Skip to main content
CVE-2014-3804 CRITICAL POC THREAT Emergency

The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) update_system_info_debian_package, (2) ossec_task, (3). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 79.3%.

RCE Code Injection Open Source Security Information Management
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
79.3%
Threat
5.9
CVE-2014-4158 HIGH POC THREAT Act Now

Stack-based buffer overflow in Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a GET request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 51.2%.

RCE Buffer Overflow Kolibri
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
51.2%
Threat
4.5
CVE-2014-3805 CRITICAL POC THREAT Emergency

The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) get_license, (2) get_log_line, or (3). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 36.5%.

RCE Code Injection Open Source Security Information Management
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
36.5%
Threat
4.6
CVE-2013-3843 MEDIUM POC THREAT This Month

Stack-based buffer overflow in the mk_request_header_process function in mk_request.c in Monkey HTTP Daemon (monkeyd) before 1.2.1 allows remote attackers to cause a denial of service (crash) and. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 40.2%.

Denial Of Service RCE Buffer Overflow Monkey
NVD GitHub
CVSS 2.0
6.8
EPSS
40.2%
Threat
4.1
CVE-2013-3663 CRITICAL POC THREAT Emergency

Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 8 Maintenance 3, allows remote attackers to execute arbitrary code via a crafted RLE8 compressed. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 15.9%.

RCE Google Buffer Overflow Sketchup
NVD
CVSS 2.0
9.3
EPSS
15.9%
CVE-2013-4099 CRITICAL POC Act Now

Multiple unspecified vulnerabilities in OpenAL32.dll in JOAL 2.0-rc11, as used in JOGAMP, allow context-dependent attackers to execute arbitrary code via a crafted parameter to the (1). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Joal Jogamp
NVD
CVSS 2.0
10.0
EPSS
1.3%
CVE-2014-2303 HIGH POC This Week

Multiple SQL injection vulnerabilities in the file browser component (we_fs.php) in webEdition CMS before 6.2.7-s1.2 and 6.3.x through 6.3.8 before -s1 allow remote attackers to execute arbitrary SQL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Webedition Cms
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
4.1%
CVE-2013-2182 MEDIUM POC PATCH THREAT This Month

The Mandril security plugin in Monkey HTTP Daemon (monkeyd) before 1.5.0 allows remote attackers to bypass access restrictions via a crafted URI, as demonstrated by an encoded forward slash. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 10.8%.

Privilege Escalation Monkey
NVD GitHub Exploit-DB
CVSS 2.0
5.8
EPSS
10.8%
CVE-2014-3859 MEDIUM This Month

libdns in ISC BIND 9.10.0 before P2 does not properly handle EDNS options, which allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted packet,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 29.8% and no vendor patch available.

Denial Of Service Bind
NVD
CVSS 2.0
5.0
EPSS
29.8%
CVE-2014-4159 MEDIUM POC This Month

Open redirect vulnerability in in la/umTestSSO.jsp in SAP Supplier Relationship Management (SRM) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Open Redirect SAP Supplier Relationship Management
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2013-2163 MEDIUM POC This Month

Monkey HTTP Daemon (monkeyd) before 1.2.2 allows remote attackers to cause a denial of service (infinite loop) via an offset equal to the file size in the Range HTTP header. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Monkey
NVD GitHub
CVSS 2.0
5.0
EPSS
0.7%
CVE-2012-3521 MEDIUM POC PATCH This Month

Multiple directory traversal vulnerabilities in the cssgen contrib module in GeSHi before 1.0.8.11 allow remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Geshi
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2014-4160 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the testcanvas node in SAP NetWeaver Business Client (NWBC) allow remote attackers to inject arbitrary web script or HTML via the (1) title or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS SAP Netweaver Business Client
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2012-3522 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in contrib/langwiz.php in GeSHi before 1.0.8.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Geshi
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-3814 HIGH This Week

The Juniper Networks NetScreen Firewall devices with ScreenOS before 6.3r17, when configured to use the internal DNS lookup client, allows remote attackers to cause a denial of service (crash and. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Juniper Denial Of Service Screenos Netscreen 5200 Netscreen 5400
NVD
CVSS 2.0
7.8
EPSS
0.5%
CVE-2014-3813 HIGH This Week

Unspecified vulnerability in the Juniper Networks NetScreen Firewall products with ScreenOS before 6.3r17, when configured to use the internal DNS lookup client, allows remote attackers to cause a. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Juniper Denial Of Service Screenos Netscreen 5200 Netscreen 5400
NVD
CVSS 2.0
7.8
EPSS
0.5%
CVE-2013-5356 HIGH This Week

Sharetronix 3.1.1.3, 3.1.1, and earlier does not properly restrict access to unspecified AJAX functionality, which allows remote attackers to bypass authentication via unknown vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Sharetronix
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2013-5353 MEDIUM This Month

Unrestricted file upload vulnerability in system/controllers/ajax/attachments.php in Sharetronix 3.1.1.3, 3.1.1, and earlier allows remote attackers to execute arbitrary code by uploading a file with. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE PHP File Upload Sharetronix
NVD
CVSS 2.0
6.8
EPSS
1.6%
CVE-2013-5352 MEDIUM This Month

Sharetronix 3.1.1.3, 3.1.1, and earlier allows remote attackers to execute arbitrary PHP code via the (1) activities_text parameter to services/activities/set or (2) comments_text parameter to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE PHP Code Injection Sharetronix
NVD
CVSS 2.0
6.8
EPSS
1.0%
CVE-2014-3812 MEDIUM This Month

The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS before 7.4r5 and 8.x before 8.0r1 and Junos Pulse Access Control Service (UAC) before 4.4r5 and 5.x before 5.0r1 enable. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Juniper Information Disclosure Ivanti Ive Os Unified Access Control Software +16
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-1841 MEDIUM This Month

Net-Server, when the reverse-lookups option is enabled, does not check if the hostname resolves to the source IP address, which might allow remote attackers to bypass ACL restrictions via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Net Server
NVD
CVSS 2.0
4.3
EPSS
1.3%
CVE-2014-4161 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in la/umTestSSO.jsp in SAP Supplier Relationship Management (SRM) allows remote attackers to inject arbitrary web script or HTML via the url parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS SAP Supplier Relationship Management
NVD
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy