Skip to main content
CVE-2014-6808 MEDIUM This Month

The Active 24 (aka com.zentity.app.active24) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Active 24
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6807 MEDIUM This Month

The OLA School (aka com.conduit.app_00f9890a4f0145f2aae9d714e20b273a.app) application 1.2.7.132 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Ola School
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6806 MEDIUM This Month

The Thanodi - Setswana Translator (aka com.thanodi.thanodi) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Thanodi Setswana Translator
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6805 MEDIUM This Month

The weibo (aka magic.weibo) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Weibo
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6820 MEDIUM This Month

The Amebra Ameba (aka jp.honeytrap15.amebra) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Amebra Ameba
NVD
CVSS 2.0
5.4
EPSS
0.0%
CVE-2012-5498 MEDIUM PATCH This Month

queryCatalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to bypass caching and cause a denial of service via a crafted request to a collection. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Privilege Escalation Plone
NVD GitHub
CVSS 2.0
5.0
EPSS
1.0%
CVE-2012-5499 MEDIUM PATCH This Month

python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (memory consumption) via a large value, related to formatColumns. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Plone
NVD GitHub
CVSS 2.0
5.0
EPSS
0.9%
CVE-2012-5488 MEDIUM PATCH This Month

python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Python Code Injection Plone
NVD GitHub
CVSS 2.0
5.0
EPSS
0.6%
CVE-2012-5495 MEDIUM PATCH This Month

python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to "go_back.". Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Python Code Injection Plone
NVD GitHub
CVSS 2.0
5.0
EPSS
0.6%
CVE-2012-5506 MEDIUM PATCH This Month

python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (infinite loop) via an RSS feed request for a folder the user does not have. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Plone
NVD GitHub
CVSS 2.0
5.0
EPSS
0.6%
CVE-2012-5496 MEDIUM PATCH This Month

kupu_spellcheck.py in Kupu in Plone before 4.0 allows remote attackers to cause a denial of service (ZServer thread lock) via a crafted URL. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Plone
NVD GitHub
CVSS 2.0
5.0
EPSS
0.6%
CVE-2014-3558 MEDIUM PATCH This Month

ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Java Hibernate Validator
NVD GitHub
CVSS 2.0
5.0
EPSS
0.5%
CVE-2012-5497 MEDIUM PATCH This Month

membership_tool.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to enumerate user account names via a crafted URL. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Plone
NVD GitHub
CVSS 2.0
5.0
EPSS
0.4%
CVE-2012-5505 MEDIUM PATCH This Month

atat.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read private data structures via a request for a view without a name. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Plone
NVD GitHub
CVSS 2.0
5.0
EPSS
0.3%
CVE-2012-5503 MEDIUM PATCH This Month

ftp.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read hidden folder contents via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Plone
NVD GitHub
CVSS 2.0
5.0
EPSS
0.3%
CVE-2012-5501 MEDIUM PATCH This Month

at_download.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read arbitrary BLOBs (Files and Images) stored on custom content types via a crafted URL. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Plone
NVD GitHub
CVSS 2.0
5.0
EPSS
0.3%
CVE-2012-5492 MEDIUM PATCH This Month

uid_catalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to obtain metadata about hidden objects via a crafted URL. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Plone
NVD GitHub
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-3395 MEDIUM This Month

Cisco WebEx Meetings Server (WMS) 2.5 allows remote attackers to trigger the download of arbitrary files via a crafted URL, aka Bug ID CSCup10343. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Webex Meetings Server
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-0170 MEDIUM PATCH This Month

Teiid before 8.4.3 and before 8.7 and Red Hat JBoss Data Virtualization 6.0.0 before patch 3 allows remote attackers to read arbitrary files via a crafted request to a REST endpoint, related to an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Red Hat XXE Jboss Data Virtualization Teiid
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2012-5491 MEDIUM PATCH This Month

z3c.form, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain the default form field values by leveraging knowledge of the form location and the element id. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Plone
NVD GitHub
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-7199 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.19, 1.22.x before 1.22.11, and 1.23.x before 1.23.4 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Mediawiki
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-5504 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in widget_traversal.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Plone
NVD GitHub
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-5494 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Plone
NVD GitHub
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-5490 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in kssdevel.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Plone
NVD GitHub
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-5507 MEDIUM PATCH This Month

AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Race Condition Information Disclosure Zope Plone
NVD GitHub
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-6316 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the TP-LINK TL-WR841N router with firmware 3.13.9 Build 120201 Rel.54965n and earlier allow remote administrators to inject arbitrary web script. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS TP-Link Tl Wr841n Firmware Tl Wr841N
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-5444 MEDIUM PATCH This Month

Geary before 0.6.3 does not present the user with a warning when a TLS certificate error is detected, which makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Geary
NVD
CVSS 2.0
4.3
EPSS
0.1%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy