Skip to main content
CVE-2014-1691 HIGH POC PATCH THREAT Act Now

The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 81.3%.

RCE PHP Code Injection Horde Application Framework
NVD GitHub Exploit-DB VulDB
CVSS 2.0
7.5
EPSS
81.3%
Threat
5.4
CVE-2014-0050 HIGH POC PATCH THREAT Act Now

MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 92.7%.

Tomcat Denial Of Service Java Privilege Escalation Apache +2
NVD Exploit-DB VulDB
CVSS 2.0
7.5
EPSS
92.7%
Threat
5.8
CVE-2013-7349 HIGH POC This Week

Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the (1) news_id parameter to news/send.php, (2) thread_id parameter to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Gnew
NVD Exploit-DB VulDB
CVSS 2.0
7.5
EPSS
7.9%
CVE-2013-5640 HIGH POC This Week

Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the (1) answer_id or (2) question_id parameter to polls/vote.php, (3) story_id. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Gnew
NVD Exploit-DB VulDB
CVSS 2.0
7.5
EPSS
1.2%
CVE-2014-0633 HIGH This Week

The GUI in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not properly validate session-timeout values, which might make it easier for remote attackers to execute arbitrary code by leveraging an. Rated high severity (CVSS 7.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Vplex Geosynchrony
NVD VulDB
CVSS 2.0
7.7
EPSS
0.3%
CVE-2014-2034 HIGH This Week

Unspecified vulnerability in Sonatype Nexus OSS and Pro 2.4.0 through 2.7.1 allows attackers to create arbitrary user accounts via unknown vectors related to "an unauthenticated execution path.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Nexus
NVD VulDB
CVSS 2.0
7.5
EPSS
1.0%
CVE-2014-0635 HIGH This Week

Session fixation vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote attackers to hijack web sessions via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Vplex Geosynchrony
NVD VulDB
CVSS 2.0
7.5
EPSS
0.3%
CVE-2014-2672 HIGH PATCH This Week

Race condition in the ath_tx_aggr_sleep function in drivers/net/wireless/ath/ath9k/xmit.c in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via a. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable.

Denial Of Service Race Condition Linux Linux Kernel
NVD GitHub VulDB
CVSS 2.0
7.1
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy