Skip to main content
CVE-2014-0358 HIGH POC THREAT Act Now

Multiple directory traversal vulnerabilities in Xangati XSR before 11 and XNR before 7 allow remote attackers to read arbitrary files via a .. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.0%.

Path Traversal Xangati Software Release Xangati Xnr
NVD Exploit-DB VulDB
CVSS 2.0
7.8
EPSS
12.0%
CVE-2014-0107 HIGH PATCH This Week

The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Java Apache Xalan Java Webcenter Sites
NVD VulDB
CVSS 2.0
7.5
EPSS
8.8%
CVE-2014-0356 HIGH This Week

The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 allows remote attackers to execute arbitrary code via shell metacharacters in input to the (1) detectWeather, (2). Rated high severity (CVSS 7.9). No vendor patch available.

Command Injection Zyxel RCE N300 Netusb Nbg 419N Firmware N300 Netusb Nbg 419N
NVD VulDB
CVSS 2.0
7.9
EPSS
0.7%
CVE-2014-2842 HIGH This Week

Juniper ScreenOS 6.3 and earlier allows remote attackers to cause a denial of service (crash and restart or failover) via a malformed SSL/TLS packet. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Juniper Denial Of Service Screenos
NVD VulDB
CVSS 2.0
7.8
EPSS
0.9%
CVE-2014-2828 HIGH PATCH This Week

The V3 API in OpenStack Identity (Keystone) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service (CPU consumption) via a large number of the. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Denial Of Service Authentication Bypass Keystone
NVD VulDB
CVSS 2.0
7.8
EPSS
0.9%
CVE-2014-0355 HIGH This Week

Multiple stack-based buffer overflows on the ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 allow man-in-the-middle attackers to execute arbitrary code via (1) a long temp. Rated high severity (CVSS 7.9). No vendor patch available.

Zyxel Buffer Overflow RCE N300 Netusb Nbg 419N Firmware N300 Netusb Nbg 419N
NVD VulDB
CVSS 2.0
7.9
EPSS
0.2%
CVE-2014-0354 HIGH This Week

The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 has a hardcoded password of qweasdzxc for an unspecified account, which allows remote attackers to obtain index.asp login. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Zyxel Authentication Bypass N300 Netusb Nbg 419N Firmware N300 Netusb Nbg 419N
NVD VulDB
CVSS 2.0
7.8
EPSS
0.2%
CVE-2014-0342 HIGH This Week

Multiple unrestricted file upload vulnerabilities in fileupload.php in PivotX before 2.3.9 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .php or (2). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload Pivotx
NVD VulDB
CVSS 2.0
7.5
EPSS
1.5%
CVE-2014-2868 HIGH This Week

PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to modify the flow of execution of ColdFusion code by using an HTTP GET request to set a ColdFusion variable. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Commonspot Content Server
NVD VulDB
CVSS 2.0
7.5
EPSS
1.3%
CVE-2014-2865 HIGH This Week

PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to bypass intended access restrictions via a '\0' character, as demonstrated by using this character within a pathname. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Commonspot Content Server
NVD VulDB
CVSS 2.0
7.5
EPSS
0.3%
CVE-2014-2859 HIGH This Week

PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to bypass intended access restrictions via a direct request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Commonspot Content Server
NVD VulDB
CVSS 2.0
7.5
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy