Skip to main content
CVE-2014-5377 MEDIUM POC PATCH THREAT This Month

ReadUsersFromMasterServlet in ManageEngine DeviceExpert before 5.9 build 5981 allows remote attackers to obtain user account credentials via a direct request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 67.6%.

Zoho Information Disclosure Device Expert
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
67.6%
Threat
4.5
CVE-2014-5504 HIGH Act Now

SolarWinds Log and Event Manager before 6.0 uses "static" credentials, which makes it easier for remote attackers to obtain access to the database and execute arbitrary code via unspecified vectors,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 25.4% and no vendor patch available.

RCE Authentication Bypass Log And Event Manager
NVD
CVSS 2.0
7.5
EPSS
25.4%
CVE-2014-5461 MEDIUM POC PATCH THREAT This Month

Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 10.6%.

Denial Of Service Buffer Overflow Opensuse Ubuntu Linux Debian Linux +2
NVD
CVSS 2.0
5.0
EPSS
10.6%
CVE-2014-3094 HIGH PATCH Act Now

Stack-based buffer overflow in IBM DB2 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to execute arbitrary code. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Epss exploitation probability 10.4%.

IBM RCE Buffer Overflow Microsoft Db2
NVD
CVSS 2.0
8.5
EPSS
10.4%
CVE-2012-4234 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the group moderation screen in the control center (control.php) in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Phorum
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
7.6%
CVE-2012-4768 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Download Monitor plugin before 3.3.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dlsearch parameter to the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress Download Monitor
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
1.9%
CVE-2014-5505 MEDIUM This Month

Stack-based buffer overflow in SAP Crystal Reports allows remote attackers to execute arbitrary code via a crafted data source string in an RPT file. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE SAP Buffer Overflow Crystal Reports
NVD
CVSS 2.0
6.8
EPSS
6.5%
CVE-2014-2685 HIGH This Week

The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 violate the OpenID 2.0 protocol by ensuring only. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Zend Framework Zendopenid
NVD
CVSS 2.0
7.5
EPSS
0.8%
CVE-2014-5285 HIGH This Week

Unspecified vulnerability in the Authentication Module in TIBCO Spotfire Server before 4.5.2, 5.0.x before 5.0.3, 5.5.x before 5.5.2, 6.0.x before 6.0.3, and 6.5.x before 6.5.1 allows remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Spotfire Server
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2014-3353 HIGH This Week

Cisco IOS XR 4.3(.2) and earlier, as used in Cisco Carrier Routing System (CRS), allows remote attackers to cause a denial of service (CPU consumption and IPv6 packet drops) via a malformed IPv6. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Apple Cisco Denial Of Service Ios Xr
NVD
CVSS 2.0
7.1
EPSS
2.0%
CVE-2014-5506 MEDIUM This Month

Double free vulnerability in SAP Crystal Reports allows remote attackers to execute arbitrary code via crafted connection string record in an RPT file. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE SAP Crystal Reports
NVD
CVSS 2.0
6.8
EPSS
2.1%
CVE-2014-2957 MEDIUM PATCH This Month

The dmarc_process function in dmarc.c in Exim before 4.82.1, when EXPERIMENTAL_DMARC is enabled, allows remote attackers to execute arbitrary code via the From header in an email, which is passed to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

RCE Exim
NVD
CVSS 2.0
6.8
EPSS
1.8%
CVE-2014-3574 MEDIUM PATCH This Month

Apache POI before 3.10.1 and 3.11.x before 3.11-beta2 allows remote attackers to cause a denial of service (CPU consumption and crash) via a crafted OOXML file, aka an XML Entity Expansion (XEE). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 11.1%.

Denial Of Service Apache Poi
NVD
CVSS 2.0
4.3
EPSS
11.1%
CVE-2014-3529 MEDIUM PATCH This Month

The OPC SAX setup in Apache POI before 3.10.1 allows remote attackers to read arbitrary files via an OpenXML file containing an XML external entity declaration in conjunction with an entity. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XXE Apache Poi
NVD
CVSS 2.0
4.3
EPSS
5.2%
CVE-2014-5269 MEDIUM PATCH This Month

Plack::App::File in Plack before 1.0031 removes trailing slash characters from paths, which allows remote attackers to bypass the whitelist of generated files and obtain sensitive information via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Plack
NVD GitHub
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-2972 MEDIUM PATCH This Month

expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted lookup value. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity.

Information Disclosure Exim
NVD
CVSS 2.0
4.6
EPSS
0.2%
CVE-2012-6153 MEDIUM PATCH This Month

http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Java Apache Commons Httpclient
NVD
CVSS 2.0
4.3
EPSS
1.2%
CVE-2014-4758 MEDIUM PATCH This Month

IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.x allow remote authenticated users to bypass intended access restrictions and send requests to internal. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Privilege Escalation Business Process Manager Websphere Application Server
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2014-4759 MEDIUM PATCH This Month

An unspecified Ajax service in the Content Management toolkit in IBM Business Process Manager (BPM) 8.5.x through 8.5.5 allows remote authenticated users to obtain sensitive information by performing. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Privilege Escalation Business Process Manager
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2014-3095 LOW PATCH Monitor

The SQL engine in IBM DB2 9.5 through FP10, 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

IBM Denial Of Service Microsoft Db2
NVD
CVSS 2.0
3.5
EPSS
1.3%
CVE-2014-3075 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.0.x allows remote authenticated users to inject arbitrary web. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

IBM XSS Business Process Manager Websphere Application Server
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-6060 LOW PATCH Monitor

The get_option function in dhcpcd 4.0.0 through 6.x before 6.4.3 allows remote DHCP servers to cause a denial of service by resetting the DHO_OPTIONSOVERLOADED option in the (1) bootfile or (2). Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Denial Of Service Dhcpcd Android
NVD
CVSS 2.0
3.3
EPSS
0.1%
CVE-2014-4805 LOW PATCH Monitor

IBM DB2 10.5 before FP4 on Linux and AIX creates temporary files during CDE table LOAD operations, which allows local users to obtain sensitive information by reading a file while a LOAD is occurring. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Db2
NVD
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy