Skip to main content
CVE-2014-6037 HIGH POC THREAT Act Now

Directory traversal vulnerability in the agentUpload servlet in ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 allows remote attackers to execute arbitrary code by uploading a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 81.7%.

Path Traversal RCE Zoho Manageengine Eventlog Analyzer
NVD Exploit-DB GitHub
CVSS 2.0
7.5
EPSS
81.7%
Threat
5.5
CVE-2014-5520 HIGH POC This Week

SQL injection vulnerability in XRMS CRM, possibly 1.99.2, allows remote attackers to execute arbitrary SQL commands via the user_id parameter to plugins/webform/new-form.php, which is not properly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Xrms Crm
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
6.0%
CVE-2013-1641 HIGH POC PATCH This Week

Directory traversal vulnerability in the zip download functionality in QuiXplorer before 2.5.5 allows remote attackers to read arbitrary files via a .. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal PHP Quixplorer
NVD GitHub
CVSS 2.0
7.8
EPSS
0.7%
CVE-2013-6796 MEDIUM POC THREAT This Month

The SMTP server in DeepOfix 3.3 and earlier allows remote attackers to bypass authentication via an empty password, which triggers an LDAP anonymous bind. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 14.7%.

Privilege Escalation Deepofix
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
14.7%
CVE-2013-7408 HIGH POC This Week

F5 BIG-IP Analytics 11.x before 11.4.0 uses a predictable session cookie, which makes it easier for remote attackers to have unspecified impact by guessing the value. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Big Ip Analytics
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2014-2987 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in EGroupware Enterprise Line (EPL) before 1.1.20140505, EGroupware Community Edition before 1.8.007.20140506, and EGroupware before 14.1. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF PHP Egroupware
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
3.3%
CVE-2014-3520 MEDIUM POC PATCH This Month

OpenStack Identity (Keystone) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated trustees to gain access to an unauthorized project for which the trustor has. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Keystone
NVD
CVSS 2.0
6.5
EPSS
0.4%
CVE-2014-6099 MEDIUM This Month

The Change Password feature in IBM Sterling B2B Integrator 5.2.x through 5.2.4 does not have a lockout protection mechanism for invalid login requests, which makes it easier for remote attackers to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Sterling B2b Integrator
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-5148 MEDIUM PATCH This Month

Xen 4.4.x, when running on an ARM system and "handling an unknown system register access from 64-bit userspace," returns to an instruction of the trap handler for kernel space faults instead of an. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Xen
NVD
CVSS 2.0
4.6
EPSS
0.2%
CVE-2014-6635 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.0 allows remote attackers to inject arbitrary web script or HTML via the src parameter in the search action to index.php. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Exponent Cms
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-6133 LOW Monitor

IBM API Management 3.x before 3.0.1.0 allows local users to obtain sensitive ciphertext information via unspecified vectors. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Api Management
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-4812 LOW Monitor

The installer in IBM Security AppScan Source 8.x and 9.x through 9.0.1 has an open network port for a debug service, which allows remote attackers to obtain sensitive information by connecting to. Rated low severity (CVSS 1.8). No vendor patch available.

IBM Information Disclosure Security Appscan Source
NVD
CVSS 2.0
1.8
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy