Skip to main content
CVE-2014-3888 HIGH POC THREAT Act Now

Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 and earlier, CENTUM VP R5.03.20 and earlier, Exaopc R3.72.00 and earlier, B/M9000CS R5.05.01 and. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 29.0%.

RCE Buffer Overflow Exaopc B M9000Cs Software B M9000Cs +12
NVD Exploit-DB
CVSS 2.0
8.3
EPSS
29.0%
Threat
4.0
CVE-2014-4852 HIGH POC This Week

SQL injection vulnerability in admin/uploads.php in The Digital Craft AtomCMS, possibly 2.0, allows remote attackers to execute arbitrary SQL commands via the id parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Atomcms
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.9%
CVE-2014-4850 HIGH POC This Week

SQL injection vulnerability in index.php in FoeCMS allows remote attackers to execute arbitrary SQL commands via the i parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Foecms
NVD
CVSS 2.0
7.5
EPSS
0.3%
CVE-2014-4851 MEDIUM POC This Month

Open redirect vulnerability in msg.php in FoeCMS allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the r parameter. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP Open Redirect Foecms
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2014-4848 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Blogstand Banner (blogstand-smart-banner) plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the bs_blog_id. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Blogstand Smart Banner
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4849 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in msg.php in FoeCMS allow remote attackers to inject arbitrary web script or HTML via the (1) e or (2) r parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Foecms
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4854 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the WP Construction Mode plugin 1.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wuc_logo parameter in a save. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Wp Contruction Mode
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4847 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Random Banner plugin 1.1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the buffercode_RBanner_url_banner1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Random Banner
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4846 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Meta Slider (ml-slider) plugin 2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Metaslider
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4845 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the BannerMan plugin 0.2.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the bannerman_background parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Bannerman
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-3311 MEDIUM This Month

Heap-based buffer overflow in the file-sharing feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center allows remote attackers to execute arbitrary code via crafted. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Buffer Overflow RCE Webex Meeting Center Webex Meetings Server
NVD
CVSS 2.0
5.1
EPSS
3.1%
CVE-2014-4698 MEDIUM This Month

Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service PHP
NVD
CVSS 2.0
4.6
EPSS
0.5%
CVE-2014-4670 MEDIUM This Month

Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service PHP
NVD
CVSS 2.0
4.6
EPSS
0.3%
CVE-2014-2963 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in group/control_panel/manage in Liferay Portal 6.1.2 CE GA3, 6.1.X EE, and 6.2.X EE allow remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Liferay Portal
NVD GitHub
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-3315 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Unified Communications Manager
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-3310 MEDIUM This Month

The File Transfer feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center does not verify that a requested file was an offered file, which allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Information Disclosure Webex Meeting Center Webex Meetings Server
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-4853 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in odm-init.php in OpenDocMan before 1.2.7.3 allows remote authenticated users to inject arbitrary web script or HTML via the file name of an uploaded file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS PHP Opendocman
NVD GitHub
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-4856 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Polldaddy Polls & Ratings plugin before 2.0.25 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS WordPress Polldaddy Polls Ratings
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4855 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Polylang plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to a user description. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS WordPress Polylang
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-3316 MEDIUM This Month

The Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to bypass intended upload restrictions via a crafted. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Unified Communications Manager
NVD
CVSS 2.0
4.0
EPSS
0.5%
CVE-2014-3318 MEDIUM This Month

Directory traversal vulnerability in dna/viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Cisco Unified Communications Manager
NVD
CVSS 2.0
4.0
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy