Skip to main content
CVE-2014-0787 CRITICAL POC THREAT Emergency

Stack-based buffer overflow in WellinTech KingSCADA before 3.1.2.13 allows remote attackers to execute arbitrary code via a crafted packet. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 50.9%.

RCE Stack Overflow Buffer Overflow Kingscada
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
50.9%
Threat
5.0
CVE-2014-0763 HIGH POC THREAT Act Now

An attacker using SQL injection may use arguments to construct queries without proper sanitization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 57.9%.

RCE SQLi Advantech Webaccess
NVD VulDB
CVSS 2.0
7.5
EPSS
57.9%
Threat
4.7
CVE-2014-2389 CRITICAL POC THREAT Emergency

Stack-based buffer overflow in a certain decryption function in qconnDoor on BlackBerry Z10 devices with software 10.1.0.2312, when developer-mode has been previously enabled, allows remote attackers. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 14.6%.

RCE Buffer Overflow Blackberry Os Blackberry Z10
NVD VulDB
CVSS 2.0
9.3
EPSS
14.6%
CVE-2014-0349 CRITICAL Act Now

Multiple unspecified vulnerabilities in J2k-Codec allow remote attackers to execute arbitrary code via a crafted JPEG 2000 file. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE J2K Codec
NVD VulDB
CVSS 2.0
10.0
EPSS
4.3%
CVE-2014-0768 HIGH This Week

An attacker may pass an overly long value from the AccessCode2 argument to the control to overflow the static stack buffer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Stack Overflow Buffer Overflow Advantech Webaccess
NVD VulDB
CVSS 2.0
7.5
EPSS
1.2%
CVE-2014-0767 HIGH This Week

An attacker may exploit this vulnerability by passing an overly long value from the AccessCode argument to the control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Advantech Webaccess
NVD VulDB
CVSS 2.0
7.5
EPSS
1.2%
CVE-2014-0766 HIGH This Week

An attacker can exploit this vulnerability by copying an overly long NodeName2 argument into a statically sized buffer on the stack to overflow the static stack buffer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Stack Overflow Buffer Overflow Advantech Webaccess
NVD VulDB
CVSS 2.0
7.5
EPSS
1.2%
CVE-2014-0765 HIGH This Week

To exploit this vulnerability, the attacker sends data from the GotoCmd argument to control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Stack Overflow Buffer Overflow Advantech Webaccess
NVD VulDB
CVSS 2.0
7.5
EPSS
1.2%
CVE-2014-0764 HIGH This Week

By providing an overly long string to the NodeName parameter, an attacker may be able to overflow the static stack buffer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Advantech Webaccess
NVD VulDB
CVSS 2.0
7.5
EPSS
1.2%
CVE-2014-0770 HIGH This Week

By providing an overly long string to the UserName parameter, an attacker may be able to overflow the static stack buffer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Advantech Webaccess
NVD VulDB
CVSS 2.0
7.5
EPSS
1.1%
CVE-2014-0773 HIGH This Week

The BWOCXRUN.BwocxrunCtrl.1 control contains a method named “CreateProcess.” This method contains validation to ensure an attacker cannot run arbitrary command lines. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Microsoft Advantech Webaccess
NVD VulDB
CVSS 2.0
7.5
EPSS
0.4%
CVE-2014-0771 HIGH This Week

The BWOCXRUN.BwocxrunCtrl.1 control contains a method named “OpenUrlToBuffer.” This method takes a URL as a parameter and returns its contents to the caller in JavaScript. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Advantech Webaccess
NVD VulDB
CVSS 2.0
7.5
EPSS
0.3%
CVE-2013-2809 HIGH This Week

The DNP Master Driver in the OSIsoft PI Interface before 3.1.2.54 for DNP3 allows remote attackers to cause a denial of service (interface shutdown) via a crafted TCP packet. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Pi Interface
NVD VulDB
CVSS 2.0
7.1
EPSS
0.6%
CVE-2014-2139 MEDIUM This Month

Cisco ONS 15454 controller cards with software 9.6 and earlier allow remote attackers to cause a denial of service (flash write outage) via a TCP FIN attack that triggers file-descriptor exhaustion,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Cisco Ons 15454 System Software Ons 15454
NVD VulDB
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-2140 MEDIUM This Month

Cisco ONS 15454 controller cards with software 9.6 and earlier allow remote attackers to cause a denial of service (card reset) via a TCP FIN attack that triggers file-descriptor exhaustion and a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Cisco Ons 15454 System Software Ons 15454
NVD VulDB
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-0772 MEDIUM This Month

The BWOCXRUN.BwocxrunCtrl.1 control contains a method named OpenUrlToBufferTimeout. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Advantech Webaccess
NVD VulDB
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-2142 MEDIUM This Month

Cisco ONS 15454 controller cards with software 10.0 and earlier allow remote attackers to cause a denial of service (card reload) via a crafted HTTP URI, aka Bug ID CSCun06870. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Cisco Ons 15454 System Software Ons 15454 System Software Ons 15454
NVD VulDB
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-2828 MEDIUM This Month

The DNP Master Driver in the OSIsoft PI Interface before 3.1.2.54 for DNP3 allows physically proximate attackers to cause a denial of service (interface shutdown) via crafted input over a serial line. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Pi Interface
NVD VulDB
CVSS 2.0
4.7
EPSS
0.1%
CVE-2014-0347 LOW Monitor

The Settings module in Websense Triton Unified Security Center 7.7.3 before Hotfix 31, Web Filter 7.7.3 before Hotfix 31, Web Security 7.7.3 before Hotfix 31, Web Security Gateway 7.7.3 before Hotfix. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Triton Unified Security Center Triton Web Filter Triton Web Security Triton Web Security Gateway +1
NVD VulDB
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-6216 LOW Monitor

Unspecified vulnerability in HP Array Configuration Utility, Array Diagnostics Utility, ProLiant Array Diagnostics, and SmartSSD Wear Gauge Utility 9.40 and earlier allows local users to gain. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

HP Information Disclosure Array Configuration Utility Array Diagnostics Utility Proliant Array Diagnostics +1
NVD VulDB
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy