Skip to main content
CVE-2014-3120 HIGH POC KEV PATCH THREAT Act Now

The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Java Authentication Bypass Elastic
NVD Exploit-DB VulDB
CVSS 3.1
8.1
EPSS
82.6%
Threat
7.1
CVE-2014-5112 HIGH POC This Week

maint/modules/home/index.php in Fonality trixbox allows remote attackers to execute arbitrary commands via shell metacharacters in the lang parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection Trixbox
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
7.2%
CVE-2014-5104 HIGH POC This Week

Multiple SQL injection vulnerabilities in ol-commerce 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) a_country parameter in a process action to affiliate_signup.php, (2). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Ol Commerce
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.9%
CVE-2014-5109 HIGH POC This Week

SQL injection vulnerability in maint/modules/endpointcfg/endpoint_generic.php in Fonality trixbox allows remote attackers to execute arbitrary SQL commands via the mac parameter in a Submit action. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Trixbox
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.2%
CVE-2013-4840 HIGH This Week

Unspecified vulnerability in HP and H3C VPN Firewall Module products SECPATH1000FE before 5.20.R3177 and SECBLADEFW before 5.20.R3177 allows remote attackers to cause a denial of service via unknown. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Denial Of Service Secbladefw Secpath1000Fe F1000 E Vpn Firewall +12
NVD
CVSS 2.0
7.8
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy