Skip to main content
CVE-2014-2008 HIGH POC This Week

SQL injection vulnerability in confirm.php in the mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to execute arbitrary SQL commands via the TID parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Mpay24
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
3.9%
CVE-2014-2009 MEDIUM POC THREAT This Month

The mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to obtain credentials, the installation path, and other sensitive information via a direct request to api/curllog.log. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.6%.

Information Disclosure Mpay24
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
12.6%
CVE-2014-6270 MEDIUM PATCH This Month

Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 18.2%.

Denial Of Service RCE Buffer Overflow Squid Solaris
NVD
CVSS 2.0
6.8
EPSS
18.2%
CVE-2013-4444 MEDIUM PATCH This Month

Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Tomcat Code Injection File Upload RCE Apache
NVD
CVSS 2.0
6.8
EPSS
9.5%
CVE-2012-1556 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Synology Photo Station 5 for DiskStation Manager (DSM) 3.2-1955 allows remote attackers to inject arbitrary web script or HTML via the name parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Synology PHP Diskstation Manager Synology Photo Station
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
0.9%
CVE-2014-5259 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in cattranslate.php in the CatTranslate JQuery plugin in BlackCat CMS 1.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Blackcat Cms
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-4735 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in MyWebSQL 3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the table parameter to index.php. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Mywebsql
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-5441 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in app/views/layouts/application.html.haml in Fat Free CRM before 0.13.3 allow remote attackers to inject arbitrary web script or HTML via the (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Fat Free Crm
NVD GitHub
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-3362 HIGH This Week

Memory leak in Cisco TelePresence System Edge MXP Series Software F9.3.3 and earlier allows remote attackers to cause a denial of service (management outage) via multiple TELNET connections, aka Bug. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Telepresence System Software Telepresence System Edge 75 Mxp Telepresence System Edge 85 Mxp +1
NVD
CVSS 2.0
7.8
EPSS
0.7%
CVE-2014-4811 HIGH PATCH This Week

IBM Storwize 3500, 3700, 5000, and 7000 devices and SAN Volume Controller 6.x and 7.x before 7.2.0.8 allow remote attackers to reset the administrator superuser password to its default value via a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass San Volume Controller Software Storwize V3500 Storwize V3700 +2
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2014-5440 HIGH This Week

SQL injection vulnerability in Login.aspx in MPEX Business Solutions MX-SmartTimer before 13.19.18 allows remote attackers to execute arbitrary SQL commands via the ct100%24CPHContent%24password. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Mx Smartimer
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2014-5888 MEDIUM This Month

The SLOTS: Bible Slots Free (aka com.topfreegames.topbibleslots) application 1.122 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Slots
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5887 MEDIUM This Month

The Yell Local Search (aka com.yell.launcher2) application 4.2.1.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Yell Local Search
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5886 MEDIUM This Month

The iVysilani ceske televize (aka cz.motion.ivysilani) application 1.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Ivysilani Ceske Televize
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5885 MEDIUM This Month

The Disaster Alert (aka disasterAlert.PDC) application 3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Disaster Alert
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5884 MEDIUM This Month

The 1&1 Online Storage (aka de.einsundeins.smartdrive) application 5.0.11 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure 1 1 Online Storage
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5883 MEDIUM This Month

The 7-ELEVEN (aka ecowork.seven) application 2.08.000 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure 7 Eleven
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-3092 MEDIUM PATCH This Month

IBM Jazz Team Server, as used in Rational Collaborative Lifecycle Management; Rational Quality Manager 3.x before 3.0.1.6 iFix 3, 4.x before 4.0.7, and 5.x before 5.0.1; and other Rational products,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Rational Doors Next Generation Rational Engineering Lifecycle Manager Rational Quality Manager +4
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-4792 MEDIUM PATCH This Month

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF28, 8.0.0 through 8.0.0.1 CF13, and 8.5.0 before CF02 allows remote authenticated users to cause a. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Denial Of Service Websphere Portal
NVD
CVSS 2.0
4.0
EPSS
0.5%
CVE-2014-3342 MEDIUM This Month

The CLI in Cisco IOS XR allows remote authenticated users to obtain sensitive information via unspecified commands, aka Bug IDs CSCuq42336, CSCuq76853, CSCuq76873, and CSCuq45383. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Information Disclosure Cli Ios Xr
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2014-3363 LOW Monitor

Cross-site scripting (XSS) vulnerability in the web framework in Cisco Unified Communications Manager (UCM) 9.1(2.10000.28) allows remote authenticated users to inject arbitrary web script or HTML. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Unified Communications Manager
NVD
CVSS 2.0
3.5
EPSS
0.3%
CVE-2014-4762 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF13 and 8.5.0 before CF02 allows remote authenticated users to inject arbitrary web script or HTML via a. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

IBM XSS Websphere Portal
NVD
CVSS 2.0
3.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy