Skip to main content
CVE-2014-6389 HIGH POC THREAT Act Now

backup.php in PHPCompta/NOALYSS before 6.7.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the d parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 14.5%.

RCE PHP Code Injection Phpcompta Noalyss
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
14.5%
CVE-2014-2044 HIGH POC THREAT Act Now

Incomplete blacklist vulnerability in ajax/upload.php in ownCloud before 5.0, when running on Windows, allows remote authenticated users to bypass intended access restrictions, upload files with. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 13.9%.

RCE PHP Code Injection Microsoft Owncloud +1
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
13.9%
CVE-2013-1436 HIGH POC PATCH This Week

The XMonad.Hooks.DynamicLog module in xmonad-contrib before 0.11.2 allows remote attackers to execute arbitrary commands via a web page title, which activates the commands when the user clicks on the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Xmonad Contrab
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
8.2%
CVE-2014-6607 HIGH POC This Week

M/Monit 3.3.2 and earlier does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via the fullname and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass M Monit
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
4.9%
CVE-2014-4043 HIGH POC This Week

The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Glibc Opensuse
NVD
CVSS 2.0
7.5
EPSS
1.6%
CVE-2014-5389 HIGH POC This Week

SQL injection vulnerability in content-audit-schedule.php in the Content Audit plugin before 1.6.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "Audited content. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Content Audit
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2014-0074 HIGH POC This Week

Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthenticated bind enabled, allows remote attackers to bypass authentication via an empty (1) username or (2) password. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Apache Authentication Bypass Shiro
NVD
CVSS 2.0
7.5
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy