Skip to main content
CVE-2014-8499 MEDIUM POC THREAT This Month

Multiple SQL injection vulnerabilities in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allow remote authenticated. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 74.9%.

Zoho SQLi Password Manager Pro
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
74.9%
Threat
5.0
CVE-2012-1669 MEDIUM POC THREAT This Month

Directory traversal vulnerability in index.php in phpMoneyBooks before 1.0.3 allows remote attackers to include and execute arbitrary local files via a .. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 20.1%.

Path Traversal PHP Phpmoneybooks
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
20.1%
CVE-2014-8498 MEDIUM POC This Month

SQL injection vulnerability in BulkEditSearchResult.cc in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allows remote. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Zoho SQLi Manageengine Password Manager Pro
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
4.6%
CVE-2014-8953 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Php Scriptlerim Who's Who script allow remote attackers to hijack the authentication of administrators or requests that (1) add an admin. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF PHP Php Scriptlerim Who S Who
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-8727 MEDIUM POC This Month

Multiple directory traversal vulnerabilities in F5 BIG-IP before 10.2.2 allow local users with the "Resource Administrator" or "Administrator" role to enumerate and delete arbitrary files via a .. Rated medium severity (CVSS 6.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Big Ip Local Traffic Manager
NVD Exploit-DB
CVSS 2.0
6.2
EPSS
0.2%
CVE-2012-6665 MEDIUM POC This Month

Directory traversal vulnerability in index.php in phpMoneyBooks 1.0.4 allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Path Traversal PHP Phpmoneybooks
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
6.4%
CVE-2014-8954 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in phpSound 1.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) Title or (2) Description fields in a playlist or the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Phpsound
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
3.3%
CVE-2014-8955 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Contact Form Clean and Simple (clean-and-simple-contact-form-by-meg-nicholas) plugin 4.4.0 and earlier for WordPress allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress Clean And Simple Contact Form
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-5277 MEDIUM PATCH This Month

Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Docker Information Disclosure Docker Py
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2014-3629 MEDIUM This Month

XML external entity (XXE) vulnerability in the XML Exchange module in Apache Qpid 0.30 allows remote attackers to cause outgoing HTTP connections via a crafted message. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apache XXE Microsoft Qpid
NVD
CVSS 2.0
4.3
EPSS
1.7%
CVE-2014-8732 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in phpMemcachedAdmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Phpmemcachedadmin
NVD
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy