Skip to main content
CVE-2014-9129 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in the CreativeMinds CM Downloads Manager plugin before 2.0.7 for WordPress allows remote attackers to hijack the authentication of administrators for. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS CSRF WordPress PHP Cm Download Manager
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2014-6040 MEDIUM POC PATCH This Month

GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of "0xffff" to the iconv function. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Glibc
NVD
CVSS 2.0
5.0
EPSS
7.2%
CVE-2014-9140 MEDIUM POC PATCH This Month

Buffer overflow in the ppp_hdlc function in print-ppp.c in tcpdump 4.6.2 and earlier allows remote attackers to cause a denial of service (crash) cia a crafted PPP packet. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Tcpdump
NVD GitHub
CVSS 2.0
5.0
EPSS
5.5%
CVE-2014-9292 MEDIUM POC This Month

Server-side request forgery (SSRF) vulnerability in proxy.php in the jRSS Widget plugin 1.2 and earlier for WordPress allows remote attackers to trigger outbound requests and enumerate open ports via. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress PHP SSRF Jrss Widget
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2012-6656 MEDIUM POC This Month

iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a multibyte character value of "0xffff" to the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Debian Linux Ubuntu Linux Glibc
NVD
CVSS 2.0
5.0
EPSS
1.2%
CVE-2014-8123 MEDIUM POC This Month

Buffer overflow in the bGetPPS function in wordole.c in Antiword 0.37 allows remote attackers to cause a denial of service (crash) via a crafted document. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Antiword
NVD
CVSS 2.0
5.0
EPSS
1.0%
CVE-2014-9143 MEDIUM POC This Month

Open redirect vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Open Redirect Td5130 Router Firmware
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
3.6%
CVE-2014-9142 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to inject arbitrary web script or HTML via the failrefer parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Td5130 Router Firmware
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
3.3%
CVE-2014-8800 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in nextend-facebook-settings.php in the Nextend Facebook Connect plugin before 1.5.1 for WordPress allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Nextend Facebook Connect
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
2.1%
CVE-2014-7258 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in KENT-WEB Clip Board 2.91 and earlier, when running certain versions of Internet Explorer, allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Clip Board
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-9212 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Altitude uAgent in Altitude uCI (Unified Customer Interaction) 7.5 allow remote attackers to inject arbitrary web script or HTML via (1) an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Altitude Unified Customer Interaction
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-3627 MEDIUM PATCH This Month

The YARN NodeManager daemon in Apache Hadoop 0.23.0 through 0.23.11 and 2.x before 2.5.2, when using Kerberos authentication, allows remote cluster users to change the permissions of certain files to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Apache Hadoop
NVD
CVSS 2.0
5.0
EPSS
1.6%
CVE-2014-7243 MEDIUM This Month

LG Electronics Mobile WiFi router L-09C, L-03E, and L-04D does not restrict access to the web administration interface, which allows remote attackers to obtain sensitive information via unspecified. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure L 04D L 09C L 03E
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-7259 MEDIUM This Month

SQUARE ENIX Co., Ltd. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Information Disclosure Kaku San Sei Million Aruthur
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-7252 MEDIUM This Month

Multiple unspecified vulnerabilities in the Syslink driver for Texas Instruments OMAP mobile processor, as used on NTT DOCOMO ARROWS Tab LTE F-01D, ARROWS X LTE F-05D, Disney Mobile on docomo F-08D,. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

RCE Disney Mobile Arrows Tab Lte F 01D Softbank 102Sh Regza Phone T 01D +2
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2014-7254 MEDIUM This Month

Unspecified vulnerability in ARROWS Me F-11D allows physically proximate attackers to read or modify flash memory via unknown vectors. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Arrows Me F 11D
NVD
CVSS 2.0
4.6
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy