Skip to main content
CVE-2014-2321 CRITICAL POC THREAT Emergency

web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated by using "set TelnetCfg" commands to enable a TELNET. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 92.0%.

Privilege Escalation Zte F460 F660
NVD VulDB
CVSS 2.0
10.0
EPSS
92.0%
Threat
6.3
CVE-2013-3928 CRITICAL POC THREAT Emergency

Stack-based buffer overflow in the ReadFile function in flt_BMP.dll in Chasys Draw IES before 4.11.02 allows remote attackers to execute arbitrary code via crafted biPlanes and biBitCount fields in a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 76.1%.

RCE Buffer Overflow Chasys Draw Ies
NVD Exploit-DB VulDB
CVSS 2.0
9.3
EPSS
76.1%
Threat
5.6
CVE-2014-0094 MEDIUM POC PATCH THREAT This Month

The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 93.1%.

Information Disclosure Apache Struts
NVD Exploit-DB VulDB
CVSS 2.0
5.0
EPSS
93.1%
Threat
5.3
CVE-2014-2299 CRITICAL POC THREAT Emergency

Buffer overflow in the mpeg_read function in wiretap/mpeg.c in the MPEG parser in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 allows remote attackers to execute arbitrary code or cause a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 66.9%.

Denial Of Service RCE Buffer Overflow Wireshark
NVD Exploit-DB VulDB
CVSS 2.0
9.3
EPSS
66.9%
Threat
5.4
CVE-2013-4467 MEDIUM POC THREAT This Month

Multiple SQL injection vulnerabilities in the agent interface (agc/) in VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier allow (1) remote attackers to execute arbitrary. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 78.3%.

PHP SQLi Vicidial
NVD Exploit-DB GitHub VulDB
CVSS 2.0
6.5
EPSS
78.3%
Threat
5.1
CVE-2013-5639 HIGH POC This Week

Directory traversal vulnerability in users/login.php in Gnew 2013.1 and earlier allows remote attackers to read arbitrary files via a .. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Gnew
NVD Exploit-DB VulDB
CVSS 2.0
7.5
EPSS
4.6%
CVE-2014-2318 HIGH POC This Week

SQL injection vulnerability in ATCOM Netvolution 3 allows remote attackers to execute arbitrary SQL commands via the m parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Netvolution
NVD VulDB
CVSS 2.0
7.5
EPSS
0.5%
CVE-2013-3961 MEDIUM POC This Month

SQL injection vulnerability in edit_event.php in Simple PHP Agenda before 2.2.9 allows remote authenticated users to execute arbitrary SQL commands via the eventid parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Php Agenda
NVD Exploit-DB VulDB
CVSS 2.0
6.5
EPSS
1.9%
CVE-2013-7334 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in ImageCMS before 4.2 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the q. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF SQLi Imagecms
NVD VulDB
CVSS 2.0
6.8
EPSS
0.3%
CVE-2013-2754 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in Umisoft UMI.CMS before 2.9 build 21905 allows remote attackers to hijack the authentication of administrators for requests that add administrator. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Umi Cms
NVD Exploit-DB VulDB
CVSS 2.0
6.8
EPSS
0.3%
CVE-2012-6290 MEDIUM POC This Month

SQL injection vulnerability in ImageCMS before 4.2 allows remote authenticated administrators to execute arbitrary SQL commands via the q parameter to admin/admin_search/. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF SQLi Imagecms
NVD Exploit-DB VulDB
CVSS 2.0
6.5
EPSS
1.6%
CVE-2014-2309 MEDIUM POC This Month

The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 does not properly count the addition of routes, which allows remote attackers to cause a denial of service (memory. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Linux Buffer Overflow Linux Kernel Opensuse +1
NVD VulDB
CVSS 2.0
6.1
EPSS
0.9%
CVE-2013-6941 CRITICAL Act Now

Unspecified vulnerability in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows users to "breakout" of the shell. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Information Disclosure Netscaler Application Delivery Controller Firmware
NVD VulDB
CVSS 2.0
10.0
EPSS
0.4%
CVE-2013-6207 CRITICAL Act Now

Unspecified vulnerability in the loadFileContents function in the SOAP implementation in HP SiteScope 10.1x, 11.1x, and 11.21 allows remote attackers to read arbitrary files or cause a denial of. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Denial Of Service Sitescope
NVD VulDB
CVSS 2.0
9.4
EPSS
2.5%
CVE-2014-0100 CRITICAL PATCH Act Now

Race condition in the inet_frag_intern function in net/ipv4/inet_fragment.c in the Linux kernel through 3.13.6 allows remote attackers to cause a denial of service (use-after-free error) or possibly. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable.

Denial Of Service Race Condition Linux Linux Kernel
NVD VulDB
CVSS 2.0
9.3
EPSS
0.5%
CVE-2013-4413 MEDIUM POC PATCH This Month

Directory traversal vulnerability in controller/concerns/render_redirect.rb in the Wicked gem before 1.0.1 for Ruby allows remote attackers to read arbitrary files via a %2E%2E%2F (encoded dot dot. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Wicked
NVD GitHub VulDB
CVSS 2.0
5.0
EPSS
0.8%
CVE-2013-6031 MEDIUM POC This Month

The Huawei E355 adapter with firmware 21.157.37.01.910 does not require authentication for API pages, which allows remote attackers to change passwords and settings, or obtain sensitive information,. Rated medium severity (CVSS 4.3). Public exploit code available and no vendor patch available.

Huawei Authentication Bypass E355 Firmware E355
NVD GitHub VulDB
CVSS 2.0
4.3
EPSS
3.7%
CVE-2014-2283 MEDIUM POC This Month

epan/dissectors/packet-rlc in the RLC dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 uses inconsistent memory-management approaches, which allows remote attackers to cause a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Wireshark
NVD VulDB
CVSS 2.0
4.3
EPSS
3.3%
CVE-2014-2281 MEDIUM POC PATCH This Month

The nfs_name_snoop_add_name function in epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 does not validate a certain length value, which. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Buffer Overflow Wireshark
NVD VulDB
CVSS 2.0
4.3
EPSS
3.1%
CVE-2013-2289 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in admin/templates/default.php in Batavi 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to admin/index.php. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Batavi
NVD Exploit-DB VulDB
CVSS 2.0
4.3
EPSS
0.9%
CVE-2014-0101 HIGH PATCH This Week

The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call,. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Linux Null Pointer Dereference Linux Kernel Enterprise Linux Desktop +25
NVD GitHub VulDB
CVSS 2.0
7.8
EPSS
3.1%
CVE-2014-2311 HIGH This Week

SQL injection vulnerability in modx.class.php in MODX Revolution 2.0.0 before 2.2.13 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Modx Revolution
NVD VulDB
CVSS 2.0
7.5
EPSS
0.5%
CVE-2014-0049 HIGH PATCH This Week

Buffer overflow in the complete_emulated_mmio function in arch/x86/kvm/x86.c in the Linux kernel before 3.13.6 allows guest OS users to execute arbitrary code on the host OS by leveraging a loop that. Rated high severity (CVSS 7.4). This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

RCE Linux Buffer Overflow Linux Kernel
NVD GitHub VulDB
CVSS 2.0
7.4
EPSS
0.2%
CVE-2014-0004 MEDIUM PATCH This Month

Stack-based buffer overflow in udisks before 1.0.5 and 2.x before 2.1.3 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long mount point. Rated medium severity (CVSS 6.9).

Denial Of Service RCE Buffer Overflow Udisks Ubuntu Linux
NVD VulDB
CVSS 2.0
6.9
EPSS
0.1%
CVE-2013-6942 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows remote. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Citrix Netscaler Application Delivery Controller Firmware
NVD VulDB
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-0106 MEDIUM PATCH This Month

Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended. Rated medium severity (CVSS 6.6).

Authentication Bypass Mac Os X Sudo
NVD VulDB
CVSS 2.0
6.6
EPSS
0.1%
CVE-2013-4189 MEDIUM PATCH This Month

Multiple unspecified vulnerabilities in (1) dataitems.py, (2) get.py, and (3) traverseName.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Plone
NVD VulDB
CVSS 2.0
6.5
EPSS
0.5%
CVE-2014-0899 MEDIUM This Month

ftpd in IBM AIX 7.1.1 before SP10 and 7.1.2 before SP5, when a Workload Partition (aka WPAR) for AIX 5.2 or 5.3 is used, allows remote authenticated users to bypass intended permission settings and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Privilege Escalation Aix
NVD VulDB
CVSS 2.0
6.5
EPSS
0.3%
CVE-2013-6200 MEDIUM This Month

Unspecified vulnerability in m4 in HP HP-UX B.11.23 and B.11.31 allows local users to obtain sensitive information or modify data via unknown vectors. Rated medium severity (CVSS 6.2), this vulnerability is low attack complexity. No vendor patch available.

HP Information Disclosure Hp Ux
NVD VulDB
CVSS 2.0
6.2
EPSS
0.1%
CVE-2013-4191 MEDIUM PATCH This Month

zip.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce access restrictions when including content in a zip archive, which allows remote attackers to. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Privilege Escalation Plone
NVD VulDB
CVSS 2.0
5.8
EPSS
0.3%
CVE-2013-4195 MEDIUM PATCH This Month

Multiple open redirect vulnerabilities in (1) marmoset_patch.py, (2) publish.py, and (3) principiaredirect.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Open Redirect Plone
NVD VulDB
CVSS 2.0
5.8
EPSS
0.3%
CVE-2013-4197 MEDIUM PATCH This Month

member_portrait.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to modify or delete portraits of other users via unspecified vectors. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Plone
NVD VulDB
CVSS 2.0
5.5
EPSS
0.5%
CVE-2014-0102 MEDIUM PATCH This Month

The keyring_detect_cycle_iterator function in security/keys/keyring.c in the Linux kernel through 3.13.6 does not properly determine whether keyrings are identical, which allows local users to cause. Rated medium severity (CVSS 5.2).

Denial Of Service Linux Linux Kernel
NVD VulDB
CVSS 2.0
5.2
EPSS
0.2%
CVE-2013-6939 MEDIUM This Month

Unspecified vulnerability in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows attackers to cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Citrix Netscaler Application Delivery Controller Firmware
NVD VulDB
CVSS 2.0
5.0
EPSS
0.6%
CVE-2013-6938 MEDIUM This Month

Unspecified vulnerability in the Service VM in Citrix NetScaler SDX 9.3 before 9.3-64.4 and 10.0 before 10.0-77.5 and Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Citrix Netscaler Application Delivery Controller Firmware
NVD VulDB
CVSS 2.0
5.0
EPSS
0.4%
CVE-2013-4196 MEDIUM PATCH This Month

The object manager implementation (objectmanager.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly restrict access to internal methods, which allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Plone
NVD VulDB
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-6943 MEDIUM This Month

Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows remote attackers to conduct an LDAP injection attack via vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Citrix Code Injection Netscaler Application Delivery Controller Firmware
NVD VulDB
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-6940 MEDIUM This Month

Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 logs user credentials, which allows attackers to obtain sensitive. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Authentication Bypass Netscaler Application Delivery Controller Firmware
NVD VulDB
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-2282 MEDIUM PATCH This Month

The dissect_protocol_data_parameter function in epan/dissectors/packet-m3ua.c in the M3UA dissector in Wireshark 1.10.x before 1.10.6 does not properly allocate memory, which allows remote attackers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Wireshark
NVD VulDB
CVSS 2.0
4.3
EPSS
0.6%
CVE-2013-6037 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in index.php in Aker Secure Mail Gateway 2.5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg_id parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS PHP Secure Mail Gateway
NVD VulDB
CVSS 2.0
4.3
EPSS
0.6%
CVE-2013-4188 MEDIUM PATCH This Month

traverser.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers with administrator privileges to cause a denial of service (infinite loop and resource. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Denial Of Service Plone
NVD VulDB
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-1839 MEDIUM PATCH This Month

The Execute class in shellutils in logilab-commons before 0.61.0 uses tempfile.mktemp, which allows local users to have an unspecified impact by pre-creating the temporary file. Rated medium severity (CVSS 4.4).

Information Disclosure Opensuse Logilab Common
NVD VulDB
CVSS 2.0
4.4
EPSS
0.1%
CVE-2014-1838 MEDIUM PATCH This Month

The (1) extract_keys_from_pdf and (2) fill_pdf functions in pdf_ext.py in logilab-commons before 0.61.0 allows local users to overwrite arbitrary files and possibly have other unspecified impact via. Rated medium severity (CVSS 4.4).

Information Disclosure Opensuse Logilab Common
NVD VulDB
CVSS 2.0
4.4
EPSS
0.0%
CVE-2013-4433 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in XHProf before 0.9.4 allows remote attackers to inject arbitrary web script or HTML via the run parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Xhprof
NVD VulDB
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-4194 MEDIUM PATCH This Month

The WYSIWYG component (wysiwyg.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers to obtain sensitive information via a crafted URL, which reveals the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Plone
NVD VulDB
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-4193 MEDIUM PATCH This Month

typeswidget.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce the immutable setting on unspecified content edit forms, which allows remote attackers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Privilege Escalation Plone
NVD VulDB
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-6944 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the user interface in the AAA TM vServer in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Citrix Netscaler Application Delivery Controller Firmware
NVD VulDB
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-4190 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in (1) spamProtect.py, (2) pts.py, and (3) request.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Plone
NVD VulDB
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-4198 MEDIUM PATCH This Month

mail_password.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to bypass the prohibition on password changes via the forgotten password. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Plone
NVD VulDB
CVSS 2.0
4.0
EPSS
0.3%
CVE-2013-4192 MEDIUM PATCH This Month

sendto.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to spoof emails via unspecified vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Plone
NVD VulDB
CVSS 2.0
4.0
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy