Skip to main content
CVE-2014-4909 MEDIUM POC This Month

Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service RCE Buffer Overflow Ubuntu Linux Fedora +2
NVD
CVSS 2.0
6.8
EPSS
9.2%
CVE-2014-5114 HIGH POC This Week

WeBid 1.1.1 allows remote attackers to conduct an LDAP injection attack via the (1) js or (2) cat parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Webid
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2014-3896 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in CGI programs in Seeds acmailer before 3.8.17 and 3.9.x before 3.9.10 Beta allow remote attackers to hijack the authentication of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Acmailer
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-5115 MEDIUM POC This Month

Absolute path traversal vulnerability in DirPHP 1.0 allows remote attackers to read arbitrary files via a full pathname in the phpfile parameter to index.php. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Dirphp
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
6.7%
CVE-2014-5116 MEDIUM POC This Month

The cairo_image_surface_get_data function in Cairo 1.10.2, as used in GTK+ and Wireshark, allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a large string. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Cairo
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
5.8%
CVE-2014-4710 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in zero_user_account.php in ZeroCMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the Full Name field. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Zerocms
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
2.9%
CVE-2014-3541 HIGH PATCH This Week

The Repositories component in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to conduct PHP object injection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE PHP Code Injection Moodle
NVD
CVSS 2.0
7.5
EPSS
1.9%
CVE-2014-3544 LOW POC PATCH Monitor

Cross-site scripting (XSS) vulnerability in user/profile.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Moodle
NVD Exploit-DB GitHub
CVSS 2.0
3.5
EPSS
0.8%
CVE-2014-3055 HIGH This Week

SQL injection vulnerability in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to execute arbitrary SQL commands via unspecified. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SQLi Websphere Portal Websphere Portal Unified Task List Portlet
NVD
CVSS 2.0
7.5
EPSS
0.3%
CVE-2014-0475 MEDIUM This Month

Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal Glibc
NVD
CVSS 2.0
6.8
EPSS
0.9%
CVE-2014-3020 MEDIUM This Month

install.sh in the Embedded WebSphere Application Server (eWAS) 7.0 before FP33 in IBM Tivoli Integrated Portal (TIP) 2.1 and 2.2 sets world-writable permissions for the installRoot directory tree,. Rated medium severity (CVSS 6.9). No vendor patch available.

IBM Privilege Escalation Embedded Websphere Application Server Tivoli Integrated Portal
NVD
CVSS 2.0
6.9
EPSS
0.0%
CVE-2014-3895 MEDIUM This Month

The I-O DATA TS-WLCAM camera with firmware 1.06 and earlier, TS-WLCAM/V camera with firmware 1.06 and earlier, TS-WPTCAM camera with firmware 1.08 and earlier, TS-PTCAM camera with firmware 1.08 and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ts Wlcam V Camera Firmware Ts Wlcam V Camera Ts Wptcam Camera Firmware Ts Wptcam Camera +8
NVD
CVSS 2.0
6.4
EPSS
0.3%
CVE-2014-3545 MEDIUM PATCH This Month

Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to execute arbitrary code via a calculated question in a. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Moodle
NVD
CVSS 2.0
6.0
EPSS
1.3%
CVE-2014-3552 MEDIUM PATCH This Month

The Shibboleth authentication plugin in auth/shibboleth/index.php in Moodle through 2.3.11, 2.4.x before 2.4.11, and 2.5.x before 2.5.7 does not check whether a session ID is empty, which allows. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

PHP Authentication Bypass Moodle
NVD
CVSS 2.0
6.0
EPSS
0.4%
CVE-2014-3054 MEDIUM This Month

Multiple open redirect vulnerabilities in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allow remote attackers to redirect users to arbitrary web sites. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

IBM Open Redirect Websphere Portal Websphere Portal Unified Task List Portlet
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2014-5031 MEDIUM PATCH This Month

The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Cups Ubuntu Linux
NVD
CVSS 2.0
5.0
EPSS
1.6%
CVE-2014-3056 MEDIUM This Month

The Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to obtain potentially sensitive information about environment variables and JAR. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Portal Websphere Portal Unified Task List Portlet
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-3546 MEDIUM PATCH This Month

Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 does not enforce certain capability requirements in (1) notes/index.php and (2). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

PHP Privilege Escalation Moodle
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-3553 MEDIUM PATCH This Month

mod/forum/classes/post_form.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 does not enforce the moodle/site:accessallgroups. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable.

PHP Privilege Escalation Moodle
NVD
CVSS 2.0
4.9
EPSS
0.2%
CVE-2014-3543 MEDIUM PATCH This Month

mod/imscp/locallib.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via a package with. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure XXE Moodle
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-3542 MEDIUM PATCH This Month

mod/lti/service.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via an XML external. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure XXE Moodle
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-3329 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the web-server component in Cisco Prime Data Center Network Manager (DCNM) 6.3(2) and earlier allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Prime Data Center Network Manager
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-3897 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Homepage Decorator PerlMailer 3.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Homepage Decorator Perlmailer
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-3550 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in admin/tool/task/scheduledtasks.php in Moodle 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via vectors that. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS PHP Moodle
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-3549 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the get_description function in lib/classes/event/user_login_failed.php in Moodle 2.7.x before 2.7.1 allows remote attackers to inject arbitrary web script. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS PHP Moodle
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-3547 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in badges/renderer.php in Moodle 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS PHP Moodle
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-3057 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Websphere Portal Websphere Portal Unified Task List Portlet
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-0889 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in IBM Atlas Suite (aka Atlas Policy Suite), as used in Atlas eDiscovery Process Management through 6.0.3, Disposal and Governance Management for. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Atlas Ediscovery Process Management Atlas Suite Disposal And Governance Management For It +1
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-3548 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Moodle
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-3551 LOW PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in the advanced-grading implementation in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Moodle
NVD
CVSS 2.0
3.5
EPSS
0.3%
CVE-2014-3026 LOW Monitor

CRLF injection vulnerability in IBM Maximo Asset Management 7.5 through 7.5.0.6, and 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, allows remote authenticated users to. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Code Injection Maximo Asset Management Maximo Asset Management Essentials Smartcloud Control Desk +1
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-3050 LOW Monitor

IBM Rational Team Concert (RTC) 3.x before 3.0.1.6 IF3 and 4.x before 4.0.7 does not properly integrate with build engines, which allows remote authenticated users to discover credentials via. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Rational Team Concert
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-2226 LOW Monitor

Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

Ubiquiti Authentication Bypass Unifi Controller
NVD
CVSS 2.0
2.6
EPSS
0.3%
CVE-2014-0103 LOW Monitor

WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

PHP Information Disclosure Apache Webapp Zarafa +1
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-5030 LOW PATCH Monitor

CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py. Rated low severity (CVSS 1.9).

PHP Information Disclosure Ubuntu Linux Cups
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2014-5029 LOW PATCH Monitor

The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null. Rated low severity (CVSS 1.5).

Information Disclosure Cups Ubuntu Linux
NVD
CVSS 2.0
1.5
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy