Skip to main content
CVE-2014-0476 LOW POC THREAT Monitor

The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. Rated low severity (CVSS 3.7). Public exploit code available and EPSS exploitation probability 11.4%.

RCE Chkrootkit Ubuntu Linux
NVD Exploit-DB
CVSS 2.0
3.7
EPSS
11.4%
CVE-2014-1927 HIGH POC PATCH This Week

The shell_quote function in python-gnupg 0.3.5 does not properly quote strings, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Python Gnupg
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2014-1928 MEDIUM POC PATCH This Month

The shell_quote function in python-gnupg 0.3.5 does not properly escape characters, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors,. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. Public exploit code available.

RCE Python Python Gnupg
NVD
CVSS 2.0
4.6
EPSS
0.2%
CVE-2014-7180 MEDIUM POC This Month

Electric Cloud ElectricCommander before 4.2.6 and 5.x before 5.0.3 uses world-writable permissions for (1) eccert.pl and (2) ecconfigure.pl, which allows local users to execute arbitrary Perl code by. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Electriccommander
NVD
CVSS 2.0
4.6
EPSS
0.0%
CVE-2014-6230 MEDIUM POC This Month

WP-Ban plugin before 1.6.4 for WordPress, when running in certain configurations, allows remote attackers to bypass the IP blacklist via a crafted X-Forwarded-For header. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Wp Ban
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2014-2021 LOW POC Monitor

Cross-site scripting (XSS) vulnerability in admincp/apilog.php in vBulletin 4.2.2 and earlier, and 5.0.x through 5.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Vbulletin
NVD GitHub Exploit-DB
CVSS 2.0
3.5
EPSS
0.9%
CVE-2014-3137 MEDIUM PATCH This Month

Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to bypass intended access restrictions via an. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

RCE Bottle
NVD GitHub
CVSS 2.0
6.8
EPSS
0.9%
CVE-2014-3604 MEDIUM PATCH This Month

Certificates.java in Not Yet Commons SSL before 0.3.15 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Information Disclosure Java Not Yet Commons Ssl
NVD GitHub VulDB
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-5075 MEDIUM This Month

The Ignite Realtime Smack XMPP API 4.x before 4.0.2, and 3.x and 2.x when a custom SSLContext is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Jboss Fuse Smack Api
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-3409 MEDIUM This Month

The Ethernet Connectivity Fault Management (CFM) handling feature in Cisco IOS 12.2(33)SRE9a and earlier and IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (device. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service iOS Ios Xe
NVD
CVSS 2.0
6.1
EPSS
1.1%
CVE-2014-6251 MEDIUM This Month

Stack-based buffer overflow in CPUMiner before 2.4.1 allows remote attackers to have an unspecified impact by sending a mining.subscribe response with a large nonce2 length, then triggering the. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Cpuminer
NVD
CVSS 2.0
6.0
EPSS
0.5%
CVE-2014-4624 MEDIUM This Month

EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x through 7.0.2-43 do not require authentication for Java API calls, which allows remote attackers to discover grid MCUser and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Java 6 0 6 0 402 7 0 +1
NVD
CVSS 2.0
5.0
EPSS
0.9%
CVE-2014-8760 MEDIUM PATCH This Month

ejabberd before 2.1.13 does not enforce the starttls_required setting when compression is used, which causes clients to establish connections without encryption. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Ejabberd
NVD GitHub
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-1929 MEDIUM PATCH This Month

python-gnupg 0.3.5 and 0.3.6 allows context-dependent attackers to have an unspecified impact via vectors related to "option injection through positional arguments." NOTE: this vulnerability exists. Rated medium severity (CVSS 4.4).

Python Code Injection Python Gnupg
NVD
CVSS 2.0
4.4
EPSS
0.1%
CVE-2014-4623 MEDIUM This Month

EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store (ADS) GEN4(S) and Avamar Virtual Edition (AVE), when Password Hardening before 2.0.0.4 is enabled, uses UNIX DES crypt for password hashing,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Avamar
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-6611 MEDIUM This Month

The BlackBerry World app before 5.0.0.262 on BlackBerry 10 OS 10.2.0, before 5.0.0.263 on BlackBerry 10 OS 10.2.1, and before 5.1.0.53 on BlackBerry 10 OS 10.3.0 does not properly validate. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Blackberry World Blackberry Os
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-4594 MEDIUM PATCH This Month

The Payment for Webform module 7.x-1.x before 7.x-1.5 for Drupal does not restrict access by anonymous users, which allows remote anonymous users to use the payment of other anonymous users when. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Payment For Webform
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-6151 LOW Monitor

CRLF injection vulnerability in IBM Tivoli Integrated Portal (TIP) 2.2.x allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Code Injection Tivoli Integrated Portal
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-6152 LOW Monitor

Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Integrated Portal (TIP) 2.2.x allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Tivoli Integrated Portal
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-4620 LOW Monitor

The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files,. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Meditech Networker
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-3636 LOW PATCH Monitor

D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of. Rated low severity (CVSS 1.9).

Denial Of Service D Bus Dbus Opensuse
NVD
CVSS 2.0
1.9
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy