Skip to main content
CVE-2014-4909 MEDIUM POC This Month

Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service RCE Buffer Overflow Ubuntu Linux Fedora +2
NVD
CVSS 2.0
6.8
EPSS
9.2%
CVE-2014-3896 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in CGI programs in Seeds acmailer before 3.8.17 and 3.9.x before 3.9.10 Beta allow remote attackers to hijack the authentication of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Acmailer
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-5115 MEDIUM POC This Month

Absolute path traversal vulnerability in DirPHP 1.0 allows remote attackers to read arbitrary files via a full pathname in the phpfile parameter to index.php. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Dirphp
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
6.7%
CVE-2014-5116 MEDIUM POC This Month

The cairo_image_surface_get_data function in Cairo 1.10.2, as used in GTK+ and Wireshark, allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a large string. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Cairo
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
5.8%
CVE-2014-4710 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in zero_user_account.php in ZeroCMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the Full Name field. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Zerocms
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
2.9%
CVE-2014-0475 MEDIUM This Month

Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal Glibc
NVD
CVSS 2.0
6.8
EPSS
0.9%
CVE-2014-3020 MEDIUM This Month

install.sh in the Embedded WebSphere Application Server (eWAS) 7.0 before FP33 in IBM Tivoli Integrated Portal (TIP) 2.1 and 2.2 sets world-writable permissions for the installRoot directory tree,. Rated medium severity (CVSS 6.9). No vendor patch available.

IBM Privilege Escalation Embedded Websphere Application Server Tivoli Integrated Portal
NVD
CVSS 2.0
6.9
EPSS
0.0%
CVE-2014-3895 MEDIUM This Month

The I-O DATA TS-WLCAM camera with firmware 1.06 and earlier, TS-WLCAM/V camera with firmware 1.06 and earlier, TS-WPTCAM camera with firmware 1.08 and earlier, TS-PTCAM camera with firmware 1.08 and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ts Wlcam V Camera Firmware Ts Wlcam V Camera Ts Wptcam Camera Firmware Ts Wptcam Camera +8
NVD
CVSS 2.0
6.4
EPSS
0.3%
CVE-2014-3545 MEDIUM PATCH This Month

Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to execute arbitrary code via a calculated question in a. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Moodle
NVD
CVSS 2.0
6.0
EPSS
1.3%
CVE-2014-3552 MEDIUM PATCH This Month

The Shibboleth authentication plugin in auth/shibboleth/index.php in Moodle through 2.3.11, 2.4.x before 2.4.11, and 2.5.x before 2.5.7 does not check whether a session ID is empty, which allows. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

PHP Authentication Bypass Moodle
NVD
CVSS 2.0
6.0
EPSS
0.4%
CVE-2014-3054 MEDIUM This Month

Multiple open redirect vulnerabilities in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allow remote attackers to redirect users to arbitrary web sites. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

IBM Open Redirect Websphere Portal Websphere Portal Unified Task List Portlet
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2014-5031 MEDIUM PATCH This Month

The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Cups Ubuntu Linux
NVD
CVSS 2.0
5.0
EPSS
1.6%
CVE-2014-3056 MEDIUM This Month

The Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to obtain potentially sensitive information about environment variables and JAR. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Portal Websphere Portal Unified Task List Portlet
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-3546 MEDIUM PATCH This Month

Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 does not enforce certain capability requirements in (1) notes/index.php and (2). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

PHP Privilege Escalation Moodle
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-3553 MEDIUM PATCH This Month

mod/forum/classes/post_form.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 does not enforce the moodle/site:accessallgroups. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable.

PHP Privilege Escalation Moodle
NVD
CVSS 2.0
4.9
EPSS
0.2%
CVE-2014-3543 MEDIUM PATCH This Month

mod/imscp/locallib.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via a package with. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure XXE Moodle
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-3542 MEDIUM PATCH This Month

mod/lti/service.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via an XML external. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure XXE Moodle
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-3329 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the web-server component in Cisco Prime Data Center Network Manager (DCNM) 6.3(2) and earlier allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Prime Data Center Network Manager
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-3897 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Homepage Decorator PerlMailer 3.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Homepage Decorator Perlmailer
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-3550 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in admin/tool/task/scheduledtasks.php in Moodle 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via vectors that. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS PHP Moodle
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-3549 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the get_description function in lib/classes/event/user_login_failed.php in Moodle 2.7.x before 2.7.1 allows remote attackers to inject arbitrary web script. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS PHP Moodle
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-3547 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in badges/renderer.php in Moodle 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS PHP Moodle
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-3057 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Websphere Portal Websphere Portal Unified Task List Portlet
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-0889 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in IBM Atlas Suite (aka Atlas Policy Suite), as used in Atlas eDiscovery Process Management through 6.0.3, Disposal and Governance Management for. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Atlas Ediscovery Process Management Atlas Suite Disposal And Governance Management For It +1
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-3548 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Moodle
NVD
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy