Skip to main content
CVE-2014-7228 HIGH POC Act Now

Akeeba Restore (restore.php), as used in Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE WordPress PHP Joomla
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
6.1%
CVE-2014-8350 HIGH POC PATCH This Week

{literal}<{/literal}script language=php>" in a template. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE PHP Code Injection Smarty
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2014-5507 HIGH POC This Week

iBackup 10.0.0.32 and earlier uses weak permissions (Everyone: Full Control) for ib_service.exe, which allows local users to gain privileges via a Trojan horse file. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Ibackup
NVD Exploit-DB
CVSS 2.0
7.2
EPSS
1.1%
CVE-2014-8080 MEDIUM POC This Month

The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Opensuse Ubuntu Linux Ruby Enterprise Linux
NVD VulDB
CVSS 2.0
5.0
EPSS
9.8%
CVE-2014-5271 HIGH Act Now

Heap-based buffer overflow in the encode_slice function in libavcodec/proresenc_kostya.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.x before 2.2.7, and 2.3.x before 2.3.3 and Libav before 10.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 17.2% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Ffmpeg Libav
NVD
CVSS 2.0
7.5
EPSS
17.2%
CVE-2014-0204 MEDIUM POC PATCH This Month

OpenStack Identity (Keystone) before 2014.1.1 does not properly handle when a role is assigned to a group that has the same ID as a user, which allows remote authenticated users to gain privileges. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Keystone
NVD
CVSS 2.0
6.5
EPSS
0.4%
CVE-2013-0336 MEDIUM POC PATCH This Month

The ipapwd_chpwop function in daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c in the directory server (dirsrv) in FreeIPA before 3.2.0 allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Freeipa
NVD
CVSS 2.0
5.0
EPSS
1.1%
CVE-2014-3712 MEDIUM POC This Month

Katello allows remote attackers to cause a denial of service (memory consumption) via the (1) mode parameter in the setup_utils function in content_search_controller.rb or (2) action parameter in the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Katello
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2012-6661 MEDIUM POC PATCH This Month

Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator (PRNG), which makes it easier for remote attackers to guess the value via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Plone Zope
NVD GitHub
CVSS 2.0
5.0
EPSS
0.4%
CVE-2012-5508 MEDIUM POC PATCH This Month

The error pages in Plone before 4.2.3 and 4.3 before beta 1 allow remote attackers to obtain random numbers and derive the PRNG state for password resets via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Plone
NVD GitHub
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-8494 MEDIUM POC This Month

ESTsoft ALUpdate 8.5.1.0.0 uses weak permissions (Users: Full Control) for the (1) AlUpdate folder and (2) AlUpdate.exe, which allows local users to gain privileges via a Trojan horse file. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Alupdate
NVD
CVSS 2.0
4.6
EPSS
0.0%
CVE-2014-0490 HIGH PATCH This Week

The apt-get download command in APT before 1.0.9 does not properly validate signatures for packages, which allows remote attackers to execute arbitrary code via a crafted package. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

RCE Advanced Package Tool
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2014-0489 HIGH PATCH This Week

APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote attackers to execute arbitrary code via a crafted package. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

RCE Advanced Package Tool
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2014-5272 MEDIUM This Month

libavcodec/iff.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.2.x before 2.2.7, and 2.3.x before 2.3.2 allows remote attackers to have unspecified impact via a crafted iff image, which triggers an. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Ffmpeg
NVD
CVSS 2.0
6.8
EPSS
3.8%
CVE-2014-0487 HIGH PATCH This Week

APT before 1.0.9 does not verify downloaded files if they have been modified as indicated using the If-Modified-Since header, which has unspecified impact and attack vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Advanced Package Tool
NVD
CVSS 2.0
7.5
EPSS
0.1%
CVE-2014-0488 MEDIUM PATCH This Month

APT before 1.0.9 does not "invalidate repository data" when moving from an unauthenticated to authenticated state, which allows remote attackers to have unspecified impact via crafted repository data. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Information Disclosure Advanced Package Tool
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2012-5500 MEDIUM PATCH This Month

The batch id change script (renameObjectsByPaths.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to change the titles of content items by leveraging a valid CSRF token in a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Plone
NVD GitHub
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-3654 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.5 and 5.6 allow remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Red Hat Java Satellite Satellite With Embedded Oracle +3
NVD
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy