Skip to main content
CVE-2017-14085 MEDIUM POC PATCH THREAT This Month

Information disclosure vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to query the network's NT domain or the PHP version. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.4%.

Trend Micro PHP Information Disclosure Officescan
NVD Exploit-DB
CVSS 3.0
5.3
EPSS
12.4%
CVE-2017-15084 MEDIUM POC This Month

The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Metasploit
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
0.1%
CVE-2014-8758 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Best Gallery Albums Plugin before 3.0.70for WordPress allows remote attackers to inject arbitrary web script or HTML via the order_id parameter in the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Gallery Bank
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2014-7240 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Easy Contact Form Solution plugin before 1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the value parameter in a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Easy Contact Form Solution
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2014-8492 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in assets/misc/fallback-page.php in the Profile Builder plugin before 2.0.3 for WordPress allow remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Profile Builder
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-15045 MEDIUM POC This Month

LAME 3.99, 3.99.1, 3.99.2, 3.99.3, 3.99.4, 3.99.5, 3.98.4, 3.98.2 and 3.98 has a heap-based buffer over-read in fill_buffer in libmp3lame/util.c, related to lame_encode_buffer_sample_t in. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Lame
NVD GitHub
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-15046 MEDIUM POC This Month

LAME 3.99.5, 3.99.4, 3.98.4, 3.98.2, 3.98 and 3.97 have a stack-based buffer overflow in unpack_read_samples in frontend/get_audio.c, a different vulnerability than CVE-2017-9412. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Lame
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2014-8957 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 allows remote authenticated users to inject arbitrary web script or HTML via the Tasks parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openkm
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2015-2145 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Phpbugtracker
NVD Exploit-DB
CVSS 3.0
4.8
EPSS
0.3%
CVE-2015-1828 MEDIUM PATCH This Month

The Ruby http gem before 0.7.3 does not verify hostnames in SSL connections, which might allow remote attackers to obtain sensitive information via a man-in-the-middle-attack. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Http Rb
NVD GitHub
CVSS 3.1
5.9
EPSS
0.3%
CVE-2014-2903 MEDIUM This Month

CyaSSL does not check the key usage extension in leaf certificates, which allows remote attackers to spoof servers via a crafted server certificate not authorized for use in an SSL/TLS handshake. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Wolfssl
NVD
CVSS 3.0
5.9
EPSS
0.2%
CVE-2015-1206 MEDIUM This Month

Heap-based buffer overflow in Google Chrome before M40 allows remote attackers to cause a denial of service (unpaged memory write and process crash) via a crafted MP4 file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Google Chrome
NVD GitHub
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-9273 MEDIUM This Month

The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to unauthorized log configuration changes. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Bi Directional Driver
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2015-2144 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) project name. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Phpbugtracker
NVD GitHub
CVSS 3.0
4.8
EPSS
0.2%
CVE-2015-2148 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.2 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Phpbugtracker
NVD
CVSS 3.0
4.8
EPSS
0.2%
CVE-2015-0296 MEDIUM This Month

The pre-install script in texlive 3.1.20140525_r34255.fc21 as packaged in Fedora 21 and rpm, and texlive 6.20131226_r32488.fc20 and rpm allows local users to delete arbitrary files via a crafted file. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.

Privilege Escalation Texlive
NVD
CVSS 3.0
4.7
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy