Skip to main content
CVE-2012-1506 MEDIUM POC PATCH This Month

SQL injection vulnerability in the updateStatus function in lib/models/benefits/Hsp.php in OrangeHRM before 2.7 allows remote authenticated users to execute arbitrary SQL commands via the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP SQLi Orangehrm
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
2.6%
CVE-2012-2956 MEDIUM POC This Month

SQL injection vulnerability in SpiceWorks 5.3.75941 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to api_v2.json. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS SQLi Spiceworks
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
0.8%
CVE-2012-1507 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM before 2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) newHspStatus parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Orangehrm
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
9.5%
CVE-2012-6658 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in SpiceWorks 5.3.75941 allow remote attackers to inject arbitrary web script or HTML via the (1) syslocation, (2) syscontact, or (3) sysName. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Spiceworks
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
2.4%
CVE-2012-2583 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Mini Mail Dashboard Widget plugin 1.42 for WordPress allows remote attackers to inject arbitrary web script or HTML via the body of an email. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress Mini Mail Dashboard Widget
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
1.0%
CVE-2014-5918 MEDIUM This Month

The Secret Circle - talk freely (aka com.easyxapp.secret) application 2.2.00.26 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Secret Circle Talk Freely
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5917 MEDIUM This Month

The Slideshow 365 (aka com.Slideshow) application 3.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Slideshow 365
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5916 MEDIUM This Month

The Minha Oi (aka br.com.mobicare.minhaoi) application 1.15.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Minha Oi
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5915 MEDIUM This Month

The Tigo Copa Mundial FIFA 2014 (aka com.fwc2014.millicom.and) application 3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Tigo Copa Mundial Fifa 2014
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5914 MEDIUM This Month

The Finansbank Cep Subesi (aka com.finansbank.mobile.cepsube) application 1.1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Finansbank Cep Subesi
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5913 MEDIUM This Month

The Allies in War (aka com.gamelion.aiw) application 1.3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Allies In War
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5912 MEDIUM This Month

The InNote (aka com.intsig.notes) application 1.0.3.20131119 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Innote
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5911 MEDIUM This Month

The Free App Icons & Icon Packs (aka com.jellytap.cooliconfinder) application 1.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Free App Icons Icon Packs
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5910 MEDIUM This Month

The Dog Whistle (aka com.dogwhistle.dogtrainingandroidapp) application 1.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Dog Whistle
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5909 MEDIUM This Month

The watcha (aka com.frograms.watcha) application 2.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Watcha
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5908 MEDIUM This Month

The Kmart (aka com.kmart.android) application @7F0C00EF for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Kmart
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5907 MEDIUM This Month

The Pet Salon (aka com.libiitech.petsalon) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Pet Salon
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5906 MEDIUM This Month

The Lil Wayne Slots: FREE SLOTS (aka com.lilwayneslots.slots.android) application 1.138 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Lil Wayne Slots
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-0562 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on OS X allows remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Adobe Acrobat Reader Acrobat
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-5235 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-5234 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-1032 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Euroling SiteSeeker module 3.x before 3.4.5 for EPiServer allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Euroling Siteseeker Episerver
NVD
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy