Skip to main content
CVE-2012-5876 MEDIUM POC THREAT This Month

Multiple off-by-one errors in NMMediaServerService.dll in Nero MediaHome 4.5.8.0 and earlier allow remote attackers to cause a denial of service (crash) via a long string in the (1) request line or. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 20.7%.

Denial Of Service Buffer Overflow Mediahome
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
20.7%
CVE-2012-5877 MEDIUM POC THREAT This Month

Nero MediaHome 4.5.8.0 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an HTTP header without a name. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 13.9%.

Denial Of Service Mediahome
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
13.9%
CVE-2014-3865 MEDIUM POC This Month

Multiple directory traversal vulnerabilities in dpkg-source in dpkg-dev 1.3.0 allow remote attackers to modify files outside of the intended directories via a source package with a crafted Index:. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Dpkg Dev
NVD Exploit-DB
CVSS 2.0
6.4
EPSS
5.3%
CVE-2013-6744 HIGH This Week

The Stored Procedure infrastructure in IBM DB2 9.5, 9.7 before FP9a, 10.1 before FP3a, and 10.5 before FP3a on Windows allows remote authenticated users to gain privileges by leveraging the CONNECT. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Privilege Escalation Microsoft Db2
NVD
CVSS 2.0
8.5
EPSS
2.1%
CVE-2014-3922 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Trend Micro InterScan Messaging Security Virtual Appliance 8.5.1.1516 allows remote authenticated users to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Trend Micro Interscan Messaging Security Virtual Appliance
NVD
CVSS 2.0
4.3
EPSS
1.1%
CVE-2014-3923 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the logoLink. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress Video Gallery
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-3921 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in popup.php in the Simple Popup Images plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the z parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Simple Popup
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-2352 HIGH This Week

The directory specifier can include designators that can be used to traverse the directory path. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Cogent Datahub
NVD
CVSS 2.0
7.8
EPSS
0.4%
CVE-2013-6788 HIGH This Week

The Bitrix e-Store module before 14.0.1 for Bitrix Site Manager uses sequential values for the BITRIX_SM_SALE_UID cookie, which makes it easier for remote attackers to guess the cookie value and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Bitrix E Store Module
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2014-3780 HIGH This Week

Unspecified vulnerability in Citrix VDI-In-A-Box 5.3.x before 5.3.8 and 5.4.x before 5.4.4 allows remote attackers to bypass authentication via unspecified vectors, related to a Java servlet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Java Authentication Bypass Vdi In A Box
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2014-0907 HIGH This Week

Multiple untrusted search path vulnerabilities in unspecified (1) setuid and (2) setgid programs in IBM DB2 9.5, 9.7 before FP9a, 9.8, 10.1 before FP3a, and 10.5 before FP3a on Linux and UNIX allow. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Db2
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2014-2353 HIGH This Week

Cross-site scripting (XSS) vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cogent Datahub
NVD
CVSS 2.0
7.1
EPSS
0.5%
CVE-2014-3864 MEDIUM This Month

Directory traversal vulnerability in dpkg-source in dpkg-dev 1.3.0 allows remote attackers to modify files outside of the intended directories via a crafted source package that lacks a --- header. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Dpkg Dev
NVD
CVSS 2.0
6.4
EPSS
1.0%
CVE-2014-3227 MEDIUM This Month

dpkg 1.15.9, 1.16.x before 1.16.14, and 1.17.x before 1.17.9 expect the patch program to be compliant with a need for the "C-style encoded filenames" feature, but is supported in environments with. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Dpkg
NVD
CVSS 2.0
6.4
EPSS
0.6%
CVE-2014-2354 MEDIUM This Month

Cogent DataHub before 7.3.5 does not use a salt during password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack. Rated medium severity (CVSS 6.0). No vendor patch available.

Information Disclosure Cogent Datahub
NVD
CVSS 2.0
6.0
EPSS
0.1%
CVE-2013-5919 MEDIUM PATCH This Month

Suricata before 1.4.6 allows remote attackers to cause a denial of service (crash) via a malformed SSL record. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Suricata
NVD
CVSS 2.0
5.0
EPSS
0.9%
CVE-2012-5572 MEDIUM This Month

CRLF injection vulnerability in the cookie method (lib/Dancer/Cookie.pm) in Dancer before 1.3114 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Dancer
NVD GitHub
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-2342 MEDIUM This Month

Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows remote attackers to cause a denial of service (excessive data processing) via a crafted DNP3 packet. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Scada Data Gateway
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2014-3924 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Webmin before 1.690 and Usermin before 1.600 allow remote attackers to inject arbitrary web script or HTML via vectors related to popup windows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Microsoft Userwin Webmin
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-3010 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.2, 6.3 before 6.3.0.6, 7.0 before 7.0.0.6, 7.5 before 7.5.0.5, and 8.0 before 8.0.0.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Websphere Service Registry And Repository
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-0925 LOW PATCH Monitor

Open redirect vulnerability in IBM Sterling Control Center 5.4.0 before 5.4.0.1 iFix 3 and 5.4.1 before 5.4.1.0 iFix 2 allows remote authenticated users to redirect users to arbitrary web sites and. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

IBM Open Redirect Sterling Control Center
NVD
CVSS 2.0
3.5
EPSS
0.1%
CVE-2013-4143 LOW Monitor

The (1) checkPasswd and (2) checkGroupXlockPasswds functions in xlockmore before 5.43 do not properly handle when a NULL value is returned upon an error by the crypt or dispcrypt function as. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Xlockmore
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2012-5560 LOW Monitor

The default configuration in mate-settings-daemon 1.5.3 allows local users to change the timezone for the system via a crafted D-Bus call. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Mate Settings Daemon
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-0202 LOW Monitor

The setup script in ovirt-engine-dwh, as used in the Red Hat Enterprise Virtualization Manager data warehouse (rhevm-dwh) package before 3.3.3, stores the history database password in cleartext,. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Authentication Bypass Rhevm Dwh
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-2343 LOW Monitor

Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows physically proximate attackers to cause a denial of service (excessive data processing) via a crafted DNP request over a serial line. Rated low severity (CVSS 1.2). No vendor patch available.

Denial Of Service Scada Data Gateway
NVD
CVSS 2.0
1.2
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy