Skip to main content
CVE-2014-3961 HIGH POC PATCH This Week

SQL injection vulnerability in the Export CSV page in the Participants Database plugin before 1.5.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the query parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress SQLi Participants Database
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
5.9%
CVE-2014-3962 HIGH POC This Week

Multiple SQL injection vulnerabilities in Videos Tube 1.0 allow remote attackers to execute arbitrary SQL commands via the url parameter to (1) videocat.php or (2) single.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Videos Tube
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.8%
CVE-2014-2053 HIGH PATCH This Week

getID3() before 1.9.8, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service XXE Getid3 Owncloud Server
NVD
CVSS 2.0
7.5
EPSS
3.5%
CVE-2012-6143 HIGH This Week

Spoon::Cookie in the Spoon module 0.24 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Spoon
NVD
CVSS 2.0
7.5
EPSS
2.0%
CVE-2012-6142 HIGH This Week

Session::Cookie in the HTML::EP module 0.2011 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request, which is not. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Html
NVD
CVSS 2.0
7.5
EPSS
1.7%
CVE-2012-6141 HIGH This Week

The App::Context module 0.01 through 0.968 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request to (1). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection App
NVD
CVSS 2.0
7.5
EPSS
1.6%
CVE-2014-2056 HIGH This Week

PHPDocX, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service XXE Owncloud Server Phpdocx
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2014-2055 HIGH PATCH This Week

SabreDAV before 1.7.11, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service XXE Sabredav Owncloud Server
NVD GitHub
CVSS 2.0
7.5
EPSS
0.5%
CVE-2014-2054 HIGH PATCH This Week

PHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, does not disable external entity loading in libxml, which allows remote attackers to read arbitrary files,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service XXE Owncloud Server Phpexcel
NVD GitHub
CVSS 2.0
7.5
EPSS
0.5%
CVE-2014-3834 HIGH This Week

ownCloud Server before 6.0.3 does not properly check permissions, which allows remote authenticated users to (1) access the contacts of other users via the address book or (2) rename files via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Owncloud Owncloud Server
NVD
CVSS 2.0
7.5
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy