Skip to main content
CVE-2014-0515 CRITICAL POC PATCH THREAT Act Now

Buffer overflow in Adobe Flash Player before 11.7.700.279 and 11.8.x through 13.0.x before 13.0.0.206 on Windows and OS X, and before 11.2.202.356 on Linux, allows remote attackers to execute. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 92.6%.

Adobe Buffer Overflow RCE Microsoft Flash Player
NVD Exploit-DB VulDB
CVSS 2.0
10.0
EPSS
92.6%
Threat
6.3
CVE-2014-0112 HIGH POC PATCH THREAT Act Now

ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 91.4%.

RCE Privilege Escalation Apache Struts
NVD Exploit-DB VulDB
CVSS 2.0
7.5
EPSS
91.4%
Threat
5.7
CVE-2014-0113 HIGH POC PATCH THREAT Act Now

CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 82.1%.

RCE Privilege Escalation Apache Struts
NVD Exploit-DB VulDB
CVSS 2.0
7.5
EPSS
82.1%
Threat
5.5
CVE-2013-1804 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion before 7.02.06 allow remote attackers to inject arbitrary web script or HTML via the (1) highlight parameter to forum/viewthread.php;. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Php Fusion
NVD Exploit-DB VulDB
CVSS 2.0
4.3
EPSS
8.7%
CVE-2014-1841 MEDIUM POC This Month

Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to copy an arbitrary user's home folder via a Move action with a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Titan Ftp Server
NVD Exploit-DB VulDB
CVSS 2.0
5.0
EPSS
3.8%
CVE-2014-1843 MEDIUM POC This Month

Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to obtain the property information of an arbitrary home folder via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Titan Ftp Server
NVD Exploit-DB VulDB
CVSS 2.0
5.0
EPSS
3.6%
CVE-2014-1842 MEDIUM POC This Month

Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to list all usernames via a Go action with a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Titan Ftp Server
NVD Exploit-DB VulDB
CVSS 2.0
5.0
EPSS
2.4%
CVE-2013-7372 MEDIUM POC PATCH This Month

The engineNextBytes function in classlib/modules/security/src/main/java/common/org/apache/harmony/security/provider/crypto/SHA1PRNG_SecureRandomImpl.java in the SecureRandom implementation in Apache. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Google Information Disclosure Java Apache Harmony +1
NVD VulDB
CVSS 2.0
5.0
EPSS
0.7%
CVE-2013-7111 MEDIUM POC This Month

The put_call function in the API client (api/api_client.rb) in the BaseSpace Ruby SDK (aka bio-basespace-sdk) gem 0.1.7 for Ruby uses the API_KEY on the command line, which allows remote attackers to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Basespace Ruby Sdk
NVD VulDB
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-0088 HIGH PATCH This Week

The SPDY implementation in the ngx_http_spdy_module module in nginx 1.5.10 before 1.5.11, when running on a 32-bit platform, allows remote attackers to execute arbitrary code via a crafted request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Nginx RCE Buffer Overflow
NVD VulDB
CVSS 2.0
7.5
EPSS
2.6%
CVE-2013-7235 HIGH This Week

Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows remote attackers to impersonate arbitrary users via multiple space characters characters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Simple Machines Forum
NVD VulDB
CVSS 2.0
7.5
EPSS
0.7%
CVE-2013-7236 HIGH This Week

Simple Machines Forum (SMF) 2.0.6, 1.1.19, and earlier allows remote attackers to impersonate arbitrary users via a Unicode homoglyph character in a username. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Simple Machines Forum
NVD VulDB
CVSS 2.0
7.5
EPSS
0.6%
CVE-2013-7134 HIGH This Week

Juvia uses the same secret key for all installations, which allows remote attackers to have unspecified impact by leveraging the secret key in app/config/initializers/secret_token.rb, related to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Juvia
NVD GitHub VulDB
CVSS 2.0
7.5
EPSS
0.5%
CVE-2013-7373 HIGH This Week

Android before 4.4 does not properly arrange for seeding of the OpenSSL PRNG, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging use of the PRNG within. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

OpenSSL Google Information Disclosure Android
NVD VulDB
CVSS 2.0
7.5
EPSS
0.2%
CVE-2013-7284 MEDIUM PATCH This Month

The PlRPC module, possibly 0.2020 and earlier, for Perl uses the Storable module, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Pirpc
NVD VulDB
CVSS 2.0
6.8
EPSS
2.2%
CVE-2013-7302 MEDIUM PATCH This Month

Session fixation vulnerability in the Ubercart module 6.x-2.x before 6.x-2.13 and 7.x-3.x before 7.x-3.6 for Drupal, when the "Log in new customers after checkout" option is enabled, allows remote. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Ubercart
NVD VulDB
CVSS 2.0
6.8
EPSS
0.4%
CVE-2013-7259 MEDIUM PATCH This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Neo4J 1.9.2 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary code, as. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection RCE CSRF Neo4j
NVD GitHub VulDB
CVSS 2.0
6.8
EPSS
0.3%
CVE-2014-2183 MEDIUM This Month

The L2TP module in Cisco IOS XE 3.10S(.2) and earlier on ASR 1000 routers allows remote authenticated users to cause a denial of service (ESP card reload) via a malformed L2TP packet, aka Bug ID. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Cisco Denial Of Service Ios Xe Asr 1001 +7
NVD VulDB
CVSS 2.0
6.3
EPSS
0.3%
CVE-2014-2182 MEDIUM This Month

Cisco Adaptive Security Appliance (ASA) Software, when DHCPv6 replay is configured, allows remote attackers to cause a denial of service (device reload) via a crafted DHCPv6 packet, aka Bug ID. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance Software
NVD VulDB
CVSS 2.0
6.1
EPSS
0.6%
CVE-2013-7065 MEDIUM PATCH This Month

The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to bypass access restrictions and post to arbitrary groups via a group audience field, as demonstrated by the. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Privilege Escalation Organic Groups
NVD VulDB
CVSS 2.0
5.8
EPSS
0.2%
CVE-2014-2184 MEDIUM This Month

The IP Manager Assistant (IPMA) component in Cisco Unified Communications Manager (Unified CM) allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCun74352. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Unified Communications Manager
NVD VulDB
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-7063 MEDIUM This Month

The Invitation module 7.x-2.x for Drupal does not properly check permissions, which allows remote attackers to obtain sensitive information via unspecified default views. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Invitation
NVD VulDB
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-7068 MEDIUM PATCH This Month

The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users to bypass group restrictions on nodes with all groups set to optional input via an empty group field. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable.

Privilege Escalation Organic Groups
NVD VulDB
CVSS 2.0
4.9
EPSS
0.2%
CVE-2013-7220 MEDIUM This Month

js/ui/screenShield.js in GNOME Shell (aka gnome-shell) before 3.8 allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation with the keyboard focus. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Gnome Shell
NVD GitHub VulDB
CVSS 2.0
4.6
EPSS
0.1%
CVE-2013-7221 MEDIUM This Month

The automatic screen lock functionality in GNOME Shell (aka gnome-shell) before 3.10 does not prevent access to the "Enter a Command" dialog, which allows physically proximate attackers to execute. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Gnome Shell
NVD VulDB
CVSS 2.0
4.6
EPSS
0.1%
CVE-2014-2853 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in includes/actions/InfoAction.php in MediaWiki before 1.21.9 and 1.22.x before 1.22.6 allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS PHP Mediawiki
NVD GitHub VulDB
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-7234 MEDIUM This Month

Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows remote attackers to conduct clickjacking attacks via an X-Frame-Options header. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Simple Machines Forum
NVD VulDB
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-7066 MEDIUM PATCH This Month

The Entity reference module 7.x-1.x before 7.x-1.1-rc1 for Drupal allows remote attackers to read private nodes titles by leveraging edit permissions to a node that references a private node. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Privilege Escalation Entityreference
NVD VulDB
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-2185 MEDIUM This Month

The Call Detail Records (CDR) Management component in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive information by reading extraneous fields. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Unified Communications Manager
NVD VulDB
CVSS 2.0
4.0
EPSS
0.2%
CVE-2014-2180 MEDIUM This Month

The Document Management component in Cisco Unified Contact Center Express does not properly validate a parameter, which allows remote authenticated users to upload files to arbitrary pathnames via a. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Unified Contact Center Enterprise Unified Contact Center Express Editor Software
NVD VulDB
CVSS 2.0
4.0
EPSS
0.1%
CVE-2013-7064 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the EU Cookie Compliance module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated administrators with the "Administer EU Cookie Compliance. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable.

XSS Eu Cookie Compliance
NVD VulDB
CVSS 2.0
2.1
EPSS
0.2%
CVE-2013-7273 LOW Monitor

GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list is set to true, allows local users to cause a denial of service (unable to login) by pressing the cancel button after entering a. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Gnome Display Manager
NVD VulDB
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy