Skip to main content
CVE-2014-3418 CRITICAL POC THREAT Emergency

config/userAdmin/login.tdf in Infoblox NetMRI before 6.8.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the skipjackUsername parameter. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 21.1%.

Command Injection Netmri
NVD GitHub Exploit-DB
CVSS 2.0
10.0
EPSS
21.1%
Threat
4.1
CVE-2014-4663 MEDIUM POC THREAT This Month

TimThumb 2.8.13 and WordThumb 1.07, when Webshot (aka Webshots) is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the src parameter. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 16.8%.

RCE Code Injection Timthumb Wordthumb
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
16.8%
CVE-2014-4963 MEDIUM POC This Month

Shopizer 1.1.5 and earlier allows remote attackers to modify the account settings of arbitrary users via the customer.customerId parameter to shop/profile/register.action. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Shopizer
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
3.6%
CVE-2014-3419 HIGH POC This Week

Infoblox NetMRI before 6.8.5 has a default password of admin for the "root" MySQL database account, which makes it easier for local users to obtain access via unspecified vectors. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Netmri
NVD GitHub
CVSS 2.0
7.2
EPSS
0.1%
CVE-2014-4962 MEDIUM POC This Month

Shopizer 1.1.5 and earlier allows remote attackers to reduce the total cost of their shopping cart via a negative number in the productQuantity parameter, which causes the price of the item to be. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Shopizer
NVD Exploit-DB
CVSS 2.0
6.4
EPSS
3.5%
CVE-2014-4964 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Shopizer 1.1.5 and earlier allow remote attackers to hijack the authentication of users for requests that (1) modify customer settings or. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Shopizer
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.4%
CVE-2014-4965 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Shopizer 1.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) customername parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Shopizer
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
3.5%
CVE-2014-1474 MEDIUM PATCH This Month

Algorithmic complexity vulnerability in Email::Address::List before 0.02, as used in RT 4.2.0 through 4.2.2, allows remote attackers to cause a denial of service (CPU consumption) via a string. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Rt
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-3953 MEDIUM This Month

FreeBSD 8.4 before p14, 9.1 before p17, 9.2 before p10, and 10.0 before p7 does not properly initialize certain data structures, which allows local users to obtain sensitive information from kernel. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Freebsd
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2014-3952 MEDIUM This Month

FreeBSD 8.4 before p14, 9.1 before p17, 9.2 before p10, and 10.0 before p7 does not properly initialize the buffer between the header and data of a control message, which allows local users to obtain. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Freebsd
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2014-4031 MEDIUM This Month

The Policy Manager in Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x through 6.1.4.61696, 6.2.x through 6.2.6.62196, and 6.3.x before 6.3.4 allows remote authenticated users to obtain database. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Aruba Clearpass
NVD
CVSS 2.0
4.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy