Skip to main content
CVE-2014-3544 LOW POC PATCH Monitor

Cross-site scripting (XSS) vulnerability in user/profile.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Moodle
NVD Exploit-DB GitHub
CVSS 2.0
3.5
EPSS
0.8%
CVE-2014-3551 LOW PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in the advanced-grading implementation in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Moodle
NVD
CVSS 2.0
3.5
EPSS
0.3%
CVE-2014-3026 LOW Monitor

CRLF injection vulnerability in IBM Maximo Asset Management 7.5 through 7.5.0.6, and 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, allows remote authenticated users to. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Code Injection Maximo Asset Management Maximo Asset Management Essentials Smartcloud Control Desk +1
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-3050 LOW Monitor

IBM Rational Team Concert (RTC) 3.x before 3.0.1.6 IF3 and 4.x before 4.0.7 does not properly integrate with build engines, which allows remote authenticated users to discover credentials via. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Rational Team Concert
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-2226 LOW Monitor

Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

Ubiquiti Authentication Bypass Unifi Controller
NVD
CVSS 2.0
2.6
EPSS
0.3%
CVE-2014-0103 LOW Monitor

WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

PHP Information Disclosure Apache Webapp Zarafa +1
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-5030 LOW PATCH Monitor

CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py. Rated low severity (CVSS 1.9).

PHP Information Disclosure Ubuntu Linux Cups
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2014-5029 LOW PATCH Monitor

The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null. Rated low severity (CVSS 1.5).

Information Disclosure Cups Ubuntu Linux
NVD
CVSS 2.0
1.5
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy