Skip to main content
CVE-2014-3453 MEDIUM POC This Month

Eval injection vulnerability in the flag_import_form_validate function in includes/flag.export.inc in the Flag module 7.x-3.0, 7.x-3.5, and earlier for Drupal allows remote authenticated. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection Flag
NVD
CVSS 2.0
6.5
EPSS
0.5%
CVE-2013-7382 MEDIUM POC This Month

VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier has a hardcoded password of donotedit for the (1) VDAD and (2) VDCL users, which makes it easier for remote attackers to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Vicidial
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
6.7%
CVE-2013-4489 MEDIUM PATCH This Month

The Grit gem for Ruby, as used in GitLab 5.2 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands, as demonstrated by the search box for the GitLab code. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

RCE Gitlab
NVD
CVSS 2.0
6.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy