Skip to main content
CVE-2013-1804 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion before 7.02.06 allow remote attackers to inject arbitrary web script or HTML via the (1) highlight parameter to forum/viewthread.php;. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Php Fusion
NVD Exploit-DB VulDB
CVSS 2.0
4.3
EPSS
8.7%
CVE-2014-1841 MEDIUM POC This Month

Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to copy an arbitrary user's home folder via a Move action with a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Titan Ftp Server
NVD Exploit-DB VulDB
CVSS 2.0
5.0
EPSS
3.8%
CVE-2014-1843 MEDIUM POC This Month

Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to obtain the property information of an arbitrary home folder via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Titan Ftp Server
NVD Exploit-DB VulDB
CVSS 2.0
5.0
EPSS
3.6%
CVE-2014-1842 MEDIUM POC This Month

Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to list all usernames via a Go action with a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Titan Ftp Server
NVD Exploit-DB VulDB
CVSS 2.0
5.0
EPSS
2.4%
CVE-2013-7372 MEDIUM POC PATCH This Month

The engineNextBytes function in classlib/modules/security/src/main/java/common/org/apache/harmony/security/provider/crypto/SHA1PRNG_SecureRandomImpl.java in the SecureRandom implementation in Apache. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Google Information Disclosure Java Apache Harmony +1
NVD VulDB
CVSS 2.0
5.0
EPSS
0.7%
CVE-2013-7111 MEDIUM POC This Month

The put_call function in the API client (api/api_client.rb) in the BaseSpace Ruby SDK (aka bio-basespace-sdk) gem 0.1.7 for Ruby uses the API_KEY on the command line, which allows remote attackers to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Basespace Ruby Sdk
NVD VulDB
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-7284 MEDIUM PATCH This Month

The PlRPC module, possibly 0.2020 and earlier, for Perl uses the Storable module, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Pirpc
NVD VulDB
CVSS 2.0
6.8
EPSS
2.2%
CVE-2013-7302 MEDIUM PATCH This Month

Session fixation vulnerability in the Ubercart module 6.x-2.x before 6.x-2.13 and 7.x-3.x before 7.x-3.6 for Drupal, when the "Log in new customers after checkout" option is enabled, allows remote. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Ubercart
NVD VulDB
CVSS 2.0
6.8
EPSS
0.4%
CVE-2013-7259 MEDIUM PATCH This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Neo4J 1.9.2 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary code, as. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection RCE CSRF Neo4j
NVD GitHub VulDB
CVSS 2.0
6.8
EPSS
0.3%
CVE-2014-2183 MEDIUM This Month

The L2TP module in Cisco IOS XE 3.10S(.2) and earlier on ASR 1000 routers allows remote authenticated users to cause a denial of service (ESP card reload) via a malformed L2TP packet, aka Bug ID. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Cisco Denial Of Service Ios Xe Asr 1001 +7
NVD VulDB
CVSS 2.0
6.3
EPSS
0.3%
CVE-2014-2182 MEDIUM This Month

Cisco Adaptive Security Appliance (ASA) Software, when DHCPv6 replay is configured, allows remote attackers to cause a denial of service (device reload) via a crafted DHCPv6 packet, aka Bug ID. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance Software
NVD VulDB
CVSS 2.0
6.1
EPSS
0.6%
CVE-2013-7065 MEDIUM PATCH This Month

The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to bypass access restrictions and post to arbitrary groups via a group audience field, as demonstrated by the. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Privilege Escalation Organic Groups
NVD VulDB
CVSS 2.0
5.8
EPSS
0.2%
CVE-2014-2184 MEDIUM This Month

The IP Manager Assistant (IPMA) component in Cisco Unified Communications Manager (Unified CM) allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCun74352. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Unified Communications Manager
NVD VulDB
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-7063 MEDIUM This Month

The Invitation module 7.x-2.x for Drupal does not properly check permissions, which allows remote attackers to obtain sensitive information via unspecified default views. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Invitation
NVD VulDB
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-7068 MEDIUM PATCH This Month

The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users to bypass group restrictions on nodes with all groups set to optional input via an empty group field. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable.

Privilege Escalation Organic Groups
NVD VulDB
CVSS 2.0
4.9
EPSS
0.2%
CVE-2013-7220 MEDIUM This Month

js/ui/screenShield.js in GNOME Shell (aka gnome-shell) before 3.8 allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation with the keyboard focus. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Gnome Shell
NVD GitHub VulDB
CVSS 2.0
4.6
EPSS
0.1%
CVE-2013-7221 MEDIUM This Month

The automatic screen lock functionality in GNOME Shell (aka gnome-shell) before 3.10 does not prevent access to the "Enter a Command" dialog, which allows physically proximate attackers to execute. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Gnome Shell
NVD VulDB
CVSS 2.0
4.6
EPSS
0.1%
CVE-2014-2853 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in includes/actions/InfoAction.php in MediaWiki before 1.21.9 and 1.22.x before 1.22.6 allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS PHP Mediawiki
NVD GitHub VulDB
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-7234 MEDIUM This Month

Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows remote attackers to conduct clickjacking attacks via an X-Frame-Options header. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Simple Machines Forum
NVD VulDB
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-7066 MEDIUM PATCH This Month

The Entity reference module 7.x-1.x before 7.x-1.1-rc1 for Drupal allows remote attackers to read private nodes titles by leveraging edit permissions to a node that references a private node. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Privilege Escalation Entityreference
NVD VulDB
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-2185 MEDIUM This Month

The Call Detail Records (CDR) Management component in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive information by reading extraneous fields. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Unified Communications Manager
NVD VulDB
CVSS 2.0
4.0
EPSS
0.2%
CVE-2014-2180 MEDIUM This Month

The Document Management component in Cisco Unified Contact Center Express does not properly validate a parameter, which allows remote authenticated users to upload files to arbitrary pathnames via a. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Unified Contact Center Enterprise Unified Contact Center Express Editor Software
NVD VulDB
CVSS 2.0
4.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy