Skip to main content
CVE-2014-6308 MEDIUM POC PATCH THREAT This Month

Directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 77.9%.

Path Traversal PHP Osclass
NVD Exploit-DB GitHub
CVSS 2.0
5.0
EPSS
77.9%
Threat
4.8
CVE-2012-5244 HIGH POC This Week

Multiple SQL injection vulnerabilities in Banana Dance B.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) return, (2) display, (3) table, or (4) search parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Banana Dance
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
2.8%
CVE-2014-2081 HIGH POC This Week

Multiple SQL injection vulnerabilities in the login in web_reports/cgi-bin/InfoStation.cgi in Innovative vtls-Virtua before 2013.2.4 and 2014.x before 2014.1.1 allow remote attackers to execute. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Vtls Virtua
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.8%
CVE-2014-8363 HIGH POC This Week

SQL injection vulnerability in ss_handler.php in the WordPress Spreadsheet (wpSS) plugin 0.62 for WordPress allows remote attackers to execute arbitrary SQL commands via the ss_id parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Wordpress Spreadsheet
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2014-8366 HIGH POC This Week

SQL injection vulnerability in openSIS 4.5 through 5.3 allows remote attackers to execute arbitrary SQL commands via the Username and password to index.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Opensis
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2012-5701 MEDIUM POC PATCH This Month

Multiple SQL injection vulnerabilities in dotProject before 2.1.7 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search_string or (2) where parameter in a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

CSRF PHP SQLi Dotproject
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
2.7%
CVE-2012-5695 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allow remote attackers to hijack the authentication of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF SQLi Smartphone Pentest Framework
NVD
CVSS 2.0
6.8
EPSS
0.5%
CVE-2012-5694 MEDIUM POC This Month

Multiple SQL injection vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allow remote attackers to execute arbitrary SQL commands via the (1) agentPhNo, (2). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

SQLi Smartphone Pentest Framework
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2012-5865 MEDIUM POC This Month

SQL injection vulnerability in dispatch.php in Achievo 1.4.5 allows remote authenticated users to execute arbitrary SQL commands via the activityid parameter in a stats action. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Achievo
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
1.0%
CVE-2014-5275 MEDIUM POC This Month

Multiple SQL injection vulnerabilities in includes/functions.php in Pro Chat Rooms Text Chat Rooms 8.2.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) password, (2). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Text Chat Rooms
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
0.9%
CVE-2014-3978 MEDIUM POC This Month

SQL injection vulnerability in TomatoCart 1.1.8.6.1 allows remote authenticated users to execute arbitrary SQL commands via the First Name and Last Name fields in a new address book contact. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Tomatocart
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
0.7%
CVE-2014-5094 MEDIUM POC This Month

Status2k allows remote attackers to obtain configuration information via a phpinfo action in a request to status/index.php, which calls the phpinfo function. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Status2K
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
7.1%
CVE-2014-8329 CRITICAL Act Now

Schrack Technik microControl with firmware before 1.7.0 (937) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain access data for. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Technik Microcontrol Firmware Technik Microcontrol
NVD
CVSS 2.0
10.0
EPSS
1.1%
CVE-2012-5696 MEDIUM POC This Month

Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 does not properly restrict access to frameworkgui/config, which allows remote attackers to obtain the plaintext database password via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Smartphone Pentest Framework
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2012-5697 MEDIUM POC This Month

The btinstall installation script in Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 uses weak permissions (777) for all files in the frameworkgui/ directory, which allows local users. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Smartphone Pentest Framework
NVD
CVSS 2.0
4.6
EPSS
0.0%
CVE-2014-6280 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in OSClass before 3.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) action or (2) nsextt parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Osclass
NVD GitHub
CVSS 2.0
4.3
EPSS
0.4%
CVE-2012-5866 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in include.php in Achievo 1.4.5 allows remote attackers to inject arbitrary web script or HTML via the field parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Achievo
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-5098 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Search module before 1.2.2 in Jamroom allows remote attackers to inject arbitrary web script or HTML via the query string to search/results/. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Search Module
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-3830 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in info.php in TomatoCart 1.1.8.6.1 allows remote attackers to inject arbitrary web script or HTML via the faqs_id parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Tomatocart
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-8364 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in ss_handler.php in the WordPress Spreadsheet (wpSS) plugin 0.62 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ss_id. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Wordpress Spreadsheet Plugin
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2012-2413 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the ja_purity template for Joomla!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Joomla
NVD
CVSS 2.0
4.3
EPSS
0.0%
CVE-2014-5276 LOW POC Monitor

Multiple cross-site scripting (XSS) vulnerabilities in Pro Chat Rooms Text Chat Rooms 8.2.0 allow remote authenticated users to inject arbitrary web script or HTML via (1) an uploaded profile picture. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Text Chat Rooms
NVD Exploit-DB
CVSS 2.0
3.5
EPSS
0.8%
CVE-2014-5025 LOW POC Monitor

Cross-site scripting (XSS) vulnerability in data_sources.php in Cacti 0.8.8b allows remote authenticated users with console access to inject arbitrary web script or HTML via the name_cache parameter. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Debian Linux Opensuse Cacti
NVD
CVSS 2.0
3.5
EPSS
0.5%
CVE-2014-5026 LOW POC Monitor

Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote authenticated users with console access to inject arbitrary web script or HTML via a (1) Graph Tree Title in a delete. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Debian Linux Cacti Opensuse
NVD
CVSS 2.0
3.5
EPSS
0.3%
CVE-2014-8330 LOW POC Monitor

Cross-site scripting (XSS) vulnerability in EspoCRM allows remote authenticated users to inject arbitrary web script or HTML via the Name field in a new account. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Espocrm
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-3564 MEDIUM PATCH This Month

Multiple heap-based buffer overflows in the status_handler function in (1) engine-gpgsm.c and (2) engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service (crash). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Denial Of Service RCE Buffer Overflow Gpgme Ubuntu Linux +1
NVD
CVSS 2.0
6.8
EPSS
2.8%
CVE-2014-8331 MEDIUM This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3236 before E3276sTCPU-V200R002B470D13SP00C00 and E3276sWebUI-V100R007B100D03SP01C03 and E3276 before. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Huawei E3236 Firmware E3276 Firmware
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-7494 MEDIUM This Month

The Kontan Kiosk (aka com.appsfoundry.scoopwl.id.kontankiosk) application @7F07025E for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Kontan Kiosk
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7626 MEDIUM This Month

The Atme (aka com.bedigital.atme) application 1.0.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Atme
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7622 MEDIUM This Month

The Affinity Mobile ATM Locator (aka com.collegemobile.affinity.locator) application 1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Affinity Mobile Atm Locator
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7621 MEDIUM This Month

The EIN Lookup (aka appinventor.ai_siwanuth.EINLookup) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Ein Lookup
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7620 MEDIUM This Month

The Authors On Tour - Live!. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Authors On Tour Live
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7618 MEDIUM This Month

The Interior Design (aka com.interior.design.mcreda) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Interior Design
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7617 MEDIUM This Month

The www.roads365.com (aka ydx.android) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Www Roads365 Com
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7616 MEDIUM This Month

The Physics Forums (aka com.tapatalk.physicsforumscom) application 3.9.22 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Physics Forums
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7614 MEDIUM This Month

The Warrior Beach Retreat (aka com.wWarriorBeachRetreat) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Warrior Beach Retreat
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7613 MEDIUM This Month

The WASPS Official Programmes (aka com.triactivemedia.wasps) application @7F080130 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Wasps Official Programmes
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7612 MEDIUM This Month

The e-Kiosk (aka com.ekioskreader.android.pdfviewer) application 1.74 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure E Kiosk
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7611 MEDIUM This Month

The Lost Temple (aka com.crazy.game.good.mengchenglu.templeI) application 1.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Lost Temple
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7610 MEDIUM This Month

The Kadinlar Kulubu KKMobileApp (aka com.tapatalk.kadinlarkulubucom) application 3.4.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Kadinlar Kulubu Kkmobileapp
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7609 MEDIUM This Month

The iStunt 2 (aka com.miniclip.istunt2) application 1.1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Istunt 2
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7608 MEDIUM This Month

The Carrier Enterprise HVAC Assist (aka com.es.CE) application 4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Carrier Enterprise Hvac Assist
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7607 MEDIUM This Month

The Swamiji.tv (aka org.yidl.SwamijiTV) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Swamiji Tv
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7606 MEDIUM This Month

The Concursive (aka com.concursive.app) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Concursive
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7605 MEDIUM This Month

The Actors Key (aka com.conduit.app_f83daeb6861b401bb103c33ea4210029.app) application 1.6.24.477 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Actors Key
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7604 MEDIUM This Month

The Easy Tips For Glowing Skin (aka com.n.easytipsforglowingskin) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Easy Tips For Glowing Skin
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7603 MEDIUM This Month

The Gravey Design (aka com.dreamstep.wGraveyDesign) application 0.58.13357.54919 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Gravey Design
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7602 MEDIUM This Month

The FRONT (aka com.magazinecloner.front) application @7F08017A for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Front
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7598 MEDIUM This Month

The Poker Puzzle (aka com.sharpiq.pokerpuzzle) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Poker Puzzle
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7597 MEDIUM This Month

The Fabulas Infantiles (aka com.mobincube.android.sc_9I1A3) application 3.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Fabulas Infantiles
NVD
CVSS 2.0
5.4
EPSS
0.1%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy