Skip to main content
CVE-2014-0780 CRITICAL POC KEV PATCH THREAT Act Now

Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 7.1 before SP2 Patch 4 allows remote attackers to read administrative passwords in APP files, and consequently execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Path Traversal RCE
NVD Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
89.2%
Threat
7.6
CVE-2014-2908 MEDIUM POC THREAT This Month

Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 68.0%.

XSS Siemens Simatic S7 Cpu 1200 Firmware Simatic S7 Cpu 1211C Simatic S7 Cpu 1212C +3
NVD Exploit-DB VulDB
CVSS 2.0
4.3
EPSS
68.0%
Threat
4.4
CVE-2013-5660 CRITICAL POC THREAT Emergency

Buffer overflow in Power Software WinArchiver 3.2 allows remote attackers to execute arbitrary code via a crafted .zip file. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 33.7%.

RCE Buffer Overflow Winarchiver
NVD Exploit-DB VulDB
CVSS 2.0
9.3
EPSS
33.7%
Threat
4.4
CVE-2014-2996 HIGH POC THREAT Act Now

XCloner Standalone 3.5 and earlier, when enable_db_backup and sql_mem are enabled, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 13.8%.

RCE PHP Code Injection Xcloner
NVD Exploit-DB VulDB
CVSS 2.0
7.1
EPSS
13.8%
CVE-2014-2579 HIGH POC This Week

Multiple cross-site request forgery (CSRF) vulnerabilities in XCloner Standalone 3.5 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) change the. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF WordPress PHP Xcloner
NVD Exploit-DB VulDB
CVSS 2.0
7.6
EPSS
1.3%
CVE-2013-5954 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.11 and earlier allow remote attackers to hijack the authentication of administrators for requests that delete (1) users via. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF PHP Revive Adserver Openx
NVD Exploit-DB VulDB
CVSS 2.0
6.8
EPSS
3.3%
CVE-2013-4565 MEDIUM POC This Month

Heap-based buffer overflow in the __OLEdecode function in ppthtml 0.5.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted .ppt. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service RCE Buffer Overflow Ppthtml
NVD VulDB
CVSS 2.0
6.8
EPSS
2.9%
CVE-2013-4726 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to hijack the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Cm3 Acora Content Management System
NVD VulDB
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-0760 CRITICAL Act Now

The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion provide an undocumented access method involving the FTP protocol, which could. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

RCE Denial Of Service Authentication Bypass Codesys Runtime System Cecx X C1 Modular Master Controller +2
NVD VulDB
CVSS 2.0
9.3
EPSS
3.4%
CVE-2013-4723 MEDIUM POC This Month

Open redirect vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allows remote attackers to redirect users to arbitrary web sites. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Open Redirect Cm3 Acora Content Management System
NVD VulDB
CVSS 2.0
5.8
EPSS
0.3%
CVE-2014-0769 CRITICAL Act Now

The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Softmotion Cecx X M1 Modular Controller Codesys Runtime System Cecx X C1 Modular Master Controller
NVD
CVSS 2.0
9.3
EPSS
0.6%
CVE-2012-4230 MEDIUM POC This Month

The bbcode plugin in TinyMCE 3.5.8 does not properly enforce the TinyMCE security policy for the (1) encoding directive and (2) valid_elements attribute, which allows attackers to conduct cross-site. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Privilege Escalation Tinymce
NVD VulDB
CVSS 2.0
4.3
EPSS
0.6%
CVE-2013-2025 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in Ushahidi Platform 2.5.x through 2.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Ushahidi Platform
NVD GitHub VulDB
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-5956 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in includes/flvthumbnail.php in the Youtube Gallery (com_youtubegallery) component 3.4.0 for Joomla!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Com Youtubegallery
NVD VulDB
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-4722 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Admin/login/default.asp in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allow remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Cm3 Acora Content Management System
NVD VulDB
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-2729 LOW POC Monitor

Cross-site scripting (XSS) vulnerability in content.aspx in Ektron CMS 8.7 before 8.7.0.055 allows remote authenticated users to inject arbitrary web script or HTML via the category0 parameter, which. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Ektron Content Management System
NVD VulDB
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-3069 LOW POC Monitor

Multiple cross-site scripting (XSS) vulnerabilities in NETGEAR WNDR4700 with firmware 1.0.0.34 allow remote authenticated users to inject arbitrary web script or HTML via the (1) UserName or (2). Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Netgear Wndr4700 Firmware Wndr4700
NVD VulDB
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-2909 MEDIUM This Month

CRLF injection vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary HTTP headers via unspecified vectors. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Code Injection Siemens Simatic S7 Cpu 1200 Firmware Simatic S7 Cpu 1211C +4
NVD VulDB
CVSS 2.0
5.8
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy