Skip to main content
CVE-2013-1806 MEDIUM POC PATCH THREAT This Month

Multiple directory traversal vulnerabilities in PHP-Fusion before 7.02.06 allow remote authenticated users to include and execute arbitrary files via a .. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 19.6%.

Path Traversal PHP Php Fusion
NVD Exploit-DB VulDB
CVSS 2.0
6.5
EPSS
19.6%
CVE-2013-1807 MEDIUM POC PATCH THREAT This Month

PHP-Fusion before 7.02.06 stores backup files with predictable filenames in an unrestricted directory under the web document root, which might allow remote attackers to obtain sensitive information. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 18.0%.

Privilege Escalation Php Fusion
NVD Exploit-DB VulDB
CVSS 2.0
5.0
EPSS
18.0%
CVE-2014-1520 MEDIUM POC This Month

maintenservice_installer.exe in the Maintenance Service Installer in Mozilla Firefox before 29.0 and Firefox ESR 24.x before 24.5 on Windows allows local users to gain privileges by placing a Trojan. Rated medium severity (CVSS 6.9). Public exploit code available and no vendor patch available.

Mozilla Privilege Escalation Microsoft Firefox Fedora
NVD
CVSS 2.0
6.9
EPSS
0.0%
CVE-2014-1526 MEDIUM PATCH This Month

The XrayWrapper implementation in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that is. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Mozilla Privilege Escalation Firefox Seamonkey Ubuntu Linux +2
NVD VulDB
CVSS 2.0
6.8
EPSS
0.7%
CVE-2014-2186 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco WebEx Meetings Server allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj81777. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Cisco Webex Meetings Server
NVD VulDB
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-2565 MEDIUM This Month

The commandline interface in Blue Coat Content Analysis System (CAS) 1.1 before 1.1.4.2 allows remote administrators to execute arbitrary commands via unspecified vectors, related to "command. Rated medium severity (CVSS 6.5). No vendor patch available.

Command Injection Content Analysis System Software Content Analysis System
NVD VulDB
CVSS 2.0
6.5
EPSS
0.6%
CVE-2014-1523 MEDIUM This Month

Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Mozilla Buffer Overflow Firefox +14
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2014-1957 MEDIUM This Month

FortiGuard FortiWeb before 5.0.3 allows remote authenticated users to gain privileges via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Fortinet Fortiweb
NVD VulDB
CVSS 2.0
6.5
EPSS
0.4%
CVE-2014-1530 MEDIUM This Month

The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mozilla Firefox Seamonkey Thunderbird +12
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2014-0363 MEDIUM This Month

The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, which allows. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Smack
NVD VulDB
CVSS 2.0
5.8
EPSS
0.9%
CVE-2014-1527 MEDIUM This Month

Mozilla Firefox before 29.0 on Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses DOM events to prevent the reemergence of the actual address bar after. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Google Information Disclosure Fedora Firefox +1
NVD VulDB
CVSS 2.0
5.0
EPSS
0.8%
CVE-2014-3129 MEDIUM This Month

The Java Server Pages in the Software Lifecycle Manager (SLM) in SAP NetWeaver allows remote attackers to obtain sensitive information via a crafted request, related to SAP Solution Manager 7.1. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Java Netweaver Software Lifecycle Manager
NVD VulDB
CVSS 2.0
5.0
EPSS
0.7%
CVE-2014-0364 MEDIUM This Month

The ParseRoster component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify the from attribute of a roster-query IQ stanza, which allows remote attackers to spoof IQ responses. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Smack
NVD VulDB
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-3133 MEDIUM This Month

SAP Netweaver Java Application Server does not properly restrict access, which allows remote attackers to obtain the list of SAP systems registered on an SLD via an unspecified webdynpro, related to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation SAP Java Netweaver Java Application Server
NVD VulDB
CVSS 2.0
5.0
EPSS
0.4%
CVE-2013-6445 MEDIUM This Month

Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, uses the DES-based crypt function to hash passwords, which makes it easier for attackers to obtain sensitive information via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Information Disclosure Enterprise Mrg
NVD VulDB
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-0471 MEDIUM This Month

Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Dpkg Ubuntu Linux
NVD VulDB
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-2545 MEDIUM This Month

TIBCO Managed File Transfer Internet Server before 7.2.2, Managed File Transfer Command Center before 7.2.2, Slingshot before 1.9.1, and Vault before 1.0.1 allow remote attackers to obtain sensitive. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Managed File Transfer Internet Server Information Disclosure Hashicorp Slingshot Vault +1
NVD VulDB
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-1956 MEDIUM This Month

CRLF injection vulnerability in FortiGuard FortiWeb before 5.0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Fortinet Fortiweb
NVD VulDB
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-3130 MEDIUM This Month

The ABAP Help documentation and translation tools (BC-DOC-HLP) in Basis in SAP Netweaver ABAP Application Server does not properly restrict access, which allows local users to gain privileges and. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation SAP Netweaver Abap Application Server
NVD VulDB
CVSS 2.0
4.6
EPSS
0.1%
CVE-2014-3135 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 5.1.1 Alpha 9 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to privatemessage/new/, (2) the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Vbulletin
NVD VulDB
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-3134 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the InfoView application in SAP BusinessObjects allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS SAP Businessobjects
NVD VulDB
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-1955 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in FortiGuard FortiWeb before 5.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Fortinet Fortiweb
NVD VulDB
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-3132 MEDIUM This Month

SAP Background Processing does not properly restrict access, which allows remote authenticated users to obtain sensitive information via an unspecified RFC function, related to SAP Solution Manager. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation SAP Background Processing
NVD VulDB
CVSS 2.0
4.0
EPSS
0.3%
CVE-2014-3131 MEDIUM This Month

SAP Profile Maintenance does not properly restrict access, which allows remote authenticated users to obtain sensitive information via an unspecified RFC function, related to SAP Solution Manager 7.1. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation SAP Profile Maintenance
NVD VulDB
CVSS 2.0
4.0
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy