Skip to main content
CVE-2014-2575 MEDIUM POC This Month

Directory traversal vulnerability in the File Manager component in DevExpress ASPxFileManager Control for ASP.NET WebForms and MVC before 13.1.10 and 13.2.x before 13.2.9 allows remote authenticated. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Aspxfilemanager Control For Webforms And Mvc
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
9.6%
CVE-2014-3984 CRITICAL Act Now

Multiple unspecified vulnerabilities in Libav before 0.8.12 allow remote attackers to have unknown impact and vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Libav
NVD
CVSS 2.0
10.0
EPSS
9.6%
CVE-2013-4727 MEDIUM POC THREAT This Month

DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a request to Admin/top.aspx. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 11.7%.

Information Disclosure Cm3 Acora Content Management System
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
11.7%
CVE-2012-5390 CRITICAL Act Now

The standard universe shadow (condor_shadow.std) component in Condor 7.7.3 through 7.7.6, 7.8.0 before 7.8.5, and 7.9.0 does no properly check privileges, which allows remote attackers to gain. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Condor
NVD
CVSS 2.0
10.0
EPSS
1.9%
CVE-2013-2602 CRITICAL Act Now

Multiple array index errors in the MyHeritage SEQueryObject ActiveX control (SearchEngineQuery.dll) 1.0.2.0 allow remote attackers to execute arbitrary code via the (1) seTokensArray, or (2). Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

RCE Sequeryobject Activex Control
NVD
CVSS 2.0
9.3
EPSS
3.7%
CVE-2013-0250 MEDIUM POC PATCH This Month

The init_nss_hash function in exec/totemcrypto.c in Corosync 2.0 before 2.3 does not properly initialize the HMAC key, which allows remote attackers to cause a denial of service (crash) via a crafted. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Corosync
NVD GitHub
CVSS 2.0
5.0
EPSS
0.9%
CVE-2014-2503 HIGH This Week

The thumbnail proxy server in EMC Documentum Digital Asset Manager (DAM) 6.5 SP3, 6.5 SP4, 6.5 SP5, and 6.5 SP6 before P13 allows remote attackers to conduct Documentum Query Language (DQL) injection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Documentum Digital Asset Manager
NVD
CVSS 2.0
7.5
EPSS
0.3%
CVE-2012-5583 MEDIUM This Month

phpCAS before 1.3.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Phpcas
NVD GitHub
CVSS 2.0
5.8
EPSS
0.2%
CVE-2013-4728 MEDIUM This Month

DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cm3 Acora Content Management System
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2013-4725 MEDIUM This Month

DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not set the secure flag for an unspecified cookie in an https session, which makes it. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cm3 Acora Content Management System
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2013-4724 MEDIUM This Month

DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cm3 Acora Content Management System
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-3966 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in Special:PasswordReset in MediaWiki before 1.19.16, 1.21.x before 1.21.10, and 1.22.x before 1.22.7, when wgRawHtml is enabled, allows remote attackers to. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable.

XSS Mediawiki
NVD
CVSS 2.0
2.6
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy