Skip to main content
CVE-2014-1372 MEDIUM POC This Month

Graphics Driver in Apple OS X before 10.9.4 does not properly restrict read operations during processing of an unspecified system call, which allows local users to obtain sensitive information from. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Apple Privilege Escalation Mac Os X
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2014-4513 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in server/offline.php in the ActiveHelper LiveHelp Live Chat plugin 3.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Activehelper Livehelp Live Chat
NVD
CVSS 2.0
4.3
EPSS
2.8%
CVE-2014-3492 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the host YAML view in Foreman before 1.4.5 and 1.5.x before 1.5.1 allow remote attackers to inject arbitrary web script or HTML via a parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Foreman
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-3491 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to inject arbitrary web script or HTML via the Name field to the New Host groups page,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Foreman
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-4569 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in ls/vv_login.php in the VideoWhisper Live Streaming Integration plugin 4.27.2 and earlier for WordPress allows remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Videowhisper Live Streaming Integration
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4520 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in phprack.php in the DMCA WaterMarker plugin before 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the plugin_dir. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Dmca Watermarker
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-3494 MEDIUM POC This Month

kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs 4.10.95 before 4.13.3 does not properly generate warning notifications, which allows man-in-the-middle attackers to obtain sensitive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Opensuse Kdelibs
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4602 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in xencarousel-admin.js.php in the XEN Carousel plugin 0.12.2 and earlier for WordPress allow remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Xen Carousel
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4585 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the WP-FaceThumb plugin possibly 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the ajax_url parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Wp Facethumb
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4584 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in admin/editFacility.php in the wp-easybooking plugin 1.0.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Wp Easybooking
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4583 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in forms/messages.php in the WP-Contact (wp-contact-sidebar-widget) plugin 1.0 and earlier for WordPress allow remote attackers to inject arbitrary. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Wp Contact Sidebar Widget
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4575 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in js/window.php in the Wikipop plugin 2.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Wikipop
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4564 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in check.php in the Validated plugin 1.0.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the slug parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Validated Plugin
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4556 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in test-plugin.php in the Swipe Checkout for eShop plugin 3.7.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Swipe Checkout For Eshop
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4545 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in pq_dialog.php in the Pro Quoter plugin 1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Pro Quoter
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4538 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in process.php in the Malware Finder plugin 1.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the query. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Malware Finder
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4533 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in ajax_functions.php in the GEO Redirector plugin 1.0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Geo Redirector
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4528 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in admin/swarm-settings.php in the Bugs Go Viral : Facebook Promotion Generator (fbpromotions) plugin 1.3.4 and earlier for WordPress allow remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Fbpromotions
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4521 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in client-assist.php in the dsIDXpress IDX plugin before 2.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the action. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Dsidxpress Idx Plugin
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4518 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in xd_resize.php in the Contact Form by ContactMe.com plugin 2.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Contactme
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4516 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in bicm-carousel-preview.php in the BIC Media Widget plugin 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Bic Media Widget
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4515 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in mce_anyfont/dialog.php in the AnyFont plugin 2.2.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the text. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Anyfont
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-1382 MEDIUM This Month

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Safari +2
NVD
CVSS 2.0
6.8
EPSS
3.3%
CVE-2014-1325 MEDIUM This Month

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Safari +2
NVD
CVSS 2.0
6.8
EPSS
3.3%
CVE-2014-1340 MEDIUM This Month

WebKit, as used in Apple Safari before 6.1.5 and 7.x before 7.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Safari
NVD
CVSS 2.0
6.8
EPSS
2.0%
CVE-2014-1370 MEDIUM This Month

The byte-swapping implementation in copyfile in Apple OS X before 10.9.4 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Mac Os X +1
NVD
CVSS 2.0
6.8
EPSS
1.8%
CVE-2014-1368 MEDIUM This Month

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Safari +2
NVD
CVSS 2.0
6.8
EPSS
1.6%
CVE-2014-1367 MEDIUM This Month

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Iphone Os +2
NVD
CVSS 2.0
6.8
EPSS
1.6%
CVE-2014-1366 MEDIUM This Month

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Tvos +2
NVD
CVSS 2.0
6.8
EPSS
1.6%
CVE-2014-1365 MEDIUM This Month

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Safari +2
NVD
CVSS 2.0
6.8
EPSS
1.6%
CVE-2014-1364 MEDIUM This Month

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Safari +2
NVD
CVSS 2.0
6.8
EPSS
1.6%
CVE-2014-1363 MEDIUM This Month

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Tvos +2
NVD
CVSS 2.0
6.8
EPSS
1.6%
CVE-2014-1362 MEDIUM This Month

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Tvos +2
NVD
CVSS 2.0
6.8
EPSS
1.6%
CVE-2014-1349 MEDIUM This Month

Use-after-free vulnerability in Safari in Apple iOS before 7.1.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an invalid URL. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple RCE Iphone Os
NVD
CVSS 2.0
6.8
EPSS
1.5%
CVE-2014-1354 MEDIUM This Month

CoreGraphics in Apple iOS before 7.1.2 does not properly restrict allocation of stack memory for processing of XBM images, which allows remote attackers to execute arbitrary code or cause a denial of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple RCE Iphone Os
NVD
CVSS 2.0
6.8
EPSS
1.3%
CVE-2014-1383 MEDIUM This Month

Apple TV before 6.1.2 allows remote authenticated users to bypass an intended password requirement for iTunes Store purchase transactions via unspecified vectors. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Privilege Escalation Tvos
NVD
CVSS 2.0
5.5
EPSS
0.2%
CVE-2014-3088 MEDIUM This Month

stconf.nsf in IBM Sametime Meeting Server 8.5.1 relies on the client to validate the file format used in wAttach?OpenForm multipart/form-data POST requests, which allows remote authenticated users to. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Privilege Escalation Sametime Meeting Server
NVD
CVSS 2.0
5.5
EPSS
0.1%
CVE-2014-2509 MEDIUM This Month

Session fixation vulnerability in the Report Advisor (RA) component in EMC Network Configuration Manager (NCM) before 9.3 allows remote attackers to hijack web sessions via a session cookie. Rated medium severity (CVSS 5.4). No vendor patch available.

Information Disclosure Smarts Network Configuration Manager
NVD
CVSS 2.0
5.4
EPSS
0.3%
CVE-2014-1361 MEDIUM This Month

Secure Transport in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 does not ensure that a DTLS message is accepted only for a DTLS connection, which allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Mac Os X Iphone Os Tvos
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2014-1355 MEDIUM This Month

The IOKit implementation in the kernel in Apple iOS before 7.1.2 and Apple TV before 6.1.2, and in IOReporting in Apple OS X before 10.9.4, allows local users to cause a denial of service (NULL. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Apple Denial Of Service Tvos Mac Os X Iphone Os
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2014-1350 MEDIUM This Month

Settings in Apple iOS before 7.1.2 allows physically proximate attackers to bypass an intended iCloud password requirement, and turn off the Find My iPhone service, by leveraging incorrect state. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation Iphone Os
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2014-1345 MEDIUM This Month

WebKit in Apple iOS before 7.1.2 and Apple Safari before 6.1.5 and 7.x before 7.0.5 does not properly encode domain names in URLs, which allows remote attackers to spoof the address bar via a crafted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Information Disclosure Safari Iphone Os
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-1369 MEDIUM This Month

WebKit in Apple Safari before 6.1.5 and 7.x before 7.0.5 allows user-assisted remote attackers to access file: URLs by leveraging a URL drag operation that originates at a crafted web site. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Information Disclosure Safari
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-3477 MEDIUM PATCH This Month

The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity.

Denial Of Service D Bus Dbus
NVD
CVSS 3.1
4.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy