Skip to main content
CVE-2012-0938 MEDIUM POC THREAT This Month

Multiple SQL injection vulnerabilities in TestLink 1.9.3, 1.8.5b, and earlier allow remote authenticated users with certain permissions to execute arbitrary SQL commands via the root_node parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 29.4%.

PHP SQLi Testlink
NVD
CVSS 2.0
6.5
EPSS
29.4%
CVE-2012-5685 HIGH POC This Week

SQL injection vulnerability in ZPanel 10.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the inEmailAddress parameter in an UpdateClient action in the manage_clients. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Zpanel
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.5%
CVE-2012-3820 HIGH POC This Week

Multiple SQL injection vulnerabilities in Campaign11.exe in Arial Software Campaign Enterprise before 11.0.551 allow remote attackers to execute arbitrary SQL commands via the (1) SerialNumber field. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Campaign Enterprise
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2012-6654 HIGH POC This Week

Multiple SQL injection vulnerabilities in ZPanel 10.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) resetkey or (2) inConfEmail parameter to index.php, a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Zpanel
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2012-5683 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in ZPanel 10.0.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create new FTP. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS CSRF SQLi Zpanel
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
1.9%
CVE-2014-4345 HIGH Act Now

Off-by-one error in the krb5_encode_krbsecretkey function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) 1.6.x through 1.11.x before. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Epss exploitation probability 11.3% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Kerberos 5
NVD GitHub
CVSS 2.0
8.5
EPSS
11.3%
CVE-2012-5684 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in ZPanel 10.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the inFullname parameter in an UpdateAccountSettings action in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Zpanel
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
7.9%
CVE-2014-4343 HIGH PATCH This Week

Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.10.x through 1.12.x before 1.12.2 allows remote. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable.

Denial Of Service RCE Buffer Overflow Debian Linux Kerberos 5 +4
NVD GitHub
CVSS 2.0
7.6
EPSS
7.4%
CVE-2014-4344 HIGH PATCH This Week

The acc_ctx_cont function in the SPNEGO acceptor in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Debian Linux Enterprise Linux Desktop Enterprise Linux Hpc Node +3
NVD GitHub
CVSS 2.0
7.8
EPSS
5.3%
CVE-2014-5250 HIGH PATCH This Week

Unspecified vulnerability in the AJAX autocompletion callback in the Biblio Autocomplete module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to access data via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Biblio Autocomplete
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2014-5249 HIGH PATCH This Week

SQL injection vulnerability in the "Biblio self autocomplete" submodule in the Biblio Autocomplete module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi Biblio Autocomplete
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2014-1389 MEDIUM This Month

WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Safari
NVD
CVSS 2.0
6.8
EPSS
2.1%
CVE-2014-1388 MEDIUM This Month

WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Safari
NVD
CVSS 2.0
6.8
EPSS
2.1%
CVE-2014-1387 MEDIUM This Month

WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Safari
NVD
CVSS 2.0
6.8
EPSS
2.1%
CVE-2014-1385 MEDIUM This Month

WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Safari
NVD
CVSS 2.0
6.8
EPSS
2.1%
CVE-2014-1384 MEDIUM This Month

WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Safari
NVD
CVSS 2.0
6.8
EPSS
2.1%
CVE-2014-1390 MEDIUM This Month

WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Safari
NVD
CVSS 2.0
6.8
EPSS
1.5%
CVE-2014-1386 MEDIUM This Month

WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Safari
NVD
CVSS 2.0
6.8
EPSS
1.5%
CVE-2012-0939 MEDIUM This Month

Multiple SQL injection vulnerabilities in TestLink 1.8.5b and earlier allow remote authenticated users with the Requirement view permission to execute arbitrary SQL commands via the req_spec_id. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Testlink
NVD
CVSS 2.0
6.5
EPSS
0.6%
CVE-2014-5239 MEDIUM This Month

The Microsoft Outlook.com application before 7.8.2.12.49.7090 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. No vendor patch available.

Google Information Disclosure Microsoft Outlook Com
NVD
CVSS 2.0
4.0
EPSS
5.3%
CVE-2014-3898 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Fujitsu ServerView Operations Manager 5.00.09 through 6.30.05 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Serverview Operations Manager
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-1980 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in include/functions_metadata.inc.php in Piwigo before 2.4.6 allows remote attackers to inject arbitrary web script or HTML via the Make field in IPTC Exif. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Piwigo
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-5248 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in MyBB before 1.6.15 allows remote attackers to inject arbitrary web script or HTML via vectors related to video MyCode. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Mybb
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-1546 MEDIUM This Month

The response function in the JSONP endpoint in WebService/Server/JSONRPC.pm in jsonrpc.cgi in Bugzilla 3.x and 4.x before 4.0.14, 4.1.x and 4.2.x before 4.2.10, 4.3.x and 4.4.x before 4.4.5, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Bugzilla
NVD
CVSS 2.0
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy