Skip to main content
CVE-2014-3120 HIGH POC KEV PATCH THREAT Act Now

The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Java Authentication Bypass Elastic
NVD Exploit-DB VulDB
CVSS 3.1
8.1
EPSS
82.6%
Threat
7.1
CVE-2014-5111 MEDIUM POC THREAT This Month

Multiple directory traversal vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 67.7%.

Path Traversal PHP Trixbox
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
67.7%
Threat
4.5
CVE-2014-5112 HIGH POC This Week

maint/modules/home/index.php in Fonality trixbox allows remote attackers to execute arbitrary commands via shell metacharacters in the lang parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection Trixbox
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
7.2%
CVE-2014-5104 HIGH POC This Week

Multiple SQL injection vulnerabilities in ol-commerce 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) a_country parameter in a process action to affiliate_signup.php, (2). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Ol Commerce
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.9%
CVE-2014-5109 HIGH POC This Week

SQL injection vulnerability in maint/modules/endpointcfg/endpoint_generic.php in Fonality trixbox allows remote attackers to execute arbitrary SQL commands via the mac parameter in a Submit action. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Trixbox
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.2%
CVE-2014-5113 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in test.php in Visualware MyConnection Server 9.7i allow remote attackers to inject arbitrary web script or HTML via the (1) testtype, (2) ver, (3). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Myconnection Server
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-5110 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in user/help/html/index.php in Fonality trixbox allows remote attackers to inject arbitrary web script or HTML via the id_nodo parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Trixbox
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-5105 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in ol-commerce 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) a_country parameter in a process action to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Ol Commerce
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-4840 HIGH This Week

Unspecified vulnerability in HP and H3C VPN Firewall Module products SECPATH1000FE before 5.20.R3177 and SECBLADEFW before 5.20.R3177 allows remote attackers to cause a denial of service via unknown. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Denial Of Service Secbladefw Secpath1000Fe F1000 E Vpn Firewall +12
NVD
CVSS 2.0
7.8
EPSS
1.4%
CVE-2014-2974 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in php/user_account.php in Silver Peak VX through 6.2.4 allows remote attackers to hijack the authentication of administrators for requests that create. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF PHP Vx
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-5107 MEDIUM This Month

concrete5 before 5.6.3 allows remote attackers to obtain the installation path via a direct request to (1) system/basics/editor.php, (2) system/view.php, (3). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure Concrete5 Concrete Cms
NVD
CVSS 2.0
5.0
EPSS
1.3%
CVE-2014-3304 MEDIUM This Month

The OutlookAction Class in Cisco WebEx Meetings Server allows remote attackers to enumerate user accounts by entering crafted URLs and examining the returned messages, aka Bug ID CSCuj81722. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Webex Meetings Server
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-2975 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in php/user_account.php in Silver Peak VX before 6.2.4 allows remote attackers to inject arbitrary web script or HTML via the user_id parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Vx
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-5108 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in single_pages\download_file.php in concrete5 before 5.6.3 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Concrete5 Concrete Cms
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-5106 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (aka IPB or Power Board) 3.4.x through 3.4.6 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Invision Power Board
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-3303 MEDIUM This Month

The web framework in Cisco WebEx Meetings Server does not properly restrict the content of query strings, which allows remote attackers to obtain sensitive information by reading (1) web-server. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Webex Meetings Server
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2013-4262 LOW Monitor

svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file. Rated low severity (CVSS 2.4). No vendor patch available.

Information Disclosure Subversion
NVD
CVSS 2.0
2.4
EPSS
0.3%
CVE-2013-7393 LOW Monitor

The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the. Rated low severity (CVSS 2.4). No vendor patch available.

Information Disclosure Subversion
NVD
CVSS 2.0
2.4
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy