Skip to main content
CVE-2014-3704 HIGH POC PATCH THREAT Act Now

The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 93.9%.

SQLi Drupal Debian Linux
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
93.9%
Threat
5.8
CVE-2014-8306 HIGH POC This Week

SQL injection vulnerability in the sql_query function in cart.php in C97net Cart Engine before 4.0 allows remote attackers to execute arbitrary SQL commands via the item_id variable, as demonstrated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Cart Engine
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
1.7%
CVE-2014-3666 HIGH PATCH This Week

Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to execute arbitrary code via a crafted packet to the CLI channel. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Jenkins Code Injection Openshift
NVD
CVSS 2.0
7.5
EPSS
1.2%
CVE-2014-8240 HIGH This Week

Integer overflow in TigerVNC allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to screen size handling, which triggers a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow Tigervnc
NVD
CVSS 2.0
7.5
EPSS
1.1%
CVE-2014-8310 HIGH This Week

The CMS CORBA listener in SAP BusinessObjects BI Edge 4.0 allows remote attackers to cause a denial of service (server shutdown) via crafted OSCAFactory::Session ORB message. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service SAP Businessobjects
NVD
CVSS 2.0
7.1
EPSS
2.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy