Skip to main content
CVE-2014-2588 MEDIUM POC THREAT This Month

Directory traversal vulnerability in servlet/downloadReport in McAfee Asset Manager 6.6 allows remote authenticated users to read arbitrary files via a .. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 18.0%.

Path Traversal Asset Manager
NVD Exploit-DB VulDB
CVSS 2.0
4.0
EPSS
18.0%
CVE-2014-2587 MEDIUM POC This Month

SQL injection vulnerability in jsp/reports/ReportsAudit.jsp in McAfee Asset Manager 6.6 allows remote authenticated users to execute arbitrary SQL commands via the username of an audit report (aka. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Asset Manager
NVD Exploit-DB VulDB
CVSS 2.0
6.5
EPSS
4.9%
CVE-2013-1408 MEDIUM POC This Month

Multiple SQL injection vulnerabilities in the Wysija Newsletters plugin before 2.2.1 for WordPress allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search or. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress SQLi PHP Wysija Newsletters
NVD Exploit-DB VulDB
CVSS 2.0
6.5
EPSS
2.6%
CVE-2012-6430 MEDIUM POC THREAT This Month

Cross-site scripting (XSS) vulnerability in Open Solution Quick.Cms 5.0 and Quick.Cart 6.0, possibly as downloaded before December 19, 2012, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin.php.

XSS PHP
NVD Exploit-DB VulDB
CVSS 2.0
4.3
EPSS
10.9%
CVE-2014-2586 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the login audit form in McAfee Cloud Single Sign On (SSO) allows remote attackers to inject arbitrary web script or HTML via a crafted password. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Cloud Single Sign On
NVD Exploit-DB VulDB
CVSS 2.0
4.3
EPSS
8.6%
CVE-2013-7345 MEDIUM POC PATCH This Month

The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service File PHP Debian Linux
NVD GitHub VulDB
CVSS 2.0
5.0
EPSS
1.1%
CVE-2013-0303 MEDIUM This Month

Unspecified vulnerability in core/ajax/translations.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 11.3% and no vendor patch available.

RCE PHP Owncloud Owncloud Server
NVD VulDB
CVSS 2.0
6.5
EPSS
11.3%
CVE-2013-7339 MEDIUM POC PATCH This Month

The rds_ib_laddr_check function in net/rds/ib.c in the Linux kernel before 3.12.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have. Rated medium severity (CVSS 4.7). Public exploit code available.

Denial Of Service Linux Null Pointer Dereference Linux Kernel
NVD GitHub VulDB
CVSS 2.0
4.7
EPSS
0.1%
CVE-2014-2589 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Dashboard Backend service (stats/dashboard.jsp) in SonicWall Network Security Appliance (NSA) 2400 allows remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Sonicwall Nsa 2400
NVD VulDB
CVSS 2.0
4.3
EPSS
1.0%
CVE-2013-7343 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in flowplayer.swf in the Flash fallback feature in Flowplayer HTML5 5.4.3 allows remote attackers to inject arbitrary web script or HTML by using URL encoding. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Flowplayer Html5
NVD GitHub VulDB
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-7342 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in flowplayer.swf in the Flash fallback feature in Flowplayer HTML5 5.4.1 allows remote attackers to inject arbitrary web script or HTML via the callback. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Flowplayer Html5
NVD GitHub VulDB
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-0126 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in enrol/imsenterprise/importnow.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF PHP Moodle
NVD VulDB
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-7344 MEDIUM This Month

Unspecified vulnerability in core/settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP Owncloud Owncloud Server
NVD VulDB
CVSS 2.0
6.5
EPSS
0.4%
CVE-2014-2252 MEDIUM This Month

Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted PROFINET packets, a different vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Siemens Simatic S7 Cpu 1200 Firmware Simatic S7 Cpu 1211C Simatic S7 Cpu 1212C +3
NVD VulDB
CVSS 2.0
6.1
EPSS
0.2%
CVE-2014-2284 MEDIUM This Month

The Linux implementation of the ICMP-MIB in Net-SNMP 5.5 before 5.5.2.1, 5.6.x before 5.6.2.1, and 5.7.x before 5.7.2.1 does not properly validate input, which allows remote attackers to cause a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Net Snmp
NVD VulDB
CVSS 2.0
5.0
EPSS
4.3%
CVE-2014-0125 MEDIUM PATCH This Month

repository/alfresco/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 places a session key in a URL, which allows remote attackers to bypass intended. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

PHP Privilege Escalation Moodle
NVD VulDB
CVSS 2.0
5.8
EPSS
0.2%
CVE-2014-0123 MEDIUM PATCH This Month

The wiki subsystem in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 does not properly restrict (1) view and (2) edit access, which allows remote authenticated. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable.

Privilege Escalation Moodle
NVD VulDB
CVSS 2.0
4.9
EPSS
0.2%
CVE-2014-2585 MEDIUM This Month

ownCloud before 5.0.15 and 6.x before 6.0.2, when the file_external app is enabled, allows remote authenticated users to mount the local filesystem in the user's ownCloud via the mount configuration. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Owncloud Server
NVD VulDB
CVSS 2.0
4.9
EPSS
0.2%
CVE-2014-0127 MEDIUM PATCH This Month

The time-validation implementation in (1) mod/feedback/complete.php and (2) mod/feedback/complete_guest.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable.

PHP Privilege Escalation Moodle
NVD VulDB
CVSS 2.0
4.9
EPSS
0.2%
CVE-2014-0122 MEDIUM PATCH This Month

mod/chat/chat_ajax.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 does not properly check for the mod/chat:chat capability during chat sessions, which. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable.

PHP Privilege Escalation Moodle
NVD VulDB
CVSS 2.0
4.9
EPSS
0.2%
CVE-2014-0016 MEDIUM PATCH This Month

stunnel before 5.00, when using fork threading, does not properly update the state of the OpenSSL pseudo-random number generator (PRNG), which causes subsequent children with the same process ID to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure OpenSSL Stunnel
NVD VulDB
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-2057 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 6.0.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Owncloud Owncloud Server
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-7341 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Flowplayer Flash before 3.2.17, as used in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2, allow remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Flowplayer Flash Moodle
NVD GitHub VulDB
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-2572 MEDIUM PATCH This Month

mod/assign/externallib.php in Moodle 2.6.x before 2.6.2 does not properly handle assignment web-service parameters, which might allow remote authenticated users to modify grade metadata via. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

PHP Privilege Escalation Moodle
NVD VulDB
CVSS 2.0
4.0
EPSS
0.3%
CVE-2014-0124 MEDIUM PATCH This Month

The identity-reporting implementations in mod/forum/renderer.php and mod/quiz/override_form.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 do not. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

PHP Privilege Escalation Moodle
NVD VulDB
CVSS 2.0
4.0
EPSS
0.2%
CVE-2014-0129 MEDIUM PATCH This Month

badges/mybadges.php in Moodle 2.5.x before 2.5.5 and 2.6.x before 2.6.2 does not properly track the user to whom a badge was issued, which allows remote authenticated users to modify the visibility. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

PHP Privilege Escalation Moodle
NVD VulDB
CVSS 2.0
4.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy