Skip to main content
CVE-2014-8090 MEDIUM POC PATCH This Month

The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Ruby
NVD VulDB
CVSS 2.0
5.0
EPSS
9.5%
CVE-2014-5395 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3276 and E3236 TCPU before V200R002B470D13SP00C00 and WebUI before V100R007B100D03SP01C03, E5180s-22 before. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Huawei E5180S 22 Firmware E3276 Firmware E3236 Firmware +1
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-7137 MEDIUM POC This Month

Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM before 3.6.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) contactid parameter in an addcontact action, (2). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Dolibarr
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2014-7871 MEDIUM POC This Month

SQL injection vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev36 and 7.6.x before 7.6.0-rev23 allows remote authenticated users to execute arbitrary SQL commands via a crafted jslob API. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Open Xchange Appsuite
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2014-8469 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Guests/Boots in AdminCP in Moxi9 PHPFox before 4 Beta allows remote attackers to inject arbitrary web script or HTML via the User-Agent header. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Phpfox
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
9.1%
CVE-2014-8539 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Simple Email Form 1.8.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the mod_simpleemailform_field2_1 parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Simple Email Form
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-8683 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in models/issue.go in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.8 allows remote attackers to inject arbitrary web script or HTML via the text. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Gogs
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-7194 MEDIUM PATCH This Month

TIBCO Managed File Transfer Internet Server before 7.2.4, Managed File Transfer Command Center before 7.2.4, Slingshot before 1.9.3, and Vault before 1.1.1 allow remote attackers to obtain sensitive. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Hashicorp Managed File Transfer Internet Server Managed File Transfer Command Center Slingshot +1
NVD
CVSS 2.0
6.4
EPSS
0.2%
CVE-2014-8000 MEDIUM This Month

Cisco Unified Communications Manager IM and Presence Service 9.1(1) produces different returned messages for URL requests depending on whether a username exists, which allows remote attackers to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Unified Communications Manager Im And Presence Service
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2014-7195 MEDIUM This Month

Spotfire Web Player Engine in TIBCO Spotfire Web Player 6.0.x before 6.0.2 and 6.5.x before 6.5.2, Spotfire Deployment Kit 6.0.x before 6.0.2 and 6.5.x before 6.5.2, and Silver Fabric Enabler for. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Silver Fabric Enabler Spotfire Deployment Kit Spotfire Web Player
NVD
CVSS 2.0
4.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy