Skip to main content
CVE-2013-3213 HIGH POC This Week

Multiple SQL injection vulnerabilities in vTiger CRM 5.0.0 through 5.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) picklist_name parameter in the get_picklists method to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Vtiger Crm
NVD Exploit-DB VulDB
CVSS 2.0
7.5
EPSS
0.4%
CVE-2013-0729 CRITICAL PATCH Act Now

Heap-based buffer overflow in Tracker Software PDF-XChange before 2.5.208 allows remote attackers to execute arbitrary code via a crafted Define Huffman Table header in a JPEG image file stream in a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable.

RCE Buffer Overflow Pdf Xchange Viewer
NVD VulDB
CVSS 2.0
9.3
EPSS
8.7%
CVE-2013-4240 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the HMS Testimonials plugin before 2.0.11 for WordPress allow remote attackers to hijack the authentication of administrators for. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF WordPress PHP Hms Testimonials
NVD Exploit-DB VulDB
CVSS 2.0
6.8
EPSS
0.8%
CVE-2013-7352 MEDIUM POC PATCH This Month

Cross-site request forgery (CSRF) vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

CSRF PHP SQLi B2Evolution
NVD VulDB
CVSS 2.0
6.8
EPSS
0.3%
CVE-2013-2945 MEDIUM POC PATCH This Month

SQL injection vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote authenticated administrators to execute arbitrary SQL commands via the show_statuses[] parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

CSRF PHP SQLi B2Evolution
NVD Exploit-DB VulDB
CVSS 2.0
6.5
EPSS
1.7%
CVE-2014-2655 MEDIUM POC This Month

SQL injection vulnerability in the gen_show_status function in functions.inc.php in Postfix Admin (aka postfixadmin) before 2.3.7 allows remote authenticated users to execute arbitrary SQL commands. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Postfix Admin
NVD VulDB
CVSS 2.0
6.5
EPSS
0.5%
CVE-2013-5365 CRITICAL PATCH Act Now

Heap-based buffer overflow in Autodesk SketchBook for Enterprise 2014, Pro, and Express before 6.25, and Copic Edition before 2.0.2 allows remote attackers to execute arbitrary code via. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable.

RCE Buffer Overflow Sketchbook Sketchbook Express Sketchbook For Enterprise 2014 +1
NVD VulDB
CVSS 2.0
9.3
EPSS
6.2%
CVE-2013-1770 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in views_view.php in Ganglia Web 3.5.7 allows remote attackers to inject arbitrary web script or HTML via the view_name parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Ganglia Web
NVD GitHub VulDB
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-3484 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in dotCMS before 2.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) _loginUserName parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Dotcms
NVD GitHub VulDB
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-3588 HIGH This Week

The web management interface on Zyxel P660 devices allows remote attackers to cause a denial of service (reboot) via a flood of TCP SYN packets. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zyxel Denial Of Service P 660H 61 P 660H 63 P 660H 67 +8
NVD VulDB
CVSS 2.0
7.8
EPSS
0.7%
CVE-2013-0735 HIGH This Week

Multiple SQL injection vulnerabilities in wpf.class.php in the Mingle Forum plugin before 1.0.34 for WordPress allow remote attackers to execute arbitrary SQL commands via the id parameter in a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi PHP Mingle Forum
NVD VulDB
CVSS 2.0
7.5
EPSS
0.6%
CVE-2014-1310 MEDIUM This Month

WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Safari
NVD VulDB
CVSS 2.0
6.8
EPSS
1.8%
CVE-2014-1302 MEDIUM This Month

WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Safari
NVD VulDB
CVSS 2.0
6.8
EPSS
1.8%
CVE-2014-1311 MEDIUM This Month

WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Safari
NVD VulDB
CVSS 2.0
6.8
EPSS
1.6%
CVE-2014-1308 MEDIUM This Month

WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Safari
NVD VulDB
CVSS 2.0
6.8
EPSS
1.6%
CVE-2014-1307 MEDIUM This Month

WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Safari
NVD VulDB
CVSS 2.0
6.8
EPSS
1.6%
CVE-2014-1305 MEDIUM This Month

WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Safari
NVD VulDB
CVSS 2.0
6.8
EPSS
1.6%
CVE-2014-1304 MEDIUM This Month

WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Safari
NVD VulDB
CVSS 2.0
6.8
EPSS
1.6%
CVE-2014-1298 MEDIUM This Month

WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Safari
NVD VulDB
CVSS 2.0
6.8
EPSS
1.6%
CVE-2014-1301 MEDIUM This Month

WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Safari +1
NVD VulDB
CVSS 2.0
6.8
EPSS
1.3%
CVE-2014-1312 MEDIUM This Month

WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Safari
NVD VulDB
CVSS 2.0
6.8
EPSS
0.9%
CVE-2014-1313 MEDIUM This Month

WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Safari
NVD VulDB
CVSS 2.0
6.8
EPSS
0.8%
CVE-2014-1309 MEDIUM This Month

WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Safari
NVD VulDB
CVSS 2.0
6.8
EPSS
0.8%
CVE-2014-1299 MEDIUM This Month

WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Safari
NVD VulDB
CVSS 2.0
6.8
EPSS
0.8%
CVE-2014-1297 MEDIUM This Month

WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, does not properly validate WebProcess IPC messages, which allows remote attackers to bypass a sandbox protection mechanism and read. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Authentication Bypass Safari
NVD VulDB
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-1942 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in aal/loginverification.aspx in Pearson eSIS Enterprise Student Information System allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Esis Enterprise Student Information System
NVD VulDB
CVSS 2.0
4.3
EPSS
0.8%
CVE-2014-2125 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Web Inbox in Cisco Unity Connection 8.6(2a)SU3 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Unity Connection
NVD VulDB
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-2578 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk before 5.0.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Splunk
NVD VulDB
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-0828 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the WCM (Web Content Manager) UI in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF27, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Websphere Portal
NVD VulDB
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-2138 MEDIUM This Month

CRLF injection vulnerability in the web framework in Cisco Security Manager 4.2 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Code Injection Security Manager
NVD VulDB
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-2137 MEDIUM This Month

CRLF injection vulnerability in the web framework in Cisco Web Security Appliance (WSA) 7.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Code Injection Web Security Virtual Appliance Web Security Appliance
NVD VulDB
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-2553 LOW Monitor

Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote authenticated users to inject arbitrary. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS Otrs
NVD VulDB
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-0901 LOW Monitor

Cross-site scripting (XSS) vulnerability in the Social Rendering implementation in the IBM Connections integration in IBM WebSphere Portal 8.0.0.x before 8.0.0.1 CF11 allows remote authenticated. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Websphere Portal
NVD VulDB
CVSS 2.0
3.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy