Skip to main content
CVE-2014-3139 HIGH POC This Week

recoveryconsole/bpl/snmpd.php in Unitrends Enterprise Backup 7.3.0 allows remote attackers to bypass authentication by setting the auth parameter to a certain string. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Enterprise Backup
NVD Exploit-DB GitHub VulDB
CVSS 2.0
7.5
EPSS
4.3%
CVE-2014-2322 HIGH POC This Week

lib/string_utf_support.rb in the Arabic Prawn 0.0.1 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) downloaded_file or (2) url variable. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Arabic Prawn
NVD VulDB
CVSS 2.0
7.5
EPSS
1.0%
CVE-2014-2171 CRITICAL Act Now

Heap-based buffer overflow in Cisco TelePresence TC Software 4.x through 6.x before 6.0.1 and TE Software 4.x and 6.0.x before 6.0.2 allows remote attackers to execute arbitrary code via crafted SIP. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Buffer Overflow RCE Telepresence Te Software Telepresence Tc Software
NVD VulDB
CVSS 2.0
10.0
EPSS
7.4%
CVE-2014-3138 MEDIUM POC This Month

SQL injection vulnerability in Xerox DocuShare before 6.53 Patch 6 Hotfix 2, 6.6.1 Update 1 before Hotfix 24, and 6.6.1 Update 2 before Hotfix 3 allows remote authenticated users to execute arbitrary. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Docushare
NVD Exploit-DB VulDB
CVSS 2.0
6.5
EPSS
3.5%
CVE-2014-2170 CRITICAL Act Now

Cisco TelePresence TC Software 4.x and 5.x before 5.1.7 and 6.x before 6.0.1 and TE Software 4.x and 6.0 allow remote authenticated users to execute arbitrary commands by using the commands as. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cisco Code Injection Telepresence Te Software Telepresence Tc Software
NVD VulDB
CVSS 2.0
9.0
EPSS
0.7%
CVE-2014-2169 CRITICAL Act Now

Cisco TelePresence TC Software 4.x through 6.x before 6.2.0 and TE Software 4.x and 6.0 allow remote authenticated users to execute arbitrary commands by using the commands as arguments to internal. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Telepresence Tc Software Telepresence Te Software
NVD VulDB
CVSS 2.0
9.0
EPSS
0.5%
CVE-2014-2168 HIGH This Week

Buffer overflow in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to execute arbitrary code via crafted DNS response packets, aka Bug ID CSCty44804. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Buffer Overflow RCE Telepresence Te Software Telepresence Tc Software
NVD VulDB
CVSS 2.0
7.6
EPSS
7.4%
CVE-2014-3000 HIGH This Week

The TCP reassembly function in the inet module in FreeBSD 8.3 before p16, 8.4 before p9, 9.1 before p12, 9.2 before p5, and 10.0 before p2 allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Buffer Overflow Freebsd
NVD VulDB
CVSS 2.0
7.8
EPSS
6.4%
CVE-2014-1441 MEDIUM POC This Month

Core FTP Server 1.2 before build 515 allows remote attackers to cause a denial of service (reachable assertion and crash) via an AUTH SSL command with malformed data, as demonstrated by pressing the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Race Condition Denial Of Service Core Ftp
NVD VulDB
CVSS 2.0
4.3
EPSS
1.1%
CVE-2014-1443 MEDIUM POC This Month

Core FTP Server 1.2 before build 515 allows remote authenticated users to obtain sensitive information (password for the previous user) via a USER command with a specific length, possibly related to. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Core Ftp
NVD VulDB
CVSS 2.0
4.0
EPSS
0.3%
CVE-2014-1442 MEDIUM POC This Month

Directory traversal vulnerability in Core FTP Server 1.2 before build 515 allows remote authenticated users to determine the existence of arbitrary files via a /../ sequence in an XCRC command. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Core Ftp
NVD VulDB
CVSS 2.0
4.0
EPSS
0.2%
CVE-2014-2175 HIGH This Week

Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allow remote attackers to cause a denial of service (memory consumption) via crafted H.225 packets, aka Bug ID CSCtq78849. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Telepresence Tc Software Telepresence Te Software
NVD VulDB
CVSS 2.0
7.8
EPSS
0.4%
CVE-2014-2167 HIGH This Week

The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Telepresence Tc Software Telepresence Te Software
NVD VulDB
CVSS 2.0
7.8
EPSS
0.4%
CVE-2014-2166 HIGH This Week

The SIP implementation in Cisco TelePresence TC Software 4.x and TE Software 4.x allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCto70562. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Telepresence Tc Software Telepresence Te Software
NVD VulDB
CVSS 2.0
7.8
EPSS
0.4%
CVE-2014-2165 HIGH This Week

The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Telepresence Te Software Telepresence Tc Software
NVD VulDB
CVSS 2.0
7.8
EPSS
0.4%
CVE-2014-2164 HIGH This Week

The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Telepresence Te Software Telepresence Tc Software
NVD VulDB
CVSS 2.0
7.8
EPSS
0.4%
CVE-2014-2163 HIGH This Week

The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Telepresence Tc Software Telepresence Te Software
NVD VulDB
CVSS 2.0
7.8
EPSS
0.4%
CVE-2014-2162 HIGH This Week

The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Telepresence Tc Software Telepresence Te Software
NVD VulDB
CVSS 2.0
7.8
EPSS
0.4%
CVE-2014-2158 HIGH This Week

Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCty45720. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Telepresence System Software Tandberg 2000 Mxp Tandberg 550 Mxp +10
NVD VulDB
CVSS 2.0
7.8
EPSS
0.4%
CVE-2014-2161 HIGH This Week

The H.225 subsystem in Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted packets, aka Bug ID CSCty45731. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Telepresence System Software Tandberg 2000 Mxp Tandberg 550 Mxp +10
NVD VulDB
CVSS 2.0
7.8
EPSS
0.2%
CVE-2014-2160 HIGH This Week

The H.225 subsystem in Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted packets, aka Bug ID CSCty45745. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Telepresence System Software Tandberg 2000 Mxp Tandberg 550 Mxp +10
NVD VulDB
CVSS 2.0
7.8
EPSS
0.2%
CVE-2014-2159 HIGH This Week

The H.225 subsystem in Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted packets, aka Bug ID CSCtq78722. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Telepresence System Software Tandberg 2000 Mxp Tandberg 550 Mxp +10
NVD VulDB
CVSS 2.0
7.8
EPSS
0.2%
CVE-2014-2173 HIGH This Week

Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 do not properly restrict access to the serial port, which allows local users to gain privileges via unspecified commands, aka. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Telepresence Te Software Telepresence Tc Software
NVD VulDB
CVSS 2.0
7.2
EPSS
0.1%
CVE-2014-2157 HIGH This Week

Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCty45733. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Denial Of Service Telepresence System Software Tandberg 2000 Mxp Tandberg 550 Mxp +10
NVD VulDB
CVSS 2.0
7.1
EPSS
0.4%
CVE-2014-2156 HIGH This Week

Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCty45739. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Denial Of Service Telepresence System Software Tandberg 2000 Mxp Tandberg 550 Mxp +10
NVD VulDB
CVSS 2.0
7.1
EPSS
0.4%
CVE-2014-3006 MEDIUM This Month

Sitepark Information Enterprise Server (IES) 2.9 before 2.9.6, when upgraded from an earlier version, does not properly restrict access, which allows remote attackers to change the manager account. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Information Enterprise Server
NVD VulDB
CVSS 2.0
6.8
EPSS
0.5%
CVE-2014-2905 MEDIUM This Month

fish (aka fish-shell) 1.16.0 before 2.1.1 does not properly check the credentials, which allows local users to gain privileges via the universal variable socket, related to /tmp/fishd.socket.user. Rated medium severity (CVSS 6.9). No vendor patch available.

Privilege Escalation Fish
NVD GitHub VulDB
CVSS 2.0
6.9
EPSS
0.0%
CVE-2014-2172 MEDIUM This Month

Buffer overflow in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows local users to gain privileges by leveraging improper handling of the u-boot compiler flag for. Rated medium severity (CVSS 6.6). No vendor patch available.

Cisco Buffer Overflow Telepresence Tc Software Telepresence Te Software
NVD VulDB
CVSS 2.0
6.6
EPSS
0.1%
CVE-2014-3125 MEDIUM PATCH This Month

Xen 4.4.x, when running on an ARM system, does not properly context switch the CNTKCTL_EL1 register, which allows local guest users to modify the hardware timers and cause a denial of service (crash). Rated medium severity (CVSS 6.2), this vulnerability is low attack complexity.

Denial Of Service Privilege Escalation Xen
NVD VulDB
CVSS 2.0
6.2
EPSS
0.3%
CVE-2014-1989 MEDIUM This Month

Cybozu Garoon 3.0 through 3.7 SP3 allows remote authenticated users to bypass intended access restrictions and delete schedule information via unspecified API calls. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Garoon
NVD VulDB
CVSS 2.0
6.0
EPSS
0.2%
CVE-2014-3001 MEDIUM This Month

The device file system (aka devfs) in FreeBSD 10.0 before p2 does not load default rulesets when booting, which allows context-dependent attackers to bypass intended restrictions by leveraging a. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Freebsd
NVD VulDB
CVSS 2.0
5.8
EPSS
0.3%
CVE-2013-7061 MEDIUM PATCH This Month

Products/CMFPlone/CatalogTool.py in Plone 3.3 through 4.3.2 allows remote administrators to bypass restrictions and obtain sensitive information via an unspecified search API. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Plone
NVD VulDB
CVSS 2.0
5.5
EPSS
0.3%
CVE-2013-7060 MEDIUM PATCH This Month

Products/CMFPlone/FactoryTool.py in Plone 3.3 through 4.3.2 allows remote attackers to obtain the installation path via vectors related to a file object for unspecified documentation which is. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Plone
NVD VulDB
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-1899 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Citrix NetScaler Gateway (formerly Citrix Access Gateway Enterprise Edition) 9.x before 9.3.66.5 and 10.x before 10.1.123.9 allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Citrix Netscaler Access Gateway Firmware Netscaler Access Gateway
NVD VulDB
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-7110 MEDIUM PATCH This Month

Transifex command-line client before 0.10 does not validate X.509 certificates for data transfer connections, which allows man-in-the-middle attackers to spoof a Transifex server via an arbitrary. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Transifex
NVD GitHub VulDB
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-2073 MEDIUM PATCH This Month

Transifex command-line client before 0.9 does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof a Transifex server via an arbitrary certificate. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Transifex
NVD VulDB
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-1988 LOW Monitor

The Phone Messages feature in Cybozu Garoon 2.0.0 through 3.7 SP2 allows remote authenticated users to cause a denial of service (resource consumption) via unspecified vectors. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Garoon
NVD VulDB
CVSS 2.0
3.5
EPSS
0.4%
CVE-2014-0189 LOW Monitor

virt-who uses world-readable permissions for /etc/sysconfig/virt-who, which allows local users to obtain password for hypervisors by reading the file. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Workstation Virt Who
NVD VulDB
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy