Skip to main content
CVE-2014-2324 MEDIUM POC PATCH THREAT This Month

Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 71.7%.

Path Traversal Lighttpd Debian Linux Opensuse Linux Enterprise High Availability Extension +2
NVD VulDB
CVSS 2.0
5.0
EPSS
71.7%
Threat
4.7
CVE-2013-6835 MEDIUM POC THREAT This Month

TelephonyUI Framework in Apple iOS 7 before 7.1, when Safari is used, does not require user confirmation for FaceTime audio calls, which allows remote attackers to obtain telephone number or e-mail. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 19.5%.

Apple Privilege Escalation Iphone Os
NVD Exploit-DB VulDB
CVSS 2.0
5.0
EPSS
19.5%
CVE-2013-6474 MEDIUM PATCH This Month

Heap-based buffer overflow in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows remote attackers to execute arbitrary code via a crafted PDF file. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 20.8%.

RCE Buffer Overflow Cups Filters Ubuntu Linux Debian Linux +1
NVD VulDB
CVSS 2.0
6.8
EPSS
20.8%
CVE-2013-6475 MEDIUM PATCH This Month

Multiple integer overflows in (1) OPVPOutputDev.cxx and (2) oprs/OPVPSplash.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allow remote attackers to execute arbitrary code via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 20.7%.

RCE Buffer Overflow Ubuntu Linux Debian Linux Fedora +1
NVD VulDB
CVSS 2.0
6.8
EPSS
20.7%
CVE-2014-2270 MEDIUM PATCH This Month

softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 27.1%.

Denial Of Service Buffer Overflow File PHP Debian Linux +2
NVD GitHub VulDB
CVSS 2.0
4.3
EPSS
27.1%
CVE-2013-6473 MEDIUM PATCH This Month

Multiple heap-based buffer overflows in the urftopdf filter in cups-filters 1.0.25 before 1.0.47 allow remote attackers to execute arbitrary code via a large (1) page or (2) line in a URF file. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 13.7%.

RCE Buffer Overflow Ubuntu Linux Cups Filters
NVD VulDB
CVSS 2.0
6.8
EPSS
13.7%
CVE-2013-2670 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Brother MFC-9970CDW printer with firmware G (1.03) and L (1.10) allows remote attackers to inject arbitrary web script or HTML via an arbitrary. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Mfc 9970Cdw Firmware Mfc 9970Cdw
NVD VulDB
CVSS 2.0
4.3
EPSS
0.6%
CVE-2013-2671 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Brother MFC-9970CDW printer with firmware L (1.10) allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) val. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Mfc 9970Cdw Firmware Mfc 9970Cdw
NVD VulDB
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-2507 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Brother MFC-9970CDW printer with firmware G (1.03) allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Mfc 9970Cdw Firmware Mfc 9970Cdw
NVD VulDB
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-2024 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in classes/controller/error.php in Open Classifieds 2 before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Open Classifieds 2
NVD GitHub VulDB
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-1758 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Marekkis Watermark plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pfad parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Watermark
NVD VulDB
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-2325 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Proxmox Mail Gateway before 3.1-5829 allow remote attackers to inject arbitrary web script or HTML via the (1) state parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Mail Gateway
NVD VulDB
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-1759 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Responsive Logo Slideshow plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the "URL and Image" field. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress Responsive Logo Slideshow
NVD VulDB
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-1294 MEDIUM This Month

WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Tvos +1
NVD VulDB
CVSS 2.0
6.8
EPSS
1.8%
CVE-2014-1293 MEDIUM This Month

WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Tvos +1
NVD VulDB
CVSS 2.0
6.8
EPSS
1.8%
CVE-2014-1291 MEDIUM This Month

WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Tvos +1
NVD VulDB
CVSS 2.0
6.8
EPSS
1.8%
CVE-2014-1290 MEDIUM This Month

WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Iphone Os +1
NVD VulDB
CVSS 2.0
6.8
EPSS
1.8%
CVE-2014-1289 MEDIUM This Month

WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Iphone Os +1
NVD VulDB
CVSS 2.0
6.8
EPSS
1.8%
CVE-2014-1275 MEDIUM This Month

Buffer overflow in ImageIO in Apple iOS before 7.1 and Apple TV before 6.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Iphone Os +1
NVD VulDB
CVSS 2.0
6.8
EPSS
1.1%
CVE-2014-1292 MEDIUM This Month

WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Iphone Os +1
NVD VulDB
CVSS 2.0
6.8
EPSS
0.9%
CVE-2014-0779 MEDIUM This Month

The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Schneider Electric Buffer Overflow Clearscada
NVD
CVSS 2.0
6.8
EPSS
0.7%
CVE-2014-2047 MEDIUM PATCH This Month

Session fixation vulnerability in ownCloud before 6.0.2, when PHP is configured to accept session parameters through a GET request, allows remote attackers to hijack web sessions via unspecified. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

PHP Authentication Bypass Owncloud Owncloud Server
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2013-6188 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) 7.1 through 7.2.2 allows remote attackers to hijack the authentication of unspecified victims via unknown. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

HP CSRF System Management Homepage
NVD VulDB
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-0301 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in apps/calendar/ajax/settings/settimezone in ownCloud before 4.0.12 allows remote attackers to hijack the authentication of users for requests that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Owncloud Owncloud Server
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-0299 MEDIUM This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote attackers to hijack the authentication of users for requests that (1) change. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF PHP Owncloud Owncloud Server
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-4963 MEDIUM This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Puppet Enterprise (PE) before 3.0.1 allow remote attackers to hijack the authentication of users for requests that deleting a (1) report,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Puppet Enterprise
NVD VulDB
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-1399 MEDIUM This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) node request management, (2) live management, and (3) user administration components in the console in Puppet Enterprise (PE). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Puppet Enterprise Puppet
NVD VulDB
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-0300 MEDIUM This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud 4.5.x before 4.5.7 allow remote attackers to hijack the authentication of users for requests that (1) change the default view. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF PHP Google Owncloud Server
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-1850 MEDIUM This Month

Multiple incomplete blacklist vulnerabilities in (1) import.php and (2) ajax/uploadimport.php in apps/contacts/ in ownCloud before 4.0.13 and 4.5.x before 4.5.8 allow remote authenticated users to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP Code Injection Owncloud Server Owncloud
NVD
CVSS 2.0
6.5
EPSS
0.5%
CVE-2013-2048 MEDIUM PATCH This Month

ownCloud before 5.0.6 does not properly check permissions, which allows remote authenticated users to execute arbitrary API commands via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

CSRF Privilege Escalation Owncloud Owncloud Server
NVD VulDB
CVSS 2.0
6.5
EPSS
0.3%
CVE-2014-1272 MEDIUM This Month

CrashHouseKeeping in Crash Reporting in Apple iOS before 7.1 and Apple TV before 6.1 allows local users to change arbitrary file permissions by leveraging a symlink. Rated medium severity (CVSS 6.3). No vendor patch available.

Apple Denial Of Service Tvos Iphone Os
NVD VulDB
CVSS 2.0
6.3
EPSS
0.0%
CVE-2013-4496 MEDIUM This Month

Samba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 does not enforce the password-guessing protection mechanism for all interfaces, which makes it easier for remote attackers to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Samba Ubuntu Linux
NVD VulDB
CVSS 2.0
5.0
EPSS
5.5%
CVE-2013-6442 MEDIUM This Month

The owner_set function in smbcacls.c in smbcacls in Samba 4.0.x before 4.0.16 and 4.1.x before 4.1.6 removes an ACL during use of a --chown or --chgrp option, which allows remote attackers to bypass. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Samba
NVD VulDB
CVSS 2.0
5.8
EPSS
1.3%
CVE-2014-1285 MEDIUM This Month

Springboard in Apple iOS before 7.1 allows physically proximate attackers to bypass intended access restrictions and read the home screen by leveraging an application crash during activation of an. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Apple Privilege Escalation Iphone Os
NVD VulDB
CVSS 2.0
5.8
EPSS
0.3%
CVE-2013-2044 MEDIUM PATCH This Month

Open redirect vulnerability in the Login Page (index.php) in ownCloud before 5.0.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

PHP Open Redirect Owncloud Owncloud Server
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2014-1282 MEDIUM This Month

The Profiles component in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass intended configuration-profile visibility requirements via a long name. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Apple Privilege Escalation Tvos Iphone Os
NVD VulDB
CVSS 2.0
5.8
EPSS
0.2%
CVE-2014-1273 MEDIUM This Month

dyld in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass code-signing requirements by leveraging use of text-relocation instructions in a dynamic library. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Apple Authentication Bypass Tvos Iphone Os
NVD VulDB
CVSS 2.0
5.8
EPSS
0.2%
CVE-2014-1267 MEDIUM This Month

The Configuration Profiles component in Apple iOS before 7.1 and Apple TV before 6.1 does not properly evaluate the expiration date of a mobile configuration profile, which allows attackers to bypass. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Apple Authentication Bypass Tvos Iphone Os
NVD VulDB
CVSS 2.0
5.8
EPSS
0.2%
CVE-2014-0467 MEDIUM This Month

Buffer overflow in copy.c in Mutt before 1.5.23 allows remote attackers to cause a denial of service (crash) via a crafted RFC2047 header line, related to address expansion. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Mutt Opensuse
NVD VulDB
CVSS 2.0
5.0
EPSS
1.8%
CVE-2014-2265 MEDIUM PATCH This Month

Rock Lobster Contact Form 7 before 3.7.2 allows remote attackers to bypass the CAPTCHA protection mechanism and submit arbitrary form data by omitting the _wpcf7_captcha_challenge_captcha-719. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Contact Form 7
NVD VulDB
CVSS 2.0
5.0
EPSS
1.4%
CVE-2013-4846 MEDIUM PATCH This Month

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.3 allows remote attackers to obtain sensitive information via unknown vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

HP Information Disclosure System Management Homepage
NVD VulDB
CVSS 2.0
5.0
EPSS
0.6%
CVE-2014-1286 MEDIUM This Month

SpringBoard Lock Screen in Apple iOS before 7.1 allows remote attackers to cause a denial of service (lock-screen hang) by leveraging a state-management error. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Denial Of Service Iphone Os
NVD VulDB
CVSS 2.0
5.0
EPSS
0.5%
CVE-2013-1939 MEDIUM PATCH This Month

The HTML\Browser plugin in SabreDAV before 1.6.9, 1.7.x before 1.7.7, and 1.8.x before 1.8.5, as used in ownCloud, when running on Windows, does not properly check path separators in the base path,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Microsoft Sabredav Owncloud Server
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-1276 MEDIUM This Month

IOKit HID Event in Apple iOS before 7.1 allows attackers to conduct user-action monitoring attacks against arbitrary apps via a crafted app that accesses an IOKit framework interface. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Privilege Escalation Iphone Os
NVD VulDB
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-2049 MEDIUM PATCH This Month

The default Flash Cross Domain policies in ownCloud before 5.0.15 and 6.x before 6.0.2 allows remote attackers to access user files via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Owncloud Server Owncloud
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-2086 MEDIUM PATCH This Month

The configuration loader in ownCloud 5.0.x before 5.0.6 allows remote attackers to obtain CSRF tokens and other sensitive information by reading an unspecified JavaScript file. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

CSRF Information Disclosure Owncloud Server
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-0694 MEDIUM This Month

Intelligent Automation for Cloud (IAC) in Cisco Cloud Portal 9.4.1 and earlier includes a cryptographic key in binary files, which makes it easier for remote attackers to obtain cleartext data from. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Cloud Portal
NVD VulDB
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-2319 MEDIUM This Month

The Encrypt Files feature in ConeXware PowerArchiver before 14.02.05 uses legacy ZIP encryption even if the AES 256-bit selection is chosen, which makes it easier for context-dependent attackers to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Powerarchiver
NVD VulDB
CVSS 2.0
5.0
EPSS
0.1%
CVE-2013-2089 MEDIUM PATCH This Month

Incomplete blacklist vulnerability in ownCloud before 5.0.6 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted file, then accessing it via a direct request to the. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable.

RCE PHP Owncloud Owncloud Server
NVD
CVSS 2.0
4.6
EPSS
0.4%
CVE-2013-6476 MEDIUM PATCH This Month

The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same. Rated medium severity (CVSS 4.4).

Privilege Escalation Ubuntu Linux Debian Linux Fedora Cups Filters
NVD VulDB
CVSS 2.0
4.4
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy