Skip to main content
CVE-2013-6645 MEDIUM POC PATCH This Month

Use-after-free vulnerability in the OnWindowRemovingFromRootWindow function in content/browser/web_contents/web_contents_view_aura.cc in Google Chrome before 32.0.1700.76 on Windows and before. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Google Use After Free Denial Of Service Memory Corruption Microsoft +3
NVD
CVSS 2.0
6.8
EPSS
1.4%
CVE-2012-6631 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in accounts/admin/index.php in Vessio NetBill 1.2 allows remote attackers to hijack the authentication of administrators for requests that add accounts. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF PHP Netbill
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2013-7294 MEDIUM POC PATCH This Month

The ikev2parent_inI1outR1 function in pluto/ikev2_parent.c in libreswan before 3.7 allows remote attackers to cause a denial of service (restart) via an IKEv2 I1 notification without a KE payload. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Libreswan
NVD GitHub
CVSS 2.0
5.0
EPSS
0.9%
CVE-2012-6622 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in fs-admin/fs-admin.php in the ForumPress WP Forum Server plugin before 1.7.4 for WordPress allow remote attackers to inject arbitrary web script. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

WordPress PHP XSS Forumpress
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
4.1%
CVE-2012-6624 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the SoundCloud Is Gold plugin 2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the width parameter in a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress PHP XSS Soundcloud Is Gold
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
1.8%
CVE-2012-6620 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in the (1) tasks and (2) search views in Horde Kronolith H4 before 3.0.17 allow remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Kronolith H4
NVD GitHub
CVSS 2.0
4.3
EPSS
0.4%
CVE-2012-6630 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Media Library Categories plugin 1.1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) bulk parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress PHP XSS Media Library Categories
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2012-6627 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in admin/test_mail.php in the Newsletter Manager plugin 1.0.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress PHP XSS Newsletter Manager
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2012-6632 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Vessio NetBill 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) full name or (2) file title to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Netbill
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-6628 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Newsletter Manager plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress PHP XSS Newsletter Manager
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-6786 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Allegro RomPager before 4.51, as used on the ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, and D-Link DSL-2640R and DSL-2641R, when the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

D-Link TP-Link XSS Zyxel Huawei +7
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-1473 MEDIUM This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.5 and earlier allow remote attackers to hijack the authentication of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Vulnerability Manager
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2012-6629 MEDIUM This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the Newsletter Manager plugin 1.0.2 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF WordPress Newsletter Manager
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-0667 MEDIUM This Month

The RMI interface in Cisco Secure Access Control System (ACS) does not properly enforce authorization requirements, which allows remote authenticated users to read arbitrary files via a request to. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Cisco Secure Access Control System
NVD
CVSS 2.0
6.3
EPSS
0.6%
CVE-2014-0666 MEDIUM This Month

Directory traversal vulnerability in the Send Screen Capture implementation in Cisco Jabber 9.2(.1) and earlier on Windows allows remote attackers to upload arbitrary types of files, and consequently. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 10.4% and no vendor patch available.

RCE Path Traversal Microsoft Cisco Jabber
NVD
CVSS 2.0
4.3
EPSS
10.4%
CVE-2013-6642 MEDIUM This Month

Google Chrome through 32.0.1700.23 on Android allows remote attackers to spoof the address bar via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome
NVD
CVSS 2.0
5.0
EPSS
0.1%
CVE-2013-6325 MEDIUM This Month

IBM WebSphere Application Server 7.x before 7.0.0.31, 8.0.x before 8.0.0.8, and 8.5.x before 8.5.5.2 allows remote attackers to cause a denial of service (resource consumption) via a crafted request. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service IBM Websphere Application Server
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2014-1472 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Vulnerability Manager
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2012-6621 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.1, 3.1.2, 3.2.3, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Email Address or (2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

PHP XSS Getsimple Cms
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2012-6623 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in fs-admin/wpf-add-forum.php in the ForumPress WP Forum Server plugin before 1.7.5 for WordPress allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

WordPress PHP XSS Forumpress
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-6687 MEDIUM This Month

The web portal in the Enterprise License Manager component in Cisco WebEx Meetings Server allows remote authenticated users to discover the cleartext administrative password by reading HTML source. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Webex Meetings Server
NVD
CVSS 2.0
4.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy