Skip to main content
CVE-2013-7389 MEDIUM POC PATCH THREAT This Month

Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 92.2%.

XSS PHP D-Link Dir 645 Firmware Dir 645
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
92.2%
Threat
5.1
CVE-2013-3993 MEDIUM KEV THREAT This Month

IBM InfoSphere BigInsights before 2.1.0.3 allows remote authenticated users to bypass intended file and directory restrictions, or access untrusted data or code, via crafted parameters in unspecified. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 21.0%.

Path Traversal IBM
NVD VulDB
CVSS 3.1
6.5
EPSS
21.0%
CVE-2014-0867 MEDIUM POC THREAT This Month

rcore6/main/addcookie.jsp in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows remote attackers to create or modify cookies via the query. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 15.4%.

IBM Information Disclosure Algo Credit Limits Algorithmics
NVD Exploit-DB
CVSS 2.0
5.8
EPSS
15.4%
CVE-2014-0869 MEDIUM POC THREAT This Month

The decrypt function in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics does not require a key, which makes it easier for remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 18.5%.

IBM Information Disclosure Algo Credit Limits Algorithmics
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
18.5%
CVE-2014-0866 MEDIUM POC THREAT This Month

RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics sends cleartext credentials over HTTP, which allows remote attackers to obtain sensitive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 18.5%.

IBM Information Disclosure Algo Credit Limits Algorithmics
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
18.5%
CVE-2014-0864 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Executer in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allow remote attackers. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

IBM CSRF Algo Credit Limits
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
3.7%
CVE-2014-0871 MEDIUM POC THREAT This Month

RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows remote attackers to obtain potentially sensitive Tomcat stack-trace information via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 15.8%.

IBM Tomcat Information Disclosure Algo Credit Limits Algorithmics
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
15.8%
CVE-2014-0868 MEDIUM POC This Month

RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics relies on client-side input validation, which allows remote authenticated users to bypass. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

IBM Authentication Bypass Algo Credit Limits Algorithmics
NVD Exploit-DB
CVSS 2.0
4.9
EPSS
9.6%
CVE-2014-0865 MEDIUM POC This Month

RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics relies on client-side input validation, which allows remote authenticated users to bypass. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

IBM Authentication Bypass Algo Credit Limits Algorithmics
NVD Exploit-DB
CVSS 2.0
4.9
EPSS
8.5%
CVE-2014-0870 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allow remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

IBM XSS Algo Credit Limits Algorithmics
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
9.4%
CVE-2014-4724 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Custom Banners plugin 1.2.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the custom_banners_registered_name. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Custom Banners
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4723 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Easy Banners plugin 1.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the name parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Easy Banners
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4646 MEDIUM This Month

Buffer overflow in the FPDFBookmark_GetTitle method in Foxit PDF SDK DLL before 3.1.1.5005 allows context-dependent attackers to execute arbitrary code via unspecified vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Buffer Overflow Foxit Pdf Sdk Dll
NVD
CVSS 2.0
6.8
EPSS
5.0%
CVE-2014-0248 MEDIUM This Month

org.jboss.seam.web.AuthenticationFilter in Red Hat JBoss Web Framework Kit 2.5.0, JBoss Enterprise Application Platform (JBEAP) 5.2.0, and JBoss Enterprise Web Platform (JBEWP) 5.2.0 allows remote. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Code Injection Red Hat Jboss Enterprise Application Platform Jboss Enterprise Web Platform +1
NVD
CVSS 2.0
6.8
EPSS
2.3%
CVE-2014-3486 MEDIUM This Month

The (1) shell_exec function in lib/util/MiqSshUtilV1.rb and (2) temp_cmd_file function in lib/util/MiqSshUtilV2.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allow local users. Rated medium severity (CVSS 6.9). No vendor patch available.

Red Hat Information Disclosure Cloudforms 3 0 Management Engine
NVD
CVSS 2.0
6.9
EPSS
0.2%
CVE-2014-3308 MEDIUM This Month

Cisco IOS XR on Trident line cards in ASR 9000 devices lacks a static punt policer, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted packets, aka. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xr Asr 9000 Rsp440 Router +6
NVD
CVSS 2.0
6.4
EPSS
1.4%
CVE-2014-3481 MEDIUM This Month

org.jboss.as.jaxrs.deployment.JaxrsIntegrationProcessor in Red Hat JBoss Enterprise Application Platform (JEAP) before 6.2.4 enables entity expansion, which allows remote attackers to read arbitrary. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat XXE Information Disclosure Jboss Enterprise Application Platform
NVD
CVSS 2.0
5.0
EPSS
1.1%
CVE-2014-0180 MEDIUM This Month

The wait_for_task function in app/controllers/application_controller.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Denial Of Service Cloudforms 3 0 Management Engine
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2013-5423 MEDIUM This Month

IBM Flex System Manager (FSM) 1.1 through 1.3 before 1.3.2.0 allows remote attackers to enumerate user accounts via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Flex System Manager
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-0860 MEDIUM This Month

The firmware before 3.66E in IBM BladeCenter Advanced Management Module (AMM), the firmware before 1.43 in IBM Integrated Management Module (IMM), and the firmware before 4.15 in IBM Integrated. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Integrated Management Module Firmware Integrated Management Module Advanced Management Module Firmware +3
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-0184 MEDIUM This Month

Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 logs the root password when deploying a VM, which allows local users to obtain sensitive information by reading the evm.log file. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Authentication Bypass Cloudforms 3 0 Management Engine
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2014-0034 MEDIUM PATCH This Month

The SecurityTokenService (STS) in Apache CXF before 2.6.12 and 2.7.x before 2.7.9 does not properly validate SAML tokens when caching is enabled, which allows remote attackers to gain access via an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Apache Cxf Jboss Enterprise Application Platform
NVD
CVSS 2.0
4.3
EPSS
1.9%
CVE-2014-0035 MEDIUM PATCH This Month

The SymmetricBinding in Apache CXF before 2.6.13 and 2.7.x before 2.7.10, when EncryptBeforeSigning is enabled and the UsernameToken policy is set to an EncryptedSupportingToken, transmits the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Apache Cxf Jboss Enterprise Application Platform
NVD
CVSS 2.0
4.3
EPSS
1.0%
CVE-2014-4722 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the OCS Reports Web Interface in OCS Inventory NG allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Ocsinventory Ng
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-3489 MEDIUM This Month

lib/util/miq-password.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 uses a hard-coded salt, which makes it easier for remote attackers to guess passwords via a brute force. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Authentication Bypass Cloudforms 3 0 Management Engine
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-0176 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in application/panel_control in CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cloudforms 3 0 Management Engine
NVD
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy