Skip to main content
CVE-2013-6744 HIGH This Week

The Stored Procedure infrastructure in IBM DB2 9.5, 9.7 before FP9a, 10.1 before FP3a, and 10.5 before FP3a on Windows allows remote authenticated users to gain privileges by leveraging the CONNECT. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Privilege Escalation Microsoft Db2
NVD
CVSS 2.0
8.5
EPSS
2.1%
CVE-2014-2352 HIGH This Week

The directory specifier can include designators that can be used to traverse the directory path. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Cogent Datahub
NVD
CVSS 2.0
7.8
EPSS
0.4%
CVE-2013-6788 HIGH This Week

The Bitrix e-Store module before 14.0.1 for Bitrix Site Manager uses sequential values for the BITRIX_SM_SALE_UID cookie, which makes it easier for remote attackers to guess the cookie value and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Bitrix E Store Module
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2014-3780 HIGH This Week

Unspecified vulnerability in Citrix VDI-In-A-Box 5.3.x before 5.3.8 and 5.4.x before 5.4.4 allows remote attackers to bypass authentication via unspecified vectors, related to a Java servlet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Java Authentication Bypass Vdi In A Box
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2014-0907 HIGH This Week

Multiple untrusted search path vulnerabilities in unspecified (1) setuid and (2) setgid programs in IBM DB2 9.5, 9.7 before FP9a, 9.8, 10.1 before FP3a, and 10.5 before FP3a on Linux and UNIX allow. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Db2
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2014-2353 HIGH This Week

Cross-site scripting (XSS) vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cogent Datahub
NVD
CVSS 2.0
7.1
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy