Skip to main content
CVE-2014-2849 HIGH POC THREAT Act Now

The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 76.5%.

Sophos Privilege Escalation Web Appliance Firmware Web Appliance
NVD Exploit-DB VulDB
CVSS 2.0
8.5
EPSS
76.5%
Threat
5.5
CVE-2014-2850 HIGH POC THREAT Act Now

The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 75.7%.

Command Injection Sophos Web Appliance Firmware Web Appliance
NVD Exploit-DB VulDB
CVSS 2.0
8.5
EPSS
75.7%
Threat
5.5
CVE-2014-2744 HIGH POC This Week

plugins/mod_compression.lua in (1) Prosody before 0.9.4 and (2) Lightwitch Metronome through 3.4 negotiates stream compression while a session is unauthenticated, which allows remote attackers to. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Metronome Prosody
NVD VulDB
CVSS 2.0
7.8
EPSS
2.2%
CVE-2014-2743 HIGH POC This Week

plugins/mod_compression.lua in Lightwitch Metronome through 3.4 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Privilege Escalation Metronome
NVD VulDB
CVSS 2.0
7.8
EPSS
0.8%
CVE-2014-2829 HIGH POC PATCH This Week

Erlang Solutions MongooseIM through 1.3.1 rev. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Privilege Escalation Mongooseim
NVD GitHub VulDB
CVSS 2.0
7.8
EPSS
0.5%
CVE-2014-2540 HIGH POC This Week

SQL injection vulnerability in OrbitScripts Orbit Open Ad Server before 1.1.1 allows remote attackers to execute arbitrary SQL commands via the site_directory_sort_field parameter to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Orbit Open Ad Server
NVD Exploit-DB VulDB
CVSS 2.0
7.5
EPSS
1.7%
CVE-2014-2847 HIGH POC This Week

SQL injection vulnerability in default.asp in CIS Manager CMS allows remote attackers to execute arbitrary SQL commands via the TroncoID parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cis Manager Cms
NVD Exploit-DB VulDB
CVSS 2.0
7.5
EPSS
0.4%
CVE-2014-1985 MEDIUM POC This Month

Open redirect vulnerability in the redirect_back_or_default function in app/controllers/application_controller.rb in Redmine before 2.4.5 and 2.5.x before 2.5.1 allows remote attackers to redirect. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Open Redirect Redmine
NVD GitHub VulDB
CVSS 2.0
5.8
EPSS
1.8%
CVE-2014-1209 CRITICAL Act Now

VMware vSphere Client 4.0, 4.1, 5.0 before Update 3, and 5.1 before Update 2 does not properly validate updates to Client files, which allows remote attackers to trigger the downloading and execution. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure VMware Vsphere Client
NVD VulDB
CVSS 2.0
9.3
EPSS
4.1%
CVE-2014-0777 HIGH This Week

The Modbus slave/outstation driver in the OPC Drivers 1.0.20 and earlier in IOServer OPC Server allows remote attackers to cause a denial of service (out-of-bounds read and daemon crash) via a. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Information Disclosure Buffer Overflow Ioserver Opc Server Opc Drivers
NVD
CVSS 2.0
8.3
EPSS
1.5%
CVE-2014-2741 HIGH PATCH This Week

nio/XMLLightweightParser.java in Ignite Realtime Openfire before 3.9.2 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Privilege Escalation Java Openfire
NVD VulDB
CVSS 2.0
7.8
EPSS
3.2%
CVE-2014-2746 HIGH PATCH This Week

net/IOService.java in Tigase before 5.2.1 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Privilege Escalation Java Tigase
NVD VulDB
CVSS 2.0
7.8
EPSS
2.9%
CVE-2014-2745 HIGH This Week

Prosody before 0.9.4 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream,. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Prosody
NVD VulDB
CVSS 2.0
7.8
EPSS
2.2%
CVE-2014-2742 HIGH This Week

Isode M-Link before 16.0v7 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation M Link
NVD VulDB
CVSS 2.0
7.8
EPSS
0.7%
CVE-2013-6369 MEDIUM This Month

Stack-based buffer overflow in the jbg_dec_in function in libjbig/jbig.c in JBIG-KIT before 2.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service RCE Buffer Overflow Jbig Kit
NVD VulDB
CVSS 2.0
6.8
EPSS
2.5%
CVE-2014-0172 MEDIUM PATCH This Month

Integer overflow in the check_section function in dwarf_begin_elf.c in the libdw library, as used in elfutils 0.153 and possibly through 0.158 allows remote attackers to cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Denial Of Service RCE Buffer Overflow Elfutils
NVD VulDB
CVSS 2.0
6.8
EPSS
1.8%
CVE-2014-2848 MEDIUM This Month

A race condition in the wmi_malware_scan.nbin plugin before 201402262215 for Nessus 5.2.1 allows local users to gain privileges by replacing the dissolvable agent executable in the Windows temp. Rated medium severity (CVSS 6.9). No vendor patch available.

Race Condition Information Disclosure Microsoft Nessus Plugin Set
NVD VulDB
CVSS 2.0
6.9
EPSS
0.0%
CVE-2013-2708 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the Content Slide plugin 1.4.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF WordPress Content Slide
NVD VulDB
CVSS 2.0
6.8
EPSS
0.2%
CVE-2013-2706 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the Stream Video Player plugin 1.4.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF WordPress Stream Video Player
NVD VulDB
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-1969 MEDIUM This Month

Directory traversal vulnerability in the apps4u@android SD Card Manager application before 20140224 for Android allows attackers to overwrite or create arbitrary files via a crafted filename. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal Google Sd Card Manager
NVD VulDB
CVSS 2.0
5.8
EPSS
0.2%
CVE-2014-1210 MEDIUM This Month

VMware vSphere Client 5.0 before Update 3 and 5.1 before Update 2 does not properly validate X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a crafted. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure VMware Vsphere Client
NVD VulDB
CVSS 2.0
5.8
EPSS
0.2%
CVE-2014-0636 MEDIUM This Month

EMC RSA BSAFE Micro Edition Suite (MES) 3.2.x before 3.2.6 and 4.0.x before 4.0.5 does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof SSL servers. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Bsafe Micro Edition Suite
NVD VulDB
CVSS 2.0
5.8
EPSS
0.1%
CVE-2013-4795 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Submitters list in Review Board 1.6.x before 1.6.18 and 1.7.x before 1.7.12 allows remote attackers to inject arbitrary web script or HTML via a user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Review Board
NVD VulDB
CVSS 2.0
4.3
EPSS
0.5%
CVE-2012-6131 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the @action parameter to support/issue1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Roundup
NVD VulDB
CVSS 2.0
4.3
EPSS
0.4%
CVE-2012-6130 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the history display in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via a username, related to generating a link. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Roundup
NVD VulDB
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-2333 LOW Monitor

Cross-site scripting (XSS) vulnerability in the Lazyest Gallery plugin before 1.1.21 for WordPress allows remote attackers to inject arbitrary web script or HTML via an EXIF tag. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

XSS WordPress Lazyest Gallery
NVD VulDB
CVSS 2.0
2.6
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy