Skip to main content
CVE-2014-2928 HIGH POC THREAT Act Now

The iControl API in F5 BIG-IP LTM, APM, ASM, GTM, Link Controller, and PSM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, BIG-IP AAM 11.4.0 through 11.5.1, BIG-IP AFM and PEM 11.3.0 through 11.5.1,. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 64.6%.

Information Disclosure Big Ip Webaccelerator Big Ip Local Traffic Manager Big Ip Protocol Security Module Big Ip Link Controller +5
NVD Exploit-DB
CVSS 2.0
7.1
EPSS
64.6%
Threat
4.9
CVE-2013-5671 HIGH POC PATCH This Week

lib/dragonfly/imagemagickutils.rb in the fog-dragonfly gem 0.8.2 for Ruby allows remote attackers to execute arbitrary commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Fog Dragonfly
NVD
CVSS 2.0
7.5
EPSS
2.2%
CVE-2013-5748 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in management/prioritize_planning.php in SimpleRisk before 20130916-001 allows remote attackers to hijack the authentication of users for requests that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF PHP Simplerisk
NVD GitHub Exploit-DB
CVSS 2.0
6.8
EPSS
0.2%
CVE-2013-5984 MEDIUM POC PATCH This Month

Directory traversal vulnerability in userfiles/modules/admin/backup/delete.php in Microweber before 0.830 allows remote attackers to delete arbitrary files via a .. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal PHP Microweber
NVD GitHub
CVSS 2.0
6.4
EPSS
1.1%
CVE-2013-4772 CRITICAL Act Now

D-Link DIR-505L SharePort Mobile Companion 1.01 and DIR-826L Wireless N600 Cloud Router 1.02 allows remote attackers to bypass authentication via a direct request when an authorized session is active. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

D-Link Authentication Bypass Dir 826L Wireless N600 Cloud Router Firmware Dir 826L Wireless N600 Cloud Router Dir 505L Shareport Mobile Companion Firmware +1
NVD
CVSS 2.0
9.3
EPSS
0.1%
CVE-2014-3243 MEDIUM POC PATCH This Month

SOAPpy 0.12.5 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted SOAP request containing. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Soappy
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2014-3242 MEDIUM POC This Month

SOAPpy 0.12.5 allows remote attackers to read arbitrary files via a SOAP request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Information Disclosure Soappy
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2014-2301 MEDIUM POC This Month

OrbiTeam BSCW before 5.0.8 allows remote attackers to obtain sensitive metadata via the inf operations (op=inf) to an object in pub/bscw.cgi/. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bscw
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-5749 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in management/prioritize_planning.php in SimpleRisk before 20130916-001 allows remote attackers to inject arbitrary web script or HTML via the new_project. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Simplerisk
NVD GitHub
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-6453 HIGH PATCH This Week

MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 does not properly sanitize SVG files, which allows remote attackers to have unspecified impact via invalid XML. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Mediawiki
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2013-4571 HIGH PATCH This Week

Buffer overflow in php-luasandbox in the Scribuntu extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 has unspecified impact and remote vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Mediawiki
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2013-4581 MEDIUM PATCH This Month

GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote attackers to execute arbitrary code via a crafted change using SSH. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Gitlab Code Injection Gitlab Shell
NVD
CVSS 2.0
6.8
EPSS
1.1%
CVE-2014-3454 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in Special:CreateCategory in the SemanticForms extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Mediawiki
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-3455 MEDIUM PATCH This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) CreateProperty, (2) CreateTemplate, (3) CreateForm, and (4) CreateClass special pages in the SemanticForms extension for. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Mediawiki
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-4580 MEDIUM PATCH This Month

GitLab before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1, when using a MySQL backend, allows remote attackers to impersonate arbitrary users and bypass authentication. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Gitlab Authentication Bypass
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-4570 MEDIUM PATCH This Month

The zend_inline_hash_func function in php-luasandbox in the Scribuntu extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Mediawiki
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2013-6472 MEDIUM PATCH This Month

MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain information about deleted page via the (1) log API, (2) enhanced RecentChanges, and (3) user. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Mediawiki
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2013-6454 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via a -o-link. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Mediawiki
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-6452 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via crafted XSL in an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Mediawiki
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-4574 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the TimeMediaHandler extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Mediawiki
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-4577 LOW PATCH Monitor

A certain Debian patch for GNU GRUB uses world-readable permissions for grub.cfg, which allows local users to obtain password hashes, as demonstrated by reading the password_pbkdf2 directive in the. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Debian Privilege Escalation Grub
NVD
CVSS 2.0
2.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy