Skip to main content
CVE-2012-5192 MEDIUM POC THREAT This Month

Directory traversal vulnerability in gmap/view_overlay.php in Bitweaver 2.8.1 and earlier allows remote attackers to read arbitrary files via "''%2F" (dot dot encoded slash) sequences in the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 58.3%.

PHP Path Traversal Bitweaver
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
58.3%
Threat
4.2
CVE-2013-6650 HIGH POC This Week

The StoreBuffer::ExemptPopularPages function in store-buffer.cc in Google V8 before 3.22.24.16, as used in Google Chrome before 32.0.1700.102, allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Google Debian Linux Chrome +1
NVD
CVSS 2.0
7.5
EPSS
2.4%
CVE-2013-6649 HIGH POC This Week

Use-after-free vulnerability in the RenderSVGImage::paint function in core/rendering/svg/RenderSVGImage.cpp in Blink, as used in Google Chrome before 32.0.1700.102, allows remote attackers to cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Google Chrome Debian Linux Opensuse
NVD
CVSS 2.0
7.5
EPSS
0.9%
CVE-2013-6838 CRITICAL Act Now

An unspecified Enghouse Interactive Professional Services "addon product" in Enghouse Interactive IVR Pro (VIP2000) 9.0.3 (rel903), when using OpenVZ and fallback customization, uses the same SSH. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ivr Pro
NVD
CVSS 2.0
10.0
EPSS
1.3%
CVE-2014-1681 CRITICAL Act Now

Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700.102 have unknown impact and attack vectors, related to 12 "security fixes [that were not] either contributed by external. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome
NVD
CVSS 2.0
10.0
EPSS
0.3%
CVE-2013-5094 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in index.exp in McAfee Vulnerability Manager 7.5 allows remote attackers to inject arbitrary web script or HTML via the cert_cn cookie parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Vulnerability Manager
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
5.6%
CVE-2013-7135 HIGH This Week

The Proc::Daemon module 0.14 for Perl uses world-writable permissions for a file that stores a process ID, which allows local users to have an unspecified impact by modifying this file. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Proc
NVD
CVSS 2.0
7.2
EPSS
0.0%
CVE-2014-1640 LOW Monitor

axiom-test.sh in axiom 20100701-1.1 uses tempfile to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite. Rated low severity (CVSS 3.3). No vendor patch available.

Information Disclosure Axiom
NVD
CVSS 2.0
3.3
EPSS
0.0%
CVE-2014-1624 LOW PATCH Monitor

Race condition in the xdg.BaseDirectory.get_runtime_dir function in python-xdg 0.25 allows local users to overwrite arbitrary files by pre-creating /tmp/pyxdg-runtime-dir-fallback-victim to point to. Rated low severity (CVSS 3.3).

Python Information Disclosure Pyxdg
NVD
CVSS 2.0
3.3
EPSS
0.0%
CVE-2014-1639 LOW Monitor

syncevo/installcheck-local.sh in syncevolution before 1.3.99.7 uses mktemp to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows. Rated low severity (CVSS 3.3). No vendor patch available.

Information Disclosure Syncevolution
NVD
CVSS 2.0
3.3
EPSS
0.0%
CVE-2014-1638 LOW Monitor

(1) debian/postrm and (2) debian/localepurge.config in localepurge before 0.7.3.2 use tempfile to create a safe temporary file but appends a suffix to the original filename and writes to this new. Rated low severity (CVSS 3.3). No vendor patch available.

Debian Information Disclosure Localepurge
NVD
CVSS 2.0
3.3
EPSS
0.0%
CVE-2014-0647 LOW Monitor

The Starbucks 2.6.1 application for iOS stores sensitive information in plaintext in the Crashlytics log file (/Library/Caches/com.crashlytics.data/com.starbucks.mystarbucks/session.clslog), which. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass Starbucks
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-1604 LOW PATCH Monitor

The parser cache functionality in parsergenerator.py in RPLY (aka python-rply) before 0.7.1 allows local users to spoof cache data by pre-creating a temporary rply-*.json file with a predictable name. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Python Information Disclosure Rply
NVD GitHub
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy