Skip to main content
CVE-2013-4710 CRITICAL POC THREAT Emergency

Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows remote attackers to execute arbitrary. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 76.4%.

Denial Of Service Java Google Android
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
76.4%
Threat
5.7
CVE-2012-6636 MEDIUM POC THREAT This Month

The Android API before 17 does not properly restrict the WebView.addJavascriptInterface method, which allows remote attackers to execute arbitrary methods of Java objects by using the Java Reflection. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 76.3%.

Privilege Escalation Java Google Android Api
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
76.3%
Threat
5.2
CVE-2013-4977 CRITICAL POC THREAT Emergency

Buffer overflow in the RTSP Packet Handler in Hikvision DS-2CD7153-E IP camera with firmware 4.1.0 b130111 (Jan 2013), and possibly other devices, allows remote attackers to cause a denial of service. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 50.2%.

Buffer Overflow Hikvision Denial Of Service RCE Ds 2Cd7153 E Firmware +1
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
50.2%
Threat
5.0
CVE-2014-2013 HIGH POC THREAT Act Now

Stack-based buffer overflow in the xps_parse_color function in xps/xps-common.c in MuPDF 1.3 and earlier allows remote attackers to execute arbitrary code via a large number of entries in the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 34.5%.

Buffer Overflow RCE Mupdf
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
34.5%
Threat
4.0
CVE-2013-4981 CRITICAL POC THREAT Emergency

Buffer overflow in cgi-bin/user/Config.cgi in AVTECH AVN801 DVR with firmware 1017-1003-1009-1003 and earlier, and possibly other devices, allows remote attackers to cause a denial of service (device. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 26.8%.

Buffer Overflow Denial Of Service RCE Avn801 Dvr Firmware Avn801 Dvr
NVD Exploit-DB
CVSS 2.0
9.0
EPSS
26.8%
Threat
4.1
CVE-2013-4980 CRITICAL POC THREAT Emergency

Buffer overflow in the RTSP Packet Handler in AVTECH AVN801 DVR with firmware 1017-1003-1009-1003 and earlier, and possibly other devices, allows remote attackers to cause a denial of service (device. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 26.8%.

Buffer Overflow Denial Of Service RCE Avn801 Dvr Firmware Avn801 Dvr
NVD Exploit-DB
CVSS 2.0
9.0
EPSS
26.8%
Threat
4.1
CVE-2014-1884 HIGH POC This Week

Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier on Windows Phone 7 and 8 do not properly restrict navigation events, which allows remote attackers to bypass intended. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Adobe Apache Microsoft Cordova +1
NVD
CVSS 2.0
7.5
EPSS
2.0%
CVE-2014-1881 HIGH POC PATCH This Week

Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Adobe Apache Cordova Phonegap
NVD
CVSS 2.0
7.5
EPSS
1.9%
CVE-2014-1883 HIGH POC PATCH This Week

Adobe PhoneGap before 2.6.0 on Android uses the shouldOverrideUrlLoading callback instead of the proper shouldInterceptRequest callback, which allows remote attackers to bypass intended. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Adobe Google Phonegap
NVD GitHub
CVSS 2.0
7.5
EPSS
1.3%
CVE-2012-6637 HIGH POC PATCH This Week

Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier do not anchor the end of domain-name regular expressions, which allows remote attackers to bypass a whitelist protection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Adobe Apache Authentication Bypass Cordova Phonegap
NVD
CVSS 2.0
7.5
EPSS
1.3%
CVE-2014-2211 HIGH POC This Week

SQL injection vulnerability in portal/addtoapplication.php in POSH (aka Posh portal or Portaneo) 3.0 before 3.3.0 allows remote attackers to execute arbitrary SQL commands via the rssurl parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Posh
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.3%
CVE-2014-1886 MEDIUM POC This Month

The Edinburgh by Bus application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently access external-storage. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Privilege Escalation Adobe Google Edinburgh By Bus
NVD
CVSS 2.0
6.8
EPSS
0.5%
CVE-2014-1684 MEDIUM POC THREAT This Month

The ASF_ReadObject_file_properties function in modules/demux/asf/libasf.c in the ASF Demuxer in VideoLAN VLC Media Player before 2.1.3 allows remote attackers to cause a denial of service. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 12.8%.

Denial Of Service Vlc Media Player
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
12.8%
CVE-2014-1882 HIGH This Week

Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Adobe Apache Phonegap Cordova
NVD
CVSS 2.0
7.5
EPSS
7.7%
CVE-2013-1409 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the CommentLuv plugin before 2.92.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the _ajax_nonce parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress PHP XSS Commentluv
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
3.4%
CVE-2014-1840 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Upload/search.php in MyBB 1.6.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a do_search. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Mybb
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-1887 MEDIUM POC This Month

The DrinkedIn BarFinder application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently obtain sensitive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Privilege Escalation Adobe Google Drinkedin Barfinder
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-3259 MEDIUM This Month

Stack-based buffer overflow in INMATRIX Zoom Player before 8.7 beta 11 allows remote attackers to execute arbitrary code via a large biClrUsed value in a BMP file. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow RCE Zoom Player
NVD
CVSS 2.0
6.8
EPSS
5.9%
CVE-2014-1939 HIGH This Week

java/android/webkit/BrowserFrame.java in Android before 4.4 uses the addJavascriptInterface API in conjunction with creating an object of the SearchBoxImpl class, which allows attackers to execute. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Google Apple Code Injection RCE +2
NVD
CVSS 2.0
7.5
EPSS
0.2%
CVE-2013-3260 MEDIUM This Month

Heap-based buffer overflow in INMATRIX Zoom Player before 8.7 beta 11 allows remote attackers to execute arbitrary code via a large biClrUsed value in a BMP file. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow RCE Zoom Player
NVD
CVSS 2.0
6.8
EPSS
3.4%
CVE-2014-1885 MEDIUM This Month

The ForzeArmate application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently obtain write access to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Adobe Google Forzearmate
NVD
CVSS 2.0
6.4
EPSS
0.5%
CVE-2014-2040 LOW POC Monitor

Multiple cross-site scripting (XSS) vulnerabilities in the (1) callback_multicheck, (2) callback_radio, and (3) callback_wysiwygin functions in mfrh_class.settings-api.php in the Media File Renamer. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress PHP XSS Media File Renamer
NVD
CVSS 2.0
2.1
EPSS
0.2%
CVE-2013-6493 LOW POC Monitor

The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Java Icedtea Web
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2013-3487 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the security log in the BulletProof Security plugin before .49 for WordPress allow remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

WordPress PHP XSS Bulletproof Security
NVD
CVSS 2.0
4.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy