Skip to main content
CVE-2014-6389 HIGH POC THREAT Act Now

backup.php in PHPCompta/NOALYSS before 6.7.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the d parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 14.5%.

RCE PHP Code Injection Phpcompta Noalyss
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
14.5%
CVE-2014-2044 HIGH POC THREAT Act Now

Incomplete blacklist vulnerability in ajax/upload.php in ownCloud before 5.0, when running on Windows, allows remote authenticated users to bypass intended access restrictions, upload files with. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 13.9%.

RCE PHP Code Injection Microsoft Owncloud +1
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
13.9%
CVE-2013-2645 CRITICAL POC Act Now

Multiple cross-site request forgery (CSRF) vulnerabilities on the TP-LINK WR1043N router with firmware TL-WR1043ND_V1_120405 allow remote attackers to hijack the authentication of administrators for. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Path Traversal CSRF TP-Link Firmware
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
0.5%
CVE-2013-1436 HIGH POC PATCH This Week

The XMonad.Hooks.DynamicLog module in xmonad-contrib before 0.11.2 allows remote attackers to execute arbitrary commands via a web page title, which activates the commands when the user clicks on the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Xmonad Contrab
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
8.2%
CVE-2014-6607 HIGH POC This Week

M/Monit 3.3.2 and earlier does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via the fullname and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass M Monit
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
4.9%
CVE-2014-4043 HIGH POC This Week

The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Glibc Opensuse
NVD
CVSS 2.0
7.5
EPSS
1.6%
CVE-2014-5389 HIGH POC This Week

SQL injection vulnerability in content-audit-schedule.php in the Content Audit plugin before 1.6.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "Audited content. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Content Audit
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2014-0074 HIGH POC This Week

Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthenticated bind enabled, allows remote attackers to bypass authentication via an empty (1) username or (2) password. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Apache Authentication Bypass Shiro
NVD
CVSS 2.0
7.5
EPSS
0.3%
CVE-2014-6054 MEDIUM PATCH This Month

The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 34.6%.

Denial Of Service Libvncserver Debian Linux Ubuntu Linux
NVD GitHub
CVSS 2.0
4.3
EPSS
34.6%
CVE-2014-0994 MEDIUM POC This Month

Heap-based buffer overflow in the ReadDIB function in the Vcl.Graphics.TPicture.Bitmap implementation in the Visual Component Library (VCL) in Embarcadero Delphi XE6 20.0.15596.9843 and C++ Builder. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Embarcadero C Builder Xe6 Embarcadero Delphi Xe6
NVD
CVSS 2.0
6.8
EPSS
1.7%
CVE-2014-6409 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in M/Monit 3.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that change user passwords via the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF M Monit
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.3%
CVE-2014-0168 MEDIUM POC PATCH This Month

Cross-site request forgery (CSRF) vulnerability in Jolokia before 1.2.1 allows remote attackers to hijack the authentication of users for requests that execute MBeans methods via a crafted web page. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

CSRF Jolokia
NVD GitHub
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-0397 CRITICAL Act Now

Multiple unspecified vulnerabilities in libXtsol in Oracle Solaris 10 and 11.1 have unspecified impact and attack vectors related to "Buffer errors.". Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Oracle Solaris
NVD
CVSS 2.0
10.0
EPSS
1.0%
CVE-2014-1224 MEDIUM POC This Month

Incomplete blacklist vulnerability in the user registration feature in rexx Recruitment R6.1 and R7 without "fixes from 2014-01-15" allows remote attackers to conduct cross-site scripting (XSS). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Recruitment
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-4510 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in job.cc in apt-cacher-ng 0.7.26 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS CSRF Apt Cacher
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-1875 LOW POC Monitor

The Capture::Tiny module before 0.24 for Perl allows local users to write to arbitrary files via a symlink attack on a temporary file. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Capture Tiny
NVD GitHub
CVSS 2.0
3.6
EPSS
0.1%
CVE-2014-3608 LOW POC PATCH Monitor

The VMWare driver in OpenStack Compute (Nova) before 2014.1.3 allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by putting the VM into. Rated low severity (CVSS 2.7), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service VMware Nova
NVD
CVSS 2.0
2.7
EPSS
0.7%
CVE-2014-3642 MEDIUM This Month

vmdb/app/controllers/application_controller/performance.rb in Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to gain privileges via unspecified vectors,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Cloudforms 3 0 1 Management Engine Cloudforms 3 0 2 Management Engine Cloudforms 3 0 3 Management Engine +3
NVD
CVSS 2.0
6.5
EPSS
0.5%
CVE-2014-3633 MEDIUM This Month

The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt before 1.2.9, when a disk has been hot-plugged or removed from the live image, allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Buffer Overflow Ubuntu Linux Libvirt
NVD
CVSS 2.0
5.8
EPSS
2.9%
CVE-2014-3521 MEDIUM This Month

The component in (1) /luci/homebase and (2) /luci/cluster menu in Red Hat Conga 0.12.2 allows remote authenticated users to bypass intended access restrictions via a crafted URL. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Conga
NVD
CVSS 2.0
5.5
EPSS
0.2%
CVE-2014-3657 MEDIUM This Month

The virDomainListPopulate function in conf/domain_conf.c in libvirt before 1.2.9 does not clean up the lock on the list of domains, which allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Libvirt
NVD
CVSS 2.0
5.0
EPSS
1.3%
CVE-2013-7329 MEDIUM This Month

The CGI::Application module before 4.50_50 and 4.50_51 for Perl, when run modes are not specified, allows remote attackers to obtain sensitive information (web queries and environment details) via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cgi Application Module
NVD GitHub
CVSS 2.0
5.0
EPSS
0.7%
CVE-2014-1868 MEDIUM PATCH This Month

Restlet Framework 2.1.x before 2.1.7 and 2.x.x before 2.2 RC1, when using XMLRepresentation or XML serializers, allows attackers to cause a denial of service via an XML Entity Expansion (XEE) attack. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Restlet Framework
NVD GitHub
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-6496 MEDIUM This Month

Red Hat Conga 0.12.2 allows remote attackers to obtain sensitive information via a crafted request to the (1) homebase, (2) cluster, (3) storage, (4) portal_skins/custom, or (5) logs Luci extension. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Information Disclosure Conga
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-2644 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in HP Systems Insight Manager (SIM) before 7.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS HP Systems Insight Manager
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2014-0140 MEDIUM This Month

Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to access sensitive controllers and actions via a direct HTTP or HTTPS request. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Cloudforms 3 0 1 Management Engine Cloudforms 3 0 2 Management Engine Cloudforms 3 0 3 Management Engine +3
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2014-7870 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the Custom Search module 6.x-1.x before 6.x-1.12 and 7.x-1.x before 7.x-1.14 for Drupal allows remote authenticated users with the "administer custom. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Custom Search Module
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-7869 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the configuration UI in the Context Form Alteration module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "administer. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Context Form Alteration Module
NVD
CVSS 2.0
3.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy