Skip to main content
CVE-2013-6343 CRITICAL POC THREAT Emergency

Multiple buffer overflows in web.c in httpd on the ASUS RT-N56U and RT-AC66U routers with firmware 3.0.0.4.374_979 allow remote attackers to execute arbitrary code via the (1) apps_name or (2). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 35.0%.

Buffer Overflow RCE Tm Ac1900 Firmware Rt N56U Firmware Rt Ac66U Firmware
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
35.0%
Threat
4.6
CVE-2014-1636 HIGH POC This Week

Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Command School Student Management System
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
3.5%
CVE-2014-0807 MEDIUM POC This Month

data/class/pages/shopping/LC_Page_Shopping_Deliv.php in LOCKON EC-CUBE 2.4.4 and earlier, and 2.11.0 through 2.12.2, allows remote attackers to modify data via unspecified vectors. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Ec Cube
NVD
CVSS 2.0
6.4
EPSS
0.5%
CVE-2014-1637 MEDIUM POC This Month

Command School Student Management System 1.06.01 does not properly restrict access to sw/backup/backup_ray2.php, which allows remote attackers to download a database backup via a direct request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Command School Student Management System
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
6.4%
CVE-2014-0808 CRITICAL PATCH Act Now

Authorization bypass through user-controlled key issue exists in EC-CUBE 2.11.0 through 2.12.2 and EC-Orange systems deployed before June 29th, 2015. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Ec Cube
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2014-0661 HIGH This Week

The System Status Collection Daemon (SSCD) in Cisco TelePresence System 500-37, 1000, 1300-65, and 3xxx before 1.10.2(42), and 500-32, 1300-47, TX1310 65, and TX9xxx before 6.0.4(11), allows remote. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Cisco Code Injection RCE +14
NVD
CVSS 2.0
8.3
EPSS
4.0%
CVE-2013-2750 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in e107_plugins/content/handlers/content_preset.php in e107 before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the query string. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS E107
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-0662 HIGH This Week

The SIP module in Cisco TelePresence Video Communication Server (VCS) before 8.1 allows remote attackers to cause a denial of service (process failure) via a crafted SDP message, aka Bug ID. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Cisco Telepresence Video Communication Server Software Telepresence Video Communication Servers Software
NVD
CVSS 2.0
7.1
EPSS
1.5%
CVE-2014-0660 HIGH This Week

Cisco TelePresence ISDN Gateway with software before 2.2(1.92) allows remote attackers to cause a denial of service (D-channel call outage) via a crafted Q.931 STATUS message, aka Bug ID CSCui50360. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Cisco Telepresence Isdn Gateway Software
NVD
CVSS 2.0
7.1
EPSS
1.5%
CVE-2014-0676 MEDIUM This Month

Cisco NX-OS allows local users to bypass intended TACACS+ command restrictions via a series of multiple commands, aka Bug ID CSCum47367. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cisco Nx Os
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-0671 MEDIUM This Month

Open redirect vulnerability in Cisco MediaSense allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter, aka Bug ID CSCum16749. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Open Redirect Cisco Mediasense
NVD
CVSS 2.0
5.8
EPSS
0.7%
CVE-2014-0677 MEDIUM This Month

The Label Distribution Protocol (LDP) functionality in Cisco NX-OS allows remote attackers to cause a denial of service (temporary LDP session outage) via LDP discovery traffic containing malformed. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Nx Os
NVD
CVSS 2.0
5.0
EPSS
1.3%
CVE-2014-0669 MEDIUM This Month

The Wireless Session Protocol (WSP) feature in the Gateway GPRS Support Node (GGSN) component on Cisco ASR 5000 series devices allows remote attackers to bypass intended Top-Up payment restrictions. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Asr 5000 Series Software
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2014-0670 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Search and Play interface in Cisco MediaSense allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco XSS Mediasense
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-6746 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in FileNet P8 Platform Documentation Installable Info Center 4.5.1 through 5.2.0 in IBM FileNet Business Process Manager 4.5.1 through 5.1.0, FileNet Content. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Filenet Case Foundation Filenet Content Manager Filenet P8 Business Process Manager
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-7305 MEDIUM This Month

fpw.php in e107 through 1.0.4 does not check the user_ban field, which makes it easier for remote attackers to reset passwords by sending a pwsubmit request and leveraging access to the e-mail. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

PHP Authentication Bypass E107
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-0806 MEDIUM This Month

The Sleipnir Mobile application 2.12.1 and earlier and Sleipnir Mobile Black Edition application 2.12.1 and earlier for Android provide Geolocation API data without verifying user consent, which. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Google Sleipnir Mobile
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-7304 MEDIUM PATCH This Month

Check Point Endpoint Security MI Server through R73 3.0.0 HFA2.5 does not configure X.509 certificate validation for client devices, which allows man-in-the-middle attackers to spoof SSL servers by. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Endpoint Security Mi Server R73
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-0672 MEDIUM This Month

The Search and Play interface in Cisco MediaSense does not properly enforce authorization requirements, which allows remote authenticated users to download arbitrary recordings via a request to this. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Mediasense
NVD
CVSS 2.0
4.0
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy