Skip to main content
CVE-2014-1236 CRITICAL POC PATCH Act Now

Stack-based buffer overflow in the chkNum function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via vectors related to a "badly formed number" and a. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Graphviz
NVD GitHub
CVSS 2.0
10.0
EPSS
7.9%
CVE-2013-7282 CRITICAL POC Act Now

The management web interface on the Nisuta NS-WIR150NE router with firmware 5.07.41 and Nisuta NS-WIR300N router with firmware 5.07.36_NIS01 allows remote attackers to bypass authentication via a. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ns Wir150Ne Firmware Ns Wir150Ne Ns Wir300N Firmware Ns Wir300N
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
4.4%
CVE-2014-0978 CRITICAL POC PATCH Act Now

Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via a long line in a dot file. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Graphviz
NVD GitHub
CVSS 2.0
9.3
EPSS
6.5%
CVE-2014-1408 HIGH POC This Week

The Conceptronic C54APM access point with runtime code 1.26 has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via an HTTP request, as. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Authentication Bypass C54Apm Firmware C54Apm
NVD
CVSS 2.0
7.8
EPSS
0.4%
CVE-2014-1407 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities on the Conceptronic C54APM access point with runtime code 1.26 allow remote attackers to inject arbitrary web script or HTML via (1) the submit-url. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS C54Apm Firmware C54Apm
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-1406 MEDIUM POC This Month

CRLF injection vulnerability in goform/formWlSiteSurvey on the Conceptronic C54APM access point with runtime code 1.26 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE C54Apm Firmware C54Apm
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-6321 HIGH This Week

SQL injection vulnerability in IBM Atlas eDiscovery Process Management 6.0.1.5 and earlier and 6.0.2, Disposal and Governance Management for IT 6.0.1.5 and earlier and 6.0.2, and Global Retention. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi IBM Atlas Ediscovery Process Management Atlas Suite Disposal And Governance Management For It +1
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2013-4460 LOW POC PATCH Monitor

Cross-site scripting (XSS) vulnerability in account_sponsor_page.php in MantisBT 1.0.0 through 1.2.15 allows remote authenticated users to inject arbitrary web script or HTML via a project name. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

PHP XSS Mantisbt
NVD GitHub
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-5009 HIGH This Week

The Management Console in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 does not properly. Rated high severity (CVSS 7.4). No vendor patch available.

Authentication Bypass Endpoint Protection
NVD
CVSS 2.0
7.4
EPSS
0.3%
CVE-2013-5011 HIGH This Week

Unquoted Windows search path vulnerability in the client in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Microsoft Endpoint Protection
NVD
CVSS 2.0
7.2
EPSS
0.0%
CVE-2014-0664 MEDIUM This Month

The server in Cisco Unity Connection allows remote authenticated users to cause a denial of service (CPU consumption) via unspecified IMAP commands, aka Bug ID CSCul49976. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Unity Connection
NVD
CVSS 2.0
6.8
EPSS
1.8%
CVE-2013-6334 MEDIUM This Month

IBM Atlas eDiscovery Process Management 6.0.1.5 and earlier and 6.0.2, Disposal and Governance Management for IT 6.0.1.5 and earlier and 6.0.2, and Global Retention Policy and Schedule Management. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass IBM Atlas Ediscovery Process Management Atlas Suite Disposal And Governance Management For It +1
NVD
CVSS 2.0
6.4
EPSS
0.2%
CVE-2014-1234 LOW POC Monitor

The paratrooper-newrelic gem 1.0.1 for Ruby allows local users to obtain the X-Api-Key value by listing the curl process. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Paratrooper Newrelic New Relic
NVD
CVSS 2.0
2.1
EPSS
0.2%
CVE-2014-1233 LOW POC Monitor

The paratrooper-pingdom gem 1.0.0 for Ruby allows local users to obtain the App-Key, username, and password values by listing the curl process. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Paratrooper Pingdom
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-1405 MEDIUM This Month

Multiple open redirect vulnerabilities on the Conceptronic C54APM access point with runtime code 1.26 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Open Redirect C54Apm Firmware C54Apm
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2014-0658 MEDIUM This Month

Cisco 9900 Unified IP phones allow remote attackers to cause a denial of service (unregistration) via a crafted SIP header, aka Bug ID CSCul24898. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Cisco Unified Ip Phones 9900 Series Firmware Unified Ip Phone 9951 Unified Ip Phone 9971
NVD
CVSS 2.0
5.4
EPSS
1.7%
CVE-2013-5010 MEDIUM This Month

The Application/Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Endpoint Protection
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2014-0977 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Rich Text Editor in Movable Type 5.0x, 5.1x before 5.161, 5.2.x before 5.2.9, and 6.0.x before 6.0.1 allows remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Movabletype
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-0663 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the web framework in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco XSS Secure Access Control System
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2013-6974 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the web interface in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco XSS Secure Access Control System
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-7288 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the mycode_parse_video function in inc/class_parser.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

PHP XSS Mybb
NVD GitHub
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-7289 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in register.php in Andy's PHP Knowledgebase (Aphpkb) before 0.95.8 allow remote attackers to inject arbitrary web script or HTML via the (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

PHP XSS Aphpkb
NVD
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy