3 allows remote attackers to execute arbitrary operating-system commands via a request to this interface, aka Bug ID. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cisco Secure Access Control System
NVD
CVSS 2.0
10.0
EPSS
6.6%
CVE-2013-6645 MEDIUM POC PATCH This Month

Use-after-free vulnerability in the OnWindowRemovingFromRootWindow function in content/browser/web_contents/web_contents_view_aura.cc in Google Chrome before 32.0.1700.76 on Windows and before. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Google Use After Free Denial Of Service Memory Corruption Microsoft +3
NVD
CVSS 2.0
6.8
EPSS
1.4%
CVE-2012-6631 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in accounts/admin/index.php in Vessio NetBill 1.2 allows remote attackers to hijack the authentication of administrators for requests that add accounts. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF PHP Netbill
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-0649 CRITICAL Act Now

The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authorization requirements, which allows remote authenticated users to obtain superadmin access. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Secure Access Control System
NVD
CVSS 2.0
9.0
EPSS
3.4%
CVE-2013-7294 MEDIUM POC PATCH This Month

The ikev2parent_inI1outR1 function in pluto/ikev2_parent.c in libreswan before 3.7 allows remote attackers to cause a denial of service (restart) via an IKEv2 I1 notification without a KE payload. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Libreswan
NVD GitHub
CVSS 2.0
5.0
EPSS
0.9%
CVE-2012-6622 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in fs-admin/fs-admin.php in the ForumPress WP Forum Server plugin before 1.7.4 for WordPress allow remote attackers to inject arbitrary web script. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

WordPress PHP XSS Forumpress
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
4.1%
CVE-2012-6624 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the SoundCloud Is Gold plugin 2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the width parameter in a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress PHP XSS Soundcloud Is Gold
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
1.8%
CVE-2012-6620 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in the (1) tasks and (2) search views in Horde Kronolith H4 before 3.0.17 allow remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Kronolith H4
NVD GitHub
CVSS 2.0
4.3
EPSS
0.4%
CVE-2012-6630 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Media Library Categories plugin 1.1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) bulk parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress PHP XSS Media Library Categories
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2012-6627 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in admin/test_mail.php in the Newsletter Manager plugin 1.0.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress PHP XSS Newsletter Manager
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2012-6632 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Vessio NetBill 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) full name or (2) file title to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Netbill
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-6628 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Newsletter Manager plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress PHP XSS Newsletter Manager
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-6786 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Allegro RomPager before 4.51, as used on the ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, and D-Link DSL-2640R and DSL-2641R, when the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

D-Link TP-Link XSS Zyxel Huawei +7
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-1473 MEDIUM This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.5 and earlier allow remote attackers to hijack the authentication of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Vulnerability Manager
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2012-6629 MEDIUM This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the Newsletter Manager plugin 1.0.2 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF WordPress Newsletter Manager
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-0667 MEDIUM This Month

The RMI interface in Cisco Secure Access Control System (ACS) does not properly enforce authorization requirements, which allows remote authenticated users to read arbitrary files via a request to. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Cisco Secure Access Control System
NVD
CVSS 2.0
6.3
EPSS
0.6%
CVE-2014-0666 MEDIUM This Month

Directory traversal vulnerability in the Send Screen Capture implementation in Cisco Jabber 9.2(.1) and earlier on Windows allows remote attackers to upload arbitrary types of files, and consequently. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 10.4% and no vendor patch available.

RCE Path Traversal Microsoft Cisco Jabber
NVD
CVSS 2.0
4.3
EPSS
10.4%
CVE-2013-6642 MEDIUM This Month

Google Chrome through 32.0.1700.23 on Android allows remote attackers to spoof the address bar via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome
NVD
CVSS 2.0
5.0
EPSS
0.1%
CVE-2013-6325 MEDIUM This Month

IBM WebSphere Application Server 7.x before 7.0.0.31, 8.0.x before 8.0.0.8, and 8.5.x before 8.5.5.2 allows remote attackers to cause a denial of service (resource consumption) via a crafted request. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service IBM Websphere Application Server
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2014-1472 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Vulnerability Manager
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2012-6621 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.1, 3.1.2, 3.2.3, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Email Address or (2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

PHP XSS Getsimple Cms
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2012-6623 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in fs-admin/wpf-add-forum.php in the ForumPress WP Forum Server plugin before 1.7.5 for WordPress allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

WordPress PHP XSS Forumpress
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-6687 MEDIUM This Month

The web portal in the Enterprise License Manager component in Cisco WebEx Meetings Server allows remote authenticated users to discover the cleartext administrative password by reading HTML source. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Webex Meetings Server
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-6725 LOW Monitor

Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server 7.x before 7.0.0.31, 8.0.x before 8.0.0.8, and 8.5.x before 8.5.5.2 allows remote. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Websphere Application Server
NVD
CVSS 2.0
3.5
EPSS
0.3%
CVE-2013-6330 LOW Monitor

IBM WebSphere Application Server 7.x before 7.0.0.31, when simpleFileServlet static file caching is enabled, allows remote authenticated users to obtain sensitive information via unspecified vectors. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM Websphere Application Server
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-2139 LOW Monitor

Buffer overflow in srtp.c in libsrtp in srtp 1.4.5 and earlier allows remote attackers to cause a denial of service (crash) via vectors related to a length inconsistency in the. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Fedora Opensuse Libsrtp
NVD GitHub
CVSS 2.0
2.6
EPSS
1.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy