Skip to main content
CVE-2014-4537 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in inpage.tpl.php in the Keyword Strategy Internal Links plugin 2.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Keyword Strategy Internal Links
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4532 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in templates/printAdminUsersList_Footer.tpl.php in the GarageSale plugin before 1.2.3 for WordPress allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS WordPress PHP Garagesale
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4531 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in main_page.php in the Game tabs plugin 0.4.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the n parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Game Tabs
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4529 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in fpg_preview.php in the Flash Photo Gallery plugin 0.7 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the path. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Flash Photo Gallery
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4527 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in paginas/vista-previa-form.php in the EnvialoSimple: Email Marketing and Newsletters (envialosimple-email-marketing-y-newsletters-gratis) plugin. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Email Marketing Y Newsletters
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4526 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in callback.php in the efence plugin 1.3.2 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Efence
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4522 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in client-assist.php in the dsSearchAgent: WordPress Edition plugin 1.0-beta10 and earlier for WordPress allows remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Dssearchagent
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4668 MEDIUM This Month

The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Fedora Mageia Cherokee
NVD GitHub
CVSS 2.0
6.8
EPSS
0.6%
CVE-2014-3307 MEDIUM This Month

The DHCP client implementation in Universal Small Cell firmware on Cisco Small Cell products allows remote attackers to execute arbitrary commands via crafted DHCP messages, aka Bug ID CSCup47513. Rated medium severity (CVSS 6.8). No vendor patch available.

Cisco Information Disclosure Universal Small Cell Series Firmware
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-4614 MEDIUM This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Piwigo before 2.6.2 allow remote attackers to hijack the authentication of administrators for requests that use the (1). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Piwigo
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-4691 MEDIUM This Month

Session fixation vulnerability in pfSense before 2.1.4 allows remote attackers to hijack web sessions via a firewall login cookie. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Pfsense
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-4696 MEDIUM This Month

Multiple open redirect vulnerabilities in the Suricata package before 1.0.6 for pfSense through 2.1.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

PHP Suricata Open Redirect Pfsense Suricata Package
NVD
CVSS 2.0
5.8
EPSS
0.0%
CVE-2014-4695 MEDIUM This Month

Multiple open redirect vulnerabilities in the Snort package before 3.0.13 for pfSense through 2.1.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

PHP Open Redirect Pfsense Snort Package
NVD
CVSS 2.0
5.8
EPSS
0.0%
CVE-2014-3066 MEDIUM This Month

IBM Tivoli Endpoint Manager 9.1 before 9.1.1088.0 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Information Disclosure Tivoli Endpoint Manager
NVD
CVSS 2.0
5.0
EPSS
0.9%
CVE-2014-3890 MEDIUM PATCH This Month

silex SX-2000WG devices with firmware before 1.5.4 allow remote attackers to cause a denial of service (connectivity outage) via a crafted IP packet, a different vulnerability than CVE-2014-3889. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Sx 2000Wg Firmware
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-3889 MEDIUM PATCH This Month

silex SX-2000WG devices with firmware before 1.5.4 allow remote attackers to cause a denial of service (connectivity outage) via crafted data in the Options field of a TCP header, a different. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Sx 2000Wg Firmware
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-4690 MEDIUM This Month

Multiple directory traversal vulnerabilities in pfSense before 2.1.4 allow (1) remote attackers to read arbitrary .info files via a crafted path in the pkg parameter to pkg_mgr_install.php and allow. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal PHP Pfsense
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-4689 MEDIUM This Month

Absolute path traversal vulnerability in pkg_edit.php in pfSense before 2.1.4 allows remote attackers to read arbitrary XML files via a full pathname in the xml parameter. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal PHP Pfsense
NVD
CVSS 2.0
5.0
EPSS
0.1%
CVE-2014-4687 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in pfSense before 2.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the starttime0 parameter to firewall_schedule.php,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Pfsense
NVD
CVSS 2.0
4.3
EPSS
0.1%
CVE-2014-4692 MEDIUM This Month

pfSense before 2.1.4, when HTTP is used, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Pfsense
NVD
CVSS 2.0
4.3
EPSS
0.1%
CVE-2014-4694 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in suricata_select_alias.php in the Suricata package before 1.0.6 for pfSense through 2.1.4 allow remote attackers to inject arbitrary web script. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Suricata Pfsense Suricata Package
NVD
CVSS 2.0
4.3
EPSS
0.1%
CVE-2014-4693 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Snort package before 3.0.13 for pfSense through 2.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the eng. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Pfsense Snort Package
NVD
CVSS 2.0
4.3
EPSS
0.1%
CVE-2014-3297 MEDIUM This Month

Cisco Intelligent Automation for Cloud in Cisco Cloud Portal does not properly restrict the content of MyServices action URLs, which allows remote authenticated users to obtain sensitive information. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Cloud Portal
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2014-3298 MEDIUM This Month

Form Data Viewer in Cisco Intelligent Automation for Cloud in Cisco Cloud Portal places passwords in form data, which allows remote authenticated users to obtain sensitive information by reading HTML. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Cloud Portal
NVD
CVSS 2.0
4.0
EPSS
0.3%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy