Skip to main content
CVE-2014-1407 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities on the Conceptronic C54APM access point with runtime code 1.26 allow remote attackers to inject arbitrary web script or HTML via (1) the submit-url. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS C54Apm Firmware C54Apm
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-1406 MEDIUM POC This Month

CRLF injection vulnerability in goform/formWlSiteSurvey on the Conceptronic C54APM access point with runtime code 1.26 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE C54Apm Firmware C54Apm
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-0664 MEDIUM This Month

The server in Cisco Unity Connection allows remote authenticated users to cause a denial of service (CPU consumption) via unspecified IMAP commands, aka Bug ID CSCul49976. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Unity Connection
NVD
CVSS 2.0
6.8
EPSS
1.8%
CVE-2013-6334 MEDIUM This Month

IBM Atlas eDiscovery Process Management 6.0.1.5 and earlier and 6.0.2, Disposal and Governance Management for IT 6.0.1.5 and earlier and 6.0.2, and Global Retention Policy and Schedule Management. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass IBM Atlas Ediscovery Process Management Atlas Suite Disposal And Governance Management For It +1
NVD
CVSS 2.0
6.4
EPSS
0.2%
CVE-2014-1405 MEDIUM This Month

Multiple open redirect vulnerabilities on the Conceptronic C54APM access point with runtime code 1.26 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Open Redirect C54Apm Firmware C54Apm
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2014-0658 MEDIUM This Month

Cisco 9900 Unified IP phones allow remote attackers to cause a denial of service (unregistration) via a crafted SIP header, aka Bug ID CSCul24898. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Cisco Unified Ip Phones 9900 Series Firmware Unified Ip Phone 9951 Unified Ip Phone 9971
NVD
CVSS 2.0
5.4
EPSS
1.7%
CVE-2013-5010 MEDIUM This Month

The Application/Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Endpoint Protection
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2014-0977 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Rich Text Editor in Movable Type 5.0x, 5.1x before 5.161, 5.2.x before 5.2.9, and 6.0.x before 6.0.1 allows remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Movabletype
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-0663 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the web framework in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco XSS Secure Access Control System
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2013-6974 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the web interface in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco XSS Secure Access Control System
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-7288 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the mycode_parse_video function in inc/class_parser.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

PHP XSS Mybb
NVD GitHub
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-7289 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in register.php in Andy's PHP Knowledgebase (Aphpkb) before 0.95.8 allow remote attackers to inject arbitrary web script or HTML via the (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

PHP XSS Aphpkb
NVD
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy