Skip to main content
CVE-2014-0749 CRITICAL POC PATCH THREAT Act Now

Stack-based buffer overflow in lib/Libdis/disrsi_.c in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 2.5.x through 2.5.13 allows remote attackers to execute arbitrary. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 62.2%.

RCE Buffer Overflow Torque Resource Manager
NVD Exploit-DB GitHub
CVSS 2.0
10.0
EPSS
62.2%
Threat
5.4
CVE-2014-0782 HIGH POC THREAT Act Now

Stack-based buffer overflow in BKESimmgr.exe in the Expanded Test Functions package in Yokogawa CENTUM CS 1000, CENTUM CS 3000 Entry Class R3.09.50 and earlier, CENTUM VP R5.03.00 and earlier, CENTUM. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 39.8%.

RCE Stack Overflow Buffer Overflow B M9000Cs Software B M9000Cs +13
NVD Exploit-DB
CVSS 2.0
8.3
EPSS
39.8%
Threat
4.4
CVE-2014-1649 HIGH POC THREAT Act Now

The server in Symantec Workspace Streaming (SWS) before 7.5.0.749 allows remote attackers to access files and functionality by sending a crafted XMLRPC request over HTTPS. Rated high severity (CVSS 7.9). Public exploit code available and EPSS exploitation probability 40.2%.

Privilege Escalation Workspace Streaming
NVD Exploit-DB
CVSS 2.0
7.9
EPSS
40.2%
Threat
4.3
CVE-2014-1613 HIGH POC PATCH This Week

Dotclear before 2.6.2 allows remote attackers to execute arbitrary PHP code via a serialized object in the dc_passwd cookie to a password-protected page, which is not properly handled by (1). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE PHP Code Injection Dotclear
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2013-7379 MEDIUM POC PATCH This Month

The admin API in the tomato module before 0.0.6 for Node.js does not properly check the access key when it is set to a string, which allows remote attackers to bypass authentication via a string in. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Node.js Authentication Bypass Tomato
NVD GitHub
CVSS 2.0
6.8
EPSS
0.4%
CVE-2014-3760 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP 1150 with firmware 1.2.94 allow remote attackers to hijack the authentication of administrators for requests that (1) enable. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Google D-Link Dap 1150 Firmware Dap 1150
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2014-3750 MEDIUM POC This Month

The Bilyoner application before 2.3.1 for Android and before 4.6.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Apple Google Information Disclosure Bilyoner
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2014-3452 MEDIUM POC This Month

Filters\LAV\avfilter-lav-4.dll in K-lite Codec 10.4.5 and earlier allows remote attackers to cause a denial of service (crash) via a crafted .jpg file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow K Lite Codec Pack
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2014-3761 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in D-Link DAP 1150 with firmware 1.2.94 allows remote attackers to inject arbitrary web script or HTML via the res_buf parameter to index.cgi in the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS D-Link Dap 1150 Firmware Dap 1150
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-0643 HIGH This Week

EMC RSA NetWitness before 9.8.5.19 and RSA Security Analytics before 10.2.4 and 10.3.x before 10.3.2, when Kerberos PAM is enabled, do not require a password, which allows remote attackers to bypass. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Rsa Netwitness Rsa Security Analytics
NVD
CVSS 2.0
7.6
EPSS
0.9%
CVE-2014-3759 HIGH This Week

Multiple SQL injection vulnerabilities in the BibTex Publications (si_bibtex) extension 0.2.3 for TYPO3 allow remote attackers to execute arbitrary SQL commands via vectors related to the (1) search. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Si Bibtex
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2014-0964 HIGH This Week

IBM WebSphere Application Server (WAS) 6.1.0.0 through 6.1.0.47 and 6.0.2.0 through 6.0.2.43 allows remote attackers to cause a denial of service via crafted TLS traffic, as demonstrated by traffic. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

IBM Denial Of Service Websphere Application Server
NVD
CVSS 2.0
7.1
EPSS
1.2%
CVE-2014-0918 HIGH This Week

Directory traversal vulnerability in IBM Eclipse Help System (IEHS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF27, and 8.0 before 8.0.0.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal IBM Websphere Portal
NVD
CVSS 2.0
7.1
EPSS
0.2%
CVE-2014-0933 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere Information Server Metadata Workbench 8.1 through 9.1 allows remote attackers to hijack the authentication of arbitrary users. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

IBM CSRF Infosphere Information Server Metadata Workbench
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-1418 MEDIUM PATCH This Month

Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly include the (1) Vary: Cookie or (2) Cache-Control header in responses, which allows remote. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Python Information Disclosure Django Ubuntu Linux
NVD
CVSS 2.0
6.4
EPSS
0.5%
CVE-2014-3263 MEDIUM This Month

The ScanSafe module in Cisco IOS 15.3(3)M allows remote attackers to cause a denial of service (device reload) via HTTPS packets that require tower processing, aka Bug ID CSCum97038. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. No vendor patch available.

Apple Cisco Denial Of Service iOS
NVD
CVSS 2.0
5.4
EPSS
0.8%
CVE-2014-3742 MEDIUM PATCH This Month

The hapi server framework 2.0.x and 2.1.x before 2.2.0 for Node.js allows remote attackers to cause a denial of service (file descriptor consumption and process crash) via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Node.js Hapi Server Framework
NVD GitHub
CVSS 2.0
5.0
EPSS
0.7%
CVE-2014-3730 MEDIUM PATCH This Month

The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Python Open Redirect Ubuntu Linux Django Opensuse +1
NVD
CVSS 2.0
4.3
EPSS
1.0%
CVE-2014-3262 MEDIUM This Month

The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS 15.3(3)S and earlier and IOS XE does not properly validate parameters in ITR control messages, which allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Cisco Denial Of Service iOS Ios Xe
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-3758 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the BibTex Publications (si_bibtex) extension 0.2.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via vectors related to the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Si Bibtex
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-0917 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM Eclipse Help System (IEHS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF27, and 8.0 before. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Websphere Portal
NVD
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy