Skip to main content
CVE-2013-4449 MEDIUM This Month

The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 68.7% and no vendor patch available.

Denial Of Service Debian Linux Openldap
NVD
CVSS 2.0
4.3
EPSS
68.7%
CVE-2013-1466 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in glFusion before 1.2.2.pl4 allow remote attackers to inject arbitrary web script or HTML via the (1) subject parameter to profiles.php; (2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

PHP XSS Glfusion
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
8.7%
CVE-2013-3639 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Xaraya 2.4.0-b1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) interface, (3) name, or (4). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Xaraya
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
6.3%
CVE-2013-1880 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet in the demo web application in Apache ActiveMQ before 5.9.0 allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Apache XSS Activemq
NVD
CVSS 2.0
4.3
EPSS
1.4%
CVE-2014-1403 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in name.html in easyXDM before 2.4.19 allows remote attackers to inject arbitrary web script or HTML via the location.hash value. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Easyxdm
NVD GitHub
CVSS 2.0
4.3
EPSS
0.8%
CVE-2013-1967 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in flashmediaelement.swf in MediaElement.js before 2.11.2, as used in ownCloud Server 5.0.x before 5.0.5 and 4.5.x before 4.5.10, allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Mediaelement Js Owncloud Server
NVD GitHub
CVSS 2.0
4.3
EPSS
0.6%
CVE-2013-1470 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in calendar/index.php in the Calendar plugin in Geeklog before 1.8.2sr1 and 2.0.0 before 2.0.0rc2 allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

PHP XSS Geeklog
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-0755 MEDIUM This Month

Rockwell Automation RSLogix 5000 7 through 20.01, and 21.0, does not properly implement password protection for .ACD files (aka project files), which allows local users to obtain sensitive. Rated medium severity (CVSS 6.3). No vendor patch available.

Information Disclosure Rockwell Rslogix 5000 Design And Configuration Software
NVD
CVSS 2.0
6.3
EPSS
0.0%
CVE-2013-2074 MEDIUM This Month

kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an "internal server error," which includes the username and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Kdelibs
NVD
CVSS 2.0
5.0
EPSS
1.5%
CVE-2014-1833 MEDIUM This Month

Directory traversal vulnerability in uupdate in devscripts 2.14.1 allows remote attackers to modify arbitrary files via a crafted .orig.tar file, related to a symlink. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Devscripts
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2014-1439 MEDIUM This Month

The libxml_disable_entity_loader function in runtime/ext/ext_simplexml.cpp in HipHop Virtual Machine for PHP (HHVM) before 2.4.0 and 2.3.x before 2.3.3 does not properly disable a certain libxml. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XXE Hiphop Virtual Machine For Php
NVD GitHub
CVSS 2.0
5.0
EPSS
0.4%
CVE-2012-0059 MEDIUM This Month

A flaw was found in Spacewalk-backend. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 3.1
4.9
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy