Skip to main content
CVE-2014-2653 MEDIUM POC This Month

The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSH Information Disclosure
NVD VulDB
CVSS 3.1
6.5
EPSS
2.9%
CVE-2013-7346 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in Symphony CMS before 2.3.2 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF SQLi Symphony
NVD Exploit-DB VulDB
CVSS 2.0
6.8
EPSS
0.3%
CVE-2013-2559 MEDIUM POC PATCH This Month

SQL injection vulnerability in Symphony CMS before 2.3.2 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter to system/authors/. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

CSRF SQLi Symphony
NVD GitHub Exploit-DB VulDB
CVSS 2.0
6.5
EPSS
1.2%
CVE-2014-2326 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in cdef.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Fedora Opensuse Cacti +1
NVD VulDB
CVSS 2.0
4.3
EPSS
1.3%
CVE-2014-0089 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in app/views/common/500.html.erb in Foreman 1.4.x before 1.4.2 allows remote authenticated users to inject arbitrary web script or HTML via the bookmark name. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Foreman
NVD VulDB
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-2118 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in dashboard-related HTML documents in Cisco Prime Security Manager (aka PRSM) 9.2(.1-2) and earlier allow remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Prime Security Manager
NVD VulDB
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-0623 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Self-Service Console in EMC RSA Authentication Manager 7.1 before SP4 P32 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Rsa Authentication Manager
NVD VulDB
CVSS 2.0
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy