Skip to main content
CVE-2014-0862 CRITICAL Act Now

Unspecified vulnerability in Jazz Team Server in IBM Rational Collaborative Lifecycle Management (CLM) 3.x before 3.0.1.6 iFix 2 and 4.x before 4.0.6 allows remote attackers to execute arbitrary code. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 17.4% and no vendor patch available.

RCE IBM Rational Collaborative Lifecycle Management
NVD
CVSS 2.0
10.0
EPSS
17.4%
CVE-2014-2089 MEDIUM POC This Month

ILIAS 4.4.1 allows remote attackers to execute arbitrary PHP code via an e-mail attachment that leads to creation of a .php file with a certain client_id pathname. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP Code Injection RCE Ilias
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
5.3%
CVE-2014-2088 MEDIUM POC This Month

Unrestricted file upload vulnerability in ilias.php in ILIAS 4.4.1 allows remote authenticated users to execute arbitrary PHP code by using a .php filename in an upload_files action to the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Ilias
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
3.6%
CVE-2014-2092 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in lib/filemanager/ImageManager/editorFrame.php in CMS Made Simple 1.11.10 allows remote attackers to inject arbitrary web script or HTML via the action. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Cms Made Simple
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-2264 HIGH This Week

The OpenVPN module in Synology DiskStation Manager (DSM) 4.3-3810 update 1 has a hardcoded root password of synopass, which makes it easier for remote attackers to obtain access via a VPN session. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Synology Diskstation Manager
NVD
CVSS 2.0
7.8
EPSS
0.6%
CVE-2014-2033 HIGH This Week

The caching feature in SGOS in Blue Coat ProxySG 5.5 through 5.5.11.3, 6.1 through 6.1.6.3, 6.2 through 6.2.15.3, 6.4 through 6.4.6.1, and 6.3 and 6.5 before 6.5.4 allows remote authenticated users. Rated high severity (CVSS 7.9). No vendor patch available.

Privilege Escalation Proxysgos
NVD
CVSS 2.0
7.9
EPSS
0.1%
CVE-2014-0334 LOW POC Monitor

Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple allow remote authenticated users to inject arbitrary web script or HTML via (1) the group parameter to admin/addgroup.php, (2). Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Cms Made Simple
NVD Exploit-DB
CVSS 2.0
3.5
EPSS
0.9%
CVE-2014-2090 LOW POC Monitor

Multiple cross-site scripting (XSS) vulnerabilities in ilias.php in ILIAS 4.4.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) tar, (2) tar_val, or (3) title. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Ilias
NVD Exploit-DB
CVSS 2.0
3.5
EPSS
0.5%
CVE-2014-2091 LOW POC Monitor

Cross-site scripting (XSS) vulnerability in mods/_standard/forums/admin/forum_add.php in ATutor 2.1.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the title. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Atutor
NVD Exploit-DB
CVSS 2.0
3.5
EPSS
0.5%
CVE-2014-2099 MEDIUM This Month

The msrle_decode_frame function in libavcodec/msrle.c in FFmpeg before 2.1.4 does not properly calculate line sizes, which allows remote attackers to cause a denial of service (out-of-bounds array. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Microsoft Ffmpeg
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2014-2098 MEDIUM This Month

libavcodec/wmalosslessdec.c in FFmpeg before 2.1.4 uses an incorrect data-structure size for certain coefficients, which allows remote attackers to cause a denial of service (memory corruption) or. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Ffmpeg
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2014-2097 MEDIUM This Month

The tak_decode_frame function in libavcodec/takdec.c in FFmpeg before 2.1.4 does not properly validate a certain bits-per-sample value, which allows remote attackers to cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Ffmpeg
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2014-2243 MEDIUM PATCH This Month

includes/User.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 terminates validation of a user token upon encountering the first incorrect character, which. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

PHP Information Disclosure Race Condition Mediawiki
NVD
CVSS 2.0
5.8
EPSS
0.4%
CVE-2014-2242 MEDIUM PATCH This Month

includes/upload/UploadBase.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 does not prevent use of invalid namespaces in SVG files, which allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Mediawiki
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-2244 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the formatHTML function in includes/api/ApiFormatBase.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

PHP XSS Mediawiki
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-2104 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Business Voice Services Manager (BVSM) page in Cisco Unified Communications Domain Manager 9.0(.1) allow remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco XSS Unified Communications Domain Manager
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-4054 MEDIUM This Month

Directory traversal vulnerability in WMQ Telemetry in IBM WebSphere MQ 7.5 before 7.5.0.3 allows remote attackers to read arbitrary files via a crafted URI. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal IBM Websphere Mq
NVD
CVSS 2.0
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy