Skip to main content
CVE-2014-3936 CRITICAL POC THREAT Emergency

Stack-based buffer overflow in the do_hnap function in www/my_cgi.cgi in D-Link DSP-W215 (Rev. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 84.3%.

RCE D-Link Buffer Overflow Dir505 Shareport Mobile Companion Firmware Dir505 Shareport Mobile Companion +4
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
84.3%
Threat
6.0
CVE-2013-1412 HIGH POC PATCH THREAT Act Now

DataLife Engine (DLE) 9.7 allows remote attackers to execute arbitrary PHP code via the catlist[] parameter to engine/preview.php, which is used in a preg_replace function call with an e modifier. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 85.1%.

RCE PHP Code Injection Datalife Engine
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
85.1%
Threat
5.6
CVE-2014-3935 HIGH POC This Week

SQL injection vulnerability in glossaire-aff.php in the Glossaire module 1.0 for XOOPS allows remote attackers to execute arbitrary SQL commands via the lettre parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Glossaire Module
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.7%
CVE-2014-3934 HIGH POC This Week

SQL injection vulnerability in the Submit_News module for PHP-Nuke 8.3 allows remote attackers to execute arbitrary SQL commands via the topics[] parameter to modules.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Php Nuke Submit News Module
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.7%
CVE-2014-3932 HIGH POC This Week

SQL injection vulnerability in the device registration component in wsf/webservice.php in CoSoSys Endpoint Protector 4 4.3.0.4 and 4.4.0.2 allows remote attackers to execute arbitrary SQL commands. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Endpoint Protector
NVD
CVSS 2.0
7.5
EPSS
0.3%
CVE-2013-7387 MEDIUM POC PATCH This Month

Session fixation vulnerability in DataLife Engine (DLE) 9.7 and earlier allows remote attackers to hijack web sessions via the PHPSESSID cookie. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Information Disclosure Datalife Engine
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
2.0%
CVE-2014-2946 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in api/sms/send-sms in the Web UI 11.010.06.01.858 on Huawei E303 modems with software 22.157.18.00.858 allows remote attackers to hijack the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Huawei Webui E303 Modem Firmware E303 Modem
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.4%
CVE-2013-2019 CRITICAL Act Now

Stack-based buffer overflow in BOINC 6.10.58 and 6.12.34 allows remote attackers to have unspecified impact via multiple file_signature elements. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Boinc Client
NVD
CVSS 2.0
9.3
EPSS
1.7%
CVE-2013-2298 CRITICAL Act Now

Multiple stack-based buffer overflows in the XML parser in BOINC 7.x allow attackers to have unspecified impact via a crafted XML file, related to the scheduler. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Boinc Client
NVD
CVSS 2.0
9.3
EPSS
1.6%
CVE-2014-2959 CRITICAL Act Now

logViewer.htm on the Dell ML6000 tape backup system with firmware before i8.2.0.2 (641G.GS103) and the Quantum Scalar i500 tape backup system with firmware before i8.2.2.1 (646G.GS002) allows remote. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Dell Powervault Ml6000 Firmware Powervault Ml6000 Scalar I500 Firmware +1
NVD
CVSS 2.0
9.0
EPSS
1.5%
CVE-2014-0042 MEDIUM POC PATCH This Month

OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets gpgcheck to 0 for certain templates, which disables GPG signature checking on downloaded. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Red Hat Information Disclosure Openstack
NVD GitHub
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-0040 MEDIUM POC PATCH This Month

OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, uses an HTTP connection to download (1) packages and (2) signing keys from Yum repositories,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Red Hat Information Disclosure Openstack
NVD GitHub
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-6433 HIGH This Week

The default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows remote attackers to gain privileges via a. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Privilege Escalation Neutron Ubuntu Linux
NVD
CVSS 2.0
7.6
EPSS
1.6%
CVE-2013-1397 HIGH PATCH This Week

Symfony 2.0.x before 2.0.22, 2.1.x before 2.1.7, and 2.2.x remote attackers to execute arbitrary PHP code via a serialized PHP object to the (1) Yaml::parse or (2) Yaml\Parser::parse function, a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE PHP Code Injection Symfony
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2013-1348 HIGH PATCH This Week

The Yaml::parse function in Symfony 2.0.x before 2.0.22 remote attackers to execute arbitrary PHP code via a PHP file, a different vulnerability than CVE-2013-1397. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE PHP Code Injection Symfony
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2014-3937 HIGH PATCH This Week

SQL injection vulnerability in the Contextual Related Posts plugin before 1.8.10.2 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

WordPress SQLi Contextual Related Posts
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2012-5391 MEDIUM This Month

Session fixation vulnerability in Special:UserLogin in MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the session_id. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Mediawiki
NVD
CVSS 2.0
6.8
EPSS
0.8%
CVE-2012-5395 MEDIUM This Month

Session fixation vulnerability in the CentralAuth extension for MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Mediawiki
NVD
CVSS 2.0
6.8
EPSS
0.5%
CVE-2013-3476 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the WordPress Related Posts plugin before 2.6.2 for WordPress allows remote attackers to hijack the authentication of users for requests that change. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF WordPress Related Posts
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-3258 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in he Digg Digg plugin before 5.3.5 for WordPress allows remote attackers to hijack the authentication of users for requests that modify settings via. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF WordPress Digg Digg
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-3257 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the Related Posts plugin before 2.7.2 for WordPress allows remote attackers to hijack the authentication of users for requests that modify settings. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF WordPress Related Posts
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-2710 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the Contextual Related Posts plugin before 1.8.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

XSS CSRF WordPress Contextual Related Posts
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-4596 MEDIUM PATCH This Month

The Node Access Keys module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permissions, which allows remote attackers to bypass access restrictions via a node listing. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Privilege Escalation Nodeaccesskeys
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2013-7386 MEDIUM This Month

Format string vulnerability in the PROJECT::write_account_file function in client/cs_account.cpp in BOINC, possibly 7.2.33, allows remote attackers to cause a denial of service (crash) or possibly. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Denial Of Service Boinc Client
NVD
CVSS 2.0
5.0
EPSS
2.7%
CVE-2013-2014 MEDIUM PATCH This Month

OpenStack Identity (Keystone) before 2013.1 allows remote attackers to cause a denial of service (memory consumption and crash) via multiple long requests. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Keystone Fedora
NVD
CVSS 2.0
5.0
EPSS
2.4%
CVE-2013-1818 MEDIUM This Month

maintenance/mwdoc-filter.php in MediaWiki before 1.20.3 allows remote attackers to read arbitrary files via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure Mediawiki
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-6470 MEDIUM This Month

The default configuration in the standalone controller quickstack manifest in openstack-foreman-installer, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, disables authentication for. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Authentication Bypass Openstack
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-2939 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Alfresco Enterprise before 4.1.6.13 allow remote attackers to inject arbitrary web script or HTML via (1) an XHTML document, (2) a <% tag, or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Alfresco
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-0041 MEDIUM This Month

OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets sslverify to false for certain Yum repositories, which disables SSL protection and allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Information Disclosure Openstack
NVD GitHub
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-3933 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the address components field formatter in the AddressField Tokens module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users to inject. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Addressfield Tokens
NVD
CVSS 2.0
3.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy