Skip to main content
CVE-2014-4312 MEDIUM POC THREAT This Month

Multiple cross-site scripting (XSS) vulnerabilities in Epicor Enterprise 7.4 before FS74SP6_HotfixTL054181 allow remote attackers to inject arbitrary web script or HTML via the (1) Notes section to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 18.2%.

XSS Epicor Enterprise
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
18.2%
CVE-2014-4873 MEDIUM POC This Month

SQL injection vulnerability in TrackItWeb/Grid/GetData in BMC Track-It!. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Track It
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
4.9%
CVE-2014-4874 MEDIUM POC THREAT This Month

BMC Track-It!. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 16.1%.

Information Disclosure Track It
NVD Exploit-DB
CVSS 2.0
4.0
EPSS
16.1%
CVE-2014-7200 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in pi1/class.tx_dmmjobcontrol_pi1.php in the JobControl (dmmjobcontrol) extension 2.14.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Dmmjobcontrol
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
8.0%
CVE-2014-4737 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Textpattern CMS before 4.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to setup/index.php. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Textpattern
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-6315 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Web-Dorado Photo Gallery plugin 1.1.30 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Photo Gallery Plugin
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-7139 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Contact Form DB (aka CFDB and contact-form-7-to-database-extension) plugin before 2.8.16 for WordPress allow remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Contact Form Db
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-6243 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the EWWW Image Optimizer plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the error parameter in the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS WordPress PHP Ewww Image Optimizer Plugin
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-3390 MEDIUM This Month

The Virtual Network Management Center (VNMC) policy implementation in Cisco ASA Software 8.7 before 8.7(1.14), 9.2 before 9.2(2.8), and 9.3 before 9.3(1.1) allows local users to obtain Linux root. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Adaptive Security Appliance Software
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2014-3391 MEDIUM This Month

Untrusted search path vulnerability in Cisco ASA Software 8.x before 8.4(3), 8.5, and 8.7 before 8.7(1.13) allows local users to gain privileges by placing a Trojan horse library file in external. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Adaptive Security Appliance Software
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-4867 MEDIUM This Month

Cryoserver Security Appliance 7.3.x uses weak permissions for /etc/init.d/cryoserver, which allows local users to gain privileges by leveraging access to the support account and running the. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cryoserver Security Appliance
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-3581 MEDIUM PATCH This Month

The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Apache Http Server Ubuntu Linux +8
NVD
CVSS 2.0
5.0
EPSS
4.8%
CVE-2014-7047 MEDIUM This Month

The Ocean Avenue Mobile Pro (aka com.oceanavenue.mobile) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Ocean Avenue Mobile Pro
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7046 MEDIUM This Month

The George Wassouf (aka com.devkhr32.georgewassouf) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure George Wassouf
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5298 MEDIUM This Month

FileUploadsFilter.php in X2Engine 4.1.7 and earlier, when running on case-insensitive file systems, allows remote attackers to bypass the upload blacklist and conduct unrestricted file upload attacks. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Privilege Escalation File Upload X2Engine
NVD GitHub
CVSS 2.0
5.0
EPSS
1.2%
CVE-2014-3402 MEDIUM This Month

The authentication-manager process in the web framework in Cisco Intrusion Prevention System (IPS) 7.0(8)E4 and earlier in Cisco Intrusion Detection System (IDS) does not properly manage user tokens,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Authentication Bypass Intrusion Prevention System
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-3201 MEDIUM This Month

core/rendering/compositing/RenderLayerCompositor.cpp in Blink, as used in Google Chrome before 38.0.2125.102 on Android, does not properly handle a certain IFRAME overflow condition, which allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Buffer Overflow Chrome
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-3403 MEDIUM This Month

The Autonomic Networking Infrastructure (ANI) component in Cisco IOS XE does not properly validate certificates, which allows remote attackers to spoof devices via crafted messages, aka Bug ID. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Information Disclosure Ios Xe
NVD
CVSS 2.0
5.0
EPSS
0.1%
CVE-2014-3394 MEDIUM This Month

The Smart Call Home (SCH) implementation in Cisco ASA Software 8.2 before 8.2(5.50), 8.4 before 8.4(7.15), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Adaptive Security Virtual Appliance Adaptive Security Appliance Software
NVD
CVSS 2.0
5.0
EPSS
0.1%
CVE-2014-3405 MEDIUM This Month

Cisco IOS XE enables the IPv6 Routing Protocol for Low-Power and Lossy Networks (aka RPL) on both the Autonomic Control Plane (ACP) and external Autonomic Networking Infrastructure (ANI) interfaces,. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Cisco Code Injection Ios Xe
NVD
CVSS 2.0
4.8
EPSS
0.2%
CVE-2014-4661 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in HP Records Manager before 7.3.5 and 8.x before 8.1 Patch 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS HP Records Manager
NVD
CVSS 2.0
4.3
EPSS
1.4%
CVE-2014-3393 MEDIUM This Month

The Clientless SSL VPN portal customization framework in Cisco ASA Software 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.14), 9.0 before 9.0(4.24), 9.1 before. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Authentication Bypass Adaptive Security Appliance Software
NVD
CVSS 2.0
4.3
EPSS
0.8%
CVE-2014-6439 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the CORS functionality in Elasticsearch before 1.4.0.Beta1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Elastic Elasticsearch
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2013-4488 MEDIUM This Month

libgadu before 1.12.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Libgadu
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-3678 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Monitoring plugin before 1.53.0 for Jenkins allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Jenkins Monitoring Plugin
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-3404 MEDIUM This Month

The Autonomic Networking Infrastructure (ANI) component in Cisco IOS XE does not properly validate certificates, which allows remote attackers to trigger acceptance of an invalid message via crafted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Cisco Information Disclosure Ios Xe
NVD
CVSS 2.0
4.3
EPSS
0.1%
CVE-2014-4761 MEDIUM PATCH This Month

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 before 8.0.0.1 CF14, and 8.5.0 through 8.5.0.0 CF02 allows remote authenticated users to. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Websphere Portal
NVD
CVSS 2.0
4.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy