Skip to main content
CVE-2012-5242 MEDIUM POC This Month

Directory traversal vulnerability in functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to include and execute arbitrary local files via a .. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Path Traversal PHP Banana Dance
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
5.1%
CVE-2012-5243 MEDIUM POC THREAT This Month

functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to read arbitrary database information via a crafted request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 11.6%.

PHP Privilege Escalation Banana Dance
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
11.6%
CVE-2014-2531 MEDIUM POC This Month

SQL injection vulnerability in xhr.php in InterWorx Web Control Panel (aka InterWorx Hosting Control Panel and InterWorx-CP) before 5.0.14 build 577 allows remote authenticated users to execute. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Web Control Panel
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
1.7%
CVE-2014-8375 MEDIUM POC This Month

SQL injection vulnerability in GBgallery.php in the GB Gallery Slideshow plugin 1.5 for WordPress allows remote administrators to execute arbitrary SQL commands via the selected_group parameter in a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Gb Gallery Slideshow
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
1.4%
CVE-2014-7280 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Web UI before 2.3.4 Build #85 for Tenable Nessus 5.x allows remote web servers to inject arbitrary web script or HTML via the server header. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Web Ui
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
8.4%
CVE-2014-4577 MEDIUM POC This Month

Absolute path traversal vulnerability in reviews.php in the WP AmASIN - The Amazon Affiliate Shop plugin 0.9.6 and earlier for WordPress allows remote attackers to read arbitrary files via a full. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal WordPress PHP Wp Amasin The Amazon Affiliate Shop
NVD
CVSS 2.0
5.0
EPSS
1.8%
CVE-2014-8380 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Splunk 6.1.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer Header in a "404 Not Found" response. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Splunk
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
3.3%
CVE-2012-5702 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in dotProject before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) callback parameter in a color_selector action,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Dotproject
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
0.9%
CVE-2014-8377 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Webasyst Shop-Script 5.2.2.30933 allows remote attackers to inject arbitrary web script or HTML via the phone number field in a new contact to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Shop Script
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4517 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in getNetworkSites.php in the CBI Referral Manager plugin 1.2.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Cbi Referral Manager
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4514 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in includes/api_tenpay/inc.tenpay_notify.php in the Alipay plugin 3.6.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS WordPress PHP Alipay
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-7716 MEDIUM This Month

The Ultimate Christian Radios (aka com.ngg.ultimatechristianradios) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Ultimate Christian Radios
NVD
CVSS 2.0
5.4
EPSS
0.2%
CVE-2014-7715 MEDIUM This Month

The GIGA HOBBY (aka com.innopage.store.gigahobby) application 1.0.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Giga Hobby
NVD
CVSS 2.0
5.4
EPSS
0.2%
CVE-2014-7714 MEDIUM This Month

The ibon (aka tw.net.pic.mobi) application 3.2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Ibon
NVD
CVSS 2.0
5.4
EPSS
0.2%
CVE-2014-7713 MEDIUM This Month

The Skin&Ink Magazine (aka com.triactivemedia.skinandink) application @7F08017A for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Skin Ink Magazine
NVD
CVSS 2.0
5.4
EPSS
0.2%
CVE-2014-7804 MEDIUM This Month

The Gangsta Auto Thief III (aka com.apptreestudios.gdup3) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Gangsta Auto Thief Iii
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7803 MEDIUM This Month

The Woodward Bail (aka com.onesolutionapps.woodwardbailandroid) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Woodward Bail
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7802 MEDIUM This Month

The Top Roller Coasters Europe 2 (aka com.appaapps.top10tallesteuropeanrollercoasters2) application @7F050001 for Android does not verify X.509 certificates from SSL servers, which allows. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Top Roller Coasters Europe 2
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7800 MEDIUM This Month

The Daily Green (aka it.opentt.blog.dailygreen) application 2014.07 dlygrn for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Daily Green
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7799 MEDIUM This Month

The Squishy birds (aka com.tatmob.squishybirds) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Squishy Birds
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7797 MEDIUM This Month

The Thai food (aka com.foods.thaifood) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Thai Food
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7796 MEDIUM This Month

The House365 Radio (aka com.nobexinc.wls_27853803.rc) application 3.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure House365 Radio
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7795 MEDIUM This Month

The Harpers Bazaar Art (aka com.itp.harpersart) application @7F080181 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Harpers Bazaar Art
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7794 MEDIUM This Month

The Knights of the Void (aka me.narr8.android.serial.knights_of_the_void) application 2.1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Knights Of The Void
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7793 MEDIUM This Month

The CB - Calciatori Brutti (aka com.calciatori.brutti) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Cb Calciatori Brutti
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7791 MEDIUM This Month

The Backyard Wrestling (aka com.wBackyardWrestling) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Backyard Wrestling
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7789 MEDIUM This Month

The Zillion Muslims (aka com.zillionmuslims.src) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Zillion Muslims
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7788 MEDIUM This Month

The Best Free Giveaways (aka com.wIphone5GiveAways) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Best Free Giveaways
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7787 MEDIUM This Month

The iShuttle (aka com.synapse.ishuttle_user) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Ishuttle
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7786 MEDIUM This Month

The English Football Magazine (aka com.magzter.englishfootball) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure English Football Magazine
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7784 MEDIUM This Month

The Schon!. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Schon Magazine
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7783 MEDIUM This Month

The Bill G. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Bill G Bennett
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7782 MEDIUM This Month

The Macedonia Hacienda Hotel (aka appinventor.ai_orolimpio999.HotelMacedonia) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Macedonia Hacienda Hotel
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7781 MEDIUM This Month

The Marijuana Handbook Lite - Weed (aka com.fallacystudios.marijuanahandbooklite) application 3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Marijuana Handbook Lite Weed
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7780 MEDIUM This Month

The Pakistan Cricket News (aka com.conduit.app_cf18df8bdf454eb0a836e2d29886bc40.app) application 1.21.38.6504 for Android does not verify X.509 certificates from SSL servers, which allows. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Pakistan Cricket News
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7779 MEDIUM This Month

The Kuran'in Bilimsel Mucizeleri (aka com.wKurannBilimselMucizeleri) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Kuran In Bilimsel Mucizeleri
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7778 MEDIUM This Month

The Epc World (aka com.magzter.epcworld) application 3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Epc World
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7777 MEDIUM This Month

The Slingshot Forum (aka com.tapatalk.theslingshotforumcom) application 3.9.14 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Slingshot Forum
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7776 MEDIUM This Month

The Kavita KS (aka com.snaplion.kavitaks) application 2.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Kavita Ks
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7775 MEDIUM This Month

The Champak - Hindi (aka com.magzter.champakhindi) application 3.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Champak Hindi
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7774 MEDIUM This Month

The Herbs & Flowers Dictionary (aka com.wHerbsNFlowersDictionary) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Herbs Flowers Dictionary
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7773 MEDIUM This Month

The Cleveland Football STREAM (aka com.appstronautme.clevelandfootballstream) application 2.1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Cleveland Football Stream
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7772 MEDIUM This Month

The MB Tickets (aka com.xcr.android.mbtickets) application 3.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Mb Tickets
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7771 MEDIUM This Month

The World Tamil Bayan (aka com.wWorldTamilBayan) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure World Tamil Bayan
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7770 MEDIUM This Month

The Lagu POP Indonesia (aka com.lagu.pop.indonesia.xygwphqpuomclljvaa) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Lagu Pop Indonesia
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7769 MEDIUM This Month

The Accurate Lending (aka com.soln.S7B193908AEA1937C7CBB4E889A46D3C0) application 1.0021.b0021 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Accurate Lending
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7768 MEDIUM This Month

The Analects of Confucius (aka com.azbc88881.lunyu) application 8.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Analects Of Confucius
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7767 MEDIUM This Month

The A+ (aka cn.xrzcm) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7766 MEDIUM This Month

The 7 Habits Personal Development (aka appinventor.ai_ingka_d_jiw.TheCompleteGuideToApplyingThe7HabitsInHolisticPersonalDevelopment) application 1.0 for Android does not verify X.509 certificates. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure 7 Habits Personal Development
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-7765 MEDIUM This Month

The Hundred Thousands Kid Book (aka it.tinytap.attsa.thousands) application 1.6.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Hundred Thousands Kid Book
NVD
CVSS 2.0
5.4
EPSS
0.1%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy