Skip to main content
CVE-2013-5748 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in management/prioritize_planning.php in SimpleRisk before 20130916-001 allows remote attackers to hijack the authentication of users for requests that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF PHP Simplerisk
NVD GitHub Exploit-DB
CVSS 2.0
6.8
EPSS
0.2%
CVE-2013-5984 MEDIUM POC PATCH This Month

Directory traversal vulnerability in userfiles/modules/admin/backup/delete.php in Microweber before 0.830 allows remote attackers to delete arbitrary files via a .. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal PHP Microweber
NVD GitHub
CVSS 2.0
6.4
EPSS
1.1%
CVE-2014-3243 MEDIUM POC PATCH This Month

SOAPpy 0.12.5 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted SOAP request containing. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Soappy
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2014-3242 MEDIUM POC This Month

SOAPpy 0.12.5 allows remote attackers to read arbitrary files via a SOAP request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Information Disclosure Soappy
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2014-2301 MEDIUM POC This Month

OrbiTeam BSCW before 5.0.8 allows remote attackers to obtain sensitive metadata via the inf operations (op=inf) to an object in pub/bscw.cgi/. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bscw
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-5749 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in management/prioritize_planning.php in SimpleRisk before 20130916-001 allows remote attackers to inject arbitrary web script or HTML via the new_project. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Simplerisk
NVD GitHub
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-4581 MEDIUM PATCH This Month

GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote attackers to execute arbitrary code via a crafted change using SSH. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Gitlab Code Injection Gitlab Shell
NVD
CVSS 2.0
6.8
EPSS
1.1%
CVE-2014-3454 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in Special:CreateCategory in the SemanticForms extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Mediawiki
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-3455 MEDIUM PATCH This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) CreateProperty, (2) CreateTemplate, (3) CreateForm, and (4) CreateClass special pages in the SemanticForms extension for. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Mediawiki
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-4580 MEDIUM PATCH This Month

GitLab before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1, when using a MySQL backend, allows remote attackers to impersonate arbitrary users and bypass authentication. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Gitlab Authentication Bypass
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-4570 MEDIUM PATCH This Month

The zend_inline_hash_func function in php-luasandbox in the Scribuntu extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Mediawiki
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2013-6472 MEDIUM PATCH This Month

MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain information about deleted page via the (1) log API, (2) enhanced RecentChanges, and (3) user. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Mediawiki
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2013-6454 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via a -o-link. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Mediawiki
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-6452 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via crafted XSL in an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Mediawiki
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-4574 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the TimeMediaHandler extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Mediawiki
NVD
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy