Skip to main content
CVE-2014-2647 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in HP Operations Agent in HP Operations Manager (formerly OpenView Communications Broker) before 11.14 allows remote attackers to inject arbitrary web script. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS HP Operations Agent
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
2.1%
CVE-2014-3408 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the web framework in Cisco Prime Optical 10 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Prime Optical
NVD
CVSS 2.0
6.8
EPSS
0.6%
CVE-2014-7874 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 3.2.3 on HP-UX B.11.23, and before 3.2.8 on HP-UX B.11.31, allows remote attackers to hijack the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

HP CSRF System Management Homepage Hp Ux
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-5421 MEDIUM This Month

CareFusion Pyxis SupplyStation 8.1 with hardware test tool 1.0.16 and earlier has a hardcoded database password, which makes it easier for local users to gain privileges by leveraging cabinet access. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Pyxis Supplystation
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-4833 MEDIUM This Month

IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote authenticated users to gain privileges via invalid input. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Qradar Security Information And Event Manager
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2014-7057 MEDIUM This Month

The Hong Kong Tatler Society (aka com.magzter.hongkongtatlersociety) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Hong Kong Tatler Society
NVD
CVSS 2.0
5.4
EPSS
0.2%
CVE-2014-7483 MEDIUM This Month

The Desire2Learn FUSION 2014 (aka com.desire2learn.fusion2012) application 4.0.729.1748 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Desire2Learn Fusion 2014
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7481 MEDIUM This Month

The ETG Hosting (aka com.etg.web.hosting) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Etg Hosting
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7478 MEDIUM This Month

The nashaplaneta.su (aka com.wNashaPlaneta) application 1.02 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Nashaplaneta Su
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7476 MEDIUM This Month

The Healthy Lunch Diet Recipes (aka com.best.lunchdietrecipes) application 3.6.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Healthy Lunch Diet Recipes
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7475 MEDIUM This Month

The Ionic View (aka com.ionic.viewapp) application 0.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Ionic View
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7472 MEDIUM This Month

The CSApp - Colegio San Agustin (aka com.goodbarber.csapp) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Csapp Colegio San Agustin
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7471 MEDIUM This Month

The international-arbitration-attorney.com (aka com.w0f1d79a1010d819acbee876007d0bebc) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure International Arbitration Attorney Com
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7470 MEDIUM This Month

The I Know the Movie (aka com.guilardi.jesaislefilm2) application jesais_film_android_1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure I Know The Movie
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7469 MEDIUM This Month

The Best Beginning (aka com.bbbeta) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Best Beginning
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7468 MEDIUM This Month

The AG Klettern Odenwald (aka de.appack.project.agko) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Ag Klettern Odenwald
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7467 MEDIUM This Month

The HoneyBee Mag (aka com.magzter.honeybeemag) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Honeybee Mag
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7466 MEDIUM This Month

The Live TV Browser (aka com.wHDSmartBrowser) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Live Tv Browser
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7465 MEDIUM This Month

The PC Advisor (aka com.triactivemedia.pcadvisor) application @7F08017A for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Pc Advisor
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7464 MEDIUM This Month

The Magic Stamp (aka vn.avagame.apotatem) application 2.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Magic Stamp
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7463 MEDIUM This Month

The IM5 Fans Planet (aka uk.co.pixelkicks.im5) application 2.3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Im5 Fans Planet
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7462 MEDIUM This Month

The Fashion Story: Neon 90's (aka com.teamlava.fashionstory39) application 1.5.6.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Fashion Story
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7461 MEDIUM This Month

The A King Sperm by Dr. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure A King Sperm By Dr Seema Rao
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7460 MEDIUM This Month

The Slots Heaven:FREE Slot Machine (aka com.twelvegigs.heaven.slots) application 1.123 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Slots Heaven
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7459 MEDIUM This Month

The Press-Leader (aka com.soln.S95309F65AD59F99CFC2C710A517B0B7E) application 1.0011.b0011 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Press Leader
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7458 MEDIUM This Month

The BloomYou Valentine (aka com.bloomyouteam.bloomyou.valentine) application 2.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Bloomyou Valentine
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7457 MEDIUM This Month

The Electronics For You (aka com.magzter.electronicsforyou) application 3.02 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Electronics For You
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7456 MEDIUM This Month

The Digit Magazine (aka com.magzter.digitmagazine) application 3.01 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Digit Magazine
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7455 MEDIUM This Month

The Zoella Unofficial (aka com.automon.ay.zoella) application 1.4.0.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Zoella Unofficial
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7454 MEDIUM This Month

The Detox Juicing Diet Recipes (aka com.wDetoxJuicingDietRecipes) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Detox Juicing Diet Recipes
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7452 MEDIUM This Month

The Shaklee Product Catalog (aka com.wProductCatalog) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Shaklee Product Catalog
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7450 MEDIUM This Month

The allnurses (aka com.tapatalk.allnursescom) application 3.4.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Allnurses
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7449 MEDIUM This Month

The My NGEMC Account (aka com.ngemc.smartapps) application 1.153.0034 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure My Ngemc Account
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7448 MEDIUM This Month

The DealSide Institutional (aka com.magzter.dealsideinstitutional) application 3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Dealside Institutional
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7447 MEDIUM This Month

The Dattch - The Lesbian App (aka com.dattch.dattch.app) application 0.30 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Dattch The Lesbian App
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7446 MEDIUM This Month

The Bilingual Magic Ball (aka com.wBilingualMagicBall) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Bilingual Magic Ball
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7445 MEDIUM This Month

The LEGEND OF TRANCE (aka com.legendoftrance) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Legend Of Trance
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7444 MEDIUM This Month

The Baidu Navigation (aka com.baidu.navi) application 3.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Baidu Navigation
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7443 MEDIUM This Month

The Face Fun Photo Collage Maker 2 (aka com.kauf.facefunphotocollagemaker2) application 1.3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Face Fun Photo Collage Maker 2
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7441 MEDIUM This Month

The Pakan Ken Tube (aka com.PakanKen) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Pakan Ken Tube
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7439 MEDIUM This Month

The bene+ odmeny a slevy (aka cz.gemoney.bene.android) application 1.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Bene Odmeny A Slevy
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7437 MEDIUM This Month

The Love Horoscope Guide (aka com.charl.charlylovehoroscopes) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Love Horoscope Guide
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7436 MEDIUM This Month

The SOS recette (aka com.sos.recette) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Sos Recette
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7435 MEDIUM This Month

The AJD Bail Bonds (aka com.onesolutionapps.ajdbailbondsandroid) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Ajd Bail Bonds
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7434 MEDIUM This Month

The RTSinfo (aka ch.rts.rtsinfo) application 1.4.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Rtsinfo
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7433 MEDIUM This Month

The Student ID (aka com.computas.studentbevis) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Student Id
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7432 MEDIUM This Month

The CalculatorApp (aka com.intuit.alm.testandroidapp) application 4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Calculatorapp
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7431 MEDIUM This Month

The Breeze Jersey (aka com.sc.breezeje.banking) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Breeze Jersey
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7430 MEDIUM This Month

The Flood-It (aka com.appspot.eoltek.flood) application 4.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Flood It
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7428 MEDIUM This Month

The 7725.com Three Kingdoms (aka com.platform7725.youai.jiejian) application 2.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure 7725 Com Three Kingdoms
NVD
CVSS 2.0
5.4
EPSS
0.1%
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy