Skip to main content
CVE-2013-6221 CRITICAL POC THREAT Emergency

Directory traversal vulnerability in CommunicationServlet in HP Service Virtualization 3.x before 3.50.1, when the AutoPass license server is enabled, allows remote attackers to create arbitrary. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 84.1%.

Path Traversal HP RCE Service Virtualization
NVD Exploit-DB GitHub
CVSS 2.0
10.0
EPSS
84.1%
Threat
6.0
CVE-2013-5017 CRITICAL Act Now

SNMPConfig.php in the management console in Symantec Web Gateway (SWG) before 5.2.1 allows remote attackers to execute arbitrary commands via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 23.9% and no vendor patch available.

PHP Information Disclosure Web Gateway
NVD
CVSS 3.0
9.8
EPSS
23.9%
CVE-2014-4174 CRITICAL POC PATCH Act Now

wiretap/libpcap.c in the libpcap file parser in Wireshark 1.10.x before 1.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash). Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service RCE Buffer Overflow Wireshark
NVD
CVSS 2.0
9.3
EPSS
1.5%
CVE-2014-4153 HIGH POC This Week

The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to read arbitrary files via a crafted get_file request. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Open Source Security Information Management
NVD Exploit-DB
CVSS 2.0
7.8
EPSS
7.1%
CVE-2014-4152 CRITICAL Act Now

The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to execute arbitrary code via a crafted remote_task request, related to injecting an ssh public key. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 11.4% and no vendor patch available.

RCE Code Injection Open Source Security Information Management
NVD
CVSS 2.0
10.0
EPSS
11.4%
CVE-2014-4151 CRITICAL Act Now

The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to create arbitrary files and execute arbitrary code via a crafted set_file request. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 11.4% and no vendor patch available.

RCE Code Injection Open Source Security Information Management
NVD
CVSS 2.0
10.0
EPSS
11.4%
CVE-2014-4307 HIGH POC This Week

SQL injection vulnerability in categories-x.php in WebTitan before 4.04 allows remote attackers to execute arbitrary SQL commands via the sortkey parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Webtitan
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.7%
CVE-2014-4049 MEDIUM PATCH This Month

Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. Epss exploitation probability 30.7%.

Denial Of Service RCE PHP Buffer Overflow Opensuse +1
NVD GitHub
CVSS 2.0
5.1
EPSS
30.7%
CVE-2014-4306 MEDIUM POC This Month

Directory traversal vulnerability in logs-x.php in WebTitan before 4.04 allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Webtitan
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
6.4%
CVE-2014-0598 CRITICAL Act Now

Directory traversal vulnerability in iPrint in Novell Open Enterprise Server (OES) 11 SP1 before Maintenance Update 9151 on Linux has unspecified impact and remote attack vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Open Enterprise Server
NVD
CVSS 2.0
10.0
EPSS
0.7%
CVE-2014-4304 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in browse.php in SQL Buddy 1.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the table parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Sql Buddy
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2012-2592 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Axigen Mail Server 8.0.1 allows remote attackers to inject arbitrary web script or HTML via the body of an email. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Axigen Mail Server
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-4301 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in the respond_error function in routing.py in Eugene Pankov Ajenti before 1.2.21.7 allow remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Ajenti
NVD GitHub
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-3877 MEDIUM POC PATCH This Month

Incomplete blacklist vulnerability in Frams' Fast File EXchange (F*EX, aka fex) before fex-20140530 allows remote attackers to conduct cross-site scripting (XSS) attacks via the addto parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Microsoft Fex
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-3876 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Frams' Fast File EXchange (F*EX, aka fex) before fex-20140530 allow remote attackers to inject arbitrary web script or HTML via the (1) akey. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Microsoft Fex
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-4309 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Openfiler 2.99 allow remote attackers to inject arbitrary web script or HTML via the (1) TinkerAjax parameter to uptime.html, or remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Openfiler
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4308 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in NICE Recording eXpress (aka Cybertech eXpress) before 6.5.5 allow remote attackers to inject arbitrary web script or HTML via the (1) USRLNM. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Recording Express
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4302 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in rating/rating.php in HAM3D Shop Engine allows remote attackers to inject arbitrary web script or HTML via the ID parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Ham3D Shop Engine
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4020 MEDIUM POC This Month

The dissect_frame function in epan/dissectors/packet-frame.c in the frame metadissector in Wireshark 1.10.x before 1.10.8 interprets a negative integer as a length value even though it was intended. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Wireshark
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-0910 LOW POC Monitor

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, and 7.0.0 through 7.0.0.2 CF28 allows remote authenticated users to inject. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

IBM XSS Websphere Portal
NVD Exploit-DB
CVSS 2.0
3.5
EPSS
1.4%
CVE-2014-4305 HIGH This Week

Multiple SQL injection vulnerabilities in NICE Recording eXpress (aka Cybertech eXpress) 6.5.7 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Recording Express
NVD
CVSS 2.0
7.5
EPSS
0.3%
CVE-2014-2949 MEDIUM This Month

SQL injection vulnerability in the web service in F5 ARX Data Manager 3.0.0 through 3.1.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Arx Data Manager
NVD
CVSS 2.0
6.5
EPSS
0.5%
CVE-2014-1651 MEDIUM This Month

SQL injection vulnerability in clientreport.php in the management console in Symantec Web Gateway (SWG) before 5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity. No vendor patch available.

PHP SQLi Web Gateway
NVD
CVSS 2.0
5.8
EPSS
1.2%
CVE-2014-1650 MEDIUM This Month

SQL injection vulnerability in user.php in the management console in Symantec Web Gateway (SWG) before 5.2.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

PHP SQLi Web Gateway
NVD
CVSS 2.0
5.2
EPSS
0.7%
CVE-2014-2779 MEDIUM PATCH This Month

mpengine.dll in Microsoft Malware Protection Engine before 1.1.10701.0 allows remote attackers to cause a denial of service (system hang) via a crafted file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Denial Of Service Microsoft Malware Protection Engine
NVD
CVSS 2.0
4.3
EPSS
4.2%
CVE-2014-0599 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in iPrint in Novell Open Enterprise Server (OES) 11 SP1 before Maintenance Update 9151 on Linux allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Open Enterprise Server
NVD
CVSS 2.0
4.3
EPSS
0.8%
CVE-2014-2151 MEDIUM This Month

The WebVPN portal in Cisco Adaptive Security Appliance (ASA) Software 8.4(.7.15) and earlier allows remote authenticated users to obtain sensitive information via a crafted JavaScript file, aka Bug. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Adaptive Security Appliance Software
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2014-3013 LOW Monitor

Multiple cross-site scripting (XSS) vulnerabilities in IBM Curam Social Program Management 4.5 SP10 through 6.0.5.4 allow remote authenticated users to inject arbitrary web script or HTML via crafted. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Curam Social Program Management
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-3012 LOW Monitor

Multiple CRLF injection vulnerabilities in IBM Curam Social Program Management 5.2 SP1 through 6.0.5.4 allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Code Injection Curam Social Program Management
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-4021 LOW PATCH Monitor

Xen 3.2.x through 4.4.x does not properly clean memory pages recovered from guests, which allows local guest OS users to obtain sensitive information via unspecified vectors. Rated low severity (CVSS 2.7), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Xen
NVD
CVSS 2.0
2.7
EPSS
0.2%
CVE-2014-2000 LOW Monitor

The NTT 050 plus application before 4.2.1 for Android allows attackers to obtain sensitive information by leveraging the ability to read system log files. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

Google Information Disclosure 050 Plus
NVD
CVSS 2.0
2.6
EPSS
0.3%
CVE-2014-1652 LOW Monitor

Multiple cross-site scripting (XSS) vulnerabilities in the management console in Symantec Web Gateway (SWG) before 5.2 allow remote authenticated users to inject arbitrary web script or HTML via. Rated low severity (CVSS 2.3). No vendor patch available.

XSS Web Gateway
NVD
CVSS 2.0
2.3
EPSS
0.5%
CVE-2014-4303 LOW PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in the Touch theme 7.x-1.x before 7.x-1.9 for Drupal allow remote authenticated users with the Administer themes permission to inject arbitrary web. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable.

XSS Touch
NVD
CVSS 2.0
2.1
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy