Skip to main content
CVE-2017-14841 MEDIUM POC This Month

Mojoomla Annual Maintenance Contract (AMC) Management System allows Arbitrary File Upload in profilesetting image handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Annual Maintenance Contract Management System
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
1.7%
CVE-2017-14524 MEDIUM POC This Month

Multiple open redirect vulnerabilities in OpenText Documentum Administrator 7.2.0180.0055 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Documentum Administrator Documentum Webtop
NVD
CVSS 3.0
6.1
EPSS
1.2%
CVE-2015-7349 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the sample feedback.inc file in VASCO DIGIPASS authentication plug-in for Citrix Web Interface allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Citrix Digipass
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-14622 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the 2kb Amazon Affiliates Store plugin before 2.1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP 2Kb Amazon Affiliates Store
NVD
CVSS 3.0
6.1
EPSS
0.1%
CVE-2014-9686 MEDIUM POC This Month

The Googlemaps plugin 3.2 and earlier for Joomla!. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Denial Of Service PHP Googlemaps
NVD
CVSS 3.0
5.9
EPSS
0.9%
CVE-2015-1526 MEDIUM POC This Month

The media_server component in Android allows remote attackers to cause a denial of service via a crafted application. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service Google Android
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2015-5613 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving a file title, a different. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS October
NVD GitHub
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-1591 MEDIUM PATCH This Month

IBM WebSphere DataPower Appliances 7.0.0 through 7.6 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Datapower Gateway
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-14525 MEDIUM This Month

Multiple open redirect vulnerabilities in OpenText Documentum Webtop 6.8.0160.0073 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Documentum Administrator Documentum Webtop
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-14775 MEDIUM PATCH This Month

Laravel before 5.5.10 mishandles the remember_me token verification process because DatabaseUserProvider does not have constant-time token comparison. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Laravel
NVD GitHub
CVSS 3.0
5.9
EPSS
0.3%
CVE-2014-8878 MEDIUM PATCH This Month

KDE KMail does not encrypt attachments in emails when "automatic encryption" is enabled, which allows remote attackers to obtain sensitive information by sniffing the network. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Kmail
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2015-7256 MEDIUM This Month

ZyXEL NWA1100-N, NWA1100-NH, NWA1121-NI, NWA1123-AC, and NWA1123-NI access points; P-660HN-51, P-663HN-51, VMG1312-B10A, VMG1312-B30A, VMG1312-B30B, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A,. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Zyxel Information Disclosure Nwa1100 N Firmware Nwa1100 Nh Firmware Nwa1121 Ni Firmware +22
NVD
CVSS 3.0
5.9
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy