Skip to main content
CVE-2014-2962 HIGH POC PATCH THREAT Act Now

Absolute path traversal vulnerability in the webproc cgi module on the Belkin N150 F9K1009 v1 router with firmware before 1.00.08 allows remote attackers to read arbitrary files via a full pathname. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 88.9%.

Path Traversal N150 F9K1009 Firmware N150 F9K1009
NVD Exploit-DB
CVSS 2.0
7.8
EPSS
88.9%
Threat
5.7
CVE-2012-2052 CRITICAL POC THREAT Emergency

Stack-based buffer overflow in the U3D.8BI library plugin in Adobe Photoshop CS5 12.x before 12.0.5 and CS5.1 12.1.x before 12.1.1 allows remote attackers to execute arbitrary code via a long Collada. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 58.1%.

Adobe Buffer Overflow RCE Photoshop Cs5 Photoshop Cs5 1
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
58.1%
Threat
5.1
CVE-2014-2782 CRITICAL POC THREAT Emergency

Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 42.4%.

Denial Of Service RCE Buffer Overflow Microsoft Internet Explorer
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
42.4%
Threat
4.6
CVE-2014-2609 CRITICAL Act Now

The Java Glassfish Admin Console in HP Executive Scorecard 9.40 and 9.41 does not require authentication, which allows remote attackers to execute arbitrary code via a session on TCP port 10001, aka. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 25.0% and no vendor patch available.

HP RCE Java Authentication Bypass Executive Scorecard
NVD
CVSS 2.0
10.0
EPSS
25.0%
CVE-2014-4334 HIGH POC THREAT Act Now

Stack-based buffer overflow in Ubisoft Rayman Legends before 1.3.140380 allows remote attackers to execute arbitrary code via a long string in the "second connection" to TCP port 1001. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 16.4%.

RCE Buffer Overflow Rayman Legends
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
16.4%
CVE-2014-3778 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in goform/RgDdns in ARRIS (formerly Motorola) SBG901 SURFboard Wireless Cable Modem allow remote attackers to hijack the authentication of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Arris Sbg901
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.4%
CVE-2014-4155 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in the ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK allows remote attackers to hijack the authentication of administrators for requests that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Zte Zxv10 W300 Firmware Zxv10 W300
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.3%
CVE-2014-4333 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in administration/profiles.php in Dolphin 7.1.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF PHP SQLi Dolphin
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-3810 MEDIUM POC This Month

SQL injection vulnerability in administration/profiles.php in BoonEx Dolphin 7.1.4 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the members[]. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Dolphin
NVD
CVSS 2.0
6.5
EPSS
0.4%
CVE-2014-2611 CRITICAL Act Now

Directory traversal vulnerability in the fndwar web application in HP Executive Scorecard 9.40 and 9.41 allows remote authenticated users to execute arbitrary code, or obtain sensitive information or. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal HP RCE Executive Scorecard
NVD
CVSS 2.0
9.0
EPSS
2.4%
CVE-2012-2572 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the ThreeWP Email Reflector plugin before 1.16 for WordPress allows remote attackers to inject arbitrary web script or HTML via the Subject of an email. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS WordPress Threewp Email Reflector
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
1.6%
CVE-2012-2569 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Synametrics Technologies Xeams 4.4 Build 5720 allows remote attackers to inject arbitrary web script or HTML via the body of an email. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Xeams
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-4329 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in lua/host_details.lua in ntopng 1.1 allows remote attackers to inject arbitrary web script or HTML via the host parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Ntopng
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-4335 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive 6.7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) host or (2) password parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Barracudadrive
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-2610 HIGH This Week

Directory traversal vulnerability in the Content Acceleration Pack (CAP) web application in HP Executive Scorecard 9.40 and 9.41 allows remote authenticated users to execute arbitrary code by. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal HP RCE Executive Scorecard
NVD
CVSS 2.0
7.1
EPSS
1.8%
CVE-2014-2001 MEDIUM This Month

The East Japan Railway Company JR East Japan application before 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Google Information Disclosure Jr East Japan
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2012-1621 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.02 allow remote attackers to inject arbitrary web script or HTML via (1) a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Apache Ofbiz
NVD
CVSS 2.0
4.3
EPSS
6.1%
CVE-2013-1068 MEDIUM PATCH This Month

The OpenStack Nova (python-nova) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.2 and 1:2014.1-0 before 1:2014.1-0ubuntu1.2 and Openstack Cinder (python-cinder) package 1:2013.2.3-0 before. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Python Privilege Escalation Ubuntu Ubuntu Linux
NVD
CVSS 2.0
5.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy