Skip to main content
CVE-2014-5377 MEDIUM POC PATCH THREAT This Month

ReadUsersFromMasterServlet in ManageEngine DeviceExpert before 5.9 build 5981 allows remote attackers to obtain user account credentials via a direct request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 67.6%.

Zoho Information Disclosure Device Expert
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
67.6%
Threat
4.5
CVE-2014-5461 MEDIUM POC PATCH THREAT This Month

Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 10.6%.

Denial Of Service Buffer Overflow Opensuse Ubuntu Linux Debian Linux +2
NVD
CVSS 2.0
5.0
EPSS
10.6%
CVE-2012-4234 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the group moderation screen in the control center (control.php) in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Phorum
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
7.6%
CVE-2012-4768 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Download Monitor plugin before 3.3.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dlsearch parameter to the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress Download Monitor
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
1.9%
CVE-2014-5505 MEDIUM This Month

Stack-based buffer overflow in SAP Crystal Reports allows remote attackers to execute arbitrary code via a crafted data source string in an RPT file. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE SAP Buffer Overflow Crystal Reports
NVD
CVSS 2.0
6.8
EPSS
6.5%
CVE-2014-5506 MEDIUM This Month

Double free vulnerability in SAP Crystal Reports allows remote attackers to execute arbitrary code via crafted connection string record in an RPT file. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE SAP Crystal Reports
NVD
CVSS 2.0
6.8
EPSS
2.1%
CVE-2014-2957 MEDIUM PATCH This Month

The dmarc_process function in dmarc.c in Exim before 4.82.1, when EXPERIMENTAL_DMARC is enabled, allows remote attackers to execute arbitrary code via the From header in an email, which is passed to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

RCE Exim
NVD
CVSS 2.0
6.8
EPSS
1.8%
CVE-2014-3574 MEDIUM PATCH This Month

Apache POI before 3.10.1 and 3.11.x before 3.11-beta2 allows remote attackers to cause a denial of service (CPU consumption and crash) via a crafted OOXML file, aka an XML Entity Expansion (XEE). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 11.1%.

Denial Of Service Apache Poi
NVD
CVSS 2.0
4.3
EPSS
11.1%
CVE-2014-3529 MEDIUM PATCH This Month

The OPC SAX setup in Apache POI before 3.10.1 allows remote attackers to read arbitrary files via an OpenXML file containing an XML external entity declaration in conjunction with an entity. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XXE Apache Poi
NVD
CVSS 2.0
4.3
EPSS
5.2%
CVE-2014-5269 MEDIUM PATCH This Month

Plack::App::File in Plack before 1.0031 removes trailing slash characters from paths, which allows remote attackers to bypass the whitelist of generated files and obtain sensitive information via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Plack
NVD GitHub
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-2972 MEDIUM PATCH This Month

expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted lookup value. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity.

Information Disclosure Exim
NVD
CVSS 2.0
4.6
EPSS
0.2%
CVE-2012-6153 MEDIUM PATCH This Month

http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Java Apache Commons Httpclient
NVD
CVSS 2.0
4.3
EPSS
1.2%
CVE-2014-4758 MEDIUM PATCH This Month

IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.x allow remote authenticated users to bypass intended access restrictions and send requests to internal. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Privilege Escalation Business Process Manager Websphere Application Server
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2014-4759 MEDIUM PATCH This Month

An unspecified Ajax service in the Content Management toolkit in IBM Business Process Manager (BPM) 8.5.x through 8.5.5 allows remote authenticated users to obtain sensitive information by performing. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Privilege Escalation Business Process Manager
NVD
CVSS 2.0
4.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy