Skip to main content
CVE-2014-6287 CRITICAL POC KEV THREAT Emergency

The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Code Injection RCE
NVD GitHub Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
94.4%
Threat
7.8
CVE-2014-7235 CRITICAL POC THREAT Emergency

htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5 allows remote attackers to execute arbitrary. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 52.0%.

Deserialization RCE PHP Code Injection Freepbx
NVD GitHub Exploit-DB
CVSS 2.0
10.0
EPSS
52.0%
Threat
5.1
CVE-2014-3565 MEDIUM POC PATCH This Month

snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Mac Os X Ubuntu Linux Net Snmp
NVD
CVSS 2.0
5.0
EPSS
8.8%
CVE-2014-6434 CRITICAL Act Now

gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary commands via a the (1) a1 or (2) a2 parameter in a restart action. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Gopro Hero Firmware Gopro Hero
NVD
CVSS 2.0
10.0
EPSS
3.4%
CVE-2014-5501 CRITICAL Act Now

Stack-based buffer overflow in the diagnose service in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote attackers to execute arbitrary code via a crafted webpage or file. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Sophos Buffer Overflow RCE Cyberoam Os
NVD
CVSS 2.0
9.3
EPSS
6.7%
CVE-2014-6433 CRITICAL Act Now

gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary files via a the (1) a1 or (2) a2 parameter in a start action. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Gopro Hero Firmware Gopro Hero
NVD
CVSS 2.0
10.0
EPSS
1.7%
CVE-2014-5503 CRITICAL Act Now

SQL injection vulnerability in the Guest Login Portal in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote attackers to execute arbitrary SQL commands via the. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sophos SQLi Cyberoam Os
NVD
CVSS 2.0
10.0
EPSS
1.3%
CVE-2014-7204 MEDIUM POC PATCH This Month

jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a denial of service (infinite loop and CPU and disk consumption) via a crafted JavaScript file. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Ubuntu Linux Debian Linux Exuberant Ctags Mageia
NVD
CVSS 2.0
5.0
EPSS
2.8%
CVE-2014-5502 CRITICAL Act Now

The Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote authenticated users to inject arbitrary commands via a (1) checkcert_key, (2) webclient_portal_settings, (3). Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sophos Cyberoam Os
NVD
CVSS 2.0
9.0
EPSS
1.0%
CVE-2014-6603 MEDIUM POC This Month

The SSHParseBanner function in SSH parser (app-layer-ssh.c) in Suricata before 2.0.4 allows remote attackers to bypass SSH rules, cause a denial of service (crash), or possibly have unspecified other. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Suricata Buffer Overflow
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-4868 CRITICAL Act Now

The management console on the Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 allows remote authenticated users to execute arbitrary Linux commands via shell metacharacters in a console. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Vyatta 5400 Vrouter Software Vyatta 5400 Vrouter
NVD
CVSS 2.0
9.0
EPSS
0.2%
CVE-2014-3632 HIGH This Week

The default configuration in a sudoers file in the Red Hat openstack-neutron package before 2014.1.2-4, as used in Red Hat Enterprise Linux Open Stack Platform 5.0 for Red Hat Enterprise Linux 6,. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Privilege Escalation Neutron
NVD
CVSS 2.0
7.6
EPSS
1.2%
CVE-2014-4870 HIGH This Week

/opt/vyatta/bin/sudo-users/vyatta-clear-dhcp-lease.pl on the Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 does not properly validate parameters, which allows local users to gain privileges. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Vyatta 5400 Vrouter Software Vyatta 5400 Vrouter
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2014-3399 MEDIUM This Month

The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.2(.2.4) and earlier does not properly manage session information during creation of a SharePoint handler, which allows. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Code Injection Microsoft RCE Cisco +1
NVD
CVSS 2.0
5.5
EPSS
0.1%
CVE-2014-4869 MEDIUM This Month

The Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 allows attackers to obtain sensitive encrypted-password information by leveraging membership in the operator group. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Vyatta 5400 Vrouter Software Vyatta 5400 Vrouter
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-4871 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in wlsecurity.html on NetCommWireless NB604N routers with firmware before GAN5.CZ56T-B-NC.AU-R4B030.EN allows remote attackers to inject arbitrary web script. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Nb604N Firmware Nb604N
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2014-0940 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Service Automation Manager 7.2.2.2 before 7.2.2.2-TIV-TSAM-LA0041 allow remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM XSS Tivoli Service Automation Manager
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-7189 MEDIUM PATCH This Month

crpyto/tls in Go 1.1 before 1.3.2, when SessionTicketsDisabled is enabled, allows man-in-the-middle attackers to spoof clients via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Privilege Escalation Go
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-4802 MEDIUM PATCH This Month

The Saved Search Admin component in the Process Admin Console in IBM Business Process Manager (BPM) 8.0 through 8.5.5 does not properly restrict task and instance listings in result sets, which. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Privilege Escalation Business Process Manager
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2014-7295 LOW PATCH Monitor

The (1) Special:Preferences and (2) Special:UserLogin pages in MediaWiki before 1.19.20, 1.22.x before 1.22.12 and 1.23.x before 1.23.5 allows remote authenticated users to conduct cross-site. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Mediawiki
NVD
CVSS 2.0
3.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy