Skip to main content
CVE-2014-0754 CRITICAL PATCH Act Now

Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 18.9%.

Path Traversal Schneider Electric Stbnic2212 Firmware Stbnip2212 Firmware Tsxetc0101 Firmware +40
NVD
CVSS 2.0
10.0
EPSS
18.9%
CVE-2014-4823 CRITICAL PATCH Act Now

The administration console in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

IBM Command Injection Security Access Manager For Web 7 0 Firmware Security Access Manager For Web Appliance Security Access Manager For Web 8 0 Firmware +2
NVD
CVSS 2.0
10.0
EPSS
6.5%
CVE-2014-6298 HIGH PATCH This Week

Unrestricted file upload vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection File Upload Mm Forum
NVD
CVSS 2.0
7.5
EPSS
1.9%
CVE-2014-3947 HIGH PATCH This Week

Unrestricted file upload vulnerability in the powermail extension before 1.6.11 and 2.x before 2.0.14 for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with a crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection File Upload Powermail
NVD
CVSS 2.0
7.5
EPSS
1.7%
CVE-2014-6290 HIGH PATCH This Week

The News (tt_news) extension before 3.5.2 for TYPO3 allows remote attackers to have unspecified impact via vectors related to an "insecure unserialize" issue. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Deserialization News
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2014-6295 HIGH PATCH This Week

SQL injection vulnerability in the WEC Map (wec_map) extension before 3.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi Wec Map
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2014-6293 HIGH This Week

SQL injection vulnerability in the Statistics (ke_stats) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Statistics
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2014-6289 HIGH PATCH This Week

The Ajax dispatcher for Extbase in the Yet Another Gallery (yag) extension before 3.0.1 and Tools for Extbase development (pt_extbase) extension before 1.5.1 allows remote attackers to bypass access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Yet Another Gallery Tools For Extbase Developmen
NVD
CVSS 2.0
7.5
EPSS
0.2%
CVE-2014-6288 HIGH PATCH This Week

The powermail extension 2.x before 2.0.11 for TYPO3 allows remote attackers to bypass the CAPTCHA protection mechanism via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Powermail
NVD
CVSS 2.0
7.5
EPSS
0.1%
CVE-2014-4809 HIGH PATCH This Week

The WebSEAL component in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, when e-community SSO is enabled, allows remote attackers to cause a. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable.

IBM Denial Of Service Security Access Manager For Web 8 0 Firmware Security Access Manager For Web Appliance Security Access Manager For Web 7 0 Firmware
NVD
CVSS 2.0
7.1
EPSS
0.9%
CVE-2014-5410 HIGH This Week

The DNP3 feature on Rockwell Automation Allen-Bradley MicroLogix 1400 1766-Lxxxxx A FRN controllers 7 and earlier and 1400 1766-Lxxxxx B FRN controllers before 15.001 allows remote attackers to cause. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Rockwell Denial Of Service Ab Micrologix Controller
NVD GitHub
CVSS 2.0
7.1
EPSS
0.0%
CVE-2014-6299 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to hijack the authentication of users for requests that create posts via. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Mm Forum
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-6292 MEDIUM PATCH This Month

The femanager extension before 1.0.9 for TYPO3 allows remote frontend users to modify or delete the records of other frontend users via unspecified vectors. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Femanager
NVD
CVSS 2.0
6.4
EPSS
0.4%
CVE-2014-6905 MEDIUM This Month

The H2O Human Harmony Organization (aka com.netpia.ha.theh2o) application 1.6.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure H2O Human Harmony Organization
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6903 MEDIUM This Month

The Gulf Power Mobile Bill Pay (aka com.tionetworks.gulf) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Gulf Power Mobile Bill Pay
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6902 MEDIUM This Month

The Anjuke (aka com.anjuke.android.app) application 7.1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Anjuke
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6901 MEDIUM This Month

The RADIOS DEL ECUADOR (aka com.nobexinc.wls_87612622.rc) application 3.2.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Radios Del Ecuador
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6900 MEDIUM This Month

The EAGE Amsterdam 2014 (aka com.coreapps.android.followme.eage_2014) application 6.1.1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Eage Amsterdam 2014
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6899 MEDIUM This Month

The Jazeera Airways (aka com.winit.jazeeraairways) application 2.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Jazeera Airways
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6898 MEDIUM This Month

The Boopsie MyLibrary (aka com.bredir.boopsie.mylibrary) application 4.5.110 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Boopsie Mylibrary
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6897 MEDIUM This Month

The Skyrim Map (aka com.neko.skyrimmap) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Skyrim Map
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6896 MEDIUM This Month

The Yik Yak (aka com.yik.yak) application 2.0.002 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Yik Yak
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6895 MEDIUM This Month

The Throne Rush (aka com.progrestar.bft) application 2.3.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Throne Rush
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6894 MEDIUM This Month

The Lucktastic (aka com.lucktastic.scratch) application 1.2.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Lucktastic
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6079 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Local Management Interface in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM XSS Security Access Manager For Mobile 8 0 Firmware Security Access Manager For Mobile Appliance Security Access Manager For Web 7 0 Firmware +2
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-6291 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Alphabetic Sitemap (alpha_sitemap) extension 0.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Alphabetic Sitemap
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-6297 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Mm Forum
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-6296 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the WEC Map (wec_map) extension before 3.0.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Wec Map
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-6294 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the External links click statistics (outstats) extension 0.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS External Links Click Statistics
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-7217 LOW PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS PHP Phpmyadmin
NVD GitHub
CVSS 2.0
3.5
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy