Skip to main content
CVE-2013-7389 MEDIUM POC PATCH THREAT This Month

Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 92.2%.

XSS PHP D-Link Dir 645 Firmware Dir 645
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
92.2%
Threat
5.1
CVE-2013-3993 MEDIUM KEV THREAT This Month

IBM InfoSphere BigInsights before 2.1.0.3 allows remote authenticated users to bypass intended file and directory restrictions, or access untrusted data or code, via crafted parameters in unspecified. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 21.0%.

Path Traversal IBM
NVD VulDB
CVSS 3.1
6.5
EPSS
21.0%
CVE-2014-3300 HIGH POC THREAT Act Now

The BVSMWeb portal in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 10 does not properly implement access control, which allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 45.6%.

Cisco Privilege Escalation Unified Cdm Application Software Unified Communications Domain Manager
NVD
CVSS 2.0
7.5
EPSS
45.6%
Threat
4.4
CVE-2014-2617 CRITICAL Emergency

Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors, aka ZDI-CAN-2104. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 41.2% and no vendor patch available.

HP RCE Universal Configuration Management Database
NVD
CVSS 2.0
10.0
EPSS
41.2%
CVE-2014-0867 MEDIUM POC THREAT This Month

rcore6/main/addcookie.jsp in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows remote attackers to create or modify cookies via the query. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 15.4%.

IBM Information Disclosure Algo Credit Limits Algorithmics
NVD Exploit-DB
CVSS 2.0
5.8
EPSS
15.4%
CVE-2014-0869 MEDIUM POC THREAT This Month

The decrypt function in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics does not require a key, which makes it easier for remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 18.5%.

IBM Information Disclosure Algo Credit Limits Algorithmics
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
18.5%
CVE-2014-0866 MEDIUM POC THREAT This Month

RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics sends cleartext credentials over HTTP, which allows remote attackers to obtain sensitive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 18.5%.

IBM Information Disclosure Algo Credit Limits Algorithmics
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
18.5%
CVE-2014-3113 CRITICAL Act Now

Multiple buffer overflows in RealNetworks RealPlayer before 17.0.10.8 allow remote attackers to execute arbitrary code via a malformed (1) elst or (2) stsz atom in an MP4 file. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 12.2% and no vendor patch available.

RCE Buffer Overflow Realplayer
NVD
CVSS 2.0
9.3
EPSS
12.2%
CVE-2014-0864 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Executer in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allow remote attackers. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

IBM CSRF Algo Credit Limits
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
3.7%
CVE-2014-0871 MEDIUM POC THREAT This Month

RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows remote attackers to obtain potentially sensitive Tomcat stack-trace information via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 15.8%.

IBM Tomcat Information Disclosure Algo Credit Limits Algorithmics
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
15.8%
CVE-2014-2967 CRITICAL Act Now

Autodesk VRED Professional 2014 before SR1 SP8 allows remote attackers to execute arbitrary code via Python os library calls in Python API commands to the integrated web server. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection RCE Python Vred
NVD
CVSS 2.0
10.0
EPSS
4.4%
CVE-2014-0868 MEDIUM POC This Month

RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics relies on client-side input validation, which allows remote authenticated users to bypass. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

IBM Authentication Bypass Algo Credit Limits Algorithmics
NVD Exploit-DB
CVSS 2.0
4.9
EPSS
9.6%
CVE-2014-0865 MEDIUM POC This Month

RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics relies on client-side input validation, which allows remote authenticated users to bypass. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

IBM Authentication Bypass Algo Credit Limits Algorithmics
NVD Exploit-DB
CVSS 2.0
4.9
EPSS
8.5%
CVE-2014-2198 CRITICAL Act Now

Cisco Unified Communications Domain Manager (CDM) in Unified CDM Platform Software before 4.4.2 has a hardcoded SSH private key, which makes it easier for remote attackers to obtain access to the. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Unified Cdm Platform Software Unified Communications Domain Manager
NVD
CVSS 2.0
10.0
EPSS
2.2%
CVE-2014-0870 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allow remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

IBM XSS Algo Credit Limits Algorithmics
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
9.4%
CVE-2014-0894 LOW POC THREAT Monitor

RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows context-dependent attackers to discover database credentials by reading the DbUser and. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 11.9%.

IBM Information Disclosure Algo Credit Limits Algorithmics
NVD Exploit-DB
CVSS 2.0
3.5
EPSS
11.9%
CVE-2014-2197 CRITICAL Act Now

The Administration GUI in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 8.1.4 does not properly implement access control, which. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Unified Cdm Application Software Unified Communications Domain Manager
NVD
CVSS 2.0
9.0
EPSS
0.7%
CVE-2014-2616 HIGH This Week

Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors, aka ZDI-CAN-2091. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP RCE Universal Configuration Management Database
NVD
CVSS 2.0
7.5
EPSS
7.6%
CVE-2014-2615 HIGH This Week

Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors, aka ZDI-CAN-2083. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP RCE Universal Configuration Management Database
NVD
CVSS 2.0
7.5
EPSS
7.6%
CVE-2014-2969 HIGH This Week

NETGEAR GS108PE Prosafe Plus switches with firmware 1.2.0.5 have a hardcoded password of debugpassword for the ntgruser account, which allows remote attackers to upload firmware or read or modify. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity. No vendor patch available.

Netgear RCE Authentication Bypass Gs108Pe Firmware Gs108Pe
NVD
CVSS 2.0
8.3
EPSS
0.3%
CVE-2014-4724 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Custom Banners plugin 1.2.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the custom_banners_registered_name. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Custom Banners
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4723 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Easy Banners plugin 1.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the name parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Easy Banners
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-3482 HIGH PATCH This Week

SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before 3.2.19 allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi PostgreSQL Rails Ruby On Rails
NVD
CVSS 2.0
7.5
EPSS
1.5%
CVE-2014-4646 MEDIUM This Month

Buffer overflow in the FPDFBookmark_GetTitle method in Foxit PDF SDK DLL before 3.1.1.5005 allows context-dependent attackers to execute arbitrary code via unspecified vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Buffer Overflow Foxit Pdf Sdk Dll
NVD
CVSS 2.0
6.8
EPSS
5.0%
CVE-2014-2614 HIGH This Week

Unspecified vulnerability in HP SiteScope 11.1x through 11.13 and 11.2x through 11.24 allows remote attackers to bypass authentication via unknown vectors, aka ZDI-CAN-2140. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Authentication Bypass Sitescope
NVD
CVSS 2.0
7.5
EPSS
1.0%
CVE-2014-3483 HIGH PATCH This Week

SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 4.x before 4.0.7 and 4.1.x before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi PostgreSQL Rails
NVD
CVSS 2.0
7.5
EPSS
0.9%
CVE-2014-0602 HIGH This Week

Directory traversal vulnerability in the DumpToFile method in the NQMcsVarSet ActiveX control in NetIQ Security Manager through 6.5.4 allows remote attackers to execute arbitrary code via unspecified. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal RCE Code Injection Security Manager
NVD
CVSS 2.0
7.5
EPSS
0.9%
CVE-2014-0248 MEDIUM This Month

org.jboss.seam.web.AuthenticationFilter in Red Hat JBoss Web Framework Kit 2.5.0, JBoss Enterprise Application Platform (JBEAP) 5.2.0, and JBoss Enterprise Web Platform (JBEWP) 5.2.0 allows remote. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Code Injection Red Hat Jboss Enterprise Application Platform Jboss Enterprise Web Platform +1
NVD
CVSS 2.0
6.8
EPSS
2.3%
CVE-2014-3486 MEDIUM This Month

The (1) shell_exec function in lib/util/MiqSshUtilV1.rb and (2) temp_cmd_file function in lib/util/MiqSshUtilV2.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allow local users. Rated medium severity (CVSS 6.9). No vendor patch available.

Red Hat Information Disclosure Cloudforms 3 0 Management Engine
NVD
CVSS 2.0
6.9
EPSS
0.2%
CVE-2014-3308 MEDIUM This Month

Cisco IOS XR on Trident line cards in ASR 9000 devices lacks a static punt policer, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted packets, aka. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xr Asr 9000 Rsp440 Router +6
NVD
CVSS 2.0
6.4
EPSS
1.4%
CVE-2014-3481 MEDIUM This Month

org.jboss.as.jaxrs.deployment.JaxrsIntegrationProcessor in Red Hat JBoss Enterprise Application Platform (JEAP) before 6.2.4 enables entity expansion, which allows remote attackers to read arbitrary. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat XXE Information Disclosure Jboss Enterprise Application Platform
NVD
CVSS 2.0
5.0
EPSS
1.1%
CVE-2014-0180 MEDIUM This Month

The wait_for_task function in app/controllers/application_controller.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Denial Of Service Cloudforms 3 0 Management Engine
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2013-5423 MEDIUM This Month

IBM Flex System Manager (FSM) 1.1 through 1.3 before 1.3.2.0 allows remote attackers to enumerate user accounts via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Flex System Manager
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-0860 MEDIUM This Month

The firmware before 3.66E in IBM BladeCenter Advanced Management Module (AMM), the firmware before 1.43 in IBM Integrated Management Module (IMM), and the firmware before 4.15 in IBM Integrated. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Integrated Management Module Firmware Integrated Management Module Advanced Management Module Firmware +3
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-0184 MEDIUM This Month

Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 logs the root password when deploying a VM, which allows local users to obtain sensitive information by reading the evm.log file. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Authentication Bypass Cloudforms 3 0 Management Engine
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2014-0034 MEDIUM PATCH This Month

The SecurityTokenService (STS) in Apache CXF before 2.6.12 and 2.7.x before 2.7.9 does not properly validate SAML tokens when caching is enabled, which allows remote attackers to gain access via an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Apache Cxf Jboss Enterprise Application Platform
NVD
CVSS 2.0
4.3
EPSS
1.9%
CVE-2014-0035 MEDIUM PATCH This Month

The SymmetricBinding in Apache CXF before 2.6.13 and 2.7.x before 2.7.10, when EncryptBeforeSigning is enabled and the UsernameToken policy is set to an EncryptedSupportingToken, transmits the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Apache Cxf Jboss Enterprise Application Platform
NVD
CVSS 2.0
4.3
EPSS
1.0%
CVE-2014-4722 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the OCS Reports Web Interface in OCS Inventory NG allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Ocsinventory Ng
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-3489 MEDIUM This Month

lib/util/miq-password.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 uses a hard-coded salt, which makes it easier for remote attackers to guess passwords via a brute force. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Authentication Bypass Cloudforms 3 0 Management Engine
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-0176 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in application/panel_control in CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cloudforms 3 0 Management Engine
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-0875 LOW Monitor

Active Cloud Engine (ACE) in IBM Storwize V7000 Unified 1.3.0.0 through 1.4.3.x allows remote attackers to bypass intended ACL restrictions in opportunistic circumstances by leveraging incorrect ACL. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Privilege Escalation Storwize Unified V7000 Software Storwize Unified V7000
NVD
CVSS 2.0
3.5
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy