Skip to main content
CVE-2013-1668 HIGH POC This Week

The uploadFile function in upload/index.php in CosCMS before 1.822 allows remote administrators to execute arbitrary commands via shell metacharacters in the name of an uploaded file. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Command Injection PHP Coscms
NVD Exploit-DB GitHub
CVSS 2.0
8.5
EPSS
9.1%
CVE-2014-3848 MEDIUM POC THREAT This Month

The iMember360 plugin before 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to obtain database credentials via the i4w_dbinfo parameter. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 15.3%.

WordPress Privilege Escalation Imember360
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
15.3%
CVE-2014-3442 MEDIUM POC THREAT This Month

Winamp 5.666 and earlier allows remote attackers to cause a denial of service (memory corruption and crash) via a malformed .FLV file, related to f263.w5s. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 17.0%.

Denial Of Service Buffer Overflow Winamp
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
17.0%
CVE-2013-2713 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in users_maint.html in KrisonAV CMS before 3.0.2 allows remote attackers to hijack the authentication of administrators for requests that create user. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Krisonav
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.9%
CVE-2013-2107 MEDIUM POC PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the Mail On Update plugin before 5.2.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

CSRF WordPress PHP Mail On Update
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.7%
CVE-2014-3849 MEDIUM POC THREAT This Month

The iMember360 plugin 3.8.012 through 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to delete arbitrary users via a request containing a user name in the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 10.3%.

WordPress Privilege Escalation Imember360
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
10.3%
CVE-2013-2712 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in services/get_article.php in KrisonAV CMS before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the content parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Krisonav
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
6.6%
CVE-2013-1864 MEDIUM POC PATCH This Month

The Portable Tool Library (aka PTLib) before 2.10.10, as used in Ekiga before 4.0.1, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Buffer Overflow Portable Tool Library Ekiga Suse Linux Enterprise Software Development Kit +1
NVD
CVSS 2.0
4.3
EPSS
2.7%
CVE-2013-2757 HIGH PATCH This Week

Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C does not properly restrict access to VNC ports on the management network, which allows remote attackers to have. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Citrix Privilege Escalation Cloudplatform
NVD
CVSS 2.0
7.5
EPSS
1.9%
CVE-2014-3450 HIGH This Week

Unspecified vulnerability in Panda Gold Protection and Global Protection 2014 7.01.01 and earlier, Internet Security 2014 19.01.01 and earlier, and AV Pro 2014 13.01.01 and earlier allows local users. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Panda Av Pro 2014 Panda Global Protection 2014 Panda Gold Protection Panda Internet Security 2014 +1
NVD
CVSS 2.0
7.2
EPSS
0.0%
CVE-2012-5649 MEDIUM This Month

Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to execute arbitrary code via a JSONP callback, related to Adobe Flash. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Adobe RCE Code Injection Apache Couchdb
NVD
CVSS 2.0
6.8
EPSS
1.8%
CVE-2013-2756 MEDIUM PATCH This Month

Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C allows remote attackers to bypass the console proxy authentication by leveraging. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Apache Citrix Authentication Bypass Cloudstack Cloudplatform
NVD
CVSS 2.0
5.0
EPSS
3.1%
CVE-2013-2758 MEDIUM PATCH This Month

Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C uses a hash of a predictable sequence, which makes it easier for remote attackers. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Citrix Information Disclosure Apache Cloudstack Cloudplatform
NVD
CVSS 2.0
5.0
EPSS
2.8%
CVE-2013-4223 MEDIUM This Month

The Gentoo Nullmailer package before 1.11-r2 uses world-readable permissions for /etc/nullmailer/remotes, which allows local users to obtain SMTP authentication credentials by reading the file. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Nullmailer
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2013-0289 MEDIUM PATCH This Month

Isync 0.4 before 1.0.6, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Isync
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-3801 LOW PATCH Monitor

OpenStack Orchestration API (Heat) 2013.2 through 2013.2.3 and 2014.1, when creating the stack for a template using a provider template, allows remote authenticated users to obtain the provider. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Heat
NVD
CVSS 2.0
3.5
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy