Skip to main content
CVE-2014-2341 MEDIUM POC This Month

Session fixation vulnerability in CubeCart before 5.2.9 allows remote attackers to hijack web sessions via the PHPSESSID parameter. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Authentication Bypass Cubecart
NVD Exploit-DB VulDB
CVSS 2.0
6.8
EPSS
5.1%
CVE-2014-2269 MEDIUM POC PATCH This Month

modules/Users/ForgotPassword.php in vTiger 6.0 before Security Patch 2 allows remote attackers to reset the password for arbitrary users via a request containing the username, password, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Information Disclosure Vtiger Crm
NVD VulDB
CVSS 2.0
6.4
EPSS
3.6%
CVE-2014-1615 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Carbon Black before 4.1.0 allow remote attackers to hijack the authentication of administrators for requests that add new administrative. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Carbon Black
NVD VulDB
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-2654 MEDIUM POC This Month

Multiple SQL injection vulnerabilities in MobFox mAdserve 2.0 and earlier allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) edit_ad_unit.php, (2). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Madserve
NVD VulDB
CVSS 2.0
6.5
EPSS
0.4%
CVE-2013-6370 MEDIUM POC PATCH This Month

Buffer overflow in the printbuf APIs in json-c before 0.12 allows remote attackers to cause a denial of service via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Json C Fedora
NVD GitHub VulDB
CVSS 2.0
5.0
EPSS
2.9%
CVE-2014-2890 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the wrap_html function in MyID.php in phpMyID 0.9 allows remote attackers to inject arbitrary web script or HTML via the openid_error parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Phpmyid
NVD VulDB
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-2925 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Advanced_Wireless_Content.asp in ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Tm Ac1900 Rt Ac68U Firmware Rt Ac68U
NVD VulDB
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-1421 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar before 1.2.5, 1.2.6, and other versions before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Webcalendar
NVD VulDB
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-2659 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the admin UI in Papercut MF and NG before 14.1 (Build 26983) allows remote attackers to hijack the authentication of administrators via unspecified. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Papercut Mf Papercut Ng
NVD VulDB
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-6469 MEDIUM This Month

JBoss Overlord Run Time Governance (RTGov) 1.0 for JBossAS allows remote authenticated users to execute arbitrary Java code via an MVFLEX Expression Language (MVEL) expression. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java RCE Code Injection Jboss Fuse Service Works Jboss Overlord Run Time Governance
NVD VulDB
CVSS 2.0
6.5
EPSS
0.5%
CVE-2014-2719 MEDIUM This Month

Advanced_System_Content.asp in the ASUS RT series routers with firmware before 3.0.0.4.374.5517, when an administrator session is active, allows remote authenticated users to obtain the administrator. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Rt Ac66U Firmware Rt Ac68U Firmware Rt N10E Firmware Rt N14U Firmware +6
NVD VulDB
CVSS 2.0
6.3
EPSS
0.3%
CVE-2014-0173 MEDIUM This Month

The Jetpack plugin before 1.9 before 1.9.4, 2.0.x before 2.0.9, 2.1.x before 2.1.4, 2.2.x before 2.2.7, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.2, 2.6.x before 2.6.3, 2.7.x before. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

WordPress Privilege Escalation Jetpack
NVD VulDB
CVSS 2.0
5.8
EPSS
0.7%
CVE-2014-2900 MEDIUM This Month

wolfSSL CyaSSL before 2.9.4 does not properly validate X.509 certificates with unknown critical extensions, which allows man-in-the-middle attackers to spoof servers via crafted X.509 certificate. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Cyassl
NVD VulDB
CVSS 2.0
5.8
EPSS
0.3%
CVE-2014-2735 MEDIUM This Month

WinSCP before 5.5.3, when FTP with TLS is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate,. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Winscp
NVD VulDB
CVSS 2.0
5.8
EPSS
0.2%
CVE-2014-2899 MEDIUM This Month

wolfSSL CyaSSL before 2.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via (1) a request for the peer certificate when a certificate parsing failure occurs or (2). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cyassl
NVD VulDB
CVSS 2.0
5.0
EPSS
0.9%
CVE-2013-6371 MEDIUM PATCH This Month

The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted JSON data, involving collisions. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Json C Fedora
NVD GitHub VulDB
CVSS 2.0
5.0
EPSS
0.4%
CVE-2013-2187 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Apache Archiva
NVD VulDB
CVSS 2.0
4.3
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy