Skip to main content
CVE-2013-4490 MEDIUM POC PATCH THREAT This Month

The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before 1.7.3, as used in GitLab 5.0 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 49.8%.

Gitlab Information Disclosure Gitlab Shell
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
49.8%
Threat
4.3
CVE-2013-4562 MEDIUM POC PATCH This Month

The omniauth-facebook gem 1.4.1 before 1.5.0 does not properly store the session parameter, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via the state parameter. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

CSRF Omniauth Facebook
NVD GitHub
CVSS 2.0
6.8
EPSS
0.5%
CVE-2012-6342 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in logout.action in Atlassian Confluence 3.4.6 allows remote attackers to hijack the authentication of administrators for requests that logout the user. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Atlassian CSRF Confluence Server
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-2989 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in Open Assessment Technologies TAO 2.5.6 allows remote attackers to hijack the authentication of administrators for requests that create. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Tao
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-3246 MEDIUM POC This Month

SQL injection vulnerability in Collabtive 1.2 allows remote authenticated users to execute arbitrary SQL commands via the folder parameter in a fileview_list action to manageajax.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Collabtive
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
1.3%
CVE-2013-1407 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Events Manager plugin before 5.3.5 and Events Manager Pro plugin before 2.2.9 for WordPress allow remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS WordPress PHP Events Manager Events Manager Pro
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-4552 HIGH PATCH This Week

lib/Auth/Source/External.php in the drupalauth module before 1.2.2 for simpleSAMLphp allows remote attackers to authenticate as an arbitrary user via the user name (uid) in a cookie. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

PHP Authentication Bypass Drupalauth
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2013-2692 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the Admin web interface in OpenVPN Access Server before 1.8.5 allows remote attackers to hijack the authentication of administrators for requests. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Openvpn Access Server
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2013-2705 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the WordPress Simple Paypal Shopping Cart plugin before 3.6 for WordPress allows remote attackers to hijack the authentication of administrators for. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF WordPress Wordpress Simple Paypal Shopping Cart
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-4546 MEDIUM PATCH This Month

The repository import feature in gitlab-shell before 1.7.4, as used in GitLab, allows remote authenticated users to execute arbitrary commands via the import URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Gitlab Information Disclosure Gitlab Shell
NVD
CVSS 2.0
6.5
EPSS
0.2%
CVE-2013-4501 MEDIUM PATCH This Month

The default views in the Quiz module 6.x-4.x before 6.x-4.5 for Drupal allows remote attackers to obtain sensitive quiz results via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Quiz
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-4500 MEDIUM PATCH This Month

The Quiz module 6.x-4.x before 6.x-4.5 for Drupal allows remote authenticated users with the "view any quiz results" or "view results for own quiz" permission to delete arbitrary results via the. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable.

Privilege Escalation Quiz
NVD
CVSS 2.0
4.9
EPSS
0.4%
CVE-2014-3456 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in GitLab Enterprise Edition (EE) 6.6.0 before 6.6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Gitlab
NVD
CVSS 2.0
4.3
EPSS
0.1%
CVE-2013-4502 MEDIUM PATCH This Month

The FileField Sources module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.9 for Drupal does not properly check file permissions, which allows remote authenticated users to read arbitrary files by. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Filefield Sources
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-4504 LOW PATCH Monitor

The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable.

Privilege Escalation Monster Menus
NVD
CVSS 2.0
2.6
EPSS
0.3%
CVE-2013-4503 LOW Monitor

Cross-site scripting (XSS) vulnerability in the Feed Element Mapper module for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.

XSS Feed Element Mapper
NVD
CVSS 2.0
2.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy