Skip to main content
CVE-2013-2225 MEDIUM POC THREAT This Month

inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the _predefined_fields parameter to front/ticket.form.php. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.3%.

Deserialization PHP Glpi
NVD Exploit-DB
CVSS 2.0
6.4
EPSS
12.3%
CVE-2014-2720 MEDIUM POC This Month

IZArc 4.1.8 displays a file's name on the basis of a ZIP archive's Central Directory entry, but launches this file on the basis of a ZIP archive's local file header, which allows user-assisted remote. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE Code Injection Izarc
NVD
CVSS 2.0
6.8
EPSS
2.0%
CVE-2013-2125 MEDIUM POC This Month

OpenSMTPD before 5.3.2 does not properly handle SSL sessions, which allows remote attackers to cause a denial of service (connection blocking) by keeping a connection open. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Opensmtpd
NVD
CVSS 2.0
5.0
EPSS
1.4%
CVE-2013-1883 MEDIUM POC PATCH This Month

Mantis Bug Tracker (aka MantisBT) 1.2.12 before 1.2.15 allows remote attackers to cause a denial of service (resource consumption) via a filter using a criteria, text search, and the "any condition". Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Mantisbt
NVD GitHub
CVSS 2.0
5.0
EPSS
1.4%
CVE-2013-2124 MEDIUM POC PATCH This Month

Double free vulnerability in inspect-fs.c in LibguestFS 1.20.x before 1.20.7, 1.21.x, 1.22.0, and 1.23.0 allows remote attackers to cause a denial of service (crash) via empty guest files. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Libguestfs
NVD GitHub
CVSS 2.0
4.3
EPSS
0.9%
CVE-2014-3870 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the bib2html plugin 0.9.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the styleShortName parameter in an adminStyleAdd. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Bib2Html
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-0214 MEDIUM PATCH This Month

login/token.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 creates a MoodleMobile web-service token with an infinite lifetime, which makes it easier for. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

PHP Authentication Bypass Moodle
NVD
CVSS 2.0
6.8
EPSS
0.5%
CVE-2013-3477 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the Related Posts by Zemanta plugin before 1.3.2 for WordPress allows remote attackers to hijack the authentication of unspecified users for. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF WordPress Related Posts
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-2698 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the Calendar plugin before 1.3.3 for WordPress allows remote attackers to hijack the authentication of users for requests that add a calendar entry. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF WordPress Calendar
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-0213 MEDIUM PATCH This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in mod/assign/locallib.php in the Assignment subsystem in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF PHP Moodle
NVD VulDB
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-0240 MEDIUM This Month

The mod_wsgi module before 3.5 for Apache, when daemon mode is enabled, does not properly handle error codes returned by setuid when run on certain Linux kernels, which allows local users to gain. Rated medium severity (CVSS 6.2). No vendor patch available.

Privilege Escalation Apache Mod Wsgi
NVD
CVSS 2.0
6.2
EPSS
0.2%
CVE-2012-5662 MEDIUM This Month

x3270 before 3.3.12ga12 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure X3270
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2013-2111 MEDIUM PATCH This Month

The IMAP functionality in Dovecot before 2.2.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via invalid APPEND parameters. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Dovecot
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2013-4598 MEDIUM PATCH This Month

The Groups, Communities and Co (GCC) module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permission, which allows remote attackers to access the configuration pages via unspecified. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Gcc
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2012-6452 MEDIUM This Month

Axway Secure Messenger before 6.5 Updated Release 7, as used in Axway Email Firewall, provides different responses to authentication requests depending on whether the user exists, which allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Email Firewall Secure Messenger
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-0216 MEDIUM PATCH This Month

The My Home implementation in the block_html_pluginfile function in blocks/html/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 does not properly. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

PHP Privilege Escalation Moodle
NVD VulDB
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-0217 MEDIUM PATCH This Month

enrol/index.php in Moodle 2.6.x before 2.6.3 does not check for the moodle/course:viewhiddencourses capability before listing hidden courses, which allows remote attackers to obtain sensitive name. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Moodle
NVD VulDB
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-0218 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the URL downloader repository in repository/url/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS PHP Moodle
NVD VulDB
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-0215 MEDIUM PATCH This Month

The blind-marking implementation in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allows remote authenticated users to de-anonymize student identities by (1). Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Moodle
NVD
CVSS 2.0
4.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy