Skip to main content
CVE-2014-3786 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the contact module (admin/modules/contact.php) in Pixie CMS 1.04 allow remote attackers to inject arbitrary web script or HTML via the (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Pixie
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-3836 MEDIUM This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud Server before 6.0.3 allow remote attackers to hijack the authentication of users for requests that (1) conduct cross-site. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

XSS CSRF Owncloud Owncloud Server
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-3835 MEDIUM This Month

ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not check permissions to the files_external application, which allows remote authenticated users to add external storage via unspecified. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Owncloud Server Owncloud
NVD
CVSS 2.0
5.5
EPSS
0.3%
CVE-2013-1941 MEDIUM This Month

The installation routine in ownCloud Server before 4.0.14, 4.5.x before 4.5.9, and 5.0.x before 5.0.4 uses the time function to seed the generation of the PostgreSQL database user password, which. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PostgreSQL Owncloud Owncloud Server
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-0204 MEDIUM This Month

settings/personal.php in ownCloud 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via crafted mount point settings. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable. No vendor patch available.

RCE PHP Code Injection Owncloud Server
NVD
CVSS 2.0
4.6
EPSS
0.5%
CVE-2014-0935 MEDIUM This Month

Unspecified vulnerability in IBM Smart Analytics System 7700 before FP 2.1.3.0 and 7710 before FP 2.1.3.0 allows local users to gain privileges via vectors related to events. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Smart Analytics System 7700 Smart Analytics System 7710
NVD
CVSS 2.0
4.6
EPSS
0.3%
CVE-2014-3948 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the HTML export wizard in the backend module in the powermail extension before 1.6.11 for TYPO3 allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Powermail
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-3833 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the (1) Gallery and (2) core components in ownCloud Server before 5.016 and 6.0.x before 6.0.3 allow remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Owncloud Owncloud Server
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-3832 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Documents component in ownCloud Server 6.0.x before 6.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Owncloud Server
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-5056 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) readyCallback parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Owncloud Owncloud Server
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-3960 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.12.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Opennms
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-5057 MEDIUM This Month

CRLF injection vulnerability in ownCloud Server before 4.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the url path parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection Owncloud Owncloud Server
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-2502 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in rsa_fso.swf in EMC RSA Adaptive Authentication (Hosted) 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Rsa Adaptive Authentication Hosted
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-3837 MEDIUM This Month

The document application in ownCloud Server before 6.0.3 uses sequential values for the file_id, which allows remote authenticated users to enumerate shared files via unspecified vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Owncloud Owncloud Server
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2012-5336 MEDIUM This Month

lib/base.php in ownCloud before 4.0.8 does not properly validate the user_id session variable, which allows remote authenticated users to read arbitrary files via vectors related to WebDAV. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure Owncloud Owncloud Server
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2014-3963 MEDIUM PATCH This Month

ownCloud Server before 6.0.1 does not properly check permissions, which allows remote authenticated users to access arbitrary preview pictures via unspecified vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Owncloud
NVD
CVSS 2.0
4.0
EPSS
0.1%
CVE-2014-3838 MEDIUM This Month

ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not properly check permissions, which allows remote authenticated users to read the names of files of other users by leveraging access to. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Owncloud Owncloud Server
NVD
CVSS 2.0
4.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy