Skip to main content
CVE-2014-3560 HIGH Act Now

NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a. Rated high severity (CVSS 7.9). Epss exploitation probability 71.9% and no vendor patch available.

RCE Code Injection Ubuntu Linux Enterprise Linux Samba
NVD
CVSS 2.0
7.9
EPSS
71.9%
CVE-2012-6653 HIGH POC PATCH This Week

Unspecified vulnerability in the All Video Gallery (all-video-gallery) plugin before 1.2.0 for WordPress has unspecified impact and attack vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress Information Disclosure All Video Gallery Plugin
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
3.5%
CVE-2014-5082 HIGH POC This Week

Multiple SQL injection vulnerabilities in admin/admin.php in Sphider 1.3.6 and earlier, Sphider Pro, and Sphider-plus allow remote attackers to execute arbitrary SQL commands via the (1) site_id or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Sphider
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
2.1%
CVE-2014-5090 MEDIUM POC This Month

admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the Location field in Add Logs in the Admin Panel. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection Status2K
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
6.1%
CVE-2014-5089 HIGH POC This Week

SQL injection vulnerability in admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary SQL commands via the log parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Status2K
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.9%
CVE-2014-3434 MEDIUM POC This Month

Buffer overflow in the sysplant driver in Symantec Endpoint Protection (SEP) Client 11.x and 12.x before 12.1 RU4 MP1b, and Small Business Edition before SEP 12.1, allows local users to execute. Rated medium severity (CVSS 6.9). Public exploit code available and no vendor patch available.

RCE Buffer Overflow Endpoint Protection
NVD Exploit-DB
CVSS 2.0
6.9
EPSS
0.6%
CVE-2014-5182 MEDIUM POC PATCH This Month

Multiple SQL injection vulnerabilities in the yawpp plugin 1.2 for WordPress allow remote authenticated users with Contributor privileges to execute arbitrary SQL commands via vectors related to (1). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available.

WordPress SQLi PHP Yawpp
NVD
CVSS 2.0
6.0
EPSS
3.7%
CVE-2014-5185 MEDIUM POC This Month

SQL injection vulnerability in the Quartz plugin 1.01.1 for WordPress allows remote authenticated users with Contributor privileges to execute arbitrary SQL commands via the quote parameter in an. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Quartz Plugin
NVD
CVSS 2.0
6.0
EPSS
3.6%
CVE-2014-5180 MEDIUM POC This Month

SQL injection vulnerability in the videos page in the HDW Player Plugin (hdw-player-video-player-video-gallery) 2.4.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Hdw Player Video Player Video Gallery
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
0.9%
CVE-2014-5186 MEDIUM POC This Month

SQL injection vulnerability in the All Video Gallery (all-video-gallery) plugin 1.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP All Video Gallery
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2014-5184 MEDIUM POC This Month

SQL injection vulnerability in the stripshow-storylines page in the stripShow plugin 2.5.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the story. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Stripshow
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2014-5183 MEDIUM POC This Month

SQL injection vulnerability in includes/mode-edit.php in the Simple Retail Menus (simple-retail-menus) plugin before 4.1 for WordPress allows remote authenticated editors to execute arbitrary SQL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Simple Retail Menus
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2014-5187 MEDIUM POC This Month

Directory traversal vulnerability in the Tom M8te (tom-m8te) plugin 1.5.3 for WordPress allows remote attackers to read arbitrary files via the file parameter to tom-download-file.php. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal WordPress PHP Tom M8Te Plugin
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-5181 MEDIUM POC This Month

Directory traversal vulnerability in lastfm-proxy.php in the Last.fm Rotation (lastfm-rotation) plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal WordPress PHP Lastfm Rotation Plugin
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-5088 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Status2k allows remote attackers to inject arbitrary web script or HTML via the username to login.php. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Status2K
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-5178 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Easy File Sharing (EFS) Web Server 6.8 allow remote authenticated users to inject arbitrary web script or HTML via the content parameter when. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Easy File Sharing Web Server
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-4159 HIGH This Week

ctdb before 2.3 in OpenSUSE 12.3 and 13.1 does not create temporary files securely, which has unspecified impact related to "several temp file vulnerabilities" in (1) tcp/tcp_connect.c, (2). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Ctdb Opensuse Mageia
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2014-0479 MEDIUM This Month

reportbug before 6.4.4+deb7u1 and 6.5.x before 6.5.0+nmu1 allows remote attackers to execute arbitrary commands via vectors related to compare_versions and reportbug/checkversions.py. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Code Injection Reportbug
NVD
CVSS 2.0
6.8
EPSS
0.7%
CVE-2014-5179 MEDIUM This Month

The freelinking module for Drupal, as used in the Freelinking for Case Tracker module, does not properly check access permissions for (1) nodes or (2) users, which allows remote attackers to obtain. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Freelinking For Case Tracker Freelinking
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-3559 LOW Monitor

The oVirt storage backend in Red Hat Enterprise Virtualization 3.4 does not wipe memory snapshots when deleting a VM, even when wipe-after-delete (WAD) is configured for the VM's disk, which allows. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Privilege Escalation Enterprise Virtualization
NVD
CVSS 2.0
3.5
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy