Skip to main content
CVE-2014-2127 HIGH POC THREAT Act Now

Cisco Adaptive Security Appliance (ASA) Software 8.x before 8.2(5.48), 8.3 before 8.3(2.40), 8.4 before 8.4(7.9), 8.6 before 8.6(1.13), 9.0 before 9.0(4.1), and 9.1 before 9.1(4.3) does not properly. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 30.7%.

Cisco Information Disclosure Adaptive Security Appliance Software
NVD VulDB
CVSS 2.0
8.5
EPSS
30.7%
Threat
4.1
CVE-2014-0166 MEDIUM This Month

The wp_validate_auth_cookie function in wp-includes/pluggable.php in WordPress before 3.7.2 and 3.8.x before 3.8.2 does not properly determine the validity of authentication cookies, which makes it. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 31.6% and no vendor patch available.

WordPress PHP Authentication Bypass
NVD VulDB
CVSS 2.0
6.4
EPSS
31.6%
CVE-2014-2583 MEDIUM POC This Month

Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create arbitrary files or possibly bypass authentication. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Path Traversal Linux Pam
NVD VulDB
CVSS 2.0
5.8
EPSS
1.5%
CVE-2014-2126 HIGH This Week

Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.47), 8.4 before 8.4(7.5), 8.7 before 8.7(1.11), 9.0 before 9.0(3.10), and 9.1 before 9.1(3.4) allows remote authenticated users to. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Privilege Escalation Adaptive Security Appliance Software
NVD VulDB
CVSS 2.0
8.5
EPSS
0.5%
CVE-2014-0331 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the web administration interface in FortiADC with firmware before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the locale. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Fortiadc Firmware Fortiadc 1000E Fortiadc 1500D Fortiadc 2000D +5
NVD VulDB
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-2708 HIGH PATCH This Week

Multiple SQL injection vulnerabilities in graph_xport.php in Cacti 0.8.7g, 0.8.8b, and earlier allow remote attackers to execute arbitrary SQL commands via the (1) graph_start, (2) graph_end, (3). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

PHP SQLi Cacti
NVD VulDB
CVSS 2.0
7.5
EPSS
1.5%
CVE-2014-2544 HIGH This Week

Unspecified vulnerability in Spotfire Web Player Engine, Spotfire Desktop, and Spotfire Server Authentication Module in TIBCO Spotfire Server 3.3.x before 3.3.4, 4.5.x before 4.5.1, 5.0.x before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Web Player Automation Services Spotfire Server Spotfire Professional +3
NVD VulDB
CVSS 2.0
7.5
EPSS
1.2%
CVE-2013-7362 HIGH This Week

An unspecified RFC function in SAP CCMS Agent allows remote attackers to execute arbitrary commands via unknown vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE SAP Code Injection Ccms Agent
NVD VulDB
CVSS 2.0
7.5
EPSS
1.0%
CVE-2014-2748 HIGH This Week

The Security Audit Log facility in SAP Enhancement Package (EHP) 6 for SAP ERP 6.0 allows remote attackers to modify or delete arbitrary log classes via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation SAP Enhancement Package
NVD VulDB
CVSS 2.0
7.5
EPSS
0.7%
CVE-2013-7367 HIGH This Week

SAP Enterprise Portal does not properly restrict access to the Federation configuration pages, which allows remote attackers to gain privileges via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation SAP Enterprise Portal
NVD VulDB
CVSS 2.0
7.5
EPSS
0.7%
CVE-2013-7364 HIGH This Week

An unspecified J2EE core service in the J2EE Engine in SAP NetWeaver does not properly restrict access, which allows remote attackers to read and write to arbitrary files via unknown vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation SAP Netweaver
NVD VulDB
CVSS 2.0
7.5
EPSS
0.7%
CVE-2013-7363 HIGH This Week

Unspecified vulnerability in the Diagnostics (SMD) agent in SAP Solution Manager allows remote attackers to obtain sensitive information, modify the configuration of applications, and install or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Solution Manager
NVD VulDB
CVSS 2.0
7.5
EPSS
0.7%
CVE-2014-2752 HIGH This Week

SAP Business Object Processing Framework (BOPF) for ABAP has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Business Object Processing Framework For Abap
NVD VulDB
CVSS 2.0
7.5
EPSS
0.5%
CVE-2014-2751 HIGH This Week

SAP Print and Output Management has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Print And Output Management
NVD VulDB
CVSS 2.0
7.5
EPSS
0.5%
CVE-2013-7360 HIGH This Week

Unspecified vulnerability in SAP adminadapter allows remote attackers to read or write to arbitrary files via unknown vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Adminadapter
NVD VulDB
CVSS 2.0
7.5
EPSS
0.5%
CVE-2013-7355 HIGH This Week

SQL injection vulnerability in SAP BI Universal Data Integration allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to the J2EE schema. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi SAP Bi Universal Data Integration
NVD VulDB
CVSS 2.0
7.5
EPSS
0.3%
CVE-2014-1455 HIGH This Week

SQL injection vulnerability in the password reset functionality in Pearson eSIS Enterprise Student Information System, possibly 3.3.0.13 and earlier, allows remote attackers to execute arbitrary SQL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Esis Enterprise Student Information System
NVD VulDB
CVSS 2.0
7.5
EPSS
0.2%
CVE-2014-2129 HIGH This Week

The SIP inspection engine in Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.48), 8.4 before 8.4(6.5), 9.0 before 9.0(3.1), and 9.1 before 9.1(2.5) allows remote attackers to cause. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance Software
NVD VulDB
CVSS 2.0
7.1
EPSS
0.4%
CVE-2013-3252 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the options admin page in the WP-PostViews plugin before 1.63 for WordPress allows remote attackers to hijack the authentication of administrators. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF WordPress Wp Postviews
NVD VulDB
CVSS 2.0
6.8
EPSS
0.2%
CVE-2013-2699 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the underConstruction plugin before 1.09 for WordPress allows remote attackers to hijack the authentication of administrators for requests that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF WordPress Underconstruction
NVD VulDB
CVSS 2.0
6.8
EPSS
0.2%
CVE-2013-2693 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the Options in the WP-Print plugin before 2.52 for WordPress allows remote attackers to hijack the authentication of administrators for requests. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF WordPress Wp Print
NVD VulDB
CVSS 2.0
6.8
EPSS
0.2%
CVE-2013-3251 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the qTranslate plugin 2.5.34 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF WordPress Qtranslate
NVD VulDB
CVSS 2.0
6.8
EPSS
0.2%
CVE-2012-4921 MEDIUM This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the DVS Custom Notification plugin 1.0.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

XSS CSRF WordPress Dvs Custom Notification
NVD VulDB
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-6468 MEDIUM This Month

JBoss Drools, Red Hat JBoss BRMS before 6.0.1, and Red Hat JBoss BPM Suite before 6.0.1 allows remote authenticated users to execute arbitrary Java code via a (1) MVFLEX Expression Language (MVEL) or. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java RCE Code Injection Red Hat Jboss Bpm Suite +2
NVD VulDB
CVSS 2.0
6.5
EPSS
0.5%
CVE-2014-0908 MEDIUM This Month

The User Attribute implementation in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.2, and 8.5.x through 8.5.0.1 does not verify authorization for read or write access. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

IBM Privilege Escalation Business Process Manager
NVD VulDB
CVSS 2.0
6.0
EPSS
0.5%
CVE-2013-0740 MEDIUM This Month

Open redirect vulnerability in Dell OpenManage Server Administrator (OMSA) before 7.3.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Open Redirect Dell Openmanage Server Administrator
NVD VulDB
CVSS 2.0
5.8
EPSS
0.3%
CVE-2013-7366 MEDIUM This Month

The SAP Software Deployment Manager (SDM), in certain unspecified conditions, allows remote attackers to cause a denial of service via vectors related to failed authentications. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service SAP Authentication Bypass Software Deployment Manager
NVD VulDB
CVSS 2.0
5.0
EPSS
1.1%
CVE-2014-2749 MEDIUM This Month

The HANA ICM process in SAP HANA allows remote attackers to obtain the platform version, host name, instance number, and possibly other sensitive information via a malformed HTTP GET request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Hana
NVD VulDB
CVSS 2.0
5.0
EPSS
0.5%
CVE-2013-7361 MEDIUM This Month

Directory traversal vulnerability in SAP CMS and CM Services allows attackers to upload arbitrary files via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal SAP Cm Services Cms Services
NVD VulDB
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-7356 MEDIUM This Month

Unspecified vulnerability in the SAP CCMS / Database Monitors for Oracle allows attackers to obtain the database password via unknown vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Oracle Ccms Database Monitor
NVD VulDB
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-7359 MEDIUM This Month

Unspecified vulnerability in SAP Mobile Infrastructure allows remote attackers to obtain sensitive port information via unknown vectors, related to an "internal port scanning" issue. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Mobile Infrastructure
NVD VulDB
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-7358 MEDIUM This Month

Unspecified vulnerability in SAP Guided Procedures Archive Monitor allows remote attackers to obtain usernames, roles, profiles, and possibly other identity information via unknown vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Guided Procedures Archive Monitor
NVD VulDB
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-7357 MEDIUM This Month

Unspecified vulnerability in the configuration service in SAP J2EE Engine allows remote attackers to obtain credential information via unknown vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP J2Ee Engine
NVD VulDB
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-2128 MEDIUM This Month

The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.47, 8.3 before 8.3(2.40), 8.4 before 8.4(7.3), 8.6 before 8.6(1.13), 9.0 before 9.0(3.8), and 9.1. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Adaptive Security Appliance Software
NVD VulDB
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-7365 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in SAP Enterprise Portal allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS SAP Enterprise Portal
NVD VulDB
CVSS 2.0
4.3
EPSS
0.5%
CVE-2012-6132 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the otk parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Roundup
NVD VulDB
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-0165 MEDIUM This Month

WordPress before 3.7.2 and 3.8.x before 3.8.2 allows remote authenticated users to publish posts by leveraging the Contributor role, related to wp-admin/includes/post.php and. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Privilege Escalation PHP
NVD VulDB
CVSS 2.0
4.0
EPSS
0.5%
CVE-2014-2141 MEDIUM This Month

The session-termination functionality on Cisco ONS 15454 controller cards with software 9.6 and earlier does not initialize an unspecified pointer, which allows remote authenticated users to cause a. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Buffer Overflow Cisco Ons 15454 System Software Ons 15454
NVD VulDB
CVSS 2.0
4.0
EPSS
0.4%
CVE-2014-0920 MEDIUM This Month

IBM SPSS Analytic Server 1.0 before IF002 and 1.0.1 before IF004 logs cleartext passwords, which allows remote authenticated users to obtain sensitive information via unspecified vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Spss Analytic Server
NVD VulDB
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-2033 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allows remote authenticated users with. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable.

XSS Jenkins
NVD VulDB
CVSS 2.0
2.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy