Skip to main content
CVE-2014-5073 HIGH POC THREAT Act Now

vmtadmin.cgi in VMTurbo Operations Manager before 4.6 build 28657 allows remote attackers to execute arbitrary commands via shell metacharacters in the fileDate parameter in a DOWN call. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 88.3%.

Information Disclosure Operations Manager
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
88.3%
Threat
5.6
CVE-2014-5337 MEDIUM POC PATCH THREAT This Month

The WordPress Mobile Pack plugin before 2.0.2 for WordPress does not properly restrict access to password protected posts, which allows remote attackers to obtain sensitive information via an. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 52.8%.

WordPress Privilege Escalation PHP Wordpress Mobile Pack
NVD
CVSS 2.0
5.0
EPSS
52.8%
Threat
4.1
CVE-2014-5119 HIGH POC THREAT Act Now

Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 21.5%.

RCE Denial Of Service Glibc Debian Linux
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
21.5%
CVE-2013-5467 HIGH POC This Week

Monitoring Agent for UNIX Logs 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, and 6.2.3 through FP04 and Monitoring Server (ms) and Shared Libraries (ax) 6.2.0 through FP03, 6.2.1. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

IBM Privilege Escalation Monitoring Agent For Unix Logs Monitoring Server Ms And Shared Libraries Ax
NVD Exploit-DB
CVSS 2.0
7.2
EPSS
0.4%
CVE-2012-1503 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Six Apart (formerly Six Apart KK) Movable Type (MT) Pro 5.13 allows remote attackers to inject arbitrary web script or HTML via the comment section. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Movable Type
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
6.9%
CVE-2014-2593 CRITICAL Act Now

The management console in Aruba Networks ClearPass Policy Manager 6.3.0.60730 allows local users to execute arbitrary commands via shell metacharacters in certain arguments of a valid command, as. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Aruba Clearpass Policy Manager
NVD
CVSS 2.0
9.0
EPSS
0.6%
CVE-2014-0600 HIGH This Week

FileUploadServlet in the Administration service in Novell GroupWise 2014 before SP1 allows remote attackers to read or write to arbitrary files via the poLibMaintenanceFileSave parameter, aka. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Groupwise
NVD
CVSS 2.0
7.8
EPSS
5.7%
CVE-2014-2390 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the User Management module in McAfee Network Security Manager (NSM) before 6.1.15.39 7.1.5.x before 7.1.5.15, 7.1.15.x before 7.1.15.7, 7.5.x before. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Network Security Manager
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-3346 MEDIUM This Month

The web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway Installation Software) does not validate an unspecified parameter, which allows remote authenticated. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Denial Of Service Transport Gateway Installation Software
NVD
CVSS 2.0
6.3
EPSS
0.5%
CVE-2014-5247 LOW POC Monitor

The _UpgradeBeforeConfigurationChange function in lib/client/gnt_cluster.py in Ganeti 2.10.0 before 2.10.7 and 2.11.0 before 2.11.5 uses world-readable permissions for the configuration backup file,. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Ganeti
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-3024 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 through 7.5.0.6 and Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

IBM CSRF Smartcloud Control Desk Maximo Asset Management
NVD
CVSS 2.0
6.0
EPSS
0.2%
CVE-2014-5127 MEDIUM This Month

Open redirect vulnerability in Innovative Interfaces Encore Discovery Solution 4.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in an. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Open Redirect Encore Discovery Solution
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2014-4806 MEDIUM This Month

The installation process in IBM Security AppScan Enterprise 8.x before 8.6.0.2 iFix 003, 8.7.x before 8.7.0.1 iFix 003, 8.8.x before 8.8.0.1 iFix 002, and 9.0.x before 9.0.0.1 iFix 001 on Linux. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Security Appscan
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2014-5128 MEDIUM This Month

Innovative Interfaces Encore Discovery Solution 4.3 places a session token in the URI, which might allow remote attackers to obtain sensitive information via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Encore Discovery Solution
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-3351 MEDIUM This Month

Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Cloud Portal
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-3084 MEDIUM This Month

IBM Maximo Asset Management 6.1 through 6.5, 7.1 through 7.1.1.13, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

IBM Privilege Escalation Maximo Asset Management Smartcloud Control Desk Tivoli Asset Management For It
NVD
CVSS 2.0
4.9
EPSS
0.5%
CVE-2014-0888 MEDIUM This Month

IBM Worklight Foundation 5.x and 6.x before 6.2.0.0, as used in Worklight and Mobile Foundation, allows remote authenticated users to bypass the application-authenticity feature via unspecified. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

IBM Privilege Escalation Worklight Mobile Foundation
NVD
CVSS 2.0
4.9
EPSS
0.2%
CVE-2014-4930 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in event/index2.do in ManageEngine EventLog Analyzer before 9.0 build 9002 allow remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Zoho XSS Manageengine Eventlog Analyzer
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-5147 MEDIUM PATCH This Month

Xen 4.4.x, when running a 64-bit kernel on an ARM system, does not properly handle traps from the guest domain that use a different address width, which allows local guest users to cause a denial of. Rated medium severity (CVSS 4.3).

Denial Of Service Privilege Escalation Xen
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-3350 MEDIUM This Month

Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not properly implement URL redirection, which allows remote authenticated users to obtain sensitive information via a crafted URL,. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Cloud Portal
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2014-3349 MEDIUM This Month

Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not validate file types during the handling of file submission, which allows remote authenticated users to upload arbitrary files. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Cloud Portal
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2014-0897 LOW Monitor

The Configuration Patterns component in IBM Flex System Manager (FSM) 1.2.0.x, 1.2.1.x, 1.3.0.x, and 1.3.1.x uses a weak algorithm in an encryption step during Chassis Management Module (CMM) account. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Flex System Manager
NVD
CVSS 2.0
3.5
EPSS
0.1%
CVE-2014-3093 LOW Monitor

IBM PowerVC 1.2.0 before FP3 and 1.2.1 before FP2 uses cleartext passwords in (1) api-paste.ini, (2) debug logs, (3) the installation process, (4) environment checks, (5) powervc-ldap-config, (6). Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Powervc
NVD
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy