Skip to main content
CVE-2014-2934 HIGH POC This Week

Multiple SQL injection vulnerabilities in Caldera 9.20 allow remote attackers to execute arbitrary SQL commands via the tr parameter to (1) costview2/jobs.php or (2) costview2/printers.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Caldera
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.6%
CVE-2014-2936 HIGH POC This Week

The directory manager in Caldera 9.20 allows remote attackers to conduct variable-injection attacks in the global scope via (1) the maindir_hotfolder parameter to dirmng/index.php, or an unspecified. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection Caldera
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2014-2935 CRITICAL Act Now

costview3/xmlrpc_server/xmlrpc.php in CostView in Caldera 9.20 allows remote attackers to execute arbitrary commands via shell metacharacters in a methodCall element in a PHP XMLRPC request. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection PHP Caldera
NVD
CVSS 2.0
10.0
EPSS
1.5%
CVE-2014-2136 CRITICAL Act Now

Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Cisco Buffer Overflow RCE Webex Advanced Recording Format Player +1
NVD
CVSS 2.0
9.3
EPSS
4.3%
CVE-2014-2135 CRITICAL Act Now

Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Cisco Buffer Overflow RCE Webex Advanced Recording Format Player +1
NVD
CVSS 2.0
9.3
EPSS
4.3%
CVE-2014-2133 CRITICAL Act Now

Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Cisco Buffer Overflow RCE Webex Advanced Recording Format Player +1
NVD
CVSS 2.0
9.3
EPSS
4.3%
CVE-2014-2134 CRITICAL Act Now

Heap-based buffer overflow in Cisco WebEx Recording Format (WRF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Cisco Buffer Overflow RCE Webex Advanced Recording Format Player +1
NVD
CVSS 2.0
9.3
EPSS
2.2%
CVE-2014-0192 MEDIUM POC PATCH This Month

Foreman 1.4.0 before 1.5.0 does not properly restrict access to provisioning template previews, which allows remote attackers to obtain sensitive information via the hostname parameter, related to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Foreman
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2013-6889 MEDIUM POC This Month

GNU Rush 1.7 does not properly drop privileges, which allows local users to read arbitrary files via the --lint option. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Rush
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2014-0930 MEDIUM POC This Month

The ptrace system call in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.x, allows local users to cause a denial of service (system crash) or obtain sensitive information from kernel memory via a crafted. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

IBM Denial Of Service Vios Aix
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2014-2689 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Offiria 2.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to installer/index.php. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Offria
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-3207 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in wserver.ml in SKS Keyserver before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to pks/lookup/undefined1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Sks Keyserver
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-5916 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in falha.php in the Bradesco Gateway plugin 2.0 for Wordpress, as used in the WP e-Commerce plugin, allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Bradesco Gateway
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-0171 HIGH This Week

Foreman before 1.1 allows remote attackers to execute arbitrary code via a crafted YAML object to the (1) fact or (2) report import API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Foreman
NVD
CVSS 2.0
7.5
EPSS
3.2%
CVE-2014-2132 HIGH This Week

Cisco WebEx Recording Format (WRF) player and Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allow remote attackers to cause a denial of. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Buffer Overflow Webex Advanced Recording Format Player Webex Recording Format Player
NVD
CVSS 2.0
7.8
EPSS
0.7%
CVE-2013-5016 HIGH This Week

Symantec Critical System Protection (SCSP) before 5.2.9, when installed on an unpatched Windows Server 2003 R2 platform, allows remote attackers to bypass policy settings via unspecified vectors. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Microsoft Symantec Critical System Protection
NVD
CVSS 2.0
7.6
EPSS
1.4%
CVE-2013-0210 HIGH This Week

The smart proxy Puppet run API in Foreman before 1.2.0 allows remote attackers to execute arbitrary commands via vectors related to escaping and Puppet commands. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Foreman
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2014-0963 HIGH PATCH This Week

The Reverse Proxy feature in IBM Global Security Kit (aka GSKit) in IBM Security Access Manager (ISAM) for Web 7.0 before 7.0.0-ISS-SAM-IF0006 and 8.0 before 8.0.0.3-ISS-WGA-IF0002 allows remote. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable.

IBM Denial Of Service Security Access Manager For Web Software Security Access Manager For Web Appliance
NVD
CVSS 2.0
7.1
EPSS
2.1%
CVE-2014-3215 MEDIUM This Month

seunshare in policycoreutils 2.2.5 is owned by root with 4755 permissions, and executes programs in a way that changes the relationship between the setuid system call and the getresuid saved. Rated medium severity (CVSS 6.9). No vendor patch available.

Privilege Escalation Policycoreutils
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2014-0090 MEDIUM This Month

Session fixation vulnerability in Foreman before 1.4.2 allows remote attackers to hijack web sessions via the session id cookie. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Foreman
NVD
CVSS 2.0
6.8
EPSS
0.6%
CVE-2014-3115 MEDIUM This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Fortinet FortiWeb before 5.2.0 allow remote attackers to hijack the authentication of administrators. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Fortinet Fortiweb
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2013-0187 MEDIUM This Month

Foreman before 1.1 allows remote authenticated users to gain privileges via a (1) XMLHttpRequest or (2) AJAX request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Foreman
NVD
CVSS 2.0
6.5
EPSS
0.5%
CVE-2014-2602 MEDIUM This Month

Unspecified vulnerability in HP OneView 1.0 and 1.01 allows remote authenticated users to gain privileges via unknown vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Oneview
NVD
CVSS 2.0
6.5
EPSS
0.2%
CVE-2014-0116 MEDIUM PATCH This Month

CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Privilege Escalation Apache Struts
NVD
CVSS 2.0
5.8
EPSS
2.8%
CVE-2014-3123 LOW POC PATCH Monitor

Cross-site scripting (XSS) vulnerability in admin/manage-images.php in the NextCellent Gallery plugin before 1.19.18 for WordPress allows remote authenticated users with the NextGEN Upload images,. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. Public exploit code available.

XSS WordPress PHP Nextcellent Gallery
NVD
CVSS 2.0
2.1
EPSS
0.2%
CVE-2013-6372 LOW POC PATCH Monitor

The Subversion plugin before 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available.

Jenkins Authentication Bypass Subversion Plugin
NVD GitHub
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-1685 MEDIUM This Month

The Frontend in Zabbix before 1.8.20rc2, 2.0.x before 2.0.11rc2, and 2.2.x before 2.2.2rc1 allows remote "Zabbix Admin" users to modify the media of arbitrary users via unspecified vectors. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Zabbix Fedora
NVD
CVSS 2.0
5.5
EPSS
0.4%
CVE-2014-0110 MEDIUM PATCH This Month

Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (/tmp disk consumption) via a large invalid SOAP message. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Denial Of Service Apache Cxf
NVD
CVSS 2.0
4.3
EPSS
6.1%
CVE-2014-0109 MEDIUM PATCH This Month

Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (memory consumption) via a large request with the Content-Type set to text/html to a SOAP. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Denial Of Service Apache Cxf
NVD
CVSS 2.0
4.3
EPSS
6.1%
CVE-2013-0174 MEDIUM This Month

The external node classifier (ENC) API in Foreman before 1.1 allows remote attackers to obtain the hashed root password via an API request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Foreman
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2013-0173 MEDIUM This Month

Foreman before 1.1 uses a salt of "foreman" to hash root passwords, which makes it easier for attackers to guess the password via a brute force attack. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Foreman
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-2933 MEDIUM This Month

Directory traversal vulnerability in dirmng/index.php in Caldera 9.20 allows remote attackers to access arbitrary directories via a crafted pathname. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal PHP Caldera
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-4544 MEDIUM This Month

hw/net/vmxnet3.c in QEMU 2.0.0-rc0, 1.7.1, and earlier allows local guest users to cause a denial of service or possibly execute arbitrary code via vectors related to (1) RX or (2) TX queue numbers. Rated medium severity (CVSS 4.9). No vendor patch available.

RCE Denial Of Service Ubuntu Linux Qemu
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2013-7041 MEDIUM This Month

The pam_userdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the password via a brute force attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Pam Userdb
NVD
CVSS 2.0
4.3
EPSS
2.6%
CVE-2014-0190 MEDIUM This Month

The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Null Pointer Dereference Qt Fedora Opensuse +1
NVD
CVSS 2.0
4.3
EPSS
1.1%
CVE-2014-0362 MEDIUM This Month

Cross-site scripting (XSS) vulnerability on Google Search Appliance (GSA) devices before 7.0.14.G.216 and 7.2 before 7.2.0.G.114, when dynamic navigation is configured, allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Google Search Appliance Software
NVD
CVSS 2.0
4.3
EPSS
0.8%
CVE-2014-2854 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the SemanticTitle extension before 1.1.0 for MediaWiki allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Semantictitle
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-1682 MEDIUM This Month

The API in Zabbix before 1.8.20rc1, 2.0.x before 2.0.11rc1, and 2.2.x before 2.2.2rc1 allows remote authenticated users to spoof arbitrary users via the user name in a user.login request. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zabbix Authentication Bypass Fedora
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2012-5477 LOW Monitor

The smart proxy in Foreman before 1.1 uses a umask set to 0, which allows local users to modify files created by the daemon via unspecified vectors. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Foreman
NVD
CVSS 2.0
3.6
EPSS
0.1%
CVE-2014-0134 LOW PATCH Monitor

The instance rescue mode in OpenStack Compute (Nova) 2013.2 before 2013.2.3 and Icehouse before 2014.1, when using libvirt to spawn images and use_cow_images is set to false, allows remote. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Compute
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-3424 LOW Monitor

lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file. Rated low severity (CVSS 3.3). No vendor patch available.

Information Disclosure Mageia Emacs
NVD
CVSS 2.0
3.3
EPSS
0.1%
CVE-2014-3423 LOW Monitor

lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file. Rated low severity (CVSS 3.3). No vendor patch available.

Information Disclosure Mageia Emacs
NVD
CVSS 2.0
3.3
EPSS
0.1%
CVE-2014-3422 LOW Monitor

lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/. Rated low severity (CVSS 3.3). No vendor patch available.

Information Disclosure Emacs Mageia
NVD
CVSS 2.0
3.3
EPSS
0.1%
CVE-2014-3421 LOW Monitor

lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file. Rated low severity (CVSS 3.3). No vendor patch available.

Information Disclosure Mageia Emacs
NVD
CVSS 2.0
3.3
EPSS
0.1%
CVE-2014-1934 LOW PATCH Monitor

tag.py in eyeD3 (aka python-eyed3) 7.0.3, 0.6.18, and earlier for Python allows local users to modify arbitrary files via a symlink attack on a temporary file. Rated low severity (CVSS 3.3).

Python Information Disclosure Eyed3 Opensuse
NVD
CVSS 2.0
3.3
EPSS
0.0%
CVE-2013-3571 LOW Monitor

socat 1.2.0.0 before 1.7.2.2 and 2.0.0-b1 before 2.0.0-b6, when used for a listen type address and the fork option is enabled, allows remote attackers to cause a denial of service (file descriptor. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Socat
NVD
CVSS 2.0
2.6
EPSS
0.5%
CVE-2014-0595 LOW Monitor

/opt/novell/ncl/bin/nwrights in Novell Client for Linux in Novell Open Enterprise Server (OES) 11 Linux SP2 does not properly manage a certain array, which allows local users to obtain the S. Rated low severity (CVSS 2.6). No vendor patch available.

Buffer Overflow Open Enterprise Server
NVD
CVSS 2.0
2.6
EPSS
0.1%
CVE-2014-0056 LOW PATCH Monitor

The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the tenant id when creating ports, which allows remote authenticated users to plug ports into the routers of arbitrary tenants. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Neutron Ubuntu Linux
NVD
CVSS 2.0
2.1
EPSS
0.2%
CVE-2014-3426 LOW Monitor

NCSA Mosaic 2.1 through 2.7b5 allows local users to cause a denial of service ("remote control" outage) by creating a /tmp/Mosaic.pid file for every possible PID. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Ncsa Mosaic
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-3425 LOW Monitor

NCSA Mosaic 2.0 and earlier allows local users to cause a denial of service ("remote control" outage) by creating a /tmp/xmosaic.pid file for every possible PID. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Ncsa Mosaic
NVD
CVSS 2.0
2.1
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy