Skip to main content
CVE-2014-6299 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to hijack the authentication of users for requests that create posts via. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Mm Forum
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-6292 MEDIUM PATCH This Month

The femanager extension before 1.0.9 for TYPO3 allows remote frontend users to modify or delete the records of other frontend users via unspecified vectors. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Femanager
NVD
CVSS 2.0
6.4
EPSS
0.4%
CVE-2014-6905 MEDIUM This Month

The H2O Human Harmony Organization (aka com.netpia.ha.theh2o) application 1.6.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure H2O Human Harmony Organization
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6903 MEDIUM This Month

The Gulf Power Mobile Bill Pay (aka com.tionetworks.gulf) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Gulf Power Mobile Bill Pay
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6902 MEDIUM This Month

The Anjuke (aka com.anjuke.android.app) application 7.1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Anjuke
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6901 MEDIUM This Month

The RADIOS DEL ECUADOR (aka com.nobexinc.wls_87612622.rc) application 3.2.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Radios Del Ecuador
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6900 MEDIUM This Month

The EAGE Amsterdam 2014 (aka com.coreapps.android.followme.eage_2014) application 6.1.1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Eage Amsterdam 2014
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6899 MEDIUM This Month

The Jazeera Airways (aka com.winit.jazeeraairways) application 2.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Jazeera Airways
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6898 MEDIUM This Month

The Boopsie MyLibrary (aka com.bredir.boopsie.mylibrary) application 4.5.110 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Boopsie Mylibrary
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6897 MEDIUM This Month

The Skyrim Map (aka com.neko.skyrimmap) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Skyrim Map
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6896 MEDIUM This Month

The Yik Yak (aka com.yik.yak) application 2.0.002 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Yik Yak
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6895 MEDIUM This Month

The Throne Rush (aka com.progrestar.bft) application 2.3.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Throne Rush
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6894 MEDIUM This Month

The Lucktastic (aka com.lucktastic.scratch) application 1.2.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Lucktastic
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6079 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Local Management Interface in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM XSS Security Access Manager For Mobile 8 0 Firmware Security Access Manager For Mobile Appliance Security Access Manager For Web 7 0 Firmware +2
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-6291 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Alphabetic Sitemap (alpha_sitemap) extension 0.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Alphabetic Sitemap
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-6297 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Mm Forum
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-6296 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the WEC Map (wec_map) extension before 3.0.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Wec Map
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-6294 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the External links click statistics (outstats) extension 0.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS External Links Click Statistics
NVD
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy