Skip to main content
CVE-2014-2916 MEDIUM POC PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the subscription page editor (spageedit) in phpList before 3.0.6 allows remote attackers to hijack the authentication of administrators via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

CSRF Phplist
NVD VulDB
CVSS 2.0
6.8
EPSS
0.2%
CVE-2013-7003 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) full name field, (2) company field, or (3). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Livezilla
NVD VulDB
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-0469 MEDIUM This Month

Stack-based buffer overflow in a certain Debian patch for xbuffy before 3.3.bl.3.dfsg-9 allows remote attackers to execute arbitrary code via the subject of an email, possibly related to indent. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Debian Buffer Overflow RCE Xbuffy
NVD VulDB
CVSS 2.0
6.8
EPSS
3.7%
CVE-2013-0350 MEDIUM This Month

tmp_smtp.c in pktstat 1.8.5 allows local users to overwrite arbitrary files via a symlink attack on /tmp/smtp.log. Rated medium severity (CVSS 6.3). No vendor patch available.

Information Disclosure Pkstat
NVD VulDB
CVSS 2.0
6.3
EPSS
0.0%
CVE-2013-6418 MEDIUM PATCH This Month

PyWBEM 0.7 and earlier uses a separate connection to validate X.509 certificates, which allows man-in-the-middle attackers to spoof a peer via an arbitrary certificate. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Information Disclosure Pywbem
NVD VulDB
CVSS 2.0
5.8
EPSS
0.3%
CVE-2013-6444 MEDIUM PATCH This Month

PyWBEM 0.7 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Information Disclosure Pywbem
NVD VulDB
CVSS 2.0
5.8
EPSS
0.3%
CVE-2013-4215 MEDIUM This Month

The IPXPING_COMMAND in contrib/check_ipxping.c in Nagios Plugins 1.4.16 allows local users to gain privileges via a symlink attack on /tmp/ipxping/ipxping. Rated medium severity (CVSS 4.4). No vendor patch available.

Information Disclosure Plugins
NVD VulDB
CVSS 2.0
4.4
EPSS
0.1%
CVE-2013-3736 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the MobileUI (aka RT-Extension-MobileUI) extension before 1.04 in Request Tracker (RT) 4.0.0 before 4.0.13 allows remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Request Tracker Rt Extension Mobileui
NVD VulDB
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-0149 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Red Hat JBoss Web Framework Kit 2.5.0 allow remote attackers to inject arbitrary web script or HTML via a (1) parameter or (2) id name. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Red Hat Jboss Web Framework Kit
NVD VulDB
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy