Skip to main content
CVE-2014-4511 HIGH POC THREAT Act Now

Gitlist before 0.5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name in the URI of a request for a (1) blame, (2) file, or (3) stats page, as. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 86.6%.

Information Disclosure Gitlist
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
86.6%
Threat
5.6
CVE-2013-7392 HIGH POC This Week

Gitlist allows remote attackers to execute arbitrary commands via shell metacharacters in a file name to Source/. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gitlist
NVD GitHub Exploit-DB
CVSS 2.0
7.5
EPSS
8.7%
CVE-2014-3530 HIGH PATCH This Week

The org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory method in PicketLink, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 5.2.0 and 6.2.4, expands entity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Red Hat XXE Information Disclosure RCE Jboss Enterprise Application Platform
NVD
CVSS 2.0
7.5
EPSS
2.1%
CVE-2014-4326 HIGH PATCH This Week

Elasticsearch Logstash 1.0.14 through 1.4.x before 1.4.2 allows remote attackers to execute arbitrary commands via a crafted event in (1) zabbix.rb or (2) nagios_nsca.rb in outputs/. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Elastic Zabbix Logstash
NVD
CVSS 2.0
7.5
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy