Skip to main content
CVE-2014-2323 CRITICAL POC PATCH THREAT Act Now

SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 90.4%.

SQLi Lighttpd Debian Linux Opensuse Linux Enterprise High Availability Extension +1
NVD VulDB
CVSS 3.1
9.8
EPSS
90.4%
Threat
6.2
CVE-2014-2324 MEDIUM POC PATCH THREAT This Month

Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 71.7%.

Path Traversal Lighttpd Debian Linux Opensuse Linux Enterprise High Availability Extension +2
NVD VulDB
CVSS 2.0
5.0
EPSS
71.7%
Threat
4.7
CVE-2014-0783 CRITICAL POC Emergency

Stack-based buffer overflow in BKHOdeq.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via a crafted TCP packet. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Stack Overflow Buffer Overflow Centum Cs 3000
NVD Exploit-DB
CVSS 2.0
9.0
EPSS
5.3%
CVE-2014-0784 HIGH POC Act Now

Stack-based buffer overflow in BKBCopyD.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via a crafted TCP packet. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE Stack Overflow Buffer Overflow Centum Cs 3000
NVD Exploit-DB
CVSS 2.0
8.3
EPSS
2.5%
CVE-2014-0781 CRITICAL POC Act Now

Heap-based buffer overflow in BKCLogSvr.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via crafted UDP packets. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Heap Overflow RCE Buffer Overflow Centum Cs 3000
NVD
CVSS 2.0
9.3
EPSS
7.5%
CVE-2014-0505 CRITICAL Act Now

Adobe Shockwave Player before 12.1.0.150 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 17.5% and no vendor patch available.

Denial Of Service Adobe Buffer Overflow RCE Shockwave Player
NVD VulDB
CVSS 2.0
10.0
EPSS
17.5%
CVE-2013-6835 MEDIUM POC THREAT This Month

TelephonyUI Framework in Apple iOS 7 before 7.1, when Safari is used, does not require user confirmation for FaceTime audio calls, which allows remote attackers to obtain telephone number or e-mail. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 19.5%.

Apple Privilege Escalation Iphone Os
NVD Exploit-DB VulDB
CVSS 2.0
5.0
EPSS
19.5%
CVE-2014-1287 HIGH POC This Week

USB Host in Apple iOS before 7.1 and Apple TV before 6.1 allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted USB messages. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Tvos +1
NVD Exploit-DB VulDB
CVSS 2.0
7.2
EPSS
1.1%
CVE-2013-6474 MEDIUM PATCH This Month

Heap-based buffer overflow in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows remote attackers to execute arbitrary code via a crafted PDF file. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 20.8%.

RCE Buffer Overflow Cups Filters Ubuntu Linux Debian Linux +1
NVD VulDB
CVSS 2.0
6.8
EPSS
20.8%
CVE-2013-6475 MEDIUM PATCH This Month

Multiple integer overflows in (1) OPVPOutputDev.cxx and (2) oprs/OPVPSplash.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allow remote attackers to execute arbitrary code via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 20.7%.

RCE Buffer Overflow Ubuntu Linux Debian Linux Fedora +1
NVD VulDB
CVSS 2.0
6.8
EPSS
20.7%
CVE-2014-2270 MEDIUM PATCH This Month

softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 27.1%.

Denial Of Service Buffer Overflow File PHP Debian Linux +2
NVD GitHub VulDB
CVSS 2.0
4.3
EPSS
27.1%
CVE-2013-6473 MEDIUM PATCH This Month

Multiple heap-based buffer overflows in the urftopdf filter in cups-filters 1.0.25 before 1.0.47 allow remote attackers to execute arbitrary code via a large (1) page or (2) line in a URF file. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 13.7%.

RCE Buffer Overflow Ubuntu Linux Cups Filters
NVD VulDB
CVSS 2.0
6.8
EPSS
13.7%
CVE-2013-6206 CRITICAL Act Now

Unspecified vulnerability in HP Rapid Deployment Pack (RDP) and Insight Control Server Deployment allows remote attackers to obtain sensitive information, modify data, or cause a denial of service. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Denial Of Service Insight Control Server Deployment Rapid Deployment Pack
NVD VulDB
CVSS 2.0
9.0
EPSS
1.6%
CVE-2013-5133 HIGH This Week

Backup in Apple iOS before 7.1 does not properly restrict symlinks, which allows remote attackers to overwrite files during a restore operation via crafted backup data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable. No vendor patch available.

Apple Privilege Escalation Iphone Os
NVD VulDB
CVSS 2.0
8.8
EPSS
0.6%
CVE-2013-1398 HIGH This Week

The pe_mcollective module in Puppet Enterprise (PE) before 2.7.1 does not properly restrict access to a catalog of private SSL keys, which allows remote authenticated users to obtain sensitive. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Puppet Enterprise Puppet
NVD VulDB
CVSS 2.0
8.5
EPSS
0.6%
CVE-2013-2670 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Brother MFC-9970CDW printer with firmware G (1.03) and L (1.10) allows remote attackers to inject arbitrary web script or HTML via an arbitrary. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Mfc 9970Cdw Firmware Mfc 9970Cdw
NVD VulDB
CVSS 2.0
4.3
EPSS
0.6%
CVE-2013-2671 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Brother MFC-9970CDW printer with firmware L (1.10) allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) val. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Mfc 9970Cdw Firmware Mfc 9970Cdw
NVD VulDB
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-2507 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Brother MFC-9970CDW printer with firmware G (1.03) allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Mfc 9970Cdw Firmware Mfc 9970Cdw
NVD VulDB
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-2024 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in classes/controller/error.php in Open Classifieds 2 before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Open Classifieds 2
NVD GitHub VulDB
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-1758 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Marekkis Watermark plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pfad parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Watermark
NVD VulDB
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-2325 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Proxmox Mail Gateway before 3.1-5829 allow remote attackers to inject arbitrary web script or HTML via the (1) state parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Mail Gateway
NVD VulDB
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-1759 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Responsive Logo Slideshow plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the "URL and Image" field. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress Responsive Logo Slideshow
NVD VulDB
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-1271 HIGH This Week

CoreCapture in Apple iOS before 7.1 and Apple TV before 6.1 does not properly validate IOKit API calls, which allows attackers to cause a denial of service (assertion failure and device crash) via a. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Denial Of Service Iphone Os Tvos
NVD VulDB
CVSS 2.0
7.8
EPSS
0.3%
CVE-2014-2292 HIGH This Week

Unspecified vulnerability in the Linux Network Connect client in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r18, 7.3 before 7.3r10, 7.4 before 7.4r8, and 8.0 before. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Juniper Information Disclosure Ivanti Ive Os
NVD VulDB
CVSS 2.0
7.2
EPSS
0.0%
CVE-2014-1278 HIGH This Week

The ptmx_get_ioctl function in the ARM kernel in Apple iOS before 7.1 and Apple TV before 6.1 allows local users to gain privileges or cause a denial of service (out-of-bounds memory access and. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Apple Buffer Overflow Iphone Os Tvos
NVD VulDB
CVSS 2.0
7.2
EPSS
0.0%
CVE-2014-1280 HIGH This Week

Video Driver in Apple iOS before 7.1 and Apple TV before 6.1 allows remote attackers to cause a denial of service (NULL pointer dereference and device hang) via a crafted video file with MPEG-4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Apple Denial Of Service Tvos Iphone Os
NVD VulDB
CVSS 2.0
7.1
EPSS
0.4%
CVE-2014-1294 MEDIUM This Month

WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Tvos +1
NVD VulDB
CVSS 2.0
6.8
EPSS
1.8%
CVE-2014-1293 MEDIUM This Month

WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Tvos +1
NVD VulDB
CVSS 2.0
6.8
EPSS
1.8%
CVE-2014-1291 MEDIUM This Month

WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Tvos +1
NVD VulDB
CVSS 2.0
6.8
EPSS
1.8%
CVE-2014-1290 MEDIUM This Month

WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Iphone Os +1
NVD VulDB
CVSS 2.0
6.8
EPSS
1.8%
CVE-2014-1289 MEDIUM This Month

WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Iphone Os +1
NVD VulDB
CVSS 2.0
6.8
EPSS
1.8%
CVE-2014-1275 MEDIUM This Month

Buffer overflow in ImageIO in Apple iOS before 7.1 and Apple TV before 6.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Iphone Os +1
NVD VulDB
CVSS 2.0
6.8
EPSS
1.1%
CVE-2014-1292 MEDIUM This Month

WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Iphone Os +1
NVD VulDB
CVSS 2.0
6.8
EPSS
0.9%
CVE-2014-0779 MEDIUM This Month

The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Schneider Electric Buffer Overflow Clearscada
NVD
CVSS 2.0
6.8
EPSS
0.7%
CVE-2014-2047 MEDIUM PATCH This Month

Session fixation vulnerability in ownCloud before 6.0.2, when PHP is configured to accept session parameters through a GET request, allows remote attackers to hijack web sessions via unspecified. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

PHP Authentication Bypass Owncloud Owncloud Server
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2013-6188 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) 7.1 through 7.2.2 allows remote attackers to hijack the authentication of unspecified victims via unknown. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

HP CSRF System Management Homepage
NVD VulDB
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-0301 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in apps/calendar/ajax/settings/settimezone in ownCloud before 4.0.12 allows remote attackers to hijack the authentication of users for requests that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Owncloud Owncloud Server
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-0299 MEDIUM This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote attackers to hijack the authentication of users for requests that (1) change. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF PHP Owncloud Owncloud Server
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-4963 MEDIUM This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Puppet Enterprise (PE) before 3.0.1 allow remote attackers to hijack the authentication of users for requests that deleting a (1) report,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Puppet Enterprise
NVD VulDB
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-1399 MEDIUM This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) node request management, (2) live management, and (3) user administration components in the console in Puppet Enterprise (PE). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Puppet Enterprise Puppet
NVD VulDB
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-0300 MEDIUM This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud 4.5.x before 4.5.7 allow remote attackers to hijack the authentication of users for requests that (1) change the default view. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF PHP Google Owncloud Server
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-1850 MEDIUM This Month

Multiple incomplete blacklist vulnerabilities in (1) import.php and (2) ajax/uploadimport.php in apps/contacts/ in ownCloud before 4.0.13 and 4.5.x before 4.5.8 allow remote authenticated users to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP Code Injection Owncloud Server Owncloud
NVD
CVSS 2.0
6.5
EPSS
0.5%
CVE-2013-2048 MEDIUM PATCH This Month

ownCloud before 5.0.6 does not properly check permissions, which allows remote authenticated users to execute arbitrary API commands via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

CSRF Privilege Escalation Owncloud Owncloud Server
NVD VulDB
CVSS 2.0
6.5
EPSS
0.3%
CVE-2014-1272 MEDIUM This Month

CrashHouseKeeping in Crash Reporting in Apple iOS before 7.1 and Apple TV before 6.1 allows local users to change arbitrary file permissions by leveraging a symlink. Rated medium severity (CVSS 6.3). No vendor patch available.

Apple Denial Of Service Tvos Iphone Os
NVD VulDB
CVSS 2.0
6.3
EPSS
0.0%
CVE-2013-4496 MEDIUM This Month

Samba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 does not enforce the password-guessing protection mechanism for all interfaces, which makes it easier for remote attackers to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Samba Ubuntu Linux
NVD VulDB
CVSS 2.0
5.0
EPSS
5.5%
CVE-2013-6442 MEDIUM This Month

The owner_set function in smbcacls.c in smbcacls in Samba 4.0.x before 4.0.16 and 4.1.x before 4.1.6 removes an ACL during use of a --chown or --chgrp option, which allows remote attackers to bypass. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Samba
NVD VulDB
CVSS 2.0
5.8
EPSS
1.3%
CVE-2014-1285 MEDIUM This Month

Springboard in Apple iOS before 7.1 allows physically proximate attackers to bypass intended access restrictions and read the home screen by leveraging an application crash during activation of an. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Apple Privilege Escalation Iphone Os
NVD VulDB
CVSS 2.0
5.8
EPSS
0.3%
CVE-2013-2044 MEDIUM PATCH This Month

Open redirect vulnerability in the Login Page (index.php) in ownCloud before 5.0.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

PHP Open Redirect Owncloud Owncloud Server
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2014-1282 MEDIUM This Month

The Profiles component in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass intended configuration-profile visibility requirements via a long name. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Apple Privilege Escalation Tvos Iphone Os
NVD VulDB
CVSS 2.0
5.8
EPSS
0.2%
CVE-2014-1273 MEDIUM This Month

dyld in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass code-signing requirements by leveraging use of text-relocation instructions in a dynamic library. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Apple Authentication Bypass Tvos Iphone Os
NVD VulDB
CVSS 2.0
5.8
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy