Skip to main content
CVE-2014-0561 CRITICAL PATCH Act Now

Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 37.5%.

Adobe Buffer Overflow RCE Microsoft Acrobat Reader +1
NVD
CVSS 2.0
10.0
EPSS
37.5%
CVE-2014-0567 CRITICAL PATCH Act Now

Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 30.3%.

Adobe Buffer Overflow RCE Microsoft Acrobat +1
NVD
CVSS 2.0
10.0
EPSS
30.3%
CVE-2014-0565 CRITICAL PATCH Act Now

Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 25.0%.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +2
NVD
CVSS 2.0
10.0
EPSS
25.0%
CVE-2014-0560 CRITICAL PATCH Act Now

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 13.1%.

Adobe RCE Microsoft Acrobat Reader Acrobat
NVD
CVSS 2.0
10.0
EPSS
13.1%
CVE-2014-0568 CRITICAL PATCH Act Now

The NtSetInformationFile system call hook feature in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows allows attackers to bypass a sandbox protection mechanism, and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Adobe Microsoft Acrobat Reader Acrobat
NVD
CVSS 2.0
10.0
EPSS
5.4%
CVE-2012-1506 MEDIUM POC PATCH This Month

SQL injection vulnerability in the updateStatus function in lib/models/benefits/Hsp.php in OrangeHRM before 2.7 allows remote authenticated users to execute arbitrary SQL commands via the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP SQLi Orangehrm
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
2.6%
CVE-2014-0566 CRITICAL PATCH Act Now

Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +4
NVD
CVSS 2.0
10.0
EPSS
4.3%
CVE-2012-2956 MEDIUM POC This Month

SQL injection vulnerability in SpiceWorks 5.3.75941 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to api_v2.json. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS SQLi Spiceworks
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
0.8%
CVE-2012-1507 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM before 2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) newHspStatus parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Orangehrm
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
9.5%
CVE-2012-6658 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in SpiceWorks 5.3.75941 allow remote attackers to inject arbitrary web script or HTML via the (1) syslocation, (2) syscontact, or (3) sysName. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Spiceworks
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
2.4%
CVE-2014-4621 HIGH This Week

EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subtypes of protected system types, which allows remote authenticated. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Documentum Content Server
NVD
CVSS 2.0
8.5
EPSS
0.7%
CVE-2012-2583 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Mini Mail Dashboard Widget plugin 1.42 for WordPress allows remote attackers to inject arbitrary web script or HTML via the body of an email. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress Mini Mail Dashboard Widget
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
1.0%
CVE-2014-0563 HIGH PATCH This Week

Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allow attackers to cause a denial of service (memory corruption) via unspecified vectors. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Adobe Buffer Overflow Microsoft Acrobat +1
NVD
CVSS 2.0
7.8
EPSS
1.7%
CVE-2012-1417 LOW POC Monitor

Multiple cross-site scripting (XSS) vulnerabilities in Local Phone book and Blacklist form in Yealink VOIP Phones allow remote authenticated users to inject arbitrary web script or HTML via the user. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Gigabit Color Ip Phone Sip T32G Gigabit Color Ip Phone Sip T38G Ip Phone Sip T19P Ip Phone Sip T20P +10
NVD Exploit-DB
CVSS 2.0
3.5
EPSS
0.9%
CVE-2014-4622 HIGH This Week

EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subgroups of privileged groups, which allows remote authenticated. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Documentum Content Server
NVD
CVSS 2.0
7.1
EPSS
0.4%
CVE-2014-5918 MEDIUM This Month

The Secret Circle - talk freely (aka com.easyxapp.secret) application 2.2.00.26 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Secret Circle Talk Freely
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5917 MEDIUM This Month

The Slideshow 365 (aka com.Slideshow) application 3.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Slideshow 365
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5916 MEDIUM This Month

The Minha Oi (aka br.com.mobicare.minhaoi) application 1.15.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Minha Oi
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5915 MEDIUM This Month

The Tigo Copa Mundial FIFA 2014 (aka com.fwc2014.millicom.and) application 3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Tigo Copa Mundial Fifa 2014
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5914 MEDIUM This Month

The Finansbank Cep Subesi (aka com.finansbank.mobile.cepsube) application 1.1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Finansbank Cep Subesi
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5913 MEDIUM This Month

The Allies in War (aka com.gamelion.aiw) application 1.3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Allies In War
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5912 MEDIUM This Month

The InNote (aka com.intsig.notes) application 1.0.3.20131119 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Innote
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5911 MEDIUM This Month

The Free App Icons & Icon Packs (aka com.jellytap.cooliconfinder) application 1.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Free App Icons Icon Packs
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5910 MEDIUM This Month

The Dog Whistle (aka com.dogwhistle.dogtrainingandroidapp) application 1.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Dog Whistle
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5909 MEDIUM This Month

The watcha (aka com.frograms.watcha) application 2.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Watcha
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5908 MEDIUM This Month

The Kmart (aka com.kmart.android) application @7F0C00EF for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Kmart
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5907 MEDIUM This Month

The Pet Salon (aka com.libiitech.petsalon) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Pet Salon
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5906 MEDIUM This Month

The Lil Wayne Slots: FREE SLOTS (aka com.lilwayneslots.slots.android) application 1.138 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Lil Wayne Slots
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-0562 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on OS X allows remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Adobe Acrobat Reader Acrobat
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-5235 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-5234 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-1032 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Euroling SiteSeeker module 3.x before 3.4.5 for EPiServer allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Euroling Siteseeker Episerver
NVD
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy