Skip to main content
CVE-2014-3791 CRITICAL POC THREAT Emergency

Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 6.8 allows remote attackers to execute arbitrary code via a long string in a cookie UserID parameter to vfolder.ghp. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 77.2%.

RCE Buffer Overflow Easy File Sharing Web Server
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
77.2%
Threat
5.8
CVE-2014-3444 CRITICAL POC THREAT Emergency

The GetGUID function in codecs/dmp4.dll in RealNetworks RealPlayer 16.0.3.51 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (write access violation and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 27.6%.

RCE Denial Of Service Code Injection Realplayer
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
27.6%
Threat
4.2
CVE-2014-3749 HIGH POC This Week

SQL injection vulnerability in Construtiva CIS Manager allows remote attackers to execute arbitrary SQL commands via the email parameter to autenticar/lembrarlogin.asp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cis Manager Cms
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.4%
CVE-2014-3792 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in Beetel 450TC2 Router with firmware TX6-0Q-005_retail allows remote attackers to hijack the authentication of administrators for requests that change. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF 450Tc2 Router Firmware 450Tc2 Router
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.3%
CVE-2014-3412 CRITICAL Act Now

Unspecified vulnerability in Juniper Junos Space before 13.3R1.8, when the firewall in disabled, allows remote attackers to execute arbitrary commands via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Juniper Information Disclosure Junos Space Junos Space Ja1500 Appliance Junos Space Ja2500 Appliance
NVD
CVSS 2.0
10.0
EPSS
1.9%
CVE-2014-3739 MEDIUM POC This Month

Open redirect vulnerability in zport/acl_users/cookieAuthHelper/login_form in Zenoss 4.2.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Open Redirect Zenoss
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2014-3738 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Zenoss 4.2.5 allows remote attackers to inject arbitrary web script or HTML via the title of a device. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Zenoss
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
5.9%
CVE-2013-7383 CRITICAL Act Now

x2gocleansessions in X2Go Server before 4.0.0.8 and 4.0.1.x before 4.0.1.10 allows remote authenticated users to gain privileges via unspecified vectors, possibly related to backticks. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation X2Go Server
NVD
CVSS 2.0
9.0
EPSS
0.9%
CVE-2014-3802 MEDIUM This Month

msdia.dll in Microsoft Debug Interface Access (DIA) SDK, as distributed in Microsoft Visual Studio before 2013, does not properly validate an unspecified variable before use in calculating a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service RCE Buffer Overflow Microsoft Debug Interface Access Software Development Kit +1
NVD
CVSS 2.0
6.8
EPSS
9.6%
CVE-2014-1855 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Seo Panel before 3.5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) capcheck parameter to directories.php or (2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Seo Panel
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-3776 HIGH This Week

Buffer overflow in the "read-u8vector!" procedure in the srfi-4 unit in CHICKEN stable 4.8.0.7 and development snapshots before 4.9.1 allows remote attackers to cause a denial of service (memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow Chicken
NVD
CVSS 2.0
7.5
EPSS
3.1%
CVE-2014-2351 HIGH This Week

SQL injection vulnerability in the LiveData service in CSWorks before 2.5.5233.0 allows remote attackers to execute arbitrary SQL commands via vectors related to pathnames contained in web API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Csworks
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2014-3460 MEDIUM This Month

Directory traversal vulnerability in the DumpToFile method in the NQMcsVarSet ActiveX control in Agent Manager in NetIQ Sentinel allows remote attackers to create arbitrary files, and consequently. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal RCE Sentinel Sentinel Agent Manager
NVD
CVSS 2.0
6.8
EPSS
0.9%
CVE-2014-2194 MEDIUM This Month

system/egain/chat/entrypoint in Cisco Unified Web and E-mail Interaction Manager 9.0(2) allows remote attackers to have an unspecified impact by injecting a spoofed XML external entity. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Cisco XXE Unified Web And E Mail Interaction Manager
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2014-3269 MEDIUM This Month

The SNMP module in Cisco IOS XE 3.5E allows remote authenticated users to cause a denial of service (device reload) by polling frequently, aka Bug ID CSCug65204. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xe
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2013-4321 MEDIUM PATCH This Month

The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.4 allows remote authenticated editors to execute arbitrary PHP code via unspecified characters in the file extension. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE PHP Code Injection Typo3
NVD
CVSS 2.0
6.5
EPSS
0.5%
CVE-2013-4250 MEDIUM PATCH This Month

The (1) file upload component and (2) File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.3 do not properly check file extensions, which allow remote authenticated editors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

PHP File Upload Typo3
NVD
CVSS 2.0
6.5
EPSS
0.4%
CVE-2014-3264 MEDIUM This Month

Cisco Adaptive Security Appliance (ASA) Software 9.1(.5) and earlier allows remote authenticated users to cause a denial of service (device reload) via crafted attributes in a RADIUS packet, aka Bug. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance Software
NVD
CVSS 2.0
6.3
EPSS
0.3%
CVE-2014-3273 MEDIUM This Month

The LLDP implementation in Cisco IOS allows remote attackers to cause a denial of service (device reload) via a malformed packet, aka Bug ID CSCum96282. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service iOS
NVD
CVSS 2.0
6.1
EPSS
0.3%
CVE-2013-4347 MEDIUM PATCH This Month

The (1) make_nonce, (2) generate_nonce, and (3) generate_verifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Python Information Disclosure Python Oauth2
NVD GitHub
CVSS 2.0
5.8
EPSS
0.4%
CVE-2013-4320 MEDIUM PATCH This Month

The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.9 and 6.1.x before 6.1.4 does not properly check permissions, which allows remote authenticated users to create or read arbitrary files via. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Typo3
NVD
CVSS 2.0
5.5
EPSS
0.1%
CVE-2014-3271 MEDIUM This Month

The DHCPv6 implementation in Cisco IOS XR allows remote attackers to cause a denial of service (device crash) via a malformed packet, aka Bug IDs CSCum85558, CSCum20949, CSCul61849, and CSCul71149. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xr
NVD
CVSS 2.0
5.0
EPSS
1.0%
CVE-2014-3270 MEDIUM This Month

The DHCPv6 implementation in Cisco IOS XR allows remote attackers to cause a denial of service (process hang) via a malformed packet, aka Bug ID CSCul80924. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xr
NVD
CVSS 2.0
5.0
EPSS
1.0%
CVE-2014-3268 MEDIUM This Month

Cisco IOS 15.2(4)M4 on Cisco Unified Border Element (CUBE) devices allows remote attackers to cause a denial of service (input-queue consumption and traffic-processing outage) via crafted RTCP. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service iOS Unified Border Element
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-2199 MEDIUM This Month

meetinginfo.do in Cisco WebEx Event Center, WebEx Meeting Center, WebEx Sales Center, WebEx Training Center, WebEx Meetings Server 1.5(.1.131) and earlier, and WebEx Business Suite (WBS) 27 before. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Webex Business Suite Webex Event Center Webex Meeting Center +3
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2013-6975 MEDIUM This Month

Directory traversal vulnerability in the command-line interface in Cisco NX-OS 6.2(2a) and earlier allows local users to read arbitrary files via unspecified input, aka Bug ID CSCul05217. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Cisco Nx Os
NVD
CVSS 2.0
4.6
EPSS
0.0%
CVE-2013-4346 MEDIUM PATCH This Month

The Server.verify_request function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Python Information Disclosure Python Oauth2
NVD GitHub
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-3265 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Auto Update Server (AUS) web framework in Cisco Security Manager 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Security Manager
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-2195 MEDIUM This Month

Cisco AsyncOS on Email Security Appliance (ESA) and Content Security Management Appliance (SMA) devices, when Active Directory is enabled, does not properly handle group names, which allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Information Disclosure Asyncos Content Security Management Appliance Email Security Appliance Firmware
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-2192 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Cisco Unified Web and E-mail Interaction Manager 9.0(2) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Unified Web And E Mail Interaction Manager
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-2193 MEDIUM This Month

Cisco Unified Web and E-Mail Interaction Manager places session identifiers in GET requests, which allows remote attackers to inject conversation text by obtaining a valid identifier, aka Bug ID. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Code Injection Unified Web And E Mail Interaction Manager
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2012-6146 MEDIUM PATCH This Month

The Backend History Module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 does not properly restrict access, which allows remote authenticated editors to read the history. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Typo3
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-4380 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the MediaFront module 6.x-1.x before 6.x-1.6, 7.x-1.x before 7.x-1.6, and 7.x-2.x before 7.x-2.1 for Drupal allows remote authenticated users with the. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable.

XSS Mediafront
NVD
CVSS 2.0
2.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy