Skip to main content
CVE-2014-4511 HIGH POC THREAT Act Now

Gitlist before 0.5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name in the URI of a request for a (1) blame, (2) file, or (3) stats page, as. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 86.6%.

Information Disclosure Gitlist
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
86.6%
Threat
5.6
CVE-2013-7392 HIGH POC This Week

Gitlist allows remote attackers to execute arbitrary commands via shell metacharacters in a file name to Source/. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gitlist
NVD GitHub Exploit-DB
CVSS 2.0
7.5
EPSS
8.7%
CVE-2014-5023 MEDIUM POC This Month

Repository.php in Gitter, as used in Gitlist, allows remote attackers with commit privileges to execute arbitrary commands via shell metacharacters in a branch name, as demonstrated by a "git. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP Information Disclosure Gitlist
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
3.8%
CVE-2014-4947 CRITICAL Act Now

Buffer overflow in the HVM graphics console support in Citrix XenServer 6.2 Service Pack 1 and earlier has unspecified impact and attack vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Buffer Overflow Xenserver
NVD
CVSS 2.0
10.0
EPSS
0.7%
CVE-2014-2385 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the web UI in Sophos Anti-Virus for Linux before 9.6.1 allow local users to inject arbitrary web script or HTML via the (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Sophos Anti Virus
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2014-3530 HIGH PATCH This Week

The org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory method in PicketLink, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 5.2.0 and 6.2.4, expands entity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Red Hat XXE Information Disclosure RCE Jboss Enterprise Application Platform
NVD
CVSS 2.0
7.5
EPSS
2.1%
CVE-2014-4326 HIGH PATCH This Week

Elasticsearch Logstash 1.0.14 through 1.4.x before 1.4.2 allows remote attackers to execute arbitrary commands via a crafted event in (1) zabbix.rb or (2) nagios_nsca.rb in outputs/. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Elastic Zabbix Logstash
NVD
CVSS 2.0
7.5
EPSS
0.9%
CVE-2014-3518 MEDIUM This Month

jmx-remoting.sar in JBoss Remoting, as used in Red Hat JBoss Enterprise Application Platform (JEAP) 5.2.0, Red Hat JBoss BRMS 5.3.1, Red Hat JBoss Portal Platform 5.2.2, and Red Hat JBoss SOA. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Code Injection Red Hat Jboss Enterprise Application Platform Jboss Enterprise Brms Platform +2
NVD
CVSS 2.0
6.8
EPSS
1.7%
CVE-2014-4948 MEDIUM This Month

Unspecified vulnerability in Citrix XenServer 6.2 Service Pack 1 and earlier allows attackers to cause a denial of service and obtain sensitive information by modifying the guest virtual hard disk. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Citrix Xenserver
NVD
CVSS 2.0
6.4
EPSS
0.5%
CVE-2014-4911 MEDIUM PATCH This Month

The ssl_decrypt_buf function in library/ssl_tls.c in PolarSSL before 1.2.11 and 1.3.x before 1.3.8 allows remote attackers to cause a denial of service (crash) via vectors related to the GCM. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Polarssl Debian Linux
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-5019 MEDIUM PATCH This Month

The multisite feature in Drupal 6.x before 6.32 and 7.x before 7.29 allows remote attackers to cause a denial of service via a crafted HTTP Host header, related to determining which configuration. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Drupal
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-5020 MEDIUM PATCH This Month

The File module in Drupal 7.x before 7.29 does not properly check permissions to view files, which allows remote authenticated users with certain permissions to bypass intended restrictions and read. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable.

Privilege Escalation Drupal
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2014-5022 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Ajax system in Drupal 7.x before 7.29 allows remote attackers to inject arbitrary web script or HTML via vectors involving forms with an Ajax-enabled. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Drupal
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-5021 LOW Monitor

Cross-site scripting (XSS) vulnerability in the Form API in Drupal 6.x before 6.32 and possibly 7.x before 7.29 allows remote authenticated users with the "administer taxonomy" permission to inject. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.

XSS Drupal
NVD
CVSS 2.0
2.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy