Skip to main content
CVE-2014-3778 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in goform/RgDdns in ARRIS (formerly Motorola) SBG901 SURFboard Wireless Cable Modem allow remote attackers to hijack the authentication of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Arris Sbg901
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.4%
CVE-2014-4155 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in the ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK allows remote attackers to hijack the authentication of administrators for requests that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Zte Zxv10 W300 Firmware Zxv10 W300
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.3%
CVE-2014-4333 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in administration/profiles.php in Dolphin 7.1.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF PHP SQLi Dolphin
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-3810 MEDIUM POC This Month

SQL injection vulnerability in administration/profiles.php in BoonEx Dolphin 7.1.4 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the members[]. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Dolphin
NVD
CVSS 2.0
6.5
EPSS
0.4%
CVE-2012-2572 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the ThreeWP Email Reflector plugin before 1.16 for WordPress allows remote attackers to inject arbitrary web script or HTML via the Subject of an email. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS WordPress Threewp Email Reflector
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
1.6%
CVE-2012-2569 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Synametrics Technologies Xeams 4.4 Build 5720 allows remote attackers to inject arbitrary web script or HTML via the body of an email. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Xeams
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-4329 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in lua/host_details.lua in ntopng 1.1 allows remote attackers to inject arbitrary web script or HTML via the host parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Ntopng
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-4335 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive 6.7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) host or (2) password parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Barracudadrive
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-2001 MEDIUM This Month

The East Japan Railway Company JR East Japan application before 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Google Information Disclosure Jr East Japan
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2012-1621 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.02 allow remote attackers to inject arbitrary web script or HTML via (1) a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Apache Ofbiz
NVD
CVSS 2.0
4.3
EPSS
6.1%
CVE-2013-1068 MEDIUM PATCH This Month

The OpenStack Nova (python-nova) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.2 and 1:2014.1-0 before 1:2014.1-0ubuntu1.2 and Openstack Cinder (python-cinder) package 1:2013.2.3-0 before. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Python Privilege Escalation Ubuntu Ubuntu Linux
NVD
CVSS 2.0
5.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy