Skip to main content
CVE-2014-6352 HIGH POC KEV PATCH THREAT Act Now

Windows OLE improperly handles crafted OLE objects in PowerPoint, allowing remote attackers to execute arbitrary code. This is a variant of the Sandworm OLE attack discovered in October 2014 via crafted PowerPoint presentations.

Microsoft RCE
NVD Exploit-DB VulDB
CVSS 3.1
7.8
EPSS
90.7%
Threat
9.3
CVE-2014-3676 HIGH POC This Week

Heap-based buffer overflow in Shim allows remote attackers to execute arbitrary code via a crafted IPv6 address, related to the "tftp:// DHCPv6 boot option.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Shim
NVD
CVSS 2.0
7.5
EPSS
5.2%
CVE-2014-6387 MEDIUM POC This Month

gpc_api.php in MantisBT 1.2.17 and earlier allows remote attackers to bypass authenticated via a password starting will a null byte, which triggers an unauthenticated bind. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Mantisbt
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-7183 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the search.php in LiteCart 1.1.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query parameter or (2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Litecart
NVD
CVSS 2.0
4.3
EPSS
0.8%
CVE-2014-7182 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the WP Google Maps plugin before 6.0.27 for WordPress allow remote attackers to inject arbitrary web script or HTML via the poly_id parameter in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress Google PHP Wp Go Maps
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-8381 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Megapolis.Portal Manager allow remote attackers to inject arbitrary web script or HTML via the (1) dateFrom or (2) dateTo parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Megapolis Portal Manager
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-8325 HIGH PATCH This Week

The Calendar Base (cal) extension before 1.5.9 and 1.6.x before 1.6.1 for TYPO3 allows remote attackers to cause a denial of service (resource consumption) via vectors related to the PHP PCRE library. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service PHP Calender Base
NVD
CVSS 2.0
7.8
EPSS
0.9%
CVE-2014-3677 HIGH PATCH This Week

Unspecified vulnerability in Shim might allow attackers to execute arbitrary code via a crafted MOK list, which triggers memory corruption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

RCE Buffer Overflow Shim
NVD
CVSS 2.0
7.5
EPSS
1.5%
CVE-2014-4449 MEDIUM This Month

iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Apple Information Disclosure Iphone Os
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2013-7407 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the MRBS module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Mrbs Module
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-3675 MEDIUM PATCH This Month

Shim allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted DHCPv6 packet. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Information Disclosure Buffer Overflow Shim
NVD
CVSS 2.0
5.0
EPSS
3.1%
CVE-2014-8764 MEDIUM This Month

DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a user name and password starting with a null (\0). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mageia Dokuwiki
NVD GitHub
CVSS 2.0
5.0
EPSS
1.2%
CVE-2014-8763 MEDIUM This Month

DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password starting with a null (\0) character and a valid user. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dokuwiki Mageia
NVD GitHub
CVSS 2.0
5.0
EPSS
1.1%
CVE-2014-8088 MEDIUM PATCH This Month

The (1) Zend_Ldap class in Zend before 1.12.9 and (2) Zend\Ldap component in Zend 2.x before 2.2.8 and 2.3.x before 2.3.3 allows remote attackers to bypass authentication via a password starting with. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Zend Framework
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2014-7968 MEDIUM This Month

VDSM allows remote attackers to cause a denial of service (connection blocking) by keeping an SSL connection open. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Virtual Desktop Service Manager
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2014-8762 MEDIUM This Month

The ajax_mediadiff function in DokuWiki before 2014-05-05a allows remote attackers to access arbitrary images via a crafted namespace in the ns parameter. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Dokuwiki
NVD GitHub
CVSS 2.0
5.0
EPSS
0.6%
CVE-2014-8761 MEDIUM This Month

inc/template.php in DokuWiki before 2014-05-05a only checks for access to the root namespace, which allows remote attackers to access arbitrary images via a media file details ajax call. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure Dokuwiki
NVD GitHub
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-4450 LOW Monitor

The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to. Rated low severity (CVSS 1.9). No vendor patch available.

Apple Authentication Bypass Iphone Os
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2014-4448 LOW Monitor

House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents. Rated low severity (CVSS 1.9). No vendor patch available.

Apple Information Disclosure Iphone Os
NVD
CVSS 2.0
1.9
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy