Skip to main content
CVE-2014-7985 CRITICAL POC PATCH Act Now

Directory traversal vulnerability in EspoCRM before 2.6.0 allows remote attackers to include and execute arbitrary local files via a .. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal PHP Espocrm
NVD
CVSS 2.0
10.0
EPSS
1.7%
CVE-2014-8509 HIGH POC PATCH This Week

The lazy_bdecode function in BitTorrent bootstrap-dht (aka Bootstrap) allows remote attackers to execute arbitrary code via a crafted packet, which triggers an out-of-bounds read, related to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Buffer Overflow Bootstrap Dht Bootstrap
NVD GitHub
CVSS 2.0
7.5
EPSS
8.5%
CVE-2014-8081 HIGH POC This Week

lib/execute/execSetResults.php in TestLink before 1.9.13 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the filter_result_result parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection Testlink
NVD
CVSS 2.0
7.5
EPSS
3.2%
CVE-2014-8334 MEDIUM POC PATCH This Month

The WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) $backup['filepath'] (aka. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection WordPress Wp Dbmanager
NVD
CVSS 2.0
6.5
EPSS
4.3%
CVE-2014-8577 MEDIUM POC PATCH THREAT This Month

Multiple cross-site scripting (XSS) vulnerabilities in Croogo before 2.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) data[Contact][title] parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 13.1%.

XSS Croogo
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
13.1%
CVE-2014-7177 MEDIUM POC THREAT This Month

XML External Entity vulnerability in Enalean Tuleap 7.2 and earlier allows remote authenticated users to read arbitrary files via a crafted xml document in a create action to plugins/tracker/. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.3%.

XXE Tuleap
NVD Exploit-DB
CVSS 2.0
4.0
EPSS
12.3%
CVE-2014-8082 MEDIUM POC This Month

lib/functions/database.class.php in TestLink before 1.9.13 allows remote attackers to obtain sensitive information via unspecified vectors, which reveals the installation path in an error message. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Testlink
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2014-7986 MEDIUM POC PATCH This Month

install/index.php in EspoCRM before 2.6.0 allows remote attackers to re-install the application via a 1 value in the installProcess parameter. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Privilege Escalation Espocrm
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2014-7987 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in EspoCRM before 2.6.0 allows remote attackers to inject arbitrary web script or HTML via the desc parameter in an errors action to install/index.php. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Espocrm
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-3708 MEDIUM POC PATCH This Month

OpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (CPU consumption) via an IP filter in a list active servers API. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Nova Openstack
NVD
CVSS 2.0
4.0
EPSS
1.1%
CVE-2014-3474 LOW POC PATCH Monitor

Cross-site scripting (XSS) vulnerability in horizon/static/horizon/js/horizon.instances.js in the Launch Instance menu in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

XSS Horizon Opensuse
NVD
CVSS 2.0
3.5
EPSS
0.3%
CVE-2014-3366 MEDIUM This Month

SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted response, aka. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Unified Communications Manager
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2014-8399 LOW POC PATCH Monitor

The default configuration in systemd-shim 8 enables the Abandon debugging clause, which allows local users to cause a denial of service via unspecified vectors. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Shim
NVD GitHub
CVSS 2.0
2.1
EPSS
0.1%
CVE-2013-0334 MEDIUM PATCH This Month

Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Bundler Opensuse Fedora
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-8495 MEDIUM PATCH This Month

Citrix XenMobile MDX Toolkit before 9.0.4, when used to wrap iOS 8 applications, does not properly encrypt cached application data, which allows context-dependent attackers to obtain sensitive. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Apple Citrix Information Disclosure Xenmobile
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-3375 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the CCM Service interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Unified Communications Manager
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-3374 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the CCM admin interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Unified Communications Manager
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-3373 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the CCM Dialed Number Analyzer interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Unified Communications Manager
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-3372 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the CCM reports interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Unified Communications Manager
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-3473 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in the Horizon Orchestration dashboard in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Horizon Opensuse
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-6101 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the redirect-login feature in IBM Business Process Manager (BPM) Advanced 7.5 through 8.5.5 allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM XSS Business Process Manager
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-2335 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Fortinet Fortianalyzer Firmware
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-2334 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Fortinet Fortianalyzer Firmware
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-2336 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 and FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Fortinet Fortimanager Fortianalyzer Firmware
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-8333 MEDIUM PATCH This Month

The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote authenticated users to cause a denial of service (disk consumption) by deleting an instance in the resize state. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service VMware Openstack Nova
NVD
CVSS 2.0
4.0
EPSS
0.7%
CVE-2014-3475 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the Users panel (admin/users/) in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Horizon Opensuse
NVD
CVSS 2.0
3.5
EPSS
0.4%
CVE-2014-8578 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the Groups panel in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Horizon
NVD
CVSS 2.0
3.5
EPSS
0.3%
CVE-2014-6150 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.1.0 through 7.2.1.6 and 7.2.2.0 through 7.2.2.2 allows remote authenticated users to inject. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

IBM XSS Tivoli Application Dependency Discovery Manager
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-6148 LOW PATCH Monitor

IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 does not require TADDM authentication for rptdesign. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

IBM Authentication Bypass Tivoli Application Dependency Discovery Manager
NVD
CVSS 2.0
3.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy