Skip to main content
CVE-2014-1610 MEDIUM POC THREAT This Month

MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows remote attackers to execute arbitrary commands via shell. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 48.0%.

PHP File Upload Mediawiki
NVD Exploit-DB
CVSS 2.0
6.0
EPSS
48.0%
Threat
4.1
CVE-2013-7246 CRITICAL POC THREAT Emergency

Buffer overflow in the IconCreate method in an ActiveX control in the DaumGame ActiveX plugin 1.1.0.4 and 1.1.0.5 allows remote attackers to execute arbitrary code via a long string, as exploited in. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 33.7%.

Buffer Overflow RCE Daumgame Activex Control
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
33.7%
Threat
4.4
CVE-2013-1376 CRITICAL Act Now

Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 23.0% and no vendor patch available.

Buffer Overflow Adobe RCE Acrobat Reader Acrobat
NVD
CVSS 2.0
10.0
EPSS
23.0%
CVE-2014-0793 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the StackIdeas Komento (com_komento) component before 1.7.3 for Joomla!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Komento
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
0.7%
CVE-2013-3090 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Belkin N300 router allow remote attackers to inject arbitrary web script or HTML via the Guest Access PSK field to wireless_guest2_print.stm or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS N300
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-3087 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Belkin N900 router allow remote attackers to inject arbitrary web script or HTML via the (1) ssid2 parameter to wl_channel.html or (2) guest_psk. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS N900
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-3084 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Belkin Model F5D8236-4 v2 router allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS F5D8236 4
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-0177 LOW POC Monitor

Multiple cross-site scripting (XSS) vulnerabilities in widget/screen/ModelScreenWidget.java in Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.05, 11.04.01, and possibly 09.04.x. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Apache Java XSS Ofbiz
NVD Exploit-DB
CVSS 2.0
3.5
EPSS
4.2%
CVE-2012-3000 HIGH This Week

Multiple SQL injection vulnerabilities in sam/admin/reports/php/saveSettings.php in the (1) APM WebGUI in F5 BIG-IP LTM, GTM, ASM, Link Controller, PSM, APM, Edge Gateway, and Analytics and (2) AVR. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Big Ip Webaccelerator Big Ip Global Traffic Manager Big Ip Local Traffic Manager +7
NVD
CVSS 2.0
7.5
EPSS
1.3%
CVE-2014-0838 HIGH This Week

The AutoUpdate package before 6.4 for IBM Security QRadar SIEM 7.2 MR1 and earlier allows remote attackers to execute arbitrary console commands by leveraging control of the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Qradar Security Information And Event Manager
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2014-0835 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar SIEM 7.2 MR1 and earlier allows remote attackers to hijack the authentication of administrators for requests that modify console. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF IBM Qradar Security Information And Event Manager
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-1612 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in login.esp in the Web Management Interface in Media5 Mediatrix 4402 VoIP Gateway with firmware Dgw 1.1.13.186 and earlier allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Mediatrix Voip Gateway 4402 Firmware Mediatrix Voip Gateway
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-1611 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Anonymous Posting module 7.x-1.2 and 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the contact name field. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Anonymous Posting
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-0836 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.2 MR1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Qradar Security Information And Event Manager
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-7303 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in (1) squelettes-dist/formulaires/inscription.php and (2) prive/forms/editer_auteur.php in SPIP before 2.1.25 and 3.0.x before 3.0.13 allow remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

PHP XSS Spip
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-1837 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the StackIdeas Komento (com_komento) component before 1.7.4 for Joomla!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Komento
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-0837 MEDIUM This Month

The AutoUpdate process in IBM Security QRadar SIEM 7.2 MR1 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM Qradar Security Information And Event Manager
NVD
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy