Skip to main content
CVE-2014-4977 MEDIUM POC THREAT This Month

Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) selectedUserGroup parameter in a create new. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 84.5%.

Sonicwall PHP SQLi Dell Scrutinizer
NVD Exploit-DB GitHub
CVSS 2.0
6.5
EPSS
84.5%
Threat
5.3
CVE-2014-4154 MEDIUM POC This Month

ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the PPPoE/PPPoA. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Zte Zxv10 W300 Firmware Zxv10 W300
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
8.7%
CVE-2014-4976 MEDIUM POC This Month

Dell SonicWall Scrutinizer 11.0.1 allows remote authenticated users to change user passwords via the user ID in the savePrefs parameter in a change password request to cgi-bin/admin.cgi. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Sonicwall Privilege Escalation Dell Scrutinizer
NVD GitHub
CVSS 2.0
5.5
EPSS
3.1%
CVE-2014-3427 MEDIUM POC This Month

CRLF injection vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the model. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Voip Phone Firmware
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
3.5%
CVE-2014-2605 MEDIUM This Month

Unspecified vulnerability in HP StoreVirtual 4000 Storage and StoreVirtual VSA 9.5 through 11.0 allows remote attackers to obtain sensitive information via unknown vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Storage Management Software Storevirtual Vsa Storevirtual 4130 +7
NVD
CVSS 2.0
5.0
EPSS
1.1%
CVE-2014-4347 MEDIUM This Month

Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gateway Enterprise Edition) before 9.3-62.4 and 10.x before 10.1-126.12 allows attackers to obtain. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Information Disclosure Netscaler Access Gateway Firmware Netscaler Access Gateway Netscaler Application Delivery Controller Firmware +1
NVD
CVSS 2.0
5.0
EPSS
1.0%
CVE-2014-3777 MEDIUM This Month

Directory traversal vulnerability in Reportico PHP Report Designer before 4.0 allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal PHP Php Report Designer
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-4346 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in administration user interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gateway Enterprise Edition). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Citrix Netscaler Application Delivery Controller Firmware Netscaler Application Delivery Controller Netscaler Access Gateway Firmware +1
NVD
CVSS 2.0
4.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy