Skip to main content
CVE-2014-9581 MEDIUM POC THREAT This Month

Directory traversal vulnerability in components/filemanager/download.php in Codiad 2.4.3 allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 11.6%.

Path Traversal PHP Codiad
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
11.6%
CVE-2015-0920 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in the Banner Effect Header plugin 1.2.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS CSRF WordPress PHP Banner Effect Header
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-9575 MEDIUM POC This Month

VDG Security SENSE (formerly DIVA) before 2.3.15 allows remote attackers to bypass authentication, and consequently read and modify arbitrary plugin settings, via an encoded : (colon) character in. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Vdg Sense
NVD
CVSS 2.0
6.4
EPSS
0.6%
CVE-2014-9578 MEDIUM POC This Month

VDG Security SENSE (formerly DIVA) 2.3.13 performs authentication with a password hash instead of a password, which allows remote attackers to gain login access by leveraging knowledge of a password. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Vdg Sense
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-9579 MEDIUM POC This Month

VDG Security SENSE (formerly DIVA) 2.3.13 stores administrator credentials in cleartext, which allows attackers to obtain sensitive information by reading the plugin configuration files. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Vdg Sense
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-9576 MEDIUM POC This Month

VDG Security SENSE (formerly DIVA) 2.3.13 has a hardcoded password of (1) ArpaRomaWi for the root Postgres account and !DVService for the (2) postgres and (3) NTP Windows user accounts, which allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PostgreSQL Information Disclosure Microsoft Vdg Sense
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-9580 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) r561 allows remote attackers to inject arbitrary web script or HTML via the Description field in a file upload. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS File Upload Projectsend
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
3.8%
CVE-2014-9582 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in components/filemanager/dialog.php in Codiad 2.4.3 allows remote attackers to inject arbitrary web script or HTML via the short_name parameter in a rename. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Codiad
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
0.9%
CVE-2015-0918 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the administrative backend in Sefrengo before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the searchterm parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Sefrengo
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2015-0917 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the backend in Kajona before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via the action parameter to index.php. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Kajona
NVD GitHub
CVSS 2.0
4.3
EPSS
0.4%
CVE-2012-6684 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the RedCloth library 4.2.9 for Ruby and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Redcloth Library Debian Linux
NVD GitHub
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-9577 MEDIUM POC This Month

VDG Security SENSE (formerly DIVA) 2.3.13 sends the user database when a user logs in, which allows remote authenticated users to obtain usernames and password hashes by logging in to TCP port 51410. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Vdg Sense
NVD
CVSS 2.0
4.0
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy