Skip to main content
CVE-2015-0307 HIGH PATCH This Week

Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Google Buffer Overflow Microsoft Adobe +4
NVD
CVSS 2.0
8.5
EPSS
5.6%
CVE-2014-100030 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in module/search/function.php in Ganesha Digital Library (GDL) 4.2 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Ganesha Digital Library
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
4.1%
CVE-2014-10005 MEDIUM POC This Month

Maian Uploader 4.0 allows remote attackers to obtain sensitive information via a request without the height parameter to load_flv.js.php, which reveals the installation path in an error message. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Maian Uploader
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-10026 MEDIUM POC This Month

index.cgi in D-Link DAP-1360 with firmware 2.5.4 and earlier allows remote attackers to bypass authentication and obtain sensitive information by setting the client_login cookie to admin. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dap 1360 Firmware
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-100009 MEDIUM POC This Month

The Joomlaskin JS Multi Hotel (aka JS MultiHotel and Js-Multi-Hotel) plugin 2.2.1 and earlier for WordPress allows remote attackers to obtain the installation path via a request to (1) functions.php,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP Information Disclosure Js Multi Hotel
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-100017 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in canned_opr.php in PhpOnlineChat 3.0 allows remote attackers to inject arbitrary web script or HTML via the message field. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Phponlinechat
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
3.4%
CVE-2014-10009 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Stark CRM 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name, (2) last_name, or (3) notes parameter to the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Stark Crm
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
2.9%
CVE-2014-100013 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in clientResponse 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Subject or (2) Message field. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Clientresponse
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
0.9%
CVE-2014-10018 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in webconfig/wlan/country.html/country in the Teracom T2-B-Gawv1.4U10Y-BI modem allows remote attackers to inject arbitrary web script or HTML via the essid. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS T2 B Gawv1 4U10Y Bi
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
0.8%
CVE-2014-10028 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in D-Link DAP-1360 router with firmware 2.5.4 and later allows remote attackers to inject arbitrary web script or HTML via the res_buf parameter to index.cgi. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS D-Link Dap 1360 Firmware
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-100004 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Sitecore CMS before 7.0 Update-4 (rev. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Cms
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-100021 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in symfony/web/index.php/pim/viewEmployeeList in OrangeHRM before 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Orangehrm
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-100036 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in FlatPress 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the content parameter to the default URI. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Flatpress
NVD GitHub
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-100028 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in /signup in WEBCrafted allows remote attackers to inject arbitrary web script or HTML via the username. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Webcrafted
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-100038 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Storytlr 1.3.dev and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter to search/. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Storytlr
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-10007 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Maian Weblog 4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, or (3) subject parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Maian Weblog
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-10003 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Maian Uploader 4.0 allow remote attackers to inject arbitrary web script or HTML via the width parameter to (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Maian Uploader
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-100016 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in photocrati-gallery/ecomm-sizes.php in the Photocrati theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the prod_id. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Photocrati
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-100023 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in question.php in the mTouch Quiz before 3.0.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the quiz parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS WordPress PHP Mtouch Quiz
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-100037 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Storytlr 1.3.dev and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to archives/. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Storytlr
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-100032 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in top.html in the Airties Air 6372 modem allows remote attackers to inject arbitrary web script or HTML via the productboardtype parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Air 6372
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-100027 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the WP SlimStat plugin before 3.5.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress Wp Slimstat
NVD GitHub
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-100018 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Unconfirmed plugin before 1.2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter in the unconfirmed. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Unconfirmed
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-10016 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Welcart e-Commerce plugin 1.3.12 for WordPress allow remote attackers to inject arbitrary web script or HTML via (1) unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP E Commerce
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-100008 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in includes/delete_img.php in the Joomlaskin JS Multi Hotel (aka JS MultiHotel and Js-Multi-Hotel) plugin 2.2.1 and earlier for WordPress allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Js Multi Hotel
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-10012 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Another WordPress Classifieds Plugin plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress Awp Classifieds
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2015-0006 MEDIUM This Month

The Network Location Awareness (NLA) service in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. Epss exploitation probability 11.1% and no vendor patch available.

Privilege Escalation Microsoft Windows 7 Windows 8 Windows 8 1 +5
NVD
CVSS 2.0
6.1
EPSS
11.1%
CVE-2014-10036 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to inject arbitrary web script or HTML via the cameFromUrl parameter to feed/generateFeedUrl.html. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Teamcity
NVD
CVSS 2.0
4.3
EPSS
0.0%
CVE-2014-100019 HIGH This Week

SQL injection vulnerability in the LTree converter in Pomm before 1.1.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Pomm
NVD GitHub
CVSS 2.0
7.5
EPSS
0.4%
CVE-2014-100035 HIGH This Week

SQL injection vulnerability in the ticket grid in the admin interface in LicensePal ArcticDesk before 1.2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Arcticdesk
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2014-100001 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the SEO Plugin LiveOptim plugin before 1.1.4-free for WordPress allows remote attackers to hijack the authentication of administrators for requests. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF WordPress Seo Plugin Liveoptim
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-100039 LOW POC Monitor

mbae.sys in Malwarebytes Anti-Exploit before 1.05.1.2014 allows local users to cause a denial of service (crash) via a crafted size in an unspecified IOCTL call, which triggers an out-of-bounds read. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Malwarebytes Anti Exploit
NVD Exploit-DB
CVSS 2.0
2.1
EPSS
0.5%
CVE-2015-0302 MEDIUM This Month

Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Google Information Disclosure Microsoft Flash Player +3
NVD
CVSS 2.0
5.0
EPSS
4.2%
CVE-2014-10022 MEDIUM This Month

Apache Traffic Server before 5.1.2 allows remote attackers to cause a denial of service via unspecified vectors, related to internal buffer sizing. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Apache Traffic Server
NVD
CVSS 2.0
5.0
EPSS
2.7%
CVE-2014-100033 MEDIUM This Month

Directory traversal vulnerability in LicensePal ArcticDesk before 1.2.5 allows remote attackers to read arbitrary files via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Arcticdesk
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-10002 MEDIUM This Month

Unspecified vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to obtain sensitive information via unknown vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 2.0
5.0
EPSS
0.0%
CVE-2015-0011 MEDIUM This Month

mrxdav.sys (aka the WebDAV driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1,. Rated medium severity (CVSS 4.7). No vendor patch available.

Privilege Escalation Microsoft Windows 7 Windows 8 Windows 8 1 +5
NVD
CVSS 2.0
4.7
EPSS
0.5%
CVE-2014-100010 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in ClanSphere 2011.4 allows remote attackers to inject arbitrary web script or HTML via the where parameter in a list action to index.php. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Clansphere
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-100007 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the HK Exif Tags plugin before 1.12 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via an EXIF tag. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS WordPress Hk Exif Tags
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-100034 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the frontend interface in LicensePal ArcticDesk before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Arcticdesk
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-100024 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Seo Panel before 3.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Seo Panel
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-100026 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in readme.php in the April's Super Functions Pack plugin before 1.4.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS WordPress PHP April S Super Functions Pack
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-100006 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in modules_v3/googlemap/wt_v3_street_view.php in webtrees before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Webtrees
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-0001 LOW Monitor

The Windows Error Reporting (WER) component in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to bypass the Protected Process Light. Rated low severity (CVSS 1.9). No vendor patch available.

Privilege Escalation Microsoft Windows 8 Windows 8 1 Windows Rt +2
NVD
CVSS 2.0
1.9
EPSS
0.6%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy