Skip to main content
CVE-2014-5347 MEDIUM POC PATCH This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the Disqus Comment System plugin before 2.76 for WordPress allow remote attackers to hijack the authentication of administrators for. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

XSS CSRF WordPress PHP Disqus Comment System
NVD Exploit-DB GitHub
CVSS 2.0
6.8
EPSS
3.0%
CVE-2014-5033 MEDIUM POC This Month

KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a. Rated medium severity (CVSS 6.9). Public exploit code available and no vendor patch available.

Race Condition Authentication Bypass Kde4Libs Ubuntu Linux Kauth +1
NVD
CVSS 2.0
6.9
EPSS
0.0%
CVE-2014-5346 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the Disqus Comment System plugin 2.77 for WordPress allow remote attackers to hijack the authentication of administrators for requests. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF WordPress PHP Disqus Comment System
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-5349 MEDIUM POC This Month

Stack-based buffer overflow in Baidu Spark Browser 26.5.9999.3511 allows remote attackers to cause a denial of service (application crash) via nested calls to the window.print JavaScript function. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Spark Browser
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
8.3%
CVE-2014-5350 MEDIUM POC This Month

Multiple directory traversal vulnerabilities in Bitdefender GravityZone before 5.1.11.432 allow remote attackers to read arbitrary files via a (1) .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Gravityzone
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
6.7%
CVE-2014-3341 MEDIUM This Month

The SNMP module in Cisco NX-OS 7.0(3)N1(1) and earlier on Nexus 5000 and 6000 devices provides different error messages for invalid requests depending on whether the VLAN ID exists, which allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 19.5% and no vendor patch available.

Cisco Information Disclosure Nx Os Nexus 5000 Nexus 5010 +12
NVD
CVSS 2.0
5.0
EPSS
19.5%
CVE-2014-5345 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in upgrade.php in the Disqus Comment System plugin before 2.76 for WordPress allows remote attackers to inject arbitrary web script or HTML via the step. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS WordPress PHP Disqus Comment System
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
2.3%
CVE-2014-3490 HIGH PATCH This Week

RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red Hat JBoss Enterprise Application Platform (EAP) 6.3.0, does not disable external entities when the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Red Hat XXE Jboss Enterprise Application Platform Resteasy
NVD GitHub
CVSS 2.0
7.5
EPSS
4.6%
CVE-2014-5348 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in apps/zxtm/locallog.cgi in Riverbed Stingray (aka SteelApp) Traffic Manager Virtual Appliance 9.6 patchlevel 9620140312 allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Steelapp Traffic Manager
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-3906 HIGH This Week

SQL injection vulnerability in OSK Advance-Flow 4.41 and earlier and Advance-Flow Forms 4.41 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Advance Flow Advance Flow Forms
NVD
CVSS 2.0
7.5
EPSS
0.3%
CVE-2014-3464 MEDIUM This Month

The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) 6.2.0 and 6.3.0, does not properly enforce the method level restrictions for. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Jboss Enterprise Application Platform
NVD
CVSS 2.0
5.5
EPSS
0.2%
CVE-2014-4615 MEDIUM This Month

The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilometer) 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Openstack Ubuntu Linux Neutron Oslo +2
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2014-3472 MEDIUM This Month

The isCallerInRole function in SimpleSecurityManager in JBoss Application Server (AS) 7, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.3.0, does not properly check caller roles,. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Privilege Escalation Jboss Enterprise Application Platform
NVD
CVSS 2.0
4.9
EPSS
0.2%
CVE-2014-3528 MEDIUM This Month

Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. No vendor patch available.

Apache Authentication Bypass Opensuse Subversion Ubuntu Linux +6
NVD
CVSS 2.0
4.0
EPSS
3.4%
CVE-2014-3522 MEDIUM PATCH This Month

The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable.

Information Disclosure Apache Subversion Opensuse Ubuntu Linux +1
NVD
CVSS 2.0
4.0
EPSS
2.6%
CVE-2014-3504 MEDIUM This Month

The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Subversion Ubuntu Linux Serf
NVD
CVSS 2.0
4.0
EPSS
2.1%
CVE-2014-5333 MEDIUM PATCH This Month

Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

Adobe CSRF Google Microsoft Adobe Air +2
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-5343 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Feng Office allows remote attackers to inject arbitrary web script or HTML via a client Name field. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Microsoft Feng Office
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-5344 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Mobiloud (mobiloud-mobile-app-plugin) plugin before 2.3.8 for WordPress allow remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS WordPress Mobiloud
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-3903 LOW Monitor

Cross-site scripting (XSS) vulnerability in the Cakifo theme 1.x before 1.6.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via crafted Exif data. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS WordPress Cakifo
NVD
CVSS 2.0
3.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy