Skip to main content
CVE-2014-3439 MEDIUM POC This Month

ConsoleServlet in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote attackers to write to arbitrary files via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Endpoint Protection Manager
NVD Exploit-DB
CVSS 2.0
6.1
EPSS
9.9%
CVE-2014-3438 MEDIUM POC THREAT This Month

Multiple cross-site scripting (XSS) vulnerabilities in console interface scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allow remote attackers to inject arbitrary web script. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 13.7%.

XSS Endpoint Protection Manager
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
13.7%
CVE-2014-8672 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the RewardingYourself application for Android and BlackBerry OS allows remote attackers to inject arbitrary web script or HTML via a crafted QR code. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Google Rewardingyourself
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-8671 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the GWT Mobile PhoneGap Showcase application for Android allows remote attackers to inject arbitrary web script or HTML via a crafted Bluetooth Device Name. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Google Gwt Mobile Phonegap Showcase
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-5430 MEDIUM This Month

Untrusted search path vulnerability in ABB RobotStudio 5.6x before 5.61.02 and Test Signal Viewer 1.5 allows local users to gain privileges via a Trojan horse DLL that is accessed as a result of. Rated medium severity (CVSS 6.9). No vendor patch available.

Abb Information Disclosure Robotstudio Test Signal Viewer
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2014-2178 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the administrative web interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Cisco Rv180 Firmware Rv180 Rv180W +4
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2014-7990 MEDIUM This Month

Cisco IOS XE 3.5E and earlier on WS-C3850, WS-C3860, and AIR-CT5760 devices does not properly parse the "request system shell" challenge response, which allows local users to obtain Linux root access. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Cisco Information Disclosure Ios Xe Air Ct5760 +2
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-7989 MEDIUM This Month

Cisco Unified Computing System on B-Series blade servers allows local users to gain shell privileges via a crafted (1) ping6 or (2) traceroute6 command, aka Bug ID CSCuq38176. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure B200 M3 B200 M4 B22 M3 +5
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-2179 MEDIUM PATCH This Month

The Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to upload files to arbitrary locations via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Cisco Information Disclosure Rv180 Firmware Rv180 Rv180W +4
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-8580 MEDIUM PATCH This Month

Citrix NetScaler Application Delivery Controller and NetScaler Gateway 10.5.50.10 before 10.5-52.11, 10.1.122.17 before 10.1-129.11, and 10.1-120.1316.e before 10.1-129.1105.e, when using unspecified. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable.

Citrix Privilege Escalation Netscaler Application Delivery Controller Firmware Netscaler Gateway Firmware
NVD
CVSS 2.0
4.9
EPSS
0.3%
CVE-2014-6623 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the Insight module in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote attackers to hijack the authentication of a logged. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS CSRF Aruba Clearpass
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-6620 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Aruba Clearpass
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-7988 MEDIUM This Month

The Unified Messaging Service (UMS) in Cisco Unity Connection 10.5 and earlier allows remote authenticated users to obtain sensitive information by reading log files, aka Bug ID CSCur06493. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Unity Connection
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2014-8510 MEDIUM This Month

The AdminUI in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) before 6.0 HF build 1244 allows remote authenticated users to read arbitrary files via vectors related to configuration. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Interscan Web Security Virtual Appliance
NVD
CVSS 2.0
4.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy