Skip to main content
CVE-2014-5102 HIGH POC This Week

SQL injection vulnerability in vBulletin 5.0.4 through 5.1.3 Alpha 5 allows remote attackers to execute arbitrary SQL commands via the criteria[startswith] parameter to ajax/render/memberlist_items. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Vbulletin
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2014-5100 MEDIUM POC PATCH This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Omeka before 2.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) add a new super user. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

XSS CSRF Omeka
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
1.6%
CVE-2014-2227 MEDIUM POC This Month

The default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Networks UniFi Video (formerly AirVision aka AirVision Controller) before 3.0.1 does not restrict access to the application, which. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Privilege Escalation Ubiquiti Unifi Video
NVD Exploit-DB
CVSS 2.0
6.0
EPSS
1.5%
CVE-2014-5101 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in WeBid 1.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) TPL_name, (2) TPL_nick, (3) TPL_email, (4) TPL_year, (5). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Webid
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-5103 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine EventLog Analyzer 9 build 9000 allows remote attackers to inject arbitrary web script or HTML via the j_username parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Zoho XSS Manageengine Eventlog Analyzer
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-5027 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via a query parameter to a diff. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Review Board
NVD
CVSS 2.0
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy