Skip to main content
CVE-2014-0166 MEDIUM This Month

The wp_validate_auth_cookie function in wp-includes/pluggable.php in WordPress before 3.7.2 and 3.8.x before 3.8.2 does not properly determine the validity of authentication cookies, which makes it. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 31.6% and no vendor patch available.

WordPress PHP Authentication Bypass
NVD VulDB
CVSS 2.0
6.4
EPSS
31.6%
CVE-2014-2583 MEDIUM POC This Month

Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create arbitrary files or possibly bypass authentication. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Path Traversal Linux Pam
NVD VulDB
CVSS 2.0
5.8
EPSS
1.5%
CVE-2014-0331 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the web administration interface in FortiADC with firmware before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the locale. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Fortiadc Firmware Fortiadc 1000E Fortiadc 1500D Fortiadc 2000D +5
NVD VulDB
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-3252 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the options admin page in the WP-PostViews plugin before 1.63 for WordPress allows remote attackers to hijack the authentication of administrators. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF WordPress Wp Postviews
NVD VulDB
CVSS 2.0
6.8
EPSS
0.2%
CVE-2013-2699 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the underConstruction plugin before 1.09 for WordPress allows remote attackers to hijack the authentication of administrators for requests that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF WordPress Underconstruction
NVD VulDB
CVSS 2.0
6.8
EPSS
0.2%
CVE-2013-2693 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the Options in the WP-Print plugin before 2.52 for WordPress allows remote attackers to hijack the authentication of administrators for requests. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF WordPress Wp Print
NVD VulDB
CVSS 2.0
6.8
EPSS
0.2%
CVE-2013-3251 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the qTranslate plugin 2.5.34 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF WordPress Qtranslate
NVD VulDB
CVSS 2.0
6.8
EPSS
0.2%
CVE-2012-4921 MEDIUM This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the DVS Custom Notification plugin 1.0.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

XSS CSRF WordPress Dvs Custom Notification
NVD VulDB
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-6468 MEDIUM This Month

JBoss Drools, Red Hat JBoss BRMS before 6.0.1, and Red Hat JBoss BPM Suite before 6.0.1 allows remote authenticated users to execute arbitrary Java code via a (1) MVFLEX Expression Language (MVEL) or. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java RCE Code Injection Red Hat Jboss Bpm Suite +2
NVD VulDB
CVSS 2.0
6.5
EPSS
0.5%
CVE-2014-0908 MEDIUM This Month

The User Attribute implementation in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.2, and 8.5.x through 8.5.0.1 does not verify authorization for read or write access. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

IBM Privilege Escalation Business Process Manager
NVD VulDB
CVSS 2.0
6.0
EPSS
0.5%
CVE-2013-0740 MEDIUM This Month

Open redirect vulnerability in Dell OpenManage Server Administrator (OMSA) before 7.3.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Open Redirect Dell Openmanage Server Administrator
NVD VulDB
CVSS 2.0
5.8
EPSS
0.3%
CVE-2013-7366 MEDIUM This Month

The SAP Software Deployment Manager (SDM), in certain unspecified conditions, allows remote attackers to cause a denial of service via vectors related to failed authentications. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service SAP Authentication Bypass Software Deployment Manager
NVD VulDB
CVSS 2.0
5.0
EPSS
1.1%
CVE-2014-2749 MEDIUM This Month

The HANA ICM process in SAP HANA allows remote attackers to obtain the platform version, host name, instance number, and possibly other sensitive information via a malformed HTTP GET request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Hana
NVD VulDB
CVSS 2.0
5.0
EPSS
0.5%
CVE-2013-7361 MEDIUM This Month

Directory traversal vulnerability in SAP CMS and CM Services allows attackers to upload arbitrary files via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal SAP Cm Services Cms Services
NVD VulDB
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-7356 MEDIUM This Month

Unspecified vulnerability in the SAP CCMS / Database Monitors for Oracle allows attackers to obtain the database password via unknown vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Oracle Ccms Database Monitor
NVD VulDB
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-7359 MEDIUM This Month

Unspecified vulnerability in SAP Mobile Infrastructure allows remote attackers to obtain sensitive port information via unknown vectors, related to an "internal port scanning" issue. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Mobile Infrastructure
NVD VulDB
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-7358 MEDIUM This Month

Unspecified vulnerability in SAP Guided Procedures Archive Monitor allows remote attackers to obtain usernames, roles, profiles, and possibly other identity information via unknown vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Guided Procedures Archive Monitor
NVD VulDB
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-7357 MEDIUM This Month

Unspecified vulnerability in the configuration service in SAP J2EE Engine allows remote attackers to obtain credential information via unknown vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP J2Ee Engine
NVD VulDB
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-2128 MEDIUM This Month

The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.47, 8.3 before 8.3(2.40), 8.4 before 8.4(7.3), 8.6 before 8.6(1.13), 9.0 before 9.0(3.8), and 9.1. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Adaptive Security Appliance Software
NVD VulDB
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-7365 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in SAP Enterprise Portal allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS SAP Enterprise Portal
NVD VulDB
CVSS 2.0
4.3
EPSS
0.5%
CVE-2012-6132 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the otk parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Roundup
NVD VulDB
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-0165 MEDIUM This Month

WordPress before 3.7.2 and 3.8.x before 3.8.2 allows remote authenticated users to publish posts by leveraging the Contributor role, related to wp-admin/includes/post.php and. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Privilege Escalation PHP
NVD VulDB
CVSS 2.0
4.0
EPSS
0.5%
CVE-2014-2141 MEDIUM This Month

The session-termination functionality on Cisco ONS 15454 controller cards with software 9.6 and earlier does not initialize an unspecified pointer, which allows remote authenticated users to cause a. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Buffer Overflow Cisco Ons 15454 System Software Ons 15454
NVD VulDB
CVSS 2.0
4.0
EPSS
0.4%
CVE-2014-0920 MEDIUM This Month

IBM SPSS Analytic Server 1.0 before IF002 and 1.0.1 before IF004 logs cleartext passwords, which allows remote authenticated users to obtain sensitive information via unspecified vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Spss Analytic Server
NVD VulDB
CVSS 2.0
4.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy