Skip to main content
CVE-2012-4915 MEDIUM POC THREAT This Month

Directory traversal vulnerability in the Google Doc Embedder plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 77.4%.

Path Traversal WordPress Google PHP Google Doc Embedder
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
77.4%
Threat
4.8
CVE-2014-3414 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in Sharetronix before 3.4 allows remote attackers to hijack the authentication of administrators for requests that add administrative privileges to a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Sharetronix
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-3415 MEDIUM POC This Month

SQL injection vulnerability in Sharetronix before 3.4 allows remote authenticated users to execute arbitrary SQL commands via the invite_users[] parameter to the /invite page for a group. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Sharetronix
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
0.7%
CVE-2014-3417 MEDIUM PATCH This Month

uPortal before 4.0.13.1 does not properly check the CONFIG permission, which allows remote authenticated users to configure portlets by leveraging the SUBSCRIBE permission for a portlet. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Uportal
NVD
CVSS 2.0
6.5
EPSS
0.4%
CVE-2014-3416 MEDIUM PATCH This Month

uPortal before 4.0.13.1 does not properly check the MANAGE permissions, which allows remote authenticated users to manage arbitrary portlets by leveraging the SUBSCRIBE permission for the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Uportal
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2014-3283 MEDIUM This Month

Open redirect vulnerability in Self-Care Client Portal applications in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier allows remote attackers to. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Open Redirect Unified Communications Domain Manager
NVD
CVSS 2.0
5.8
EPSS
0.6%
CVE-2013-4177 MEDIUM PATCH This Month

The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal does not properly identify user account names, which might allow remote attackers to bypass the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Google Ga Login
NVD
CVSS 2.0
5.0
EPSS
1.4%
CVE-2014-3285 MEDIUM This Month

Cisco Wide Area Application Services (WAAS) 5.3(.5a) and earlier, when SharePoint acceleration is enabled, does not properly parse SharePoint responses, which allows remote attackers to cause a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Microsoft Wide Area Application Services
NVD
CVSS 2.0
5.0
EPSS
1.1%
CVE-2014-3279 MEDIUM This Month

The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote attackers. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Unified Communications Domain Manager
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2013-0199 MEDIUM PATCH This Month

The default LDAP ACIs in FreeIPA 3.0 before 3.1.2 do not restrict access to the (1) ipaNTTrustAuthIncoming and (2) ipaNTTrustAuthOutgoing attributes, which allow remote attackers to obtain the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Freeipa
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2013-4178 MEDIUM This Month

The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to obtain access by replaying the username, password, and one-time password. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Authentication Bypass Ga Login
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-0246 MEDIUM This Month

SOSreport stores the md5 hash of the GRUB bootloader password in an archive, which allows local users to obtain sensitive information by reading the archive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Sosreport
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2013-2193 MEDIUM This Month

Apache HBase 0.92.x before 0.92.3 and 0.94.x before 0.94.9, when the Kerberos features are enabled, allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive. Rated medium severity (CVSS 4.3). No vendor patch available.

Apache Authentication Bypass Hbase
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-3282 MEDIUM This Month

The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Unified Communications Domain Manager
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2014-3277 MEDIUM This Month

The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Unified Communications Domain Manager
NVD
CVSS 2.0
4.0
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy