Skip to main content
CVE-2013-4468 MEDIUM POC THREAT This Month

VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in the extension parameter in an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 82.4%.

PHP Information Disclosure Vicidial
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
82.4%
Threat
5.3
CVE-2014-0256 MEDIUM This Month

Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold allow remote attackers to cause a denial of service (iSCSI service outage) by sending many crafted packets, aka "iSCSI Target Remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 36.9% and no vendor patch available.

Denial Of Service Microsoft Windows Server 2008 Windows Server 2012
NVD
CVSS 2.0
5.0
EPSS
36.9%
CVE-2014-0255 MEDIUM This Month

Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold and R2 allow remote attackers to cause a denial of service (iSCSI service outage) by sending many crafted packets, aka "iSCSI Target. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 36.9% and no vendor patch available.

Denial Of Service Microsoft Windows Server 2008 Windows Server 2012
NVD
CVSS 2.0
5.0
EPSS
36.9%
CVE-2014-3443 MEDIUM POC THREAT This Month

JetMPAd.ax in JetAudio 8.1.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted .ogg file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 15.3%.

Denial Of Service Buffer Overflow Jetaudio
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
15.3%
CVE-2013-3514 MEDIUM POC THREAT This Month

Multiple directory traversal vulnerabilities in OpenX before 2.8.10 revision 82710 allow remote administrators to read arbitrary files via a .. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 13.3%.

Path Traversal CSRF PHP Openx
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
13.3%
CVE-2014-3146 MEDIUM POC PATCH This Month

Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Lxml
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
4.3%
CVE-2014-2591 MEDIUM POC This Month

Untrusted search path vulnerability in BMC Patrol for AIX 3.9.00 allows local users to gain privileges via a crafted library, related to an incorrect RPATH setting. Rated medium severity (CVSS 6.9). Public exploit code available and no vendor patch available.

Information Disclosure Patrol Agent
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2013-7376 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.10, possibly before revision 82710, allow remote attackers to hijack the authentication of administrators, as demonstrated by. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Path Traversal CSRF PHP Openx
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.3%
CVE-2013-2700 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in the Add/Edit page (adminmenus.php) in the WP125 plugin before 1.5.0 for WordPress allows remote attackers to hijack the authentication of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF WordPress PHP Wp125
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2014-3441 MEDIUM POC This Month

codec\libpng_plugin.dll in VideoLAN VLC Media Player 2.1.3 allows remote attackers to cause a denial of service (crash) via a crafted .png file, as demonstrated by a png in a .wave file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Vlc Media Player
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
8.0%
CVE-2014-3225 MEDIUM POC PATCH This Month

Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Cobbler
NVD Exploit-DB GitHub
CVSS 2.0
4.0
EPSS
6.1%
CVE-2014-1603 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) param parameter to admin/load.php or (2) user, (3). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Getsimple Cms
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
2.9%
CVE-2014-1809 MEDIUM This Month

The MSCOMCTL library in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013 Gold, SP1, RT, and RT SP1 makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted web. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Microsoft Office
NVD
CVSS 2.0
6.8
EPSS
10.0%
CVE-2013-1765 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in jwplayer.swf in the smart-flv plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) link or (2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress Smart Flv
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
1.8%
CVE-2013-5939 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Guestbook module for PHPCMS allow remote attackers to inject arbitrary web script or HTML via the (1) list or (2) introduce parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Guesbook Module
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-0521 MEDIUM This Month

Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X do not properly implement JavaScript APIs, which allows remote attackers to obtain sensitive information via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 18.3% and no vendor patch available.

Adobe Information Disclosure Microsoft Acrobat Reader Acrobat
NVD
CVSS 2.0
4.3
EPSS
18.3%
CVE-2014-1808 MEDIUM This Month

Microsoft Office 2013 Gold, SP1, RT, and RT SP1 allows remote attackers to obtain sensitive token information via a web site that sends a crafted response during opening of an Office document, aka. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 14.7% and no vendor patch available.

Information Disclosure Microsoft Office
NVD
CVSS 2.0
4.3
EPSS
14.7%
CVE-2014-1754 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2013 Gold and SP1, SharePoint Foundation 2013 Gold and SP1, Office Web Apps Server 2013 Gold and SP1, and SharePoint Server. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 13.3% and no vendor patch available.

XSS Microsoft Office Web Apps Server Sharepoint Foundation Sharepoint Server +1
NVD
CVSS 2.0
4.3
EPSS
13.3%
CVE-2013-2034 MEDIUM PATCH This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allow remote attackers to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Jenkins RCE
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2014-3430 MEDIUM PATCH This Month

Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x before 2.2.12.12 does not properly close old connections, which allows remote attackers to cause a denial of service (resource. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Denial Of Service Authentication Bypass Dovecot
NVD
CVSS 2.0
5.0
EPSS
8.3%
CVE-2014-0137 MEDIUM This Month

SQL injection vulnerability in the saved_report_delete action in the ReportController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to execute. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat SQLi Cloudforms 3 0 Management Engine
NVD
CVSS 2.0
6.5
EPSS
0.4%
CVE-2013-5655 MEDIUM This Month

Directory traversal vulnerability in the FTP server in YingZhi Python Programming Language for iOS 1.9 allows remote attackers to read and possibly write arbitrary files via a .. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Apple Python Yingzhi Python Programming Language
NVD
CVSS 2.0
6.4
EPSS
0.2%
CVE-2013-4471 MEDIUM PATCH This Month

The Identity v3 API in OpenStack Dashboard (Horizon) before 2013.2 does not require the current password when changing passwords for user accounts, which makes it easier for remote attackers to. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Horizon
NVD
CVSS 2.0
5.5
EPSS
0.2%
CVE-2012-1600 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in functions.php in phpPgAdmin before 5.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) type of a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Phppgadmin Opensuse
NVD GitHub
CVSS 2.0
4.3
EPSS
0.6%
CVE-2013-2087 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Gallery 3 before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) movie title to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS PHP Gallery
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-0078 MEDIUM This Month

The CatalogController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to delete arbitrary catalogs via vectors involving guessing the catalog ID. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Cloudforms 3 0 Management Engine
NVD
CVSS 2.0
4.0
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy