Skip to main content
CVE-2014-8334 MEDIUM POC PATCH This Month

The WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) $backup['filepath'] (aka. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection WordPress Wp Dbmanager
NVD
CVSS 2.0
6.5
EPSS
4.3%
CVE-2014-8577 MEDIUM POC PATCH THREAT This Month

Multiple cross-site scripting (XSS) vulnerabilities in Croogo before 2.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) data[Contact][title] parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 13.1%.

XSS Croogo
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
13.1%
CVE-2014-7177 MEDIUM POC THREAT This Month

XML External Entity vulnerability in Enalean Tuleap 7.2 and earlier allows remote authenticated users to read arbitrary files via a crafted xml document in a create action to plugins/tracker/. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.3%.

XXE Tuleap
NVD Exploit-DB
CVSS 2.0
4.0
EPSS
12.3%
CVE-2014-8082 MEDIUM POC This Month

lib/functions/database.class.php in TestLink before 1.9.13 allows remote attackers to obtain sensitive information via unspecified vectors, which reveals the installation path in an error message. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Testlink
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2014-7986 MEDIUM POC PATCH This Month

install/index.php in EspoCRM before 2.6.0 allows remote attackers to re-install the application via a 1 value in the installProcess parameter. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Privilege Escalation Espocrm
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2014-7987 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in EspoCRM before 2.6.0 allows remote attackers to inject arbitrary web script or HTML via the desc parameter in an errors action to install/index.php. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Espocrm
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-3708 MEDIUM POC PATCH This Month

OpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (CPU consumption) via an IP filter in a list active servers API. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Nova Openstack
NVD
CVSS 2.0
4.0
EPSS
1.1%
CVE-2014-3366 MEDIUM This Month

SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted response, aka. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Unified Communications Manager
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2013-0334 MEDIUM PATCH This Month

Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Bundler Opensuse Fedora
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-8495 MEDIUM PATCH This Month

Citrix XenMobile MDX Toolkit before 9.0.4, when used to wrap iOS 8 applications, does not properly encrypt cached application data, which allows context-dependent attackers to obtain sensitive. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Apple Citrix Information Disclosure Xenmobile
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-3375 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the CCM Service interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Unified Communications Manager
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-3374 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the CCM admin interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Unified Communications Manager
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-3373 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the CCM Dialed Number Analyzer interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Unified Communications Manager
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-3372 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the CCM reports interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Unified Communications Manager
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-3473 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in the Horizon Orchestration dashboard in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Horizon Opensuse
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-6101 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the redirect-login feature in IBM Business Process Manager (BPM) Advanced 7.5 through 8.5.5 allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM XSS Business Process Manager
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-2335 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Fortinet Fortianalyzer Firmware
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-2334 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Fortinet Fortianalyzer Firmware
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-2336 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 and FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Fortinet Fortimanager Fortianalyzer Firmware
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-8333 MEDIUM PATCH This Month

The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote authenticated users to cause a denial of service (disk consumption) by deleting an instance in the resize state. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service VMware Openstack Nova
NVD
CVSS 2.0
4.0
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy