Skip to main content
CVE-2014-5023 MEDIUM POC This Month

Repository.php in Gitter, as used in Gitlist, allows remote attackers with commit privileges to execute arbitrary commands via shell metacharacters in a branch name, as demonstrated by a "git. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP Information Disclosure Gitlist
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
3.8%
CVE-2014-2385 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the web UI in Sophos Anti-Virus for Linux before 9.6.1 allow local users to inject arbitrary web script or HTML via the (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Sophos Anti Virus
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2014-3518 MEDIUM This Month

jmx-remoting.sar in JBoss Remoting, as used in Red Hat JBoss Enterprise Application Platform (JEAP) 5.2.0, Red Hat JBoss BRMS 5.3.1, Red Hat JBoss Portal Platform 5.2.2, and Red Hat JBoss SOA. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Code Injection Red Hat Jboss Enterprise Application Platform Jboss Enterprise Brms Platform +2
NVD
CVSS 2.0
6.8
EPSS
1.7%
CVE-2014-4948 MEDIUM This Month

Unspecified vulnerability in Citrix XenServer 6.2 Service Pack 1 and earlier allows attackers to cause a denial of service and obtain sensitive information by modifying the guest virtual hard disk. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Citrix Xenserver
NVD
CVSS 2.0
6.4
EPSS
0.5%
CVE-2014-4911 MEDIUM PATCH This Month

The ssl_decrypt_buf function in library/ssl_tls.c in PolarSSL before 1.2.11 and 1.3.x before 1.3.8 allows remote attackers to cause a denial of service (crash) via vectors related to the GCM. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Polarssl Debian Linux
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-5019 MEDIUM PATCH This Month

The multisite feature in Drupal 6.x before 6.32 and 7.x before 7.29 allows remote attackers to cause a denial of service via a crafted HTTP Host header, related to determining which configuration. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Drupal
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-5020 MEDIUM PATCH This Month

The File module in Drupal 7.x before 7.29 does not properly check permissions to view files, which allows remote authenticated users with certain permissions to bypass intended restrictions and read. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable.

Privilege Escalation Drupal
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2014-5022 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Ajax system in Drupal 7.x before 7.29 allows remote attackers to inject arbitrary web script or HTML via vectors involving forms with an Ajax-enabled. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Drupal
NVD
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy