Skip to main content
CVE-2013-5948 HIGH POC THREAT Act Now

The Network Analysis tab (Main_Analysis_Content.asp) in the ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote authenticated users to execute arbitrary. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 43.8%.

Command Injection Tm Ac1900 Rt Ac68U Firmware Rt Ac68U
NVD Exploit-DB VulDB
CVSS 2.0
8.5
EPSS
43.8%
Threat
4.5
CVE-2014-1216 HIGH POC PATCH This Week

FitNesse Wiki 20131110, 20140201, and earlier allows remote attackers to execute arbitrary commands by defining a COMMAND_PATTERN and TEST_RUNNER in the pageContent parameter when editing a page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Fitnesse Wiki
NVD Exploit-DB VulDB
CVSS 2.0
7.5
EPSS
6.6%
CVE-2013-7338 HIGH POC PATCH This Week

Python before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip file to the (1) ZipExtFile.read,. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Python Mac Os X
NVD VulDB
CVSS 2.0
7.1
EPSS
7.8%
CVE-2014-2892 HIGH POC PATCH This Week

Heap-based buffer overflow in the get_answer function in mmsh.c in libmms before 0.6.4 allows remote attackers to execute arbitrary code via a long line in an MMS over HTTP (MMSH) server response. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Buffer Overflow Libmms
NVD VulDB
CVSS 2.0
7.5
EPSS
5.1%
CVE-2014-2341 MEDIUM POC This Month

Session fixation vulnerability in CubeCart before 5.2.9 allows remote attackers to hijack web sessions via the PHPSESSID parameter. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Authentication Bypass Cubecart
NVD Exploit-DB VulDB
CVSS 2.0
6.8
EPSS
5.1%
CVE-2014-2269 MEDIUM POC PATCH This Month

modules/Users/ForgotPassword.php in vTiger 6.0 before Security Patch 2 allows remote attackers to reset the password for arbitrary users via a request containing the username, password, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Information Disclosure Vtiger Crm
NVD VulDB
CVSS 2.0
6.4
EPSS
3.6%
CVE-2014-1615 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Carbon Black before 4.1.0 allow remote attackers to hijack the authentication of administrators for requests that add new administrative. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Carbon Black
NVD VulDB
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-2654 MEDIUM POC This Month

Multiple SQL injection vulnerabilities in MobFox mAdserve 2.0 and earlier allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) edit_ad_unit.php, (2). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Madserve
NVD VulDB
CVSS 2.0
6.5
EPSS
0.4%
CVE-2013-6370 MEDIUM POC PATCH This Month

Buffer overflow in the printbuf APIs in json-c before 0.12 allows remote attackers to cause a denial of service via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Json C Fedora
NVD GitHub VulDB
CVSS 2.0
5.0
EPSS
2.9%
CVE-2014-2890 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the wrap_html function in MyID.php in phpMyID 0.9 allows remote attackers to inject arbitrary web script or HTML via the openid_error parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Phpmyid
NVD VulDB
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-2925 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Advanced_Wireless_Content.asp in ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Tm Ac1900 Rt Ac68U Firmware Rt Ac68U
NVD VulDB
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-1421 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar before 1.2.5, 1.2.6, and other versions before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Webcalendar
NVD VulDB
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-2737 HIGH This Week

SQL injection vulnerability in the get_active_session function in the KTAPI_UserSession class in webservice/clienttools/services/mdownload.php in KnowledgeTree 3.7.0.2 and earlier allows remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Knowledgetree
NVD VulDB
CVSS 2.0
7.5
EPSS
0.3%
CVE-2013-2105 LOW POC Monitor

The Show In Browser (show_in_browser) gem 0.0.3 for Ruby allows local users to inject arbitrary web script or HTML via a symlink attack on /tmp/browser.html. Rated low severity (CVSS 3.3). Public exploit code available and no vendor patch available.

Code Injection Show In Browser
NVD VulDB
CVSS 2.0
3.3
EPSS
0.1%
CVE-2014-2659 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the admin UI in Papercut MF and NG before 14.1 (Build 26983) allows remote attackers to hijack the authentication of administrators via unspecified. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Papercut Mf Papercut Ng
NVD VulDB
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-6469 MEDIUM This Month

JBoss Overlord Run Time Governance (RTGov) 1.0 for JBossAS allows remote authenticated users to execute arbitrary Java code via an MVFLEX Expression Language (MVEL) expression. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java RCE Code Injection Jboss Fuse Service Works Jboss Overlord Run Time Governance
NVD VulDB
CVSS 2.0
6.5
EPSS
0.5%
CVE-2014-2719 MEDIUM This Month

Advanced_System_Content.asp in the ASUS RT series routers with firmware before 3.0.0.4.374.5517, when an administrator session is active, allows remote authenticated users to obtain the administrator. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Rt Ac66U Firmware Rt Ac68U Firmware Rt N10E Firmware Rt N14U Firmware +6
NVD VulDB
CVSS 2.0
6.3
EPSS
0.3%
CVE-2014-0173 MEDIUM This Month

The Jetpack plugin before 1.9 before 1.9.4, 2.0.x before 2.0.9, 2.1.x before 2.1.4, 2.2.x before 2.2.7, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.2, 2.6.x before 2.6.3, 2.7.x before. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

WordPress Privilege Escalation Jetpack
NVD VulDB
CVSS 2.0
5.8
EPSS
0.7%
CVE-2014-2900 MEDIUM This Month

wolfSSL CyaSSL before 2.9.4 does not properly validate X.509 certificates with unknown critical extensions, which allows man-in-the-middle attackers to spoof servers via crafted X.509 certificate. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Cyassl
NVD VulDB
CVSS 2.0
5.8
EPSS
0.3%
CVE-2014-2735 MEDIUM This Month

WinSCP before 5.5.3, when FTP with TLS is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate,. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Winscp
NVD VulDB
CVSS 2.0
5.8
EPSS
0.2%
CVE-2014-2899 MEDIUM This Month

wolfSSL CyaSSL before 2.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via (1) a request for the peer certificate when a certificate parsing failure occurs or (2). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cyassl
NVD VulDB
CVSS 2.0
5.0
EPSS
0.9%
CVE-2013-6371 MEDIUM PATCH This Month

The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted JSON data, involving collisions. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Json C Fedora
NVD GitHub VulDB
CVSS 2.0
5.0
EPSS
0.4%
CVE-2013-2187 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Apache Archiva
NVD VulDB
CVSS 2.0
4.3
EPSS
1.1%
CVE-2013-4116 LOW PATCH Monitor

lib/npm.js in Node Packaged Modules (npm) before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking. Rated low severity (CVSS 3.3).

Information Disclosure Node.js Node Packaged Modules
NVD GitHub VulDB
CVSS 2.0
3.3
EPSS
0.1%
CVE-2013-4472 LOW Monitor

The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on. Rated low severity (CVSS 3.3). No vendor patch available.

Information Disclosure Poppler
NVD VulDB
CVSS 2.0
3.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy