Skip to main content
CVE-2014-7153 MEDIUM POC This Month

SQL injection vulnerability in the editgallery function in admin/gallery_func.php in the Huge-IT Image Gallery plugin 1.0.1 for WordPress allows remote authenticated users to execute arbitrary SQL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Image Gallery
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
1.5%
CVE-2014-6602 MEDIUM POC This Month

Microsoft Asha OS on the Microsoft Mobile Nokia Asha 501 phone 14.0.4 allows physically proximate attackers to bypass the lock-screen protection mechanism, and read or modify contact information or. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Nokia Privilege Escalation Microsoft Nokia Asha 501 Software Nokia Asha 501
NVD
CVSS 2.0
6.6
EPSS
0.7%
CVE-2012-5700 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Baby Gekko before 1.2.2f allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/index.php or the (2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Baby Gekko
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
5.5%
CVE-2014-2942 HIGH This Week

Cobham Aviator 700D and 700E satellite terminals use an improper algorithm for PIN codes, which makes it easier for attackers to obtain a privileged terminal session by calculating the superuser. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Aviator 700D Aviator 700E
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2014-0484 HIGH This Week

The Debian acpi-support package before 0.140-5+deb7u3 allows local users to gain privileges via vectors related to the "user's environment.". Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Debian Privilege Escalation Acpi Support
NVD
CVSS 2.0
7.2
EPSS
0.0%
CVE-2014-5321 MEDIUM This Month

FileMaker Pro before 13 and Pro Advanced before 13 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Filemaker Pro Filemaker Pro Advanced
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2014-6006 MEDIUM This Month

The Gratta & Vinci? (aka com.dreamstep.wGrattaevinci) application 0.21.13167.93474 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Gratta Vinci
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5983 MEDIUM This Month

The Threadflip : Buy, Sell Fashion (aka com.threadflip.android) application 1.1.11 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Threadflip Buy Sell Fashion
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6645 MEDIUM This Month

The Batch library for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Batch Library
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6643 MEDIUM This Month

The FIAT Forum (aka com.tapatalk.fiatforumcom) application 3.8.41 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Fiat Forum
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6642 MEDIUM This Month

The Mark's Daily Apple Forum (aka com.tapatalk.marksdailyapplecomforum) application 2.4.9.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers. Rated medium severity (CVSS 5.4). No vendor patch available.

Apple Google Information Disclosure Mark S Daily Apple Forum
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6641 MEDIUM This Month

The Homesteading Today (aka com.tapatalk.homesteadingtodaycom) application 3.7.14 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Homesteading Today
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6640 MEDIUM This Month

The DNB Trade (aka lt.dnb.mobiletrade) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Dnb Trade
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6639 MEDIUM This Month

The TIO MobilePay - Bill Payments (aka com.tionetworks.mobile.android.tioclient) application 1.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Tio Mobilepay Bill Payments
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6638 MEDIUM This Month

The wTMDesktop (aka com.wTMDesktop) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Wtmdesktop
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6637 MEDIUM This Month

The Facebook Facts (aka com.wFacebookFacts) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Facebook Facts
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6636 MEDIUM This Month

The LG Telepresence (aka com.rsupport.rtc.lge) application 2.0.12 Build 63 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Lg Telepresence
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6023 MEDIUM This Month

The s-peek credit rating report (aka com.rhomobile.speek) application 2.1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure S Peek Credit Rating Report
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6022 MEDIUM This Month

The Versent Books (aka com.versentbooks) application 1.1.99 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Versent Books
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6021 MEDIUM This Month

The Harley-Davidson Visa (aka com.usbank.icsmobile.harleydavidson) application 1.18 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Harley Davidson Visa
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6020 MEDIUM This Month

The Fuel Rewards Network (aka com.excentus.frn) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Fuel Rewards Network
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6019 MEDIUM This Month

The psychology (aka com.alek.psychology) application 1.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Psychology
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6018 MEDIUM This Month

The global beauty research (aka com.appems.topgirl) application 1.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Global Beauty Research
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6017 MEDIUM This Month

The Doodle Drop (aka net.lazyer.DoodleDrop) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Doodle Drop
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6016 MEDIUM This Month

The Celluloid (aka com.eurisko.celluloid) application 1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Celluloid
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6015 MEDIUM This Month

The TuCarro (aka com.tucarro) application 2.0.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Tucarro
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6014 MEDIUM This Month

The Conquest Of Fantasia (aka air.com.ingen.studios.cof.sg) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Conquest Of Fantasia
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6013 MEDIUM This Month

The nuSquare (aka tw.com.nuphoto.nusquare) application 1.0.78 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Nusquare
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6012 MEDIUM This Month

The Gravity Bounce (aka net.toddm.gb) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Gravity Bounce
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6011 MEDIUM This Month

The cutprice (aka kr.co.wedoit.cutprice) application 1.0.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Cutprice
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6010 MEDIUM This Month

The Rasta Weed Widgets HD (aka aw.awesomewidgets.rastaweed) application 4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Rasta Weed Widgets Hd
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6009 MEDIUM This Month

The Zombie Detector (aka com.jimmybolstad.zombiedetector) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Zombie Detector
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6008 MEDIUM This Month

The Blitz Bingo (aka com.appMobi.sbbingo.app) application 2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Blitz Bingo
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6007 MEDIUM This Month

The LikeHero Get Instagram Likes (aka com.fraoula.likehero) application 1.0.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Likehero Get Instagram Likes
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6005 MEDIUM This Month

The Survey.com Mobile (aka com.survey.android) application 3.2.16 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Survey Com Mobile
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6004 MEDIUM This Month

The Pocket Cam Photo Editor (aka mobi.pocketcam.editor) application 3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Pocket Cam Photo Editor
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6003 MEDIUM This Month

The Belas Frases de Amor (aka com.goodbarber.frasesdeamor) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Belas Frases De Amor
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6002 MEDIUM This Month

The DTE Energy (aka com.dteenergy.mydte) application 3.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Dte Energy
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6001 MEDIUM This Month

The gewara (aka com.gewara) application 5.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Gewara
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6000 MEDIUM This Month

The FreshDirect (aka com.freshdirect.android) application 2.7.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Freshdirect
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5999 MEDIUM This Month

The autonavi (aka com.telenav.doudouyou.android.autonavi) application 4.6.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Autonavi
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5998 MEDIUM This Month

The SkyDrive Assistant (aka com.dhh.sky) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Skydrive Assistant
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5997 MEDIUM This Month

The Auto Trader (aka za.co.autotrader.android.app) application 2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Auto Trader
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5996 MEDIUM This Month

The DEKRA Used Car Report (aka com.dekra.maengelreport) application 3.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Dekra Used Car Report
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5995 MEDIUM This Month

The eWUS mobile (aka pl.dreryk.ewustest) application 1.4.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Ewus Mobile
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5994 MEDIUM This Month

The ding* ezetop. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Ding Ezetop Top Up Any Phone
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5993 MEDIUM This Month

The MLB Preplay (aka com.preplay.android.mlb) application 5.4.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Mlb Preplay
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5992 MEDIUM This Month

The successsecrets (aka com.alek.successsecrets) application 1.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Successsecrets
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5991 MEDIUM This Month

The Skin Conditions and Diseases (aka com.appsgeyser.wSkinConditions) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Skin Conditions And Diseases
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5984 MEDIUM This Month

The Little Dragons (aka com.playcomo.dragongame) application 1.0.256 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Little Dragons
NVD
CVSS 2.0
5.4
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy