Skip to main content
CVE-2014-2559 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in twitget.php in the Twitget plugin before 3.3.3 for WordPress allow remote attackers to hijack the authentication of administrators for. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF WordPress PHP Twitget
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
1.1%
CVE-2014-6283 MEDIUM POC This Month

SAP Adaptive Server Enterprise (ASE) 15.7 before SP122 or SP63, 15.5 before ESD#5.4, and 15.0.3 before ESD#4.4 does not properly restrict access, which allows remote authenticated database users to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation SAP Buffer Overflow Adaptive Server Enterprise
NVD
CVSS 2.0
6.5
EPSS
0.9%
CVE-2014-8074 MEDIUM This Month

Buffer overflow in the SetLogFile method in Foxit.FoxitPDFSDKProCtrl.5 in Foxit PDF SDK ActiveX 2.3 through 5.0.1820 before 5.0.2.924 allows remote attackers to execute arbitrary code via a long. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Buffer Overflow Foxit Pdf Sdk Activex
NVD
CVSS 2.0
6.8
EPSS
3.1%
CVE-2014-8756 MEDIUM PATCH This Month

The NcrCtl4.NcrNet.1 control in Panasonic Network Camera Recorder before 4.04R03 allows remote attackers to execute arbitrary code via a crafted GetVOLHeader method call, which writes null bytes to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

RCE Network Camera Recorder Firmware
NVD
CVSS 2.0
6.8
EPSS
1.6%
CVE-2014-8755 MEDIUM PATCH This Month

Panasonic Network Camera View 3 and 4 allows remote attackers to execute arbitrary code via a crafted page, which triggers an invalid pointer dereference, related to "the ability to nullify an. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

RCE Network Camera View
NVD
CVSS 2.0
6.8
EPSS
1.6%
CVE-2014-2279 MEDIUM This Month

Multiple directory traversal vulnerabilities in SeedDMS (formerly LetoDMS and MyDMS) before 4.3.4 allow (1) remote authenticated users with access to the LogManagement functionality to read arbitrary. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal RCE PHP Seeddms
NVD
CVSS 2.0
6.4
EPSS
3.5%
CVE-2014-2066 MEDIUM PATCH This Month

Session fixation vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack web sessions via vectors involving the "override" of Jenkins cookies. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Jenkins Authentication Bypass
NVD GitHub
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-2062 MEDIUM PATCH This Month

Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the API token when a user is deleted, which allows remote authenticated users to retain access via the token. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Jenkins Authentication Bypass
NVD GitHub
CVSS 2.0
6.5
EPSS
0.2%
CVE-2014-2058 MEDIUM PATCH This Month

BuildTrigger in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to bypass access restrictions and execute arbitrary jobs by configuring a job to trigger another job. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Jenkins Privilege Escalation
NVD GitHub
CVSS 2.0
6.5
EPSS
0.1%
CVE-2014-2278 MEDIUM This Month

Unrestricted file upload vulnerability in op/op.AddFile2.php in SeedDMS (formerly LetoDMS and MyDMS) before 4.3.4 allows remote attackers to execute arbitrary code by uploading a file with an. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. No vendor patch available.

RCE PHP File Upload Seeddms
NVD
CVSS 2.0
5.1
EPSS
2.4%
CVE-2014-2064 MEDIUM PATCH This Month

The loadUserByUsername function in hudson/security/HudsonPrivateSecurityRealm.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to determine whether a user exists via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Jenkins Information Disclosure Java
NVD GitHub
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-2061 MEDIUM PATCH This Month

The input control in PasswordParameterDefinition in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to obtain passwords by reading the HTML source code, related to the default. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Jenkins Information Disclosure
NVD GitHub
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-2060 MEDIUM PATCH This Month

The Winstone servlet container in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack sessions via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Jenkins Information Disclosure
NVD
CVSS 2.0
5.0
EPSS
0.1%
CVE-2014-2065 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to inject arbitrary web script or HTML via the iconSize cookie. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Jenkins
NVD GitHub
CVSS 2.0
4.3
EPSS
0.1%
CVE-2014-7960 MEDIUM PATCH This Month

OpenStack Object Storage (Swift) before 2.2.0 allows remote authenticated users to bypass the max_meta_count and other metadata constraints via multiple crafted requests which exceed the limit when. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Swift
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2013-7330 MEDIUM PATCH This Month

Jenkins before 1.502 allows remote authenticated users to configure an otherwise restricted project via vectors related to post-build actions. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Jenkins Privilege Escalation
NVD GitHub
CVSS 2.0
4.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy