Skip to main content
CVE-2014-3300 HIGH POC THREAT Act Now

The BVSMWeb portal in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 10 does not properly implement access control, which allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 45.6%.

Cisco Privilege Escalation Unified Cdm Application Software Unified Communications Domain Manager
NVD
CVSS 2.0
7.5
EPSS
45.6%
Threat
4.4
CVE-2014-2616 HIGH This Week

Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors, aka ZDI-CAN-2091. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP RCE Universal Configuration Management Database
NVD
CVSS 2.0
7.5
EPSS
7.6%
CVE-2014-2615 HIGH This Week

Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors, aka ZDI-CAN-2083. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP RCE Universal Configuration Management Database
NVD
CVSS 2.0
7.5
EPSS
7.6%
CVE-2014-2969 HIGH This Week

NETGEAR GS108PE Prosafe Plus switches with firmware 1.2.0.5 have a hardcoded password of debugpassword for the ntgruser account, which allows remote attackers to upload firmware or read or modify. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity. No vendor patch available.

Netgear RCE Authentication Bypass Gs108Pe Firmware Gs108Pe
NVD
CVSS 2.0
8.3
EPSS
0.3%
CVE-2014-3482 HIGH PATCH This Week

SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before 3.2.19 allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi PostgreSQL Rails Ruby On Rails
NVD
CVSS 2.0
7.5
EPSS
1.5%
CVE-2014-2614 HIGH This Week

Unspecified vulnerability in HP SiteScope 11.1x through 11.13 and 11.2x through 11.24 allows remote attackers to bypass authentication via unknown vectors, aka ZDI-CAN-2140. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Authentication Bypass Sitescope
NVD
CVSS 2.0
7.5
EPSS
1.0%
CVE-2014-3483 HIGH PATCH This Week

SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 4.x before 4.0.7 and 4.1.x before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi PostgreSQL Rails
NVD
CVSS 2.0
7.5
EPSS
0.9%
CVE-2014-0602 HIGH This Week

Directory traversal vulnerability in the DumpToFile method in the NQMcsVarSet ActiveX control in NetIQ Security Manager through 6.5.4 allows remote attackers to execute arbitrary code via unspecified. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal RCE Code Injection Security Manager
NVD
CVSS 2.0
7.5
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy