Skip to main content
CVE-2014-6287 CRITICAL POC KEV THREAT Emergency

The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Code Injection RCE
NVD GitHub Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
94.4%
Threat
7.8
CVE-2014-7235 CRITICAL POC THREAT Emergency

htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5 allows remote attackers to execute arbitrary. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 52.0%.

Deserialization RCE PHP Code Injection Freepbx
NVD GitHub Exploit-DB
CVSS 2.0
10.0
EPSS
52.0%
Threat
5.1
CVE-2014-6434 CRITICAL Act Now

gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary commands via a the (1) a1 or (2) a2 parameter in a restart action. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Gopro Hero Firmware Gopro Hero
NVD
CVSS 2.0
10.0
EPSS
3.4%
CVE-2014-5501 CRITICAL Act Now

Stack-based buffer overflow in the diagnose service in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote attackers to execute arbitrary code via a crafted webpage or file. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Sophos Buffer Overflow RCE Cyberoam Os
NVD
CVSS 2.0
9.3
EPSS
6.7%
CVE-2014-6433 CRITICAL Act Now

gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary files via a the (1) a1 or (2) a2 parameter in a start action. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Gopro Hero Firmware Gopro Hero
NVD
CVSS 2.0
10.0
EPSS
1.7%
CVE-2014-5503 CRITICAL Act Now

SQL injection vulnerability in the Guest Login Portal in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote attackers to execute arbitrary SQL commands via the. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sophos SQLi Cyberoam Os
NVD
CVSS 2.0
10.0
EPSS
1.3%
CVE-2014-5502 CRITICAL Act Now

The Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote authenticated users to inject arbitrary commands via a (1) checkcert_key, (2) webclient_portal_settings, (3). Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sophos Cyberoam Os
NVD
CVSS 2.0
9.0
EPSS
1.0%
CVE-2014-4868 CRITICAL Act Now

The management console on the Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 allows remote authenticated users to execute arbitrary Linux commands via shell metacharacters in a console. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Vyatta 5400 Vrouter Software Vyatta 5400 Vrouter
NVD
CVSS 2.0
9.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy