Skip to main content
CVE-2014-0329 CRITICAL POC THREAT Emergency

The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a hardcoded password ending with airocon for the admin account, which allows remote attackers to obtain administrative access by leveraging. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 25.0%.

Zte Authentication Bypass Zxv10 W300
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
25.0%
Threat
4.1
CVE-2013-3365 HIGH POC This Week

TRENDnet TEW-812DRU router allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) wan network prefix to internet/ipv6.asp; (2) remote port to. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Command Injection Tew 812Dru
NVD Exploit-DB
CVSS 2.0
8.5
EPSS
6.8%
CVE-2013-7183 HIGH POC This Week

cgi-bin/reboot.cgi on Seowon Intech SWC-9100 routers allows remote attackers to (1) cause a denial of service (reboot) via a default_reboot action or (2) reset all configuration values via a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Authentication Bypass Swc 9100
NVD Exploit-DB
CVSS 2.0
7.8
EPSS
9.9%
CVE-2013-7179 HIGH POC This Week

The ping functionality in cgi-bin/diagnostic.cgi on Seowon Intech SWC-9100 routers allows remote attackers to execute arbitrary commands via shell metacharacters in the ping_ipaddr parameter. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Swc 9100
NVD Exploit-DB
CVSS 2.0
8.3
EPSS
1.9%
CVE-2014-1694 MEDIUM POC PATCH This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in (1) CustomerPreferences.pm, (2) CustomerTicketMessage.pm, (3) CustomerTicketProcess.pm, and (4) CustomerTicketZoom.pm in Kernel/Modules/. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

CSRF Otrs
NVD GitHub
CVSS 2.0
6.8
EPSS
0.6%
CVE-2012-6493 MEDIUM POC PATCH This Month

Cross-site request forgery (CSRF) vulnerability in Rapid7 Nexpose Security Console before 5.5.4 allows remote attackers to hijack the authentication of unspecified victims for requests that delete. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

CSRF Nexpose
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.4%
CVE-2013-3098 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in TRENDnet TEW-812DRU router with firmware before 1.0.9.0 allow remote attackers to hijack the authentication of administrators for. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Tew 812Dru Firmware Tew 812Dru
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.3%
CVE-2013-6035 CRITICAL Act Now

The firmware on GateHouse; Harris BGAN RF-7800B-VU204 and BGAN RF-7800B-DU204; Hughes Network Systems 9201, 9450, and 9502; Inmarsat; Japan Radio JUE-250 and JUE-500; and Thuraya IP satellite. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Authentication Bypass Gatehouse Bgan 9201 +6
NVD
CVSS 2.0
10.0
EPSS
3.7%
CVE-2012-2108 CRITICAL Act Now

Stack-based buffer overflow in the main function in util/lpci_main.c in Csound before 5.17.2, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow RCE Csound
NVD
CVSS 2.0
9.3
EPSS
5.8%
CVE-2012-2107 CRITICAL Act Now

Integer overflow in the main function in util/lpci_main.c in Csound before 5.17.2, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted file, which. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow RCE Csound
NVD
CVSS 2.0
9.3
EPSS
5.1%
CVE-2012-2106 CRITICAL Act Now

Integer overflow in the pv_import function in util/pv_import.c in Csound 5.16.6, when converting a file, allows remote attackers to execute arbitrary code via a crafted file, which triggers a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow RCE Csound
NVD
CVSS 2.0
9.3
EPSS
4.8%
CVE-2013-6032 CRITICAL Act Now

cgi-bin/postpf/cgi-bin/dynamic/config/config.html on Lexmark X94x before LC.BR.P142, X85x through LC4.BE.P487, X644 and X646 before LC2.MC.P374, X642 through LC2.MB.P318, W840 through LS.HA.P252,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure 25Xxn C52X C53X C77X +19
NVD
CVSS 2.0
10.0
EPSS
0.8%
CVE-2013-6034 CRITICAL Act Now

The firmware on GateHouse; Harris BGAN RF-7800B-VU204 and BGAN RF-7800B-DU204; Hughes Network Systems 9201, 9450, and 9502; Inmarsat; Japan Radio JUE-250 and JUE-500; and Thuraya IP satellite. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gatehouse Bgan 9201 9450 +5
NVD
CVSS 2.0
10.0
EPSS
0.8%
CVE-2014-1471 HIGH PATCH This Week

SQL injection vulnerability in the StateGetStatesByType function in Kernel/System/State.pm in Open Ticket Request System (OTRS) 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi Otrs
NVD GitHub
CVSS 2.0
7.5
EPSS
1.6%
CVE-2013-5427 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1 FP8 through 11.0 and InfoSphere Master Data Management Server for. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF IBM Infosphere Master Data Management Collaboration Server Infosphere Master Data Management Server For Product Information Management
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-0686 MEDIUM This Month

Cisco Unified Communications Manager (aka Unified CM) 9.1 (2.10000.28) and earlier allows local users to gain privileges by leveraging incorrect file permissions, aka Bug IDs CSCul24917 and. Rated medium severity (CVSS 6.0). No vendor patch available.

Privilege Escalation Cisco Unified Communications Manager
NVD
CVSS 2.0
6.0
EPSS
0.1%
CVE-2012-0875 MEDIUM This Month

SystemTap 1.7, 1.6.7, and probably other versions, when unprivileged mode is enabled, allows local users to obtain sensitive information from kernel memory or cause a denial of service (kernel panic. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Denial Of Service Systemtap
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2013-7182 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in firewall/schedule/recurrdlg in Fortinet FortiOS 5.0.5 allows remote attackers to inject arbitrary web script or HTML via the mkey parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Fortinet XSS Fortios
NVD
CVSS 2.0
4.3
EPSS
0.8%
CVE-2013-7181 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in user/ldap_user/add in Fortinet FortiOS 5.0.3 allows remote attackers to inject arbitrary web script or HTML via the filter parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Fortinet XSS Fortiweb
NVD
CVSS 2.0
4.3
EPSS
0.8%
CVE-2014-0834 MEDIUM This Month

IBM General Parallel File System (GPFS) 3.4 through 3.4.0.27 and 3.5 through 3.5.0.16 allows attackers to cause a denial of service (daemon crash) via crafted arguments to a setuid program. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service IBM General Parallel File System
NVD
CVSS 2.0
4.0
EPSS
0.7%
CVE-2013-6033 LOW Monitor

Multiple cross-site scripting (XSS) vulnerabilities on Lexmark W840 through LS.HA.P252, T64x before LS.ST.P344, C935dn through LC.JO.P091, C920 through LS.TA.P152, C53x through LS.SW.P069, C52x. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS C52X C53X C920 C935Dn +5
NVD
CVSS 2.0
3.5
EPSS
0.3%
CVE-2014-1458 LOW Monitor

Cross-site scripting (XSS) vulnerability in the web administration interface in FortiGuard FortiWeb 5.0.3 and earlier allows remote authenticated administrators to inject arbitrary web script or HTML. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Fortinet XSS Fortiweb
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-0019 LOW PATCH Monitor

Stack-based buffer overflow in socat 1.3.0.0 through 1.7.2.2 and 2.0.0-b1 through 2.0.0-b6 allows local users to cause a denial of service (segmentation fault) via a long server name in the. Rated low severity (CVSS 1.9).

Buffer Overflow Denial Of Service Socat Fedora Opensuse
NVD
CVSS 2.0
1.9
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy