Skip to main content
CVE-2014-3220 CRITICAL POC THREAT Emergency

F5 BIG-IQ Cloud and Security 4.0.0 through 4.1.0 allows remote authenticated users to change the password of arbitrary users via the name parameter in a request to the user's page in. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 31.9%.

Authentication Bypass Big Iq
NVD Exploit-DB GitHub VulDB
CVSS 2.0
9.0
EPSS
31.9%
Threat
4.3
CVE-2013-7375 HIGH POC This Week

SQL injection vulnerability in includes/classes/Authenticate.class.php in PHP-Fusion 7.02.01 through 7.02.05 allows remote attackers to execute arbitrary SQL commands via the user ID in a user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Php Fusion
NVD Exploit-DB VulDB
CVSS 2.0
7.5
EPSS
5.0%
CVE-2013-1803 HIGH POC This Week

Multiple SQL injection vulnerabilities in PHP-Fusion before 7.02.06 allow remote attackers to execute arbitrary SQL commands via the (1) orderby parameter to downloads.php; or remote authenticated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Php Fusion
NVD Exploit-DB VulDB
CVSS 2.0
7.5
EPSS
4.8%
CVE-2014-2916 MEDIUM POC PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the subscription page editor (spageedit) in phpList before 3.0.6 allows remote attackers to hijack the authentication of administrators via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

CSRF Phplist
NVD VulDB
CVSS 2.0
6.8
EPSS
0.2%
CVE-2013-7003 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) full name field, (2) company field, or (3). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Livezilla
NVD VulDB
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-7034 HIGH This Week

The setCookieValue function in _lib/functions.global.inc.php in LiveZilla before 5.1.2.1 allows remote attackers to execute arbitrary PHP code via a serialized PHP object in a cookie. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP Code Injection Livezilla
NVD VulDB
CVSS 2.0
7.5
EPSS
0.7%
CVE-2014-0469 MEDIUM This Month

Stack-based buffer overflow in a certain Debian patch for xbuffy before 3.3.bl.3.dfsg-9 allows remote attackers to execute arbitrary code via the subject of an email, possibly related to indent. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Debian Buffer Overflow RCE Xbuffy
NVD VulDB
CVSS 2.0
6.8
EPSS
3.7%
CVE-2013-0350 MEDIUM This Month

tmp_smtp.c in pktstat 1.8.5 allows local users to overwrite arbitrary files via a symlink attack on /tmp/smtp.log. Rated medium severity (CVSS 6.3). No vendor patch available.

Information Disclosure Pkstat
NVD VulDB
CVSS 2.0
6.3
EPSS
0.0%
CVE-2013-6418 MEDIUM PATCH This Month

PyWBEM 0.7 and earlier uses a separate connection to validate X.509 certificates, which allows man-in-the-middle attackers to spoof a peer via an arbitrary certificate. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Information Disclosure Pywbem
NVD VulDB
CVSS 2.0
5.8
EPSS
0.3%
CVE-2013-6444 MEDIUM PATCH This Month

PyWBEM 0.7 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Information Disclosure Pywbem
NVD VulDB
CVSS 2.0
5.8
EPSS
0.3%
CVE-2013-4215 MEDIUM This Month

The IPXPING_COMMAND in contrib/check_ipxping.c in Nagios Plugins 1.4.16 allows local users to gain privileges via a symlink attack on /tmp/ipxping/ipxping. Rated medium severity (CVSS 4.4). No vendor patch available.

Information Disclosure Plugins
NVD VulDB
CVSS 2.0
4.4
EPSS
0.1%
CVE-2013-3736 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the MobileUI (aka RT-Extension-MobileUI) extension before 1.04 in Request Tracker (RT) 4.0.0 before 4.0.13 allows remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Request Tracker Rt Extension Mobileui
NVD VulDB
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-0149 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Red Hat JBoss Web Framework Kit 2.5.0 allow remote attackers to inject arbitrary web script or HTML via a (1) parameter or (2) id name. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Red Hat Jboss Web Framework Kit
NVD VulDB
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-0164 LOW Monitor

openshift-origin-broker-util, as used in Red Hat OpenShift Enterprise 1.2.7 and 2.0.5, uses world-readable permissions for the mcollective client.cfg configuration file, which allows local users to. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Information Disclosure Openshift
NVD VulDB
CVSS 2.0
2.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy