Skip to main content
CVE-2014-4061 MEDIUM This Month

Microsoft SQL Server 2008 SP3, 2008 R2 SP2, and 2012 SP1 does not properly control use of stack memory for processing of T-SQL batch commands, which allows remote authenticated users to cause a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 38.4% and no vendor patch available.

Denial Of Service Microsoft Sql Server
NVD
CVSS 2.0
6.8
EPSS
38.4%
CVE-2014-2630 MEDIUM POC THREAT This Month

Unspecified vulnerability in HP Operations Agent 11.00, when Glance is used, allows local users to gain privileges via unknown vectors. Rated medium severity (CVSS 4.4). Public exploit code available and EPSS exploitation probability 12.2%.

HP Information Disclosure Operations Agent
NVD Exploit-DB
CVSS 2.0
4.4
EPSS
12.2%
CVE-2014-4060 MEDIUM PATCH This Month

Use-after-free vulnerability in MCPlayer.dll in Microsoft Windows Media Center TV Pack for Windows Vista, Windows 7 SP1, and Windows Media Center for Windows 8 and 8.1 allows remote attackers to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 27.7%.

Memory Corruption Denial Of Service Use After Free Microsoft RCE +2
NVD
CVSS 2.0
6.8
EPSS
27.7%
CVE-2014-1222 MEDIUM POC PATCH This Month

Directory traversal vulnerability in kcfinder/browse.php in Vtiger CRM before 6.0.0 Security patch 1 allows remote authenticated users to read arbitrary files via a .. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal PHP Vtiger Crm
NVD Exploit-DB
CVSS 2.0
4.0
EPSS
9.8%
CVE-2014-2819 MEDIUM This Month

Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability.". Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Microsoft Internet Explorer
NVD
CVSS 2.0
6.8
EPSS
9.8%
CVE-2014-1820 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Master Data Services (MDS) in Microsoft SQL Server 2012 SP1 and 2014 on 64-bit platforms allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 21.4% and no vendor patch available.

XSS Microsoft Sql Server
NVD
CVSS 2.0
4.3
EPSS
21.4%
CVE-2012-4241 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Microcart 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO or (2) query string to _admin/index.php or (3). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Microcart
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-5196 MEDIUM POC PATCH This Month

Cross-site request forgery (CSRF) vulnerability in improved-user-search-in-backend.php in the backend in the Improved user search in backend plugin before 1.2.5 for WordPress allows remote attackers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS CSRF WordPress PHP Improved User Search In Backend
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-4062 MEDIUM This Month

Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, and 3.5.1 does not properly implement the ASLR protection mechanism, which allows remote attackers to obtain sensitive address information via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 15.0% and no vendor patch available.

Privilege Escalation Microsoft Net Framework
NVD
CVSS 2.0
4.3
EPSS
15.0%
CVE-2014-3337 MEDIUM This Month

The SIP implementation in Cisco Unified Communications Manager (CM) 8.6(.2) and earlier allows remote authenticated users to cause a denial of service (process crash) via a crafted SIP message that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Unified Communications Domain Manager
NVD
CVSS 2.0
6.8
EPSS
1.8%
CVE-2014-5199 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the WordPress File Upload plugin (wp-file-upload) before 2.4.2 for WordPress allows remote attackers to hijack the authentication of administrators. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF WordPress File Upload Wordpress File Upload
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-3339 MEDIUM This Month

Multiple SQL injection vulnerabilities in the administrative web interface in Cisco Unified Communications Manager (CM) and Cisco Unified Presence Server (CUPS) allow remote authenticated users to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Unified Communications Domain Manager Unified Presence Server
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2014-4760 MEDIUM PATCH This Month

Open redirect vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF28, 8.0.0 before 8.0.0.1 CF13, and 8.5.0 before CF01 allows. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

IBM Open Redirect Websphere Portal
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2014-4064 MEDIUM PATCH This Month

The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Microsoft Windows 7 Windows 8 Windows 8 1 +6
NVD
CVSS 2.0
4.9
EPSS
2.4%
CVE-2014-4746 MEDIUM PATCH This Month

IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF13 and 8.5.0 through CF01 provides different error codes for firewall-traversal requests depending on whether the intranet host exists, which allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Websphere Portal
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2013-7395 MEDIUM This Month

ZOLL Defibrillator / Monitor X Series has a default (1) supervisor password and (2) service password, which allows physically proximate attackers to modify device configuration and cause a denial of. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Authentication Bypass Monitor Defibrillator
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2014-2631 MEDIUM This Month

Unspecified vulnerability in HP Application Lifecycle Management (aka Quality Center) 11.5x and 12.0x allows local users to gain privileges via unknown vectors, aka ZDI-CAN-2138. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

HP Information Disclosure Application Lifecycle Management
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2014-3899 MEDIUM This Month

Gretech GOM Player 2.2.51.5149 and earlier allows remote attackers to cause a denial of service (launch outage) via a crafted image file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Gom Player
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2014-3251 MEDIUM This Month

The MCollective aes_security plugin, as used in Puppet Enterprise before 3.3.0 and Mcollective before 2.5.3, does not properly validate new server certificates based on the CA certificate, which. Rated medium severity (CVSS 4.4). No vendor patch available.

Race Condition Authentication Bypass Puppet Enterprise Mcollective
NVD
CVSS 2.0
4.4
EPSS
0.0%
CVE-2014-5198 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.1.x before 6.1.3 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Splunk
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-4751 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in IBM Security Access Manager for Mobile 8.0.0.0, 8.0.0.1, and 8.0.0.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM XSS Security Access Manager For Mobile
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-0953 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF28, and 8.0.0 before 8.0.0.1 CF12 allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM XSS Websphere Portal
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-5197 MEDIUM PATCH This Month

Directory traversal vulnerability in (1) Splunk Web or the (2) Splunkd HTTP Server in Splunk Enterprise 6.1.x before 6.1.3 allows remote authenticated users to read arbitrary files via a .. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Splunk
NVD
CVSS 2.0
4.0
EPSS
0.5%
CVE-2014-2629 MEDIUM This Month

HP NonStop Safeguard Security Software G, H06.03 through H06.28.01, and J06.03 through J06.17.01 does not properly evaluate the DISKFILE-PATTERN ACL of a program object file, which allows remote. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Privilege Escalation Nonstop Safeguard Security
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2014-2628 MEDIUM This Month

Unspecified vulnerability in HP Enterprise Maps 1 allows remote authenticated users to obtain sensitive information via unknown vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Enterprise Maps
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-5433 MEDIUM PATCH This Month

The Data Growth Solution for JD Edwards EnterpriseOne in IBM InfoSphere Optim 3.0 through 9.1 has hardcoded database credentials, which allows remote authenticated users to obtain sensitive. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Infosphere Optim Data Growth Solution For Siebel Crm
NVD
CVSS 2.0
4.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy