Skip to main content
CVE-2014-6041 MEDIUM POC THREAT This Month

The Android WebView in Android before 4.4 allows remote attackers to bypass the Same Origin Policy via a crafted attribute containing a \u0000 character, as demonstrated by an. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 77.6%.

Privilege Escalation Google Android Browser
NVD
CVSS 2.0
5.8
EPSS
77.6%
Threat
5.0
CVE-2014-5521 MEDIUM POC This Month

plugins/useradmin/fingeruser.php in XRMS CRM, possibly 1.99.2, allows remote authenticated users to execute arbitrary code via shell metacharacters in the username parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP SQLi Xrms Crm
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
8.5%
CVE-2014-0485 HIGH POC This Week

S3QL 1.18.1 and earlier uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object in (1) common.py or (2) local.py in backends/. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Python Code Injection S3Ql
NVD
CVSS 2.0
7.5
EPSS
1.6%
CVE-2014-5340 CRITICAL PATCH Act Now

The wato component in Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object,. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Python Code Injection Check Mk
NVD
CVSS 2.0
9.3
EPSS
3.0%
CVE-2014-5452 MEDIUM POC PATCH This Month

CDA.xsl in HL7 C-CDA 1.1 and earlier does not anticipate the possibility of invalid C-CDA documents with crafted XML attributes, which allows remote attackers to conduct XSS attacks via a document. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS C Cda
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-5076 MEDIUM POC This Month

The La Banque Postale application before 3.2.6 for Android does not prevent the launching of an activity by a component of another application, which allows attackers to obtain sensitive cached. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Google Information Disclosure Labanquepostale
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-3862 MEDIUM POC PATCH This Month

CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to discover potentially sensitive URLs via a crafted reference element that triggers creation of an IMG element with an arbitrary URL in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Information Disclosure C Cda
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-3861 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted reference element within a nonXMLBody. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS C Cda
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-5137 MEDIUM This Month

Innovative Interfaces Sierra Library Services Platform 1.2_3 provides different responses for login request depending on whether the user account exists, which allows remote attackers to enumerate. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sierra
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-5339 MEDIUM PATCH This Month

Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allows remote authenticated users to write check_mk config files (.mk files) to arbitrary locations via vectors related to row selections. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable.

Information Disclosure Check Mk
NVD
CVSS 2.0
4.9
EPSS
0.5%
CVE-2014-5136 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Innovative Interfaces Sierra Library Services Platform 1.2_3 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Sierra
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-6064 MEDIUM This Month

The Accounts tab in the administrative user interface in McAfee Web Gateway (MWG) before 7.3.2.9 and 7.4.x before 7.4.2 allows remote authenticated users to obtain the hashed user passwords via. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Web Gateway
NVD
CVSS 2.0
4.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy