Skip to main content
CVE-2012-5876 MEDIUM POC THREAT This Month

Multiple off-by-one errors in NMMediaServerService.dll in Nero MediaHome 4.5.8.0 and earlier allow remote attackers to cause a denial of service (crash) via a long string in the (1) request line or. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 20.7%.

Denial Of Service Buffer Overflow Mediahome
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
20.7%
CVE-2012-5877 MEDIUM POC THREAT This Month

Nero MediaHome 4.5.8.0 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an HTTP header without a name. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 13.9%.

Denial Of Service Mediahome
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
13.9%
CVE-2014-3865 MEDIUM POC This Month

Multiple directory traversal vulnerabilities in dpkg-source in dpkg-dev 1.3.0 allow remote attackers to modify files outside of the intended directories via a source package with a crafted Index:. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Dpkg Dev
NVD Exploit-DB
CVSS 2.0
6.4
EPSS
5.3%
CVE-2014-3922 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Trend Micro InterScan Messaging Security Virtual Appliance 8.5.1.1516 allows remote authenticated users to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Trend Micro Interscan Messaging Security Virtual Appliance
NVD
CVSS 2.0
4.3
EPSS
1.1%
CVE-2014-3923 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the logoLink. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress Video Gallery
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-3921 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in popup.php in the Simple Popup Images plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the z parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Simple Popup
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-3864 MEDIUM This Month

Directory traversal vulnerability in dpkg-source in dpkg-dev 1.3.0 allows remote attackers to modify files outside of the intended directories via a crafted source package that lacks a --- header. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Dpkg Dev
NVD
CVSS 2.0
6.4
EPSS
1.0%
CVE-2014-3227 MEDIUM This Month

dpkg 1.15.9, 1.16.x before 1.16.14, and 1.17.x before 1.17.9 expect the patch program to be compliant with a need for the "C-style encoded filenames" feature, but is supported in environments with. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Dpkg
NVD
CVSS 2.0
6.4
EPSS
0.6%
CVE-2014-2354 MEDIUM This Month

Cogent DataHub before 7.3.5 does not use a salt during password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack. Rated medium severity (CVSS 6.0). No vendor patch available.

Information Disclosure Cogent Datahub
NVD
CVSS 2.0
6.0
EPSS
0.1%
CVE-2013-5919 MEDIUM PATCH This Month

Suricata before 1.4.6 allows remote attackers to cause a denial of service (crash) via a malformed SSL record. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Suricata
NVD
CVSS 2.0
5.0
EPSS
0.9%
CVE-2012-5572 MEDIUM This Month

CRLF injection vulnerability in the cookie method (lib/Dancer/Cookie.pm) in Dancer before 1.3114 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Dancer
NVD GitHub
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-2342 MEDIUM This Month

Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows remote attackers to cause a denial of service (excessive data processing) via a crafted DNP3 packet. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Scada Data Gateway
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2014-3924 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Webmin before 1.690 and Usermin before 1.600 allow remote attackers to inject arbitrary web script or HTML via vectors related to popup windows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Microsoft Userwin Webmin
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-3010 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.2, 6.3 before 6.3.0.6, 7.0 before 7.0.0.6, 7.5 before 7.5.0.5, and 8.0 before 8.0.0.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Websphere Service Registry And Repository
NVD
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy