Skip to main content
CVE-2013-2641 MEDIUM POC THREAT This Month

Directory traversal vulnerability in patience.cgi in Sophos Web Appliance before 3.7.8.2 allows remote attackers to read arbitrary files via the id parameter. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 82.3%.

Path Traversal Sophos Web Appliance Firmware Web Appliance
NVD Exploit-DB VulDB
CVSS 2.0
5.0
EPSS
82.3%
Threat
5.0
CVE-2014-2087 CRITICAL POC THREAT Emergency

Stack-based buffer overflow in the CDownloads_Deleted::UpdateDownload function in Downloads_Deleted.cpp in Free Download Manager 3.9.3 build 1360, 3.8 build 1173, 3.0 build 852, and earlier allows. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 36.8%.

RCE Buffer Overflow Free Download Manager
NVD Exploit-DB VulDB
CVSS 2.0
9.3
EPSS
36.8%
Threat
4.5
CVE-2014-2533 HIGH POC THREAT Act Now

/sbin/ifwatchd in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to gain privileges by providing an arbitrary program name as a command-line argument. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 26.2%.

Privilege Escalation Qnx Neutrino Rtos
NVD Exploit-DB VulDB
CVSS 2.0
7.2
EPSS
26.2%
CVE-2013-2642 CRITICAL POC THREAT Emergency

Sophos Web Appliance before 3.7.8.2 allows (1) remote attackers to execute arbitrary commands via shell metacharacters in the client-ip parameter to the Block page, when using the user_workstation. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 12.0%.

Command Injection Sophos Web Appliance Firmware Web Appliance
NVD Exploit-DB VulDB
CVSS 2.0
9.3
EPSS
12.0%
CVE-2014-0098 MEDIUM PATCH This Month

The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 41.0%.

Denial Of Service Apache Http Server Secure Global Desktop Ubuntu Linux +1
NVD VulDB
CVSS 2.0
5.0
EPSS
41.0%
CVE-2013-3938 CRITICAL Act Now

Integer overflow in xnview.exe in XnView 2.13 allows remote attackers to execute arbitrary code via a large NUM_ELEMENTS field in an IFD_ENTRY structure in a JXR file, which triggers a heap-based. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 12.2% and no vendor patch available.

RCE Buffer Overflow Xnview
NVD VulDB
CVSS 2.0
9.3
EPSS
12.2%
CVE-2013-2619 MEDIUM POC THREAT This Month

Directory traversal vulnerability in Aspen before 0.22 allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 13.4%.

Path Traversal Aspen
NVD Exploit-DB VulDB
CVSS 2.0
5.0
EPSS
13.4%
CVE-2014-1608 HIGH POC PATCH This Week

SQL injection vulnerability in the mci_file_get function in api/soap/mc_file_api.php in MantisBT before 1.2.16 allows remote attackers to execute arbitrary SQL commands via a crafted envelope tag in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP SQLi Mantisbt Debian Linux
NVD GitHub VulDB
CVSS 2.0
7.5
EPSS
0.6%
CVE-2013-6438 MEDIUM PATCH This Month

The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 30.2%.

Denial Of Service Apache Http Server Ubuntu Linux Apache HTTP Server
NVD VulDB
CVSS 2.0
5.0
EPSS
30.2%
CVE-2014-2241 MEDIUM POC This Month

The (1) cf2_initLocalRegionBuffer and (2) cf2_initGlobalRegionBuffer functions in cff/cf2ft.c in FreeType before 2.5.3 do not properly check if a subroutine exists, which allows remote attackers to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Freetype Ubuntu Linux
NVD VulDB
CVSS 2.0
6.8
EPSS
0.6%
CVE-2014-0132 MEDIUM POC PATCH This Month

The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass 389 Directory Server
NVD VulDB
CVSS 2.0
6.5
EPSS
0.6%
CVE-2012-5641 MEDIUM POC PATCH This Month

Directory traversal vulnerability in the partition2 function in mochiweb_util.erl in MochiWeb before 2.4.0, as used in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1, allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Apache Couchdb Mochiweb
NVD GitHub VulDB
CVSS 2.0
5.0
EPSS
3.7%
CVE-2014-2534 MEDIUM POC This Month

/sbin/pppoectl in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to obtain sensitive information by reading "bad parameter" lines in error messages, as demonstrated by reading the. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Qnx Neutrino Rtos
NVD Exploit-DB VulDB
CVSS 2.0
4.9
EPSS
0.7%
CVE-2013-2643 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Sophos Web Appliance before 3.7.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) xss parameter in an allow action. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Sophos PHP Web Appliance Firmware Web Appliance
NVD Exploit-DB VulDB
CVSS 2.0
4.3
EPSS
1.0%
CVE-2013-0201 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) QUERY_STRING to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Owncloud Owncloud Server
NVD GitHub
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-2537 HIGH PATCH This Week

Memory leak in the TCP stack in the kernel in Sophos UTM before 9.109 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity.

Sophos Denial Of Service Unified Threat Management Software Unified Threat Management
NVD VulDB
CVSS 2.0
7.8
EPSS
1.7%
CVE-2014-0057 HIGH This Week

The x_button method in the ServiceController (vmdb/app/controllers/service_controller.rb) in Red Hat CloudForms 3.0 Management Engine 5.2 allows remote attackers to execute arbitrary methods via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Red Hat Cloudforms Cloudforms 3 0 Management Engine
NVD VulDB
CVSS 2.0
7.5
EPSS
0.7%
CVE-2014-1975 MEDIUM This Month

Directory traversal vulnerability in the R-Company Unzipper application 1.0.1 and earlier for Android allows remote attackers to overwrite or create arbitrary files via a crafted filename. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal Google Unzipper
NVD VulDB
CVSS 2.0
5.8
EPSS
0.3%
CVE-2014-1976 MEDIUM This Month

The Demaecan application 2.1.0 and earlier for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Google Information Disclosure Demaecan
NVD VulDB
CVSS 2.0
5.8
EPSS
0.2%
CVE-2012-5650 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Futon UI in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Apache Couchdb
NVD VulDB
CVSS 2.0
4.3
EPSS
0.9%
CVE-2014-2536 MEDIUM This Month

Directory traversal vulnerability in McAfee Cloud Identity Manager 3.0, 3.1, and 3.5.1, McAfee Cloud Single Sign On (MCSSO) before 4.0.1, and Intel Expressway Cloud Access 360-SSO 2.1 and 2.5 allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal Intel Expressway Cloud Access 360 Cloud Identity Manager Cloud Single Sign On
NVD VulDB
CVSS 2.0
4.3
EPSS
0.8%
CVE-2014-2532 MEDIUM This Month

sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. No vendor patch available.

SSH Privilege Escalation
NVD VulDB
CVSS 3.1
4.2
EPSS
0.2%
CVE-2014-2535 MEDIUM This Month

Directory traversal vulnerability in McAfee Web Gateway (MWG) 7.4.x before 7.4.1, 7.3.x before 7.3.2.6, and 7.2.0.9 and earlier allows remote authenticated users to read arbitrary files via a crafted. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Web Gateway
NVD VulDB
CVSS 2.0
4.0
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy