Skip to main content
CVE-2014-2624 CRITICAL POC THREAT Emergency

Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x, 9.1x, and 9.2x allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2264. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 77.4%.

HP RCE Network Node Manager I
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
77.4%
Threat
5.8
CVE-2014-5519 HIGH POC THREAT Act Now

The Ploticus module in PhpWiki 1.5.0 allows remote attackers to execute arbitrary code via shell metacharacters in a device option in the edit[content] parameter to index.php/HeIp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 82.6%.

RCE PHP Code Injection Phpwiki
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
82.6%
Threat
5.5
CVE-2014-5460 MEDIUM POC PATCH THREAT This Month

Unrestricted file upload vulnerability in the Tribulant Slideshow Gallery plugin before 1.4.7 for WordPress allows remote authenticated users to execute arbitrary code by uploading a PHP file, then. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 64.7%.

RCE WordPress PHP File Upload Tibulant Slideshow Gallery
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
64.7%
Threat
4.7
CVE-2014-3609 MEDIUM This Month

HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via a request with crafted "Range headers with unidentifiable byte-range. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 82.8% and no vendor patch available.

Denial Of Service Squid
NVD
CVSS 2.0
5.0
EPSS
82.8%
CVE-2014-2223 HIGH POC THREAT Act Now

Unrestricted file upload vulnerability in plog-admin/plog-upload.php in Plogger 1.0 RC1 and earlier allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 10.4%.

RCE PHP Code Injection File Upload Plogger
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
10.4%
CVE-2014-6235 HIGH POC PATCH This Week

Unspecified vulnerability in the ke DomPDF extension before 0.0.5 for TYPO3 allows remote attackers to execute arbitrary code via unknown vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Ke Dompdf
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
9.4%
CVE-2012-0984 MEDIUM POC PATCH THREAT This Month

Multiple cross-site scripting (XSS) vulnerabilities in XOOPS before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via the (1) to_userid parameter to modules/pm/pmlite.php or the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 18.3%.

XSS PHP Xoops
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
18.3%
CVE-2014-6043 MEDIUM POC This Month

ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 does not properly restrict access to the database browser, which allows remote authenticated users to obtain access to the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Privilege Escalation Manageengine Eventlog Analyzer
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
4.8%
CVE-2012-4240 MEDIUM POC This Month

SQL injection vulnerability in modules/calendar/json.php in Group-Office community before 4.0.90 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Microsoft Groupoffice
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
2.5%
CVE-2014-6070 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Adiscon LogAnalyzer before 3.6.6 allow remote attackers to inject arbitrary web script or HTML via the hostname in (1) index.php or (2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Loganalyzer
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
7.9%
CVE-2014-3985 MEDIUM POC PATCH This Month

The getHTTPResponse function in miniwget.c in MiniUPnP 1.9 allows remote attackers to cause a denial of service (crash) via crafted headers that trigger an out-of-bounds read. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Miniupnp Opensuse
NVD GitHub
CVSS 2.0
5.0
EPSS
1.9%
CVE-2014-5393 MEDIUM POC This Month

Directory traversal vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote authenticated users with the info permission. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Jobscheduler
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2014-3740 LOW POC Monitor

Cross-site scripting (XSS) vulnerability in SpiceWorks before 7.2.00195 allows remote authenticated users to inject arbitrary web script or HTML via the Summary field in a ticket request to the. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Spiceworks
NVD Exploit-DB
CVSS 2.0
3.5
EPSS
2.3%
CVE-2014-6236 HIGH PATCH This Week

Unspecified vulnerability in the LumoNet PHP Include (lumophpinclude) extension before 1.2.1 for TYPO3 allows remote attackers to execute arbitrary scripts via vectors related to extension links. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

PHP Information Disclosure Lumonet Php Include
NVD
CVSS 2.0
7.5
EPSS
2.0%
CVE-2014-6231 HIGH PATCH This Week

Unspecified vulnerability in the CWT Frontend Edit (cwt_feedit) extension before 1.2.5 for TYPO3 allows remote authenticated users to execute arbitrary code via unknown vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

RCE Cwt Frontend Edit
NVD
CVSS 2.0
7.5
EPSS
2.0%
CVE-2014-6241 HIGH PATCH This Week

SQL injection vulnerability in the wt_directory extension before 1.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi Wt Directory
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2014-6233 HIGH PATCH This Week

SQL injection vulnerability in the Flat Manager (flatmgr) extension before 2.7.10 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi Flat Manager
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2014-6239 HIGH PATCH This Week

SQL injection vulnerability in the Address visualization with Google Maps (st_address_map) extension before 0.3.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi Google Address Visualization With Google Maps
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2014-5868 MEDIUM This Month

The Cisco Technical Support (aka com.cisco.swtg_android) application 3.7.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. Rated medium severity (CVSS 5.4). No vendor patch available.

Cisco Google Information Disclosure Cisco Technical Support
NVD
CVSS 2.0
5.4
EPSS
0.2%
CVE-2014-5881 MEDIUM This Month

The Yahoo!. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Yahoo Ybox
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5882 MEDIUM This Month

The Homoo Ijiri (aka jp.co.applica) application 3.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Homoo Ijiri
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5879 MEDIUM This Month

The tvguide (aka kenneth.tvguide) application 1.9.14 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Tvguide
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5878 MEDIUM This Month

The ium (aka net.ium.mobile.android) application 3.3.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Ium
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5877 MEDIUM This Month

The TV Guide (aka net.micene.minigroup.palimpsests.lite) application 5.4.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Tv Guide
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5876 MEDIUM This Month

The WD My Cloud (aka com.wdc.wd2go) application 4.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Wd My Cloud
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5875 MEDIUM This Month

The Sylphone (aka com.sylpheo.prospectosyl) application 5.3.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Sylphone
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5874 MEDIUM This Month

The SplashID (aka com.splashidandroid) application 7.2.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Splashid
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5873 MEDIUM This Month

The Sears (aka com.sears.android) application 6.2.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Sears
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5872 MEDIUM This Month

The SafeNetMobile Pass (aka securecomputing.devices.android.controller) application 8.3.7.11 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Safenetmobile Pass
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5871 MEDIUM This Month

The Piwik Mobile 2 (aka org.piwik.mobile2) application 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Piwik Mobile 2
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5870 MEDIUM This Month

The Kmart (aka com.kmart.android) application 6.2.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Kmart
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5869 MEDIUM This Month

The CNNMoney Portfolio (aka com.cnn.cnnmoney) application 1.03 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Cnnmoney Portfolio
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5867 MEDIUM This Month

The Capital One Spark Pay (aka com.capitalone.sparkpay) application 0.9.81 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Capital One Spark
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5866 MEDIUM This Month

The CA DMV (aka gov.ca.dmv) application 2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Ca Dmv
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5865 MEDIUM This Month

The Ask.com (aka com.ask.android) application 2.2.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Ask Com
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5864 MEDIUM This Month

The Swish payments (aka se.bankgirot.swish) application 2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Swish Payments
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5863 MEDIUM This Month

The mpang.gp (aka air.com.cjenm.mpang.gp) application 4.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Mpang Gp
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5129 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Avolve Software ProjectDox 8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Projectdox
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-5391 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Jobscheduler
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-6234 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Open Graph protocol (jh_opengraphprotocol) extension before 1.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Open Graph Protocol
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-6238 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Akronymmanager (aka SB Folderdownload) extension 0.5.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Akronymmanager
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-6240 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Google Sitemap (weeaar_googlesitemap) extension 0.4.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Google Google Sitemap
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-6232 MEDIUM PATCH This Month

Unspecified vulnerability in the LDAP (eu_ldap) extension before 2.8.18 for TYPO3 allows remote authenticated users to obtain sensitive information via unknown vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure LDAP
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2014-6237 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the News Pack extension 0.1.0 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS News Pack
NVD
CVSS 2.0
3.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy