Skip to main content
CVE-2014-2314 MEDIUM POC THREAT This Month

Directory traversal vulnerability in the Issue Collector plugin in Atlassian JIRA before 6.0.4 allows remote attackers to create arbitrary files via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 65.8%.

Path Traversal Atlassian Jira
NVD Exploit-DB VulDB
CVSS 2.0
4.3
EPSS
65.8%
Threat
4.3
CVE-2014-1945 HIGH POC PATCH This Week

SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the add_value parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP SQLi Opendocman
NVD Exploit-DB VulDB
CVSS 2.0
7.5
EPSS
0.6%
CVE-2014-2317 MEDIUM POC PATCH This Month

SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the table parameter. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

PHP SQLi Opendocman
NVD Exploit-DB VulDB
CVSS 2.0
6.8
EPSS
0.6%
CVE-2013-6233 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in SpagoBI before 4.1 allows remote authenticated users to inject arbitrary web script or HTML via the Description field in the "Short document metadata.". Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Spagobi
NVD Exploit-DB VulDB
CVSS 2.0
4.3
EPSS
4.9%
CVE-2014-1944 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in Ilch CMS 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the text parameter to index.php/guestbook/index/newentry. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Ilch Cms
NVD Exploit-DB GitHub VulDB
CVSS 2.0
4.3
EPSS
4.5%
CVE-2014-2315 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Thank You Counter Button plugin 1.8.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Thank You Counter Button
NVD VulDB
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-6232 LOW POC Monitor

Cross-site scripting (XSS) vulnerability in SpagoBI before 4.1 allows remote authenticated users to inject arbitrary web script or HTML via a document note in the execution page. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Spagobi
NVD Exploit-DB VulDB
CVSS 2.0
3.5
EPSS
0.9%
CVE-2014-2316 HIGH This Week

SQL injection vulnerability in se_search_default in the Search Everything plugin before 7.0.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the s parameter to index.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi PHP Search Everything
NVD VulDB
CVSS 2.0
7.5
EPSS
0.8%
CVE-2013-2045 MEDIUM This Month

SQL injection vulnerability in lib/db.php in ownCloud Server 5.0.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Owncloud Server
NVD
CVSS 2.0
6.5
EPSS
0.4%
CVE-2013-1893 MEDIUM This Month

SQL injection vulnerability in addressbookprovider.php in ownCloud Server before 5.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Owncloud
NVD VulDB
CVSS 2.0
6.5
EPSS
0.4%
CVE-2013-2046 MEDIUM This Month

SQL injection vulnerability in lib/bookmarks.php in ownCloud Server 4.5.x before 4.5.11 and 5.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Owncloud Server
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2013-4966 MEDIUM This Month

The master external node classification script in Puppet Enterprise before 3.2.0 does not verify the identity of consoles, which allows remote attackers to create arbitrary classifications on the. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Puppet Enterprise
NVD VulDB
CVSS 2.0
6.4
EPSS
0.2%
CVE-2013-4971 MEDIUM This Month

Puppet Enterprise before 3.2.0 does not properly restrict access to node endpoints in the console, which allows remote attackers to obtain sensitive information via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Puppet Enterprise
NVD VulDB
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-7322 MEDIUM This Month

usersfile.c in liboath in OATH Toolkit before 2.4.1 does not properly handle lines containing an invalid one-time-password (OTP) type and a user name in /etc/users.oath, which causes the wrong line. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Oath Toolkit
NVD VulDB
CVSS 2.0
4.9
EPSS
0.4%
CVE-2013-2270 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the administration page in Airvana HubBub C1-600-RT and Sprint AIRAVE 2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Hubbub C1 600 Rt Airave Software Airave
NVD VulDB
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-1890 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) new_name parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Owncloud
NVD VulDB
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-1599 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the SFR Box router with firmware NB6-MAIN-R3.3.4 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Sfr Box Router Firmware Sfr Box Router
NVD VulDB
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-2313 MEDIUM This Month

Directory traversal vulnerability in the Importers plugin in Atlassian JIRA before 6.0.5 allows remote attackers to create arbitrary files via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal Atlassian Jira
NVD VulDB
CVSS 2.0
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy