Skip to main content
CVE-2013-7323 HIGH POC PATCH This Week

python-gnupg before 0.3.5 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Python Information Disclosure Python Gnupg
NVD
CVSS 2.0
7.5
EPSS
1.2%
CVE-2013-3081 HIGH POC PATCH This Week

SQL injection vulnerability in the checkEmailFormat function in plugins/jojo_core/classes/Jojo.php in Jojo before 1.2.2 allows remote attackers to execute arbitrary SQL commands via the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP SQLi Jojo Cms
NVD Exploit-DB GitHub
CVSS 2.0
7.5
EPSS
0.8%
CVE-2013-2564 MEDIUM POC This Month

Mambo CMS 4.6.5 allows remote attackers to cause a denial of service (memory and bandwidth consumption) by uploading a crafted file. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mambo Cms
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2013-5760 MEDIUM POC This Month

QNAP Photo Station before firmware 4.0.3 build0912 allows remote attackers to list OS user accounts via a request to photo/p/api/list.php. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Qnap PHP Information Disclosure Photo Station Firmware Photo Station
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-3082 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in plugins/jojo_core/forgot_password.php in Jojo before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the search parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Jojo Cms
NVD Exploit-DB GitHub
CVSS 2.0
4.3
EPSS
2.0%
CVE-2013-1756 HIGH PATCH This Week

The Dragonfly gem 0.7 before 0.8.6 and 0.9.x before 0.9.13 for Ruby, when used with Ruby on Rails, allows remote attackers to execute arbitrary code via a crafted request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Dragonfly Gem
NVD GitHub
CVSS 2.0
7.5
EPSS
2.0%
CVE-2014-4003 HIGH This Week

The System Landscape Directory (SLD) in SAP NetWeaver allows remote attackers to modify information via vectors related to adding a system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation SAP Netweaver
NVD
CVSS 2.0
7.5
EPSS
1.2%
CVE-2013-2562 LOW POC Monitor

Mambo CMS 4.6.5 stores the MySQL database password in cleartext in the document root, which allows local users to obtain sensitive information via unspecified vectors. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mambo Cms
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2013-6223 LOW POC Monitor

LiveZilla before 5.1.1.0 stores the admin Base64 encoded username and password in a 1click file, which allows local users to obtain access by reading the file. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Livezilla
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2013-2563 LOW POC Monitor

Mambo CMS 4.6.5 uses world-readable permissions on configuration.php, which allows local users to obtain the admin password hash by reading the file. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP Privilege Escalation Mambo Cms
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-4006 MEDIUM This Month

The SAP Trader's and Scheduler's Workbench (TSW) for SAP Oil & Gas has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Oil Industry Solution Traders And Schedulers Workbench
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-4005 MEDIUM This Month

SAP Brazil add-on has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Brazil
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-4004 MEDIUM This Month

The (1) Structures and (2) Project-Oriented Procurement components in SAP Project System has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Project System
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-4012 MEDIUM This Month

SAP Open Hub Service has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Open Hub Service
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-4011 MEDIUM This Month

SAP Capacity Leveling has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Capacity Leveling
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-4010 MEDIUM This Month

SAP Transaction Data Pool has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Transaction Data Pool
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-4009 MEDIUM This Month

SAP CCMS Monitoring (BC-CCM-MON) has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Computing Center Management System Monitoring
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-4007 MEDIUM This Month

The SAP Upgrade tools for ABAP has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Upgrade Tools
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-4008 MEDIUM This Month

SAP Web Services Tool (CA-WUI-WST) has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Web Services Tool
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-4599 MEDIUM PATCH This Month

The Misery module 6.x-2.x before 6.x-2.5 and 7.x-2.x before 7.x-2.2 for Drupal, when the "delay misery" configuration is set to a high value, allows remote attackers to cause a denial of service. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Denial Of Service Misery
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2013-4595 MEDIUM PATCH This Month

The Secure Pages module 6.x-2.x before 6.x-2.0 for Drupal does not properly match URLs, which causes HTTP to be used instead of HTTPS and makes it easier for remote attackers to obtain sensitive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Secure Pages
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-1973 MEDIUM PATCH This Month

The autocomplete callback in Autocomplete Widgets for Text and Number Fields (autocomplete_widgets) module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.0-rc1 does not properly handle node. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Autocomplete Widgets
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-4597 MEDIUM PATCH This Month

The Revisioning module 7.x-1.x before 7.x-1.6 for Drupal does not properly check node access permissions for content marked unpublished by the Scheduled module, which allows remote authenticated. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Revisioning
NVD
CVSS 2.0
4.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy