Skip to main content
CVE-2013-7379 MEDIUM POC PATCH This Month

The admin API in the tomato module before 0.0.6 for Node.js does not properly check the access key when it is set to a string, which allows remote attackers to bypass authentication via a string in. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Node.js Authentication Bypass Tomato
NVD GitHub
CVSS 2.0
6.8
EPSS
0.4%
CVE-2014-3760 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP 1150 with firmware 1.2.94 allow remote attackers to hijack the authentication of administrators for requests that (1) enable. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Google D-Link Dap 1150 Firmware Dap 1150
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2014-3750 MEDIUM POC This Month

The Bilyoner application before 2.3.1 for Android and before 4.6.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Apple Google Information Disclosure Bilyoner
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2014-3452 MEDIUM POC This Month

Filters\LAV\avfilter-lav-4.dll in K-lite Codec 10.4.5 and earlier allows remote attackers to cause a denial of service (crash) via a crafted .jpg file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow K Lite Codec Pack
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2014-3761 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in D-Link DAP 1150 with firmware 1.2.94 allows remote attackers to inject arbitrary web script or HTML via the res_buf parameter to index.cgi in the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS D-Link Dap 1150 Firmware Dap 1150
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-0933 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere Information Server Metadata Workbench 8.1 through 9.1 allows remote attackers to hijack the authentication of arbitrary users. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

IBM CSRF Infosphere Information Server Metadata Workbench
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-1418 MEDIUM PATCH This Month

Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly include the (1) Vary: Cookie or (2) Cache-Control header in responses, which allows remote. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Python Information Disclosure Django Ubuntu Linux
NVD
CVSS 2.0
6.4
EPSS
0.5%
CVE-2014-3263 MEDIUM This Month

The ScanSafe module in Cisco IOS 15.3(3)M allows remote attackers to cause a denial of service (device reload) via HTTPS packets that require tower processing, aka Bug ID CSCum97038. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. No vendor patch available.

Apple Cisco Denial Of Service iOS
NVD
CVSS 2.0
5.4
EPSS
0.8%
CVE-2014-3742 MEDIUM PATCH This Month

The hapi server framework 2.0.x and 2.1.x before 2.2.0 for Node.js allows remote attackers to cause a denial of service (file descriptor consumption and process crash) via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Node.js Hapi Server Framework
NVD GitHub
CVSS 2.0
5.0
EPSS
0.7%
CVE-2014-3730 MEDIUM PATCH This Month

The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Python Open Redirect Ubuntu Linux Django Opensuse +1
NVD
CVSS 2.0
4.3
EPSS
1.0%
CVE-2014-3262 MEDIUM This Month

The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS 15.3(3)S and earlier and IOS XE does not properly validate parameters in ITR control messages, which allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Cisco Denial Of Service iOS Ios Xe
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-3758 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the BibTex Publications (si_bibtex) extension 0.2.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via vectors related to the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Si Bibtex
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-0917 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM Eclipse Help System (IEHS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF27, and 8.0 before. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Websphere Portal
NVD
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy