Skip to main content
CVE-2014-3913 CRITICAL POC THREAT Emergency

Stack-based buffer overflow in AccessServer32.exe in Ericom AccessNow Server allows remote attackers to execute arbitrary code via a request for a non-existent file. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 78.7%.

RCE Buffer Overflow Accessnow Server
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
78.7%
Threat
5.9
CVE-2014-3961 HIGH POC PATCH This Week

SQL injection vulnerability in the Export CSV page in the Participants Database plugin before 1.5.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the query parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress SQLi Participants Database
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
5.9%
CVE-2014-3962 HIGH POC This Week

Multiple SQL injection vulnerabilities in Videos Tube 1.0 allow remote attackers to execute arbitrary SQL commands via the url parameter to (1) videocat.php or (2) single.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Videos Tube
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.8%
CVE-2014-3786 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the contact module (admin/modules/contact.php) in Pixie CMS 1.04 allow remote attackers to inject arbitrary web script or HTML via the (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Pixie
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-2053 HIGH PATCH This Week

getID3() before 1.9.8, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service XXE Getid3 Owncloud Server
NVD
CVSS 2.0
7.5
EPSS
3.5%
CVE-2012-6143 HIGH This Week

Spoon::Cookie in the Spoon module 0.24 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Spoon
NVD
CVSS 2.0
7.5
EPSS
2.0%
CVE-2012-6142 HIGH This Week

Session::Cookie in the HTML::EP module 0.2011 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request, which is not. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Html
NVD
CVSS 2.0
7.5
EPSS
1.7%
CVE-2012-6141 HIGH This Week

The App::Context module 0.01 through 0.968 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request to (1). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection App
NVD
CVSS 2.0
7.5
EPSS
1.6%
CVE-2014-2056 HIGH This Week

PHPDocX, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service XXE Owncloud Server Phpdocx
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2014-2055 HIGH PATCH This Week

SabreDAV before 1.7.11, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service XXE Sabredav Owncloud Server
NVD GitHub
CVSS 2.0
7.5
EPSS
0.5%
CVE-2014-2054 HIGH PATCH This Week

PHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, does not disable external entity loading in libxml, which allows remote attackers to read arbitrary files,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service XXE Owncloud Server Phpexcel
NVD GitHub
CVSS 2.0
7.5
EPSS
0.5%
CVE-2014-3834 HIGH This Week

ownCloud Server before 6.0.3 does not properly check permissions, which allows remote authenticated users to (1) access the contacts of other users via the address book or (2) rename files via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Owncloud Owncloud Server
NVD
CVSS 2.0
7.5
EPSS
0.3%
CVE-2014-3836 MEDIUM This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud Server before 6.0.3 allow remote attackers to hijack the authentication of users for requests that (1) conduct cross-site. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

XSS CSRF Owncloud Owncloud Server
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-3835 MEDIUM This Month

ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not check permissions to the files_external application, which allows remote authenticated users to add external storage via unspecified. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Owncloud Server Owncloud
NVD
CVSS 2.0
5.5
EPSS
0.3%
CVE-2013-1941 MEDIUM This Month

The installation routine in ownCloud Server before 4.0.14, 4.5.x before 4.5.9, and 5.0.x before 5.0.4 uses the time function to seed the generation of the PostgreSQL database user password, which. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PostgreSQL Owncloud Owncloud Server
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-0204 MEDIUM This Month

settings/personal.php in ownCloud 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via crafted mount point settings. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable. No vendor patch available.

RCE PHP Code Injection Owncloud Server
NVD
CVSS 2.0
4.6
EPSS
0.5%
CVE-2014-0935 MEDIUM This Month

Unspecified vulnerability in IBM Smart Analytics System 7700 before FP 2.1.3.0 and 7710 before FP 2.1.3.0 allows local users to gain privileges via vectors related to events. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Smart Analytics System 7700 Smart Analytics System 7710
NVD
CVSS 2.0
4.6
EPSS
0.3%
CVE-2014-3948 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the HTML export wizard in the backend module in the powermail extension before 1.6.11 for TYPO3 allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Powermail
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-3833 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the (1) Gallery and (2) core components in ownCloud Server before 5.016 and 6.0.x before 6.0.3 allow remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Owncloud Owncloud Server
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-3832 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Documents component in ownCloud Server 6.0.x before 6.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Owncloud Server
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-5056 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) readyCallback parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Owncloud Owncloud Server
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-3960 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.12.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Opennms
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-5057 MEDIUM This Month

CRLF injection vulnerability in ownCloud Server before 4.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the url path parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection Owncloud Owncloud Server
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-2502 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in rsa_fso.swf in EMC RSA Adaptive Authentication (Hosted) 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Rsa Adaptive Authentication Hosted
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-3837 MEDIUM This Month

The document application in ownCloud Server before 6.0.3 uses sequential values for the file_id, which allows remote authenticated users to enumerate shared files via unspecified vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Owncloud Owncloud Server
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2012-5336 MEDIUM This Month

lib/base.php in ownCloud before 4.0.8 does not properly validate the user_id session variable, which allows remote authenticated users to read arbitrary files via vectors related to WebDAV. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure Owncloud Owncloud Server
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2014-3963 MEDIUM PATCH This Month

ownCloud Server before 6.0.1 does not properly check permissions, which allows remote authenticated users to access arbitrary preview pictures via unspecified vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Owncloud
NVD
CVSS 2.0
4.0
EPSS
0.1%
CVE-2014-3838 MEDIUM This Month

ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not properly check permissions, which allows remote authenticated users to read the names of files of other users by leveraging access to. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Owncloud Owncloud Server
NVD
CVSS 2.0
4.0
EPSS
0.1%
CVE-2014-3949 LOW Monitor

Cross-site scripting (XSS) vulnerability in the layout wizard in the Grid Elements (gridelements) extension before 1.5.1 and 2.0.x before 2.0.3 for TYPO3 allows remote authenticated backend users to. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS Gridelements
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-3956 LOW PATCH Monitor

The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access. Rated low severity (CVSS 1.9). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Freebsd Hpux Fedora Sendmail
NVD
CVSS 2.0
1.9
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy