Skip to main content
CVE-2014-3085 HIGH POC THREAT Act Now

systest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 15.7%.

IBM Command Injection PHP Global Console Manager 16 Firmware Global Console Manager 32 Firmware
NVD Exploit-DB
CVSS 2.0
7.1
EPSS
15.7%
CVE-2014-5074 HIGH POC PATCH THREAT Act Now

Siemens SIMATIC S7-1500 CPU devices with firmware before 1.6 allow remote attackers to cause a denial of service (device restart and STOP transition) via crafted TCP packets. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 12.9%.

Denial Of Service Siemens Simatic S7 1500 Cpu Firmware Simatic S7 1511 1 Pn Cpu Simatic S7 1513 1 Pn Cpu +5
NVD Exploit-DB
CVSS 2.0
7.1
EPSS
12.9%
CVE-2014-3081 MEDIUM POC THREAT This Month

prodtest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to read arbitrary files via the filename parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 10.8%.

IBM PHP Information Disclosure Global Console Manager 16 Firmware Global Console Manager 32 Firmware
NVD Exploit-DB
CVSS 2.0
6.3
EPSS
10.8%
CVE-2014-3080 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allow remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

IBM XSS PHP Global Console Manager 16 Firmware Global Console Manager 32 Firmware
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
9.4%
CVE-2014-0609 CRITICAL Act Now

Unspecified vulnerability in Novell Open Enterprise Server (OES) 11 SP1 before Scheduled Maintenance Update 9415 and 11 SP2 before Scheduled Maintenance Update 9413 for Linux has unknown impact and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Open Enterprise Server
NVD
CVSS 2.0
10.0
EPSS
0.2%
CVE-2014-0327 CRITICAL Act Now

The Terminal Upgrade Tool in the Pilot Below Deck Equipment (BDE) and OpenPort implementations on Iridium satellite terminals allows remote attackers to execute arbitrary code by uploading new. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

RCE Open Port Pilot Below Deck Equipment
NVD
CVSS 2.0
9.3
EPSS
1.7%
CVE-2014-0326 CRITICAL Act Now

The Pilot Below Deck Equipment (BDE) and OpenPort implementations on Iridium satellite terminals allow remote attackers to read hardcoded credentials via the web interface. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Open Port Pilot Below Deck Equipment
NVD
CVSS 2.0
9.3
EPSS
0.5%
CVE-2014-3063 HIGH PATCH This Week

IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1-FP11 and 11.x before 11.0-FP5 and InfoSphere Master Data Management Server for Product Information Management 9.x before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Privilege Escalation Infosphere Master Data Management Infosphere Master Data Management Server For Product Information Management
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2014-3904 HIGH This Week

SQL injection vulnerability in lib/admin.php in tenfourzero Shutter 0.1.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Shutter
NVD
CVSS 2.0
7.5
EPSS
0.3%
CVE-2014-0969 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0-FP5 and InfoSphere Master Data. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

IBM CSRF Infosphere Master Data Management Infosphere Master Data Management Server For Product Information Management
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-0966 MEDIUM This Month

SQL injection vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0-FP5 and InfoSphere Master Data Management Server for. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SQLi Infosphere Master Data Management Infosphere Master Data Management Server For Product Information Management
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2014-4775 MEDIUM PATCH This Month

IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1-FP11 and 11.x before 11.0-FP5 and InfoSphere Master Data Management Server for Product Information Management 9.x before. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Infosphere Master Data Management Infosphere Master Data Management Server For Product Information Management
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-3900 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in admin/picture_modify.php in the photo-edit subsystem in Piwigo 2.6.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Piwigo
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-3905 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in tenfourzero Shutter 0.1.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Shutter
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-3087 MEDIUM PATCH This Month

callService.do in IBM Business Process Manager (BPM) 7.5 through 8.5.5 and WebSphere Lombardi Edition 7.2 through 7.2.0.5 allows remote authenticated users to read arbitrary files via an XML external. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM XXE Information Disclosure Business Process Manager Websphere Application Server
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2014-0905 LOW Monitor

IBM InfoSphere BigInsights 2.0 through 2.1.2 does not set the secure flag for the LTPA cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting. Rated low severity (CVSS 2.9). No vendor patch available.

IBM Privilege Escalation Infosphere Biginsights
NVD
CVSS 2.0
2.9
EPSS
0.1%
CVE-2014-0876 LOW PATCH Monitor

Buffer overflow in the Java GUI Configuration Wizard and Preferences Editor in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.x and 6.x before 6.2.5.2, 6.3.x before 6.3.2, and 6.4.x. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

IBM Denial Of Service Buffer Overflow Java Microsoft +1
NVD
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy