Skip to main content
CVE-2014-2934 HIGH POC This Week

Multiple SQL injection vulnerabilities in Caldera 9.20 allow remote attackers to execute arbitrary SQL commands via the tr parameter to (1) costview2/jobs.php or (2) costview2/printers.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Caldera
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.6%
CVE-2014-2936 HIGH POC This Week

The directory manager in Caldera 9.20 allows remote attackers to conduct variable-injection attacks in the global scope via (1) the maindir_hotfolder parameter to dirmng/index.php, or an unspecified. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection Caldera
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2013-0171 HIGH This Week

Foreman before 1.1 allows remote attackers to execute arbitrary code via a crafted YAML object to the (1) fact or (2) report import API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Foreman
NVD
CVSS 2.0
7.5
EPSS
3.2%
CVE-2014-2132 HIGH This Week

Cisco WebEx Recording Format (WRF) player and Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allow remote attackers to cause a denial of. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Buffer Overflow Webex Advanced Recording Format Player Webex Recording Format Player
NVD
CVSS 2.0
7.8
EPSS
0.7%
CVE-2013-5016 HIGH This Week

Symantec Critical System Protection (SCSP) before 5.2.9, when installed on an unpatched Windows Server 2003 R2 platform, allows remote attackers to bypass policy settings via unspecified vectors. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Microsoft Symantec Critical System Protection
NVD
CVSS 2.0
7.6
EPSS
1.4%
CVE-2013-0210 HIGH This Week

The smart proxy Puppet run API in Foreman before 1.2.0 allows remote attackers to execute arbitrary commands via vectors related to escaping and Puppet commands. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Foreman
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2014-0963 HIGH PATCH This Week

The Reverse Proxy feature in IBM Global Security Kit (aka GSKit) in IBM Security Access Manager (ISAM) for Web 7.0 before 7.0.0-ISS-SAM-IF0006 and 8.0 before 8.0.0.3-ISS-WGA-IF0002 allows remote. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable.

IBM Denial Of Service Security Access Manager For Web Software Security Access Manager For Web Appliance
NVD
CVSS 2.0
7.1
EPSS
2.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy