Skip to main content
CVE-2014-2089 MEDIUM POC This Month

ILIAS 4.4.1 allows remote attackers to execute arbitrary PHP code via an e-mail attachment that leads to creation of a .php file with a certain client_id pathname. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP Code Injection RCE Ilias
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
5.3%
CVE-2014-2088 MEDIUM POC This Month

Unrestricted file upload vulnerability in ilias.php in ILIAS 4.4.1 allows remote authenticated users to execute arbitrary PHP code by using a .php filename in an upload_files action to the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Ilias
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
3.6%
CVE-2014-2092 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in lib/filemanager/ImageManager/editorFrame.php in CMS Made Simple 1.11.10 allows remote attackers to inject arbitrary web script or HTML via the action. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Cms Made Simple
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-2099 MEDIUM This Month

The msrle_decode_frame function in libavcodec/msrle.c in FFmpeg before 2.1.4 does not properly calculate line sizes, which allows remote attackers to cause a denial of service (out-of-bounds array. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Microsoft Ffmpeg
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2014-2098 MEDIUM This Month

libavcodec/wmalosslessdec.c in FFmpeg before 2.1.4 uses an incorrect data-structure size for certain coefficients, which allows remote attackers to cause a denial of service (memory corruption) or. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Ffmpeg
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2014-2097 MEDIUM This Month

The tak_decode_frame function in libavcodec/takdec.c in FFmpeg before 2.1.4 does not properly validate a certain bits-per-sample value, which allows remote attackers to cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Ffmpeg
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2014-2243 MEDIUM PATCH This Month

includes/User.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 terminates validation of a user token upon encountering the first incorrect character, which. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

PHP Information Disclosure Race Condition Mediawiki
NVD
CVSS 2.0
5.8
EPSS
0.4%
CVE-2014-2242 MEDIUM PATCH This Month

includes/upload/UploadBase.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 does not prevent use of invalid namespaces in SVG files, which allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Mediawiki
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-2244 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the formatHTML function in includes/api/ApiFormatBase.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

PHP XSS Mediawiki
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-2104 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Business Voice Services Manager (BVSM) page in Cisco Unified Communications Domain Manager 9.0(.1) allow remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco XSS Unified Communications Domain Manager
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-4054 MEDIUM This Month

Directory traversal vulnerability in WMQ Telemetry in IBM WebSphere MQ 7.5 before 7.5.0.3 allows remote attackers to read arbitrary files via a crafted URI. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal IBM Websphere Mq
NVD
CVSS 2.0
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy