Skip to main content
CVE-2014-6446 HIGH POC PATCH THREAT Act Now

The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for WordPress does not properly restrict access, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 82.2%.

RCE WordPress PHP Code Injection Infusionsoft Gravity Forms
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
82.2%
Threat
5.5
CVE-2014-7152 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Easy MailChimp Forms plugin 3.0 through 5.0.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the update_options. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Easy Mailchimp Forms Plugin
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-5324 MEDIUM This Month

Unrestricted file upload vulnerability in the N-Media file uploader plugin before 3.4 for WordPress allows remote authenticated users to execute arbitrary PHP code by leveraging Author privileges to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Code Injection File Upload PHP RCE +1
NVD
CVSS 2.0
6.5
EPSS
0.5%
CVE-2014-5319 MEDIUM This Month

Directory traversal vulnerability in the S-Link SLFileManager application 1.2.5 and earlier for Android allows remote attackers to write to files via unspecified vectors. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Google Slfilemanager
NVD
CVSS 2.0
6.4
EPSS
0.5%
CVE-2014-5318 MEDIUM This Month

The jigbrowser+ application 1.8.1 and earlier for iOS allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Apple Privilege Escalation Jigbrowser
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2014-6721 MEDIUM This Month

The Pharmaguideline (aka com.pharmaguideline) application 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Pharmaguideline
NVD
CVSS 2.0
5.4
EPSS
0.7%
CVE-2014-6733 MEDIUM This Month

The My T-Mobile (aka at.tmobile.android.myt) application @7F0C0030 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure My T Mobile
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6732 MEDIUM This Month

The Westpac Mobile Banking (aka org.westpac.bank) application 5.21 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Westpac Mobile Banking
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6731 MEDIUM This Month

The Alfa-Bank (aka ru.alfabank.mobile.android) application 5.5.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Alfa Bank
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6730 MEDIUM This Month

The Melodigram (aka com.minusdegree.melodigramandroid) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Melodigram
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6729 MEDIUM This Month

The Grilling with Rich (aka com.grilling.with.rich) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Grilling With Rich
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6728 MEDIUM This Month

The ThinkPal (aka com.mythinkpalapp) application 1.6.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Thinkpal
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6727 MEDIUM This Month

The Mikeius (Official App) (aka com.automon.mikeius) application 1.4.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Mikeius
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6726 MEDIUM This Month

The 30A (aka com.app30a) application 5.26.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure 30A
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6725 MEDIUM This Month

The SchoolXM (aka apprentice.schoolxm) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Schoolxm
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6724 MEDIUM This Month

The Soap Making (aka com.tapatalk.soapmakingforumcom) application 3.7.13 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Soap Making
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6723 MEDIUM This Month

The Comics Plus (aka com.iversecomics.comicsplus.android) application 1.06 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Comics Plus
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6722 MEDIUM This Month

The Pescuit Crap Lite (aka ro.aventurilapescui.pescuitcrap.lite) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Pescuit Crap Lite
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6720 MEDIUM This Month

The Pesca de Carpa Lite (aka com.clearfishing.pescadecarpa.lite) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Pesca De Carpa Lite
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6719 MEDIUM This Month

The Kayak Angler Magazine (aka air.com.yudu.ReaderAIR1360155) application 3.12.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Kayak Angler Magazine
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5315 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Help page in Adobe Acrobat 9.5.2 and earlier and ColdFusion 8.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Adobe Coldfusion Acrobat
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-4958 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Telerik UI for ASP.NET AJAX RadEditor control 2014.1.403.35, 2009.3.1208.20, and other versions allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Asp Net Ajax Radeditor Control
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-6445 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in includes/toAdmin.php in Contact Form 7 Integrations plugin 1.0 through 1.3.10 for WordPress allow remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS WordPress PHP Contact Form 7 Integrations
NVD
CVSS 2.0
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy