Skip to main content
CVE-2014-100015 MEDIUM POC THREAT This Month

Directory traversal vulnerability in pdmwService.exe in SolidWorks Workgroup PDM 2014 allows remote attackers to write to arbitrary files via a .. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 77.3%.

Path Traversal File Upload Product Data Management
NVD Exploit-DB
CVSS 2.0
6.4
EPSS
77.3%
Threat
5.1
CVE-2014-100002 MEDIUM POC THREAT This Month

Directory traversal vulnerability in ManageEngine SupportCenter Plus 7.9 before 7917 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the attach parameter to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 78.9%.

Path Traversal Zoho Manageengine Supportcenter Plus
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
78.9%
Threat
4.9
CVE-2014-10001 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in PHPJabbers Appointment Scheduler 2.0 allow remote attackers to hijack the authentication of administrators for requests that (1) conduct. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS CSRF Appointment Scheduler
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
1.1%
CVE-2014-10014 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in PHPJabbers Event Booking Calendar 2.0 allow remote attackers to hijack the authentication of administrators for requests that (1) change. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS CSRF Event Booking Calendar
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.9%
CVE-2014-10008 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Stark CRM 1.0 allow remote attackers to hijack the authentication of administrators for requests that add (1) an administrator via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Stark Crm
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.8%
CVE-2014-10019 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in webconfig/wlan/country.html/country in the Teracom T2-B-Gawv1.4U10Y-BI modem allow remote attackers to hijack the authentication of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF T2 B Gawv1 4U10Y Bi
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.6%
CVE-2014-10027 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP-1360 router with firmware 2.5.4 and earlier allow remote attackers to hijack the authentication of unspecified users for. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF D-Link Dap 1360 Firmware
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2014-10025 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP-1360 with firmware 2.5.4 and earlier allow remote attackers to hijack the authentication of unspecified users for requests. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF D-Link Dap 1360 Firmware
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2014-10034 MEDIUM POC This Month

Multiple SQL injection vulnerabilities in the admin area in couponPHP before 1.2.0 allow remote administrators to execute arbitrary SQL commands via the (1) iDisplayLength or (2) iDisplayStart. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Couponphp
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
1.9%
CVE-2014-100025 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in index.php/user_data/insert_user in Savsoft Quiz allows remote attackers to hijack the authentication of administrators for requests that create an. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF PHP Savsoft Quiz
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2014-10006 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Maian Uploader 4.0 allow remote attackers to hijack the authentication of unspecified users for requests that conduct cross-site. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS CSRF PHP Maian Uploader
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-10033 MEDIUM POC This Month

SQL injection vulnerability in the update_zone function in catalog/admin/geo_zones.php in osCommerce Online Merchant 2.3.3.4 and earlier allows remote administrators to execute arbitrary SQL commands. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Merchant
NVD Exploit-DB GitHub
CVSS 2.0
6.5
EPSS
0.9%
CVE-2014-10032 MEDIUM POC This Month

SQL injection vulnerability in news_popup.php in Taboada MacroNews 1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Taboada Macronews
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
0.2%
CVE-2014-10010 MEDIUM POC This Month

Directory traversal vulnerability in PHPJabbers Appointment Scheduler 2.0 allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Appointment Scheduler
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
7.2%
CVE-2014-100029 MEDIUM POC This Month

Multiple directory traversal vulnerabilities in class/session.php in Ganesha Digital Library (GDL) 4.2 allow remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Ganesha Digital Library
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
7.2%
CVE-2014-10035 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the admin area in couponPHP before 1.2.0 allow remote administrators to inject arbitrary web script or HTML via the (1) sEcho parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Couponphp
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
9.8%
CVE-2014-10030 MEDIUM POC This Month

Open redirect vulnerability in forums/login.php in FluxBB before 1.4.13 and 1.5.x before 1.5.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP Open Redirect Fluxbb
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2014-100030 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in module/search/function.php in Ganesha Digital Library (GDL) 4.2 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Ganesha Digital Library
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
4.1%
CVE-2014-10005 MEDIUM POC This Month

Maian Uploader 4.0 allows remote attackers to obtain sensitive information via a request without the height parameter to load_flv.js.php, which reveals the installation path in an error message. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Maian Uploader
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-10026 MEDIUM POC This Month

index.cgi in D-Link DAP-1360 with firmware 2.5.4 and earlier allows remote attackers to bypass authentication and obtain sensitive information by setting the client_login cookie to admin. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dap 1360 Firmware
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-100009 MEDIUM POC This Month

The Joomlaskin JS Multi Hotel (aka JS MultiHotel and Js-Multi-Hotel) plugin 2.2.1 and earlier for WordPress allows remote attackers to obtain the installation path via a request to (1) functions.php,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP Information Disclosure Js Multi Hotel
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-100017 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in canned_opr.php in PhpOnlineChat 3.0 allows remote attackers to inject arbitrary web script or HTML via the message field. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Phponlinechat
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
3.4%
CVE-2014-10009 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Stark CRM 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name, (2) last_name, or (3) notes parameter to the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Stark Crm
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
2.9%
CVE-2014-100013 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in clientResponse 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Subject or (2) Message field. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Clientresponse
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
0.9%
CVE-2014-10018 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in webconfig/wlan/country.html/country in the Teracom T2-B-Gawv1.4U10Y-BI modem allows remote attackers to inject arbitrary web script or HTML via the essid. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS T2 B Gawv1 4U10Y Bi
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
0.8%
CVE-2014-10028 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in D-Link DAP-1360 router with firmware 2.5.4 and later allows remote attackers to inject arbitrary web script or HTML via the res_buf parameter to index.cgi. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS D-Link Dap 1360 Firmware
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-100004 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Sitecore CMS before 7.0 Update-4 (rev. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Cms
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-100021 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in symfony/web/index.php/pim/viewEmployeeList in OrangeHRM before 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Orangehrm
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-100036 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in FlatPress 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the content parameter to the default URI. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Flatpress
NVD GitHub
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-100028 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in /signup in WEBCrafted allows remote attackers to inject arbitrary web script or HTML via the username. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Webcrafted
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-100038 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Storytlr 1.3.dev and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter to search/. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Storytlr
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-10007 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Maian Weblog 4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, or (3) subject parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Maian Weblog
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-10003 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Maian Uploader 4.0 allow remote attackers to inject arbitrary web script or HTML via the width parameter to (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Maian Uploader
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-100016 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in photocrati-gallery/ecomm-sizes.php in the Photocrati theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the prod_id. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Photocrati
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-100023 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in question.php in the mTouch Quiz before 3.0.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the quiz parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS WordPress PHP Mtouch Quiz
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-100037 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Storytlr 1.3.dev and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to archives/. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Storytlr
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-100032 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in top.html in the Airties Air 6372 modem allows remote attackers to inject arbitrary web script or HTML via the productboardtype parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Air 6372
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-100027 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the WP SlimStat plugin before 3.5.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress Wp Slimstat
NVD GitHub
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-100018 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Unconfirmed plugin before 1.2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter in the unconfirmed. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Unconfirmed
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-10016 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Welcart e-Commerce plugin 1.3.12 for WordPress allow remote attackers to inject arbitrary web script or HTML via (1) unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP E Commerce
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-100008 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in includes/delete_img.php in the Joomlaskin JS Multi Hotel (aka JS MultiHotel and Js-Multi-Hotel) plugin 2.2.1 and earlier for WordPress allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Js Multi Hotel
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-10012 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Another WordPress Classifieds Plugin plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress Awp Classifieds
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2015-0006 MEDIUM This Month

The Network Location Awareness (NLA) service in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. Epss exploitation probability 11.1% and no vendor patch available.

Privilege Escalation Microsoft Windows 7 Windows 8 Windows 8 1 +5
NVD
CVSS 2.0
6.1
EPSS
11.1%
CVE-2014-10036 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to inject arbitrary web script or HTML via the cameFromUrl parameter to feed/generateFeedUrl.html. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Teamcity
NVD
CVSS 2.0
4.3
EPSS
0.0%
CVE-2014-100001 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the SEO Plugin LiveOptim plugin before 1.1.4-free for WordPress allows remote attackers to hijack the authentication of administrators for requests. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF WordPress Seo Plugin Liveoptim
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2015-0302 MEDIUM This Month

Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Google Information Disclosure Microsoft Flash Player +3
NVD
CVSS 2.0
5.0
EPSS
4.2%
CVE-2014-10022 MEDIUM This Month

Apache Traffic Server before 5.1.2 allows remote attackers to cause a denial of service via unspecified vectors, related to internal buffer sizing. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Apache Traffic Server
NVD
CVSS 2.0
5.0
EPSS
2.7%
CVE-2014-100033 MEDIUM This Month

Directory traversal vulnerability in LicensePal ArcticDesk before 1.2.5 allows remote attackers to read arbitrary files via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Arcticdesk
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-10002 MEDIUM This Month

Unspecified vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to obtain sensitive information via unknown vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 2.0
5.0
EPSS
0.0%
CVE-2015-0011 MEDIUM This Month

mrxdav.sys (aka the WebDAV driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1,. Rated medium severity (CVSS 4.7). No vendor patch available.

Privilege Escalation Microsoft Windows 7 Windows 8 Windows 8 1 +5
NVD
CVSS 2.0
4.7
EPSS
0.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy