Skip to main content
CVE-2014-3914 CRITICAL POC THREAT Emergency

Directory traversal vulnerability in the Admin Center for Tivoli Storage Manager (TSM) in Rocket ServerGraph 1.2 allows remote attackers to (1) create arbitrary files via a .. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 83.7%.

Path Traversal RCE Rocket Servergraph
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
83.7%
Threat
6.0
CVE-2014-5189 HIGH POC This Week

SQL injection vulnerability in lib/optin/optin_page.php in the Lead Octopus plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Lead Octopus
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
1.7%
CVE-2014-5192 HIGH POC This Week

SQL injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to execute arbitrary SQL commands via the filter parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Sphider
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.9%
CVE-2014-3773 HIGH POC PATCH This Week

Multiple SQL injection vulnerabilities in TeamPass before 2.1.20 allow remote attackers to execute arbitrary SQL commands via the login parameter in a (1) send_pw_by_email or (2). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP SQLi Teampass
NVD GitHub
CVSS 2.0
7.5
EPSS
0.4%
CVE-2014-3772 HIGH POC PATCH This Week

TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via a request to index.php followed by a direct request to a file that calls the session_start function before checking. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Privilege Escalation Teampass
NVD GitHub
CVSS 2.0
7.5
EPSS
0.3%
CVE-2014-3771 HIGH POC PATCH This Week

TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via the language file path in a (1) request to index.php or (2) "change_user_language" request to sources/main.queries.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Privilege Escalation Teampass
NVD GitHub
CVSS 2.0
7.5
EPSS
0.3%
CVE-2014-5194 MEDIUM POC This Month

Static code injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote authenticated users to inject arbitrary PHP code into settings/conf.php via the _word_upper_bound parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection Sphider
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
2.3%
CVE-2014-3854 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in admin/addScript.py in Pyplate 0.08 allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS CSRF Pyplate
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.4%
CVE-2013-6771 CRITICAL Act Now

Directory traversal vulnerability in the collect script in Splunk before 5.0.5 allows remote attackers to execute arbitrary commands via a .. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal Splunk
NVD
CVSS 2.0
9.3
EPSS
4.1%
CVE-2013-7394 CRITICAL Act Now

The "runshellscript echo.sh" script in Splunk before 5.0.5 allows remote authenticated users to execute arbitrary commands via a crafted string. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Splunk Code Injection
NVD
CVSS 2.0
9.0
EPSS
0.8%
CVE-2014-3853 MEDIUM POC This Month

Pyplate 0.08 does not set the secure flag for the id cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Pyplate
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-3852 MEDIUM POC This Month

Pyplate 0.08 does not include the HTTPOnly flag in a Set-Cookie header for the id cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Pyplate
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-3855 MEDIUM POC This Month

Directory traversal vulnerability in download.py in Pyplate 0.08 allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Pyplate
NVD
CVSS 2.0
5.0
EPSS
0.1%
CVE-2014-5193 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the category parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Sphider
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
2.7%
CVE-2014-3774 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in items.php in TeamPass before 2.1.20 allow remote attackers to inject arbitrary web script or HTML via the group parameter, which is not properly. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Teampass
NVD GitHub
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-5188 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in doemailpassword.tml in Lyris ListManager (LM) 8.95a allows remote attackers to inject arbitrary web script or HTML via the EmailAddr parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS List Manager
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-5190 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in captcha-secureimage/test/index.php in the SI CAPTCHA Anti-Spam plugin 2.7.4 for WordPress allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Si Captcha Anti Spam
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-3459 MEDIUM This Month

Heap-based buffer overflow in SolarWinds Network Configuration Manager (NCM) before 7.3 allows remote attackers to execute arbitrary code via the PEstrarg1 property. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Buffer Overflow Network Configuration Manager
NVD
CVSS 2.0
6.8
EPSS
4.6%
CVE-2014-4647 MEDIUM This Month

Stack-based buffer overflow in the loadExtensionFactory method in the TSVisualization ActiveX control in Embarcadero ER/Studio Data Architect allows remote attackers to execute arbitrary code via. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Buffer Overflow Er Studio Data Architect
NVD
CVSS 2.0
6.8
EPSS
2.8%
CVE-2014-3429 MEDIUM PATCH This Month

IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, which allows remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Opensuse Ipython Notebook Mageia
NVD GitHub
CVSS 2.0
6.8
EPSS
2.1%
CVE-2014-5195 HIGH This Week

Unity before 7.2.3 and 7.3.x before 7.3.1, as used in Ubuntu, does not properly take focus of the keyboard when switching to the lock screen, which allows physically proximate attackers to bypass the. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Race Condition Ubuntu Authentication Bypass Unity
NVD
CVSS 2.0
7.2
EPSS
0.0%
CVE-2014-3851 LOW POC Monitor

usr/lib/cgi-bin/create_passwd_file.py in Pyplate 0.08 uses world-readable permissions for passwd.db, which allows local users to obtain the administrator password by reading this file. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Pyplate
NVD
CVSS 2.0
2.1
EPSS
0.0%
CVE-2014-3517 MEDIUM PATCH This Month

api/metadata/handler.py in OpenStack Compute (Nova) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Nova
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-5191 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Preview plugin before 4.4.3 in CKEditor allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Ckeditor
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-3800 LOW Monitor

XBMC 13.0 uses world-readable permissions for .xbmc/userdata/sources.xml, which allows local users to obtain user names and passwords by reading this file. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Xbmc
NVD
CVSS 2.0
2.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy