Skip to main content
CVE-2013-3632 HIGH POC THREAT Act Now

The Cron service in rpc.php in OpenMediaVault allows remote authenticated users to execute cron jobs as arbitrary users and execute arbitrary commands via the username parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 78.9%.

PHP Privilege Escalation Openmediavault
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
78.9%
Threat
5.6
CVE-2013-2100 CRITICAL POC PATCH Act Now

The urlopen function in pym/portage/util/_urlopen.py in Gentoo Portage 2.1.12, when using HTTPS, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available.

Information Disclosure Portage
NVD
CVSS 2.0
9.3
EPSS
0.6%
CVE-2013-3092 HIGH POC This Week

The Belkin N300 (F7D7301v1) router allows remote attackers to bypass authentication and gain privileges via vectors related to incorrect validation of the HTTP Authorization header. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass N300 Firmware N300
NVD
CVSS 2.0
8.3
EPSS
0.7%
CVE-2013-2586 MEDIUM POC THREAT This Month

XAMPP 1.8.1 does not properly restrict access to xampp/lang.php, which allows remote attackers to modify xampp/lang.tmp and execute cross-site scripting (XSS) attacks via the WriteIntoLocalDisk. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 14.6%.

XSS PHP Xampp
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
14.6%
CVE-2013-3066 HIGH POC This Week

Linksys EA6500 with firmware 1.1.28.147876 does not properly restrict access, which allows remote attackers to obtain sensitive information (clients and router configuration) via a request to /JNAP/. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Privilege Escalation Linksys Ea6500 Firmware Ea6500
NVD
CVSS 2.0
7.1
EPSS
0.2%
CVE-2013-3064 MEDIUM POC This Month

Open redirect vulnerability in ui/dynamic/unsecured.html in Linksys EA6500 with firmware 1.1.28.147876 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Open Redirect Linksys Ea6500 Firmware Ea6500
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2013-3083 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in cgi-bin/system_setting.exe in Belkin F5D8236-4 v2 allows remote attackers to hijack the authentication of administrators for requests that open the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF F5D8236 4 V2
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.3%
CVE-2013-3089 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in apply.cgi in Belkin N300 (F7D7301v1) router allows remote attackers to hijack the authentication of administrators for requests that modify. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF N300 Firmware N300
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-3086 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in util_system.html in Belkin N900 router allows remote attackers to hijack the authentication of administrators for requests that change configuration. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF N900 Firmware N900
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-3068 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in apply.cgi in Linksys WRT310Nv2 2.0.0.1 allows remote attackers to hijack the authentication of administrators for requests that change passwords and. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Linksys Linksys Wrt310N Router Firmware Linksys Wrt350N
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-3065 LOW POC Monitor

Cross-site scripting (XSS) vulnerability in the Parental Controls section in Linksys EA6500 with firmware 1.1.28.147876 allows remote authenticated users to inject arbitrary web script or HTML via. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Linksys Ea6500 Firmware Ea6500
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-3811 HIGH This Week

Juniper Installer Service (JIS) Client 7.x before 7.4R6 for Windows and Junos Pulse Client before 4.0R6 allows local users to gain privileges via unspecified vectors. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Juniper Privilege Escalation Microsoft Juniper Installer Service Client Junos Pulse Client
NVD
CVSS 2.0
7.2
EPSS
0.0%
CVE-2012-6110 LOW POC Monitor

bcron-exec in bcron before 0.10 does not close file descriptors associated with temporary files when running a cron job, which allows local users to modify job files and send spam messages by. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Bcron Exec
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-6799 MEDIUM This Month

The Investigation Tool (aka gov.ca.post.lp.itool) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Investigation Tool
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6804 MEDIUM This Month

The Deschutes Public MobileLibrary (aka com.bredir.boopsie.deschutes) application 4.5.110 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Deschutes Public Mobilelibrary
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6803 MEDIUM This Month

The Bank of Moscow EIRTS Rent (aka ru.bm.rbs.android) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Bank Of Moscow Eirts Rent
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6802 MEDIUM This Month

The First Assembly NLR (aka com.subsplash.thechurchapp.firstassemblynlr) application 2.8.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure First Assembly Nlr
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6801 MEDIUM This Month

The frank matano (aka com.frank.matano) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Frank Matano
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6800 MEDIUM This Month

The Bloom Township 206 (aka net.parentlink.bloom) application 4.0.500 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Bloom Township 206
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6798 MEDIUM This Month

The McMaster Marauders (aka com.weever.marauders) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Mcmaster Marauders
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6797 MEDIUM This Month

The Abu Ali Anasheeds (aka com.faapps.abuali_anasheeds) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Abu Ali Anasheeds
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6796 MEDIUM This Month

The LocalSense (aka com.LocalSense) application 1.2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Localsense
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6795 MEDIUM This Month

The Beekeeping Forum (aka com.tapatalk.supporttapatalkcomxxxxx) application 3.9.15 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Beekeeping Forum
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6794 MEDIUM This Month

The AAPLD (aka com.bredir.boopsie.aapld) application 4.5.110 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Aapld
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6793 MEDIUM This Month

The Arch Friend (aka com.xyproto.archfriend) application 0.4.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Arch Friend
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6792 MEDIUM This Month

The Suriname Radio (aka com.wordbox.surinameRadio) application 1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Suriname Radio
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6791 MEDIUM This Month

The Angel Reigns (aka com.conduit.app_dab60e7bd60d4f23a14b3fb7357f9dcd.app) application 1.2.6.185 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Angel Reigns
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6790 MEDIUM This Month

The INVEX (aka com.mobilatolye.keyinternet) application 1.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Invex
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6789 MEDIUM This Month

The Anaheim Library 2Go!. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Anaheim Library 2Go
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6788 MEDIUM This Month

The Oman News (aka com.oman.news.rmtzlnbuooordciw) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Oman News
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6787 MEDIUM This Month

The Counter Intuition (aka com.counter.intuition) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Counter Intuition
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6786 MEDIUM This Month

The Math for Kids - Subtraction (aka it.tinytap.attsa.deepsub) application 1.2.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Math For Kids Subtraction
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6785 MEDIUM This Month

The Renny McLean Ministries (aka com.subsplash.thechurchapp.s_GJQX72) application 2.8.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Renny Mclean Ministries
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6784 MEDIUM This Month

The Fermononrespiri Mobile (aka com.tapatalk.rmonlineitforums) application 3.8.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Fermononrespiri Mobile
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6783 MEDIUM This Month

The Campus Link - Campus TV HKUSU (aka com.campus.tv.hkusu) application 2.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Campus Link Campus Tv Hkusu
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6782 MEDIUM This Month

The Abraham Tours (aka com.mytoursapp.android.app432) application 1.1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Abraham Tours
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6781 MEDIUM This Month

The Aloha Stadium - Hawaii (aka com.stadium.aloha) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Aloha Stadium Hawaii
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6780 MEDIUM This Month

The MeiTalk (aka com.playjia.meitalk) application @7F060012 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Meitalk
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6779 MEDIUM This Month

The Cart App (aka com.virtecha.mobilewallet) application 1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Cart App
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6778 MEDIUM This Month

The Goat Forum (aka com.gcspublishing.goatspot) application 3.9.15 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Goat Forum
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6777 MEDIUM This Month

The blueeleph (aka eg.film.blueeleph) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Blueeleph
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6776 MEDIUM This Month

The United Advantage NW Federal Cr (aka com.myappengine.uanwfcu) application 1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure United Advantage Nw Federal Cr
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6775 MEDIUM This Month

The Light for Pets (aka com.helenwoodward.light4pets) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Light For Pets
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6774 MEDIUM This Month

The USEK (aka com.university.usek) application 1.0.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Usek
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6773 MEDIUM This Month

The CIH Quiz game (aka com.bowenehs.cihquizgameapp) application 1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Cih Quiz Game
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6772 MEDIUM This Month

The United Educational CU (aka com.metova.cuae.uecu) application 1.0.27 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure United Educational Cu
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2012-5621 MEDIUM PATCH This Month

lib/engine/components/opal/opal-call.cpp in ekiga before 4.0.0 allows remote attackers to cause a denial of service (crash) via an OPAL connection with a party name that contains invalid UTF-8. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Ekiga
NVD
CVSS 2.0
5.0
EPSS
1.2%
CVE-2012-6107 MEDIUM This Month

Apache Axis2/C does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Apache Apache Axis2 C
NVD
CVSS 2.0
4.3
EPSS
3.4%
CVE-2013-1874 MEDIUM This Month

Untrusted search path vulnerability in csi in Chicken before 4.8.2 allows local users to execute arbitrary code via a Trojan horse .csirc in the current working directory. Rated medium severity (CVSS 4.4). No vendor patch available.

RCE Chicken
NVD
CVSS 2.0
4.4
EPSS
0.1%
CVE-2014-3820 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the SSL VPN/UAC web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 7.1 before 7.1r16, 7.4 before 7.4r3, and 8.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Juniper XSS Ivanti Junos Pulse Access Control Service Junos Pulse Secure Access Service
NVD
CVSS 2.0
4.3
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy