Vulnerabilities > Searchblox > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-08-28 | CVE-2013-3597 | Information Exposure vulnerability in Searchblox servlet/CollectionListServlet in SearchBlox before 7.5 build 1 allows remote attackers to read usernames and passwords via a getList action. | 5.0 |
| 2013-08-28 | CVE-2013-3590 | Remote Command Injection vulnerability in SearchBlox Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 7.5 build 1 allows remote attackers to execute arbitrary code by uploading an executable file with the image/jpeg content type, and then accessing this file via unspecified vectors, as demonstrated by access to a JSP file. network searchblox | 6.8 |