Skip to main content
CVE-2013-6117 HIGH POC THREAT Act Now

Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 89.7%.

Dahua Authentication Bypass Dvr Firmware
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
89.7%
Threat
5.7
CVE-2014-4940 MEDIUM POC THREAT This Month

Multiple directory traversal vulnerabilities in Tera Charts (tera-charts) plugin 0.1 for WordPress allow remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 42.6%.

Path Traversal WordPress PHP Tera Charts
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
42.6%
CVE-2014-4938 HIGH POC This Week

SQL injection vulnerability in the WP Rss Poster (wp-rss-poster) plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter in the wrp-add-new page to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Wp Rss Poster
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
1.5%
CVE-2014-4939 MEDIUM POC This Month

SQL injection vulnerability in the ENL Newsletter (enl-newsletter) plugin 1.0.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Enl Newsletter
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
2.6%
CVE-2014-3992 MEDIUM POC This Month

Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) entity parameter in an update action to user/fiche.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Dolibarr Erp Crm
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
2.1%
CVE-2014-4937 MEDIUM POC This Month

Directory traversal vulnerability in includes/bookx_export.php BookX plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal WordPress PHP Bookx
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
6.0%
CVE-2014-4942 MEDIUM POC PATCH This Month

The EasyCart (wp-easycart) plugin before 2.0.6 for WordPress allows remote attackers to obtain configuration information via a direct request to inc/admin/phpinfo.php, which calls the phpinfo. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress PHP Information Disclosure Wp Easycart
NVD
CVSS 2.0
5.0
EPSS
1.5%
CVE-2014-3816 CRITICAL Act Now

Juniper Junos 11.4 before 11.4R12, 12.1 before 12.1R11, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D30, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2 before 12.2R8-S2, 12.3. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Juniper Privilege Escalation Junos
NVD
CVSS 2.0
9.0
EPSS
0.5%
CVE-2014-4941 MEDIUM POC This Month

Absolute path traversal vulnerability in Cross-RSS (wp-cross-rss) plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a full pathname in the rss parameter to proxy.php. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal WordPress PHP Wp Cross Rss
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-3991 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) dol_use_jmobile, (2) dol_optimize_smallscreen,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Dolibarr Erp Crm
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-4907 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in share/pnp/application/views/kohana_error_page.php in PNP4Nagios before 0.6.22 allows remote attackers to inject arbitrary web script or HTML via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Monitor Pnp4Nagios
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-4908 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in PNP4Nagios through 0.6.22 allow remote attackers to inject arbitrary web script or HTML via the URI used for reaching (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Pnp4Nagios
NVD GitHub
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-3817 HIGH This Week

Juniper Junos 11.4 before 11.4R12, 12.1X44 before 12.1X44-D32, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, and 12.1X47 before 12.1X47-D10 on SRX Series devices, when NAT protocol. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Srx100 Srx110 +10
NVD
CVSS 2.0
7.8
EPSS
0.8%
CVE-2014-3819 HIGH This Week

Juniper Junos 11.4 before 11.4R12, 12.1 before 12.1R10, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2 before 12.2R8, 12.3 before. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 2.0
7.8
EPSS
0.7%
CVE-2014-3815 HIGH This Week

Juniper Junos 12.1X46 before 12.1X46-D20 and 12.1X47 before 12.1X47-D10 on SRX Series devices allows remote attackers to cause a denial of service (flowd crash) via a crafted SIP packet. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Srx100 Srx110 +10
NVD
CVSS 2.0
7.8
EPSS
0.7%
CVE-2014-3499 HIGH PATCH This Week

Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Docker Privilege Escalation Fedora
NVD
CVSS 2.0
7.2
EPSS
0.0%
CVE-2014-3822 MEDIUM This Month

Juniper Junos 11.4 before 11.4R8, 12.1 before 12.1R5, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D15, 12.1X46 before 12.1X46-D10, and 12.1X47 before 12.1X47-D10 on SRX Series devices, allows. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. No vendor patch available.

Juniper Denial Of Service Junos Srx100 Srx110 +10
NVD
CVSS 2.0
5.4
EPSS
0.5%
CVE-2014-3503 MEDIUM PATCH This Month

Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Apache Syncope
NVD
CVSS 2.0
5.0
EPSS
1.9%
CVE-2014-4700 MEDIUM PATCH This Month

Citrix XenDesktop 7.x, 5.x, and 4.x, when pooled random desktop groups is enabled and ShutdownDesktopsAfterUse is disabled, allows local guest users to gain access to another user's desktop via. Rated medium severity (CVSS 4.9).

Citrix Privilege Escalation Xendesktop
NVD
CVSS 2.0
4.9
EPSS
0.3%
CVE-2014-4738 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in FortiGuard FortiWeb 5.0.x, 5.1.x, and 5.2.x before 5.2.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Fortinet Fortiweb
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-3821 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in SRX Web Authentication (webauth) in Juniper Junos 11.4 before 11.4R11, 12.1X44 before 12.1X44-D34, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Juniper XSS Junos
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-0174 MEDIUM This Month

Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Information Disclosure Enterprise Mrg
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-3485 MEDIUM This Month

The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat XXE Information Disclosure Enterprise Virtualization
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2014-4167 LOW Monitor

The L3-agent in OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (IPv4 address attachment outage) by. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Privilege Escalation Neutron Ubuntu Linux
NVD
CVSS 2.0
3.5
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy