Skip to main content
CVE-2014-3704 HIGH POC PATCH THREAT Act Now

The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 93.9%.

SQLi Drupal Debian Linux
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
93.9%
Threat
5.8
CVE-2014-7237 MEDIUM POC THREAT This Month

lib/TWiki/Sandbox.pm in TWiki 6.0.0 and earlier, when running on Windows, allows remote attackers to bypass intended access restrictions and upload files with restricted names via a null byte (%00). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 29.6%.

RCE Privilege Escalation Microsoft Twiki Windows
NVD
CVSS 2.0
6.8
EPSS
29.6%
CVE-2014-8306 HIGH POC This Week

SQL injection vulnerability in the sql_query function in cart.php in C97net Cart Engine before 4.0 allows remote attackers to execute arbitrary SQL commands via the item_id variable, as demonstrated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Cart Engine
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
1.7%
CVE-2014-8305 MEDIUM POC This Month

Open redirect vulnerability in the redir function in includes/function.php in C97net Cart Engine before 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Open Redirect Cart Engine
NVD Exploit-DB
CVSS 2.0
6.4
EPSS
3.1%
CVE-2014-8316 MEDIUM POC This Month

XML External Entity (XXE) vulnerability in polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 allows remote attackers to read arbitrary files via the xmlParameter parameter in an. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE SAP Businessobjects Explorer
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2014-8307 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in skins/default/outline.tpl in C97net Cart Engine before 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) path. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Cart Engine
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
1.0%
CVE-2014-7138 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the Google Calendar Events plugin before 2.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the gce_feed_ids parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS WordPress Google PHP Google Calendar Events
NVD GitHub
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-7181 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Max Foundry MaxButtons plugin before 1.26.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter in a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Maxbuttons
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-3666 HIGH PATCH This Week

Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to execute arbitrary code via a crafted packet to the CLI channel. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Jenkins Code Injection Openshift
NVD
CVSS 2.0
7.5
EPSS
1.2%
CVE-2014-3686 MEDIUM This Month

wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Hostapd Wpa Supplicant Ubuntu Linux Debian Linux
NVD
CVSS 2.0
6.8
EPSS
4.7%
CVE-2014-8240 HIGH This Week

Integer overflow in TigerVNC allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to screen size handling, which triggers a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow Tigervnc
NVD
CVSS 2.0
7.5
EPSS
1.1%
CVE-2014-8310 HIGH This Week

The CMS CORBA listener in SAP BusinessObjects BI Edge 4.0 allows remote attackers to cause a denial of service (server shutdown) via crafted OSCAFactory::Session ORB message. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service SAP Businessobjects
NVD
CVSS 2.0
7.1
EPSS
2.5%
CVE-2014-8313 MEDIUM This Month

Eval injection in ide/core/base/server/net.xsjs in the Developer Workbench in SAP HANA allows remote attackers to execute arbitrary XSJX code via unspecified vectors. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

RCE SAP Code Injection Hana
NVD
CVSS 2.0
6.0
EPSS
0.8%
CVE-2014-3663 MEDIUM PATCH This Month

Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/CONFIGURE permission to bypass intended restrictions and create or destroy arbitrary jobs via unspecified. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.

Jenkins Privilege Escalation Openshift
NVD
CVSS 2.0
6.0
EPSS
0.1%
CVE-2014-7035 MEDIUM This Month

The Harmonizers Planet (aka uk.co.pixelkicks.fifthharmony) application 2.3.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Harmonizers Planet
NVD
CVSS 2.0
5.4
EPSS
0.2%
CVE-2014-7050 MEDIUM This Month

The givenu give (aka com.givenu.give) application 1.5.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Givenu Give
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7049 MEDIUM This Month

The SomTodo - Task/To-do widget (aka com.somcloud.somtodo) application 2.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Somtodo Task To Do Widget
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7048 MEDIUM This Month

The Bear ID Lock (aka com.wBearIDLock) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Bear Id Lock
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7045 MEDIUM This Month

The Bust Out Bail (aka com.onesolutionapps.bustoutbailandroid) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Bust Out Bail
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7044 MEDIUM This Month

The Street Walker (aka kt.road.StreetWalker) application 0.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Street Walker
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7043 MEDIUM This Month

The Cadpage (aka net.anei.cadpage) application 1.7.44 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Cadpage
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7042 MEDIUM This Month

The My nTelos (aka com.telespree.ntelospostpay) application 1.1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure My Ntelos
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7041 MEDIUM This Month

The SimGene (aka com.japanbioinformatics.simgene) application 1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Simgene
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7040 MEDIUM This Month

The UniCredit Investors (aka eu.unicreditgroup.brand.ucinvestors) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Unicredit Investors
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7039 MEDIUM This Month

The Wild Women United (aka com.wildwomenunited) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Wild Women United
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7038 MEDIUM This Month

The Al Jazeera (aka com.Al.Jazeera.net) application 6.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Al Jazeera
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7037 MEDIUM This Month

The Noble Sticker "FREE" (aka com.kuronecostudio.kizokustamp.free) application 1.0.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Noble Sticker Free
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7036 MEDIUM This Month

The Quest Federal CU Mobile (aka com.metova.cuae.questfcu) application 1.0.27 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Quest Federal Cu Mobile
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7034 MEDIUM This Month

The Senator Inn & Spa (aka com.conduit.app_cc06e8e9659c4cf7b361ad0b7717f3a4.app) application 1.2.2.160 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Senator Inn Spa
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7033 MEDIUM This Month

The Cure Viewer (aka com.livedoor.android.cureviewer) application 1.03 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Cure Viewer
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7032 MEDIUM This Month

The MYHABIT (aka com.amazon.myhabit) application @7F080041 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Myhabit
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7031 MEDIUM This Month

The RedAtoms Three (aka com.redatoms.mojodroid.tw.gp) application 2.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Redatoms Three
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7030 MEDIUM This Month

The Dieta Dukan passo a passo (aka com.rareartifact.dukanpasoapaso82BE0897) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Dieta Dukan Passo A Passo
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7029 MEDIUM This Month

The Bultmonster Registret (aka com.bultmonster.registret) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Bultmonster Registret
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7028 MEDIUM This Month

The Ibis pau centre (aka com.myapphone.android.myappibispaucentre) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Ibis Pau Centre
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7027 MEDIUM This Month

The Esercizi per le donne (aka com.rareartifact.eserciziperledonne6D5578C6) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Esercizi Per Le Donne
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7026 MEDIUM This Month

The LIFE TIME FITNESS (aka com.lifetimefitness.ltfmobile) application 1.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Life Time Fitness
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7025 MEDIUM This Month

The Who-is-it? Lite name caller time limited free (aka de.profiler.android.whoisit) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Who Is It Lite Name Caller Time Limited Free
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7024 MEDIUM This Month

The Hardest Game Collection (aka com.lotfun.abuse) application 1.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Hardest Game Collection
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7023 MEDIUM This Month

The Find Color (aka com.chudong.color) application 1.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Find Color
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7022 MEDIUM This Month

The Modelisme.com forum/portail (aka com.tapatalk.modelismecomforum) application 3.6.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Modelisme Com Forum Portail
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7021 MEDIUM This Month

The Leg Surgery - Kids Games (aka com.harriskerioe.legsurgery) application 1.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Leg Surgery Kids Games
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7020 MEDIUM This Month

The Diabetes Forum (aka com.tapatalk.diabetescoukdiabetesforum) application 3.9.30 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Diabetes Forum
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7019 MEDIUM This Month

The Clarks Inn (aka com.ClarksInn) application 3.3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Clarks Inn
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7018 MEDIUM This Month

The LOVE DANCE (aka com.efunfun.ddianle.lovedance) application 1.2.0626 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Love Dance
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7017 MEDIUM This Month

The Tim Ban Bon Phuong (aka com.entertaiment.timbanbonphuong) application 2.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Tim Ban Bon Phuong
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7016 MEDIUM This Month

The Mahasna Batik (aka com.batik.mahasna) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Mahasna Batik
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7015 MEDIUM This Month

The JJ Texas Hold'em Poker (aka cn.jj.poker) application 1.13.23.HD for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Jj Texas Hold Em Poker
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7013 MEDIUM This Month

The Funny Photo Color Editor (aka com.doirdeditor.funcloreditor) application 0.0.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Funny Photo Color Editor
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7012 MEDIUM This Month

The Coffee Inn (aka lt.lemonlabs.android.coffeeinn) application 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Coffee Inn
NVD
CVSS 2.0
5.4
EPSS
0.1%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy