Skip to main content
CVE-2014-8775 MEDIUM POC THREAT This Month

MODX Revolution 2.x before 2.2.15 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.1%.

Information Disclosure Modx Revolution
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
12.1%
CVE-2014-8773 MEDIUM POC This Month

MODX Revolution 2.x before 2.2.15 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism by (1) omitting the CSRF token or via a (2) long string in the CSRF. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Modx Revolution
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-8771 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the admin area in X3 CMS 0.5.1 and 0.5.1.1 allow remote attackers to hijack the authentication of administrators via unspecified vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF X3 Cms
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-9235 MEDIUM POC This Month

Multiple SQL injection vulnerabilities in Zoph (aka Zoph Organizes Photos) 0.9.1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) _action parameter to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Zoph
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
0.7%
CVE-2014-9018 MEDIUM POC This Month

Icecast before 2.4.1 transmits the output of the on-connect script, which might allow remote attackers to obtain sensitive information, related to shared file descriptors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Icecast
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2014-9238 MEDIUM POC This Month

D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to obtain the installation path via the file parameter to cgi-bin/sddownload.cgi, as demonstrated by a / (forward slash). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal D-Link Dcs 2103 Hd Cube Network Camera Firmware
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-9234 MEDIUM POC This Month

Directory traversal vulnerability in cgi-bin/sddownload.cgi in D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal D-Link Dcs 2103 Hd Cube Network Camera Firmware
NVD
CVSS 2.0
5.0
EPSS
0.1%
CVE-2014-9241 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) 1.8.x before 1.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) type parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Mybb
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
1.0%
CVE-2014-8774 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in manager/index.php in MODX Revolution 2.x before 2.2.15 allows remote attackers to inject arbitrary web script or HTML via the context_key parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Modx Revolution
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
0.9%
CVE-2014-9243 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in WebsiteBaker 2.8.3 allow remote attackers to inject arbitrary web script or HTML via the (1) QUERY_STRING to wb/admin/admintools/tool.php or (2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Websitebaker
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-9236 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in php/edit_photos.php in Zoph (aka Zoph Organizes Photos) 0.9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Zoph
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-3988 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in index.php in SunHater KCFinder 3.11 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) file or (2) directory (folder) name. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Kcfinder
NVD GitHub
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-8104 MEDIUM This Month

OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mageia Debian Linux Opensuse Openvpn +2
NVD
CVSS 2.0
6.8
EPSS
2.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy