Skip to main content
CVE-2014-4977 MEDIUM POC THREAT This Month

Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) selectedUserGroup parameter in a create new. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 84.5%.

Sonicwall PHP SQLi Dell Scrutinizer
NVD Exploit-DB GitHub
CVSS 2.0
6.5
EPSS
84.5%
Threat
5.3
CVE-2013-5755 CRITICAL POC THREAT Emergency

config/.htpasswd in Yealink IP Phone SIP-T38G has a hardcoded password of (1) user (s7C9Cx.rLsWFA) for the user account, (2) admin (uoCbM.VEiKQto) for the admin account, and (3) var (jhl3iZAe./qXM). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 15.4%.

Authentication Bypass Sip T38G
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
15.4%
Threat
4.0
CVE-2014-4018 HIGH POC This Week

The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via unspecified vectors. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Zte Authentication Bypass Zxv10 W300 Firmware Zxv10 W300
NVD Exploit-DB
CVSS 2.0
7.8
EPSS
6.2%
CVE-2014-4154 MEDIUM POC This Month

ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the PPPoE/PPPoA. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Zte Zxv10 W300 Firmware Zxv10 W300
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
8.7%
CVE-2014-4976 MEDIUM POC This Month

Dell SonicWall Scrutinizer 11.0.1 allows remote authenticated users to change user passwords via the user ID in the savePrefs parameter in a change password request to cgi-bin/admin.cgi. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Sonicwall Privilege Escalation Dell Scrutinizer
NVD GitHub
CVSS 2.0
5.5
EPSS
3.1%
CVE-2014-3427 MEDIUM POC This Month

CRLF injection vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the model. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Voip Phone Firmware
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
3.5%
CVE-2014-2606 CRITICAL Act Now

Unspecified vulnerability in HP StoreVirtual 4000 Storage and StoreVirtual VSA 9.5 through 11.0 allows remote authenticated users to gain privileges via unknown vectors. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Storage Management Software Storevirtual 4130 Storevirtual 4330 +7
NVD
CVSS 2.0
9.0
EPSS
0.3%
CVE-2014-2622 HIGH This Week

Unspecified vulnerability in HP Intelligent Management Center (iMC) before 7.0 E02020P03 and Branch Intelligent Management System (BIMS) before 7.0 E0201P02 allows remote authenticated users to. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Imc Branch Intelligent Management System Software Module Intelligent Management Center
NVD
CVSS 2.0
8.5
EPSS
0.3%
CVE-2014-2621 HIGH This Week

Unspecified vulnerability in HP Intelligent Management Center (iMC) before 7.0 E02020P03 and Branch Intelligent Management System (BIMS) before 7.0 E0201P02 allows remote attackers to obtain. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Imc Branch Intelligent Management System Software Module Intelligent Management Center
NVD
CVSS 2.0
7.8
EPSS
1.5%
CVE-2014-2620 HIGH This Week

Unspecified vulnerability in HP Intelligent Management Center (iMC) before 7.0 E02020P03 and Branch Intelligent Management System (BIMS) before 7.0 E0201P02 allows remote attackers to obtain. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Imc Branch Intelligent Management System Software Module Intelligent Management Center
NVD
CVSS 2.0
7.8
EPSS
1.5%
CVE-2014-2619 HIGH This Week

Unspecified vulnerability in HP Intelligent Management Center (iMC) before 7.0 E02020P03 and Branch Intelligent Management System (BIMS) before 7.0 E0201P02 allows remote attackers to obtain. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Imc Branch Intelligent Management System Software Module Intelligent Management Center
NVD
CVSS 2.0
7.8
EPSS
1.5%
CVE-2014-2618 HIGH This Week

Unspecified vulnerability in HP Intelligent Management Center (iMC) before 7.0 E02020P03 and Branch Intelligent Management System (BIMS) before 7.0 E0201P02 allows remote attackers to obtain. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Imc Branch Intelligent Management System Software Module Intelligent Management Center
NVD
CVSS 2.0
7.8
EPSS
1.1%
CVE-2014-2605 MEDIUM This Month

Unspecified vulnerability in HP StoreVirtual 4000 Storage and StoreVirtual VSA 9.5 through 11.0 allows remote attackers to obtain sensitive information via unknown vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Storage Management Software Storevirtual Vsa Storevirtual 4130 +7
NVD
CVSS 2.0
5.0
EPSS
1.1%
CVE-2014-4347 MEDIUM This Month

Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gateway Enterprise Edition) before 9.3-62.4 and 10.x before 10.1-126.12 allows attackers to obtain. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Information Disclosure Netscaler Access Gateway Firmware Netscaler Access Gateway Netscaler Application Delivery Controller Firmware +1
NVD
CVSS 2.0
5.0
EPSS
1.0%
CVE-2014-3777 MEDIUM This Month

Directory traversal vulnerability in Reportico PHP Report Designer before 4.0 allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal PHP Php Report Designer
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-4346 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in administration user interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gateway Enterprise Edition). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Citrix Netscaler Application Delivery Controller Firmware Netscaler Application Delivery Controller Netscaler Access Gateway Firmware +1
NVD
CVSS 2.0
4.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy