Skip to main content
CVE-2014-5246 CRITICAL POC THREAT Emergency

The Shenzhen Tenda Technology Tenda A5s router with firmware 3.02.05_CN allows remote attackers to bypass authentication and gain administrator access by setting the admin:language cookie to zh-cn. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 23.8%.

Privilege Escalation Tenda A5S Firmware A5S
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
23.8%
Threat
4.2
CVE-2014-5368 MEDIUM POC THREAT This Month

Directory traversal vulnerability in the file_get_contents function in downloadfiles/download.php in the WP Content Source Control (wp-source-control) plugin 3.0.0 and earlier for WordPress allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 48.3%.

Path Traversal WordPress PHP Wp Content Source Control
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
48.3%
CVE-2014-5097 HIGH POC This Week

Multiple SQL injection vulnerabilities in Free Reprintables ArticleFR 3.0.4 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) get or (2) set action to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Articlefr
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.8%
CVE-2014-5396 HIGH POC This Week

The web interface in Schrack Technik microControl with firmware before 1.7.0 (937) has a hardcoded password of not for the "user" account, which makes it easier for remote attackers to obtain access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Technik Microcontrol Firmware Technik Microcontrol
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2014-4197 HIGH POC This Week

Multiple SQL injection vulnerabilities in Bank Soft Systems (BSS) RBS BS-Client 3.17.9 allow remote attackers to execute arbitrary SQL commands via the (1) CARDS or (2) XACTION parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Rbs Bs Client
NVD
CVSS 2.0
7.5
EPSS
0.3%
CVE-2014-5241 MEDIUM POC This Month

The JSONP endpoint in includes/api/ApiFormatJson.php in MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 accepts certain long callback values and does not. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF PHP Mediawiki
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2014-3525 CRITICAL Act Now

Unspecified vulnerability in Apache Traffic Server 3.x through 3.2.5, 4.x before 4.2.1.1, and 5.x before 5.0.1 has unknown impact and attack vectors, possibly related to health checks. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apache Traffic Server
NVD
CVSS 2.0
10.0
EPSS
1.3%
CVE-2014-5242 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in mediawiki.page.image.pagination.js in MediaWiki 1.22.x before 1.22.9 and 1.23.x before 1.23.2 allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Mediawiki
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-5243 MEDIUM POC This Month

MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 does not enforce an IFRAME protection mechanism for transcluded pages, which makes it easier for remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Mediawiki
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-5261 HIGH PATCH This Week

The graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a font size, related to the rrdtool. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE PHP Code Injection Cacti
NVD
CVSS 2.0
7.5
EPSS
1.3%
CVE-2014-5262 HIGH PATCH This Week

SQL injection vulnerability in the graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

PHP SQLi Cacti
NVD
CVSS 2.0
7.5
EPSS
0.8%
CVE-2014-3594 LOW POC PATCH Monitor

Cross-site scripting (XSS) vulnerability in the Host Aggregates interface in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-3 allows remote administrators. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

XSS Horizon Opensuse
NVD
CVSS 2.0
3.5
EPSS
0.6%
CVE-2014-5273 LOW POC PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow remote authenticated users to inject arbitrary web. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Phpmyadmin
NVD GitHub
CVSS 2.0
3.5
EPSS
0.4%
CVE-2014-5274 LOW POC PATCH Monitor

Cross-site scripting (XSS) vulnerability in the view operations page in phpMyAdmin 4.1.x before 4.1.14.3 and 4.2.x before 4.2.7.1 allows remote authenticated users to inject arbitrary web script or. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

XSS Phpmyadmin Opensuse
NVD GitHub
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-4764 HIGH This Week

IBM WebSphere Application Server (WAS) 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.3, when Load Balancer for IPv4 Dispatcher is enabled, allows remote attackers to cause a denial of service (Load. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

IBM Denial Of Service Websphere Application Server
NVD
CVSS 2.0
7.1
EPSS
1.1%
CVE-2014-3563 HIGH PATCH This Week

Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2). Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Information Disclosure Salt
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2014-0232 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in framework/common/webcommon/includes/messages.ftl in Apache OFBiz 11.04.01 before 11.04.05 and 12.04.01 before 12.04.04 allow remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 12.6%.

XSS Apache Ofbiz
NVD
CVSS 2.0
4.3
EPSS
12.6%
CVE-2014-4767 MEDIUM This Month

IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x before 8.5.5.3 does not properly use the Liberty Repository for feature installation, which allows remote authenticated users to execute. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM RCE Code Injection Websphere Application Server
NVD
CVSS 2.0
6.5
EPSS
1.1%
CVE-2014-5122 MEDIUM This Month

Open redirect vulnerability in ESRI ArcGIS for Server 10.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter, related to. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Open Redirect Arcgis Server
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2014-3070 MEDIUM This Month

The addFileRegistryAccount Virtual Member Manager (VMM) SPI Admin Task in IBM WebSphere Application Server (WAS) 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.3 does not properly create accounts,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Privilege Escalation Websphere Application Server
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-3436 MEDIUM This Month

Symantec Encryption Desktop 10.3.x before 10.3.2 MP3, and Symantec PGP Desktop 10.0.x through 10.2.x, allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Pgp Desktop Encryption Desktop
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-3083 MEDIUM This Month

IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.35, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.3 does not properly restrict resource access, which allows remote attackers to obtain. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Privilege Escalation Websphere Application Server
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-3089 MEDIUM This Month

The RDS Java Client library in IBM Rational Directory Server (RDS) 5.1.1.x before 5.1.1.2 iFix004 and 5.2.x before 5.2.1 iFix003, and Rational Directory Administrator (RDA) 6.0 before iFix002,. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Java Rational Directory Administrator Rational Directory Server
NVD
CVSS 2.0
4.9
EPSS
0.0%
CVE-2014-5149 MEDIUM PATCH This Month

Certain MMU virtualization operations in Xen 4.2.x through 4.4.x, when using shadow pagetables, are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by. Rated medium severity (CVSS 4.7).

Denial Of Service Opensuse Xen
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2014-5146 MEDIUM PATCH This Month

Certain MMU virtualization operations in Xen 4.2.x through 4.4.x before the xsa97-hap patch, when using Hardware Assisted Paging (HAP), are not preemptible, which allows local HVM guest to cause a. Rated medium severity (CVSS 4.7).

Denial Of Service Opensuse Xen
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2013-6306 MEDIUM This Month

Unspecified vulnerability on IBM Power 7 Systems 740 before 740.70 01Ax740_121, 760 before 760.40 Ax760_078, and 770 before 770.30 01Ax770_062 allows local users to gain Service Processor privileges. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Power 760 Firmware Power 770 Power 780 +12
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2014-3022 MEDIUM This Month

IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.3 allows remote attackers to obtain sensitive information via a crafted URL that triggers an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Websphere Application Server
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-0965 MEDIUM PATCH This Month

IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.3 allows remote attackers to obtain sensitive information via a crafted SOAP response. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Websphere Application Server
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-5121 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Server 10.1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Arcgis Server
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-5338 LOW PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in the multisite component in Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allow remote authenticated users to inject arbitrary web script or. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Check Mk
NVD
CVSS 2.0
3.5
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy